This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG and Endpoint Policies

All,

 

Both our XG and now the endpoint protection offer a version of web filtering services.

 

Is there a way to sync up the policies so that they are only configured in one place but in use by both the XG and the endpoints?



This thread was automatically locked due to age.
Parents
  • I also just noticed the Web Gateway product, which yet again appears to offer web filtering function. so know I'm getting very confused as to how I would manage multiple products that offer the same functions, as well as keeping each of the policies in sync with each other.

  • The policies do not get synced between the XG firewall and the endpoints. The purpose of each product is different and even though they have similarities they are not the same. The endpoint protection software is your basic antivirus, antimalware, and anti-date theft solution, which gives the admins an added control over defining web and application based controls as well. These are for admins to block the most common applications/web categories and is not as granular as the XG Firewall. Endpoint Security's main purpose is securing a single PC managed centrally by the local admin. These PCs could be a part of a single or multiple LANs. 

    The XG Firewall is your gateway device. You can go into the every minute detail in the firewall and have option to select from more than two thousand applications. Similarly the web categories available under the XG firewall are more extensive than what the endpoint protection provides. Keep in mind web filtering and application control is one of the primary functionalities of an NGFW while it is NOT for an endpoint protection software.

    So if lets suppose you have a network with computers running endpoint protection which are all connected to an XG firewall which is acting as the default gateway. If for example you have blocked pornography in endpoint protection and not on the XG Firewall, then anyone bringing their own device, which will obviously not have endpoint protection installed, will be able to browse porn since the XG is not blocking it. So in short anything endpoint is blocking will be blocked on all those computers which are running endpoint protection even though XG allows it. Similarly any application/web category being blocked by the XG will be blocked even if its blocked or not by the endpoint.

    In security applications its best to have every possible defense system active so that the chances of something creeping past these defenses gets lower and lower. At the end of the day there are still backdoors through which users will be able to get past these defenses, but the more the defenses you have the more difficult it gets for the user and any hacker.

    Muhammad Osama

    Sophos Certified Engineer (XG Firewall)

Reply
  • The policies do not get synced between the XG firewall and the endpoints. The purpose of each product is different and even though they have similarities they are not the same. The endpoint protection software is your basic antivirus, antimalware, and anti-date theft solution, which gives the admins an added control over defining web and application based controls as well. These are for admins to block the most common applications/web categories and is not as granular as the XG Firewall. Endpoint Security's main purpose is securing a single PC managed centrally by the local admin. These PCs could be a part of a single or multiple LANs. 

    The XG Firewall is your gateway device. You can go into the every minute detail in the firewall and have option to select from more than two thousand applications. Similarly the web categories available under the XG firewall are more extensive than what the endpoint protection provides. Keep in mind web filtering and application control is one of the primary functionalities of an NGFW while it is NOT for an endpoint protection software.

    So if lets suppose you have a network with computers running endpoint protection which are all connected to an XG firewall which is acting as the default gateway. If for example you have blocked pornography in endpoint protection and not on the XG Firewall, then anyone bringing their own device, which will obviously not have endpoint protection installed, will be able to browse porn since the XG is not blocking it. So in short anything endpoint is blocking will be blocked on all those computers which are running endpoint protection even though XG allows it. Similarly any application/web category being blocked by the XG will be blocked even if its blocked or not by the endpoint.

    In security applications its best to have every possible defense system active so that the chances of something creeping past these defenses gets lower and lower. At the end of the day there are still backdoors through which users will be able to get past these defenses, but the more the defenses you have the more difficult it gets for the user and any hacker.

    Muhammad Osama

    Sophos Certified Engineer (XG Firewall)

Children
No Data