Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 38 subscribers
  • Views 26602 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New XG Country blocking & licensing question(s)

PabloDiablo

Hi all,
I just found out the new Sophos XG. I installed it on a VM and used the Home User License.
I have some questions:
1) I have 1 physical firewall box and 2 VM's for testing. Is it possible to use 1 license for the 3 XG's (Home)?
2) I have serveral licenses for the UTM 9. I "earned" them for beta testing, can I convert them for the XG's?
3) In UTM 9 there's an option to block from/to/both/none countries (Firewall section).
   I can't find it in Sophos XG. I only want traffic from europe and going to the rest of the world.
   How do I accomplish this? I'm using Web Server Protection<Business Application> (formely WAF)

Going further playing with Sophos XG :)
Cheers,
Pablo



This thread was automatically locked due to age.
  • 0
    I can answer questions 1 and 2 on licensing - but have to leave item 3 for a product person:
    1) You have to have 1 license for each Firewall. If these are all for Home Use, then we have no issue with you applying for 3 Home licenses. You will need the Software installer for you physical box and Virtual installers for the others (assuming you are using a supported VM)
    2) Once we make license migration available all 'paid-for' licenses will be able to be converted. From a systems point of view that means they must have been processed as an order and not generated directly by an admin user on MyUTM. You would need to check with whoever issued you the free licenses to check this. However, if you are a Sophos partner then a number of XG licenses will be available under the partner program.

    Regards,
    Paul
  • 0
    Thanks for your reply.
    The 3rd question is really important to me and maybe a "showstopper" for me.
    Also I think that more users like to reduce access from some countries.
    Is there someone that can accomplish this?
  • 0
    Hi,
    country blocking, there is another thread on this question. You do it by setting upa country hosts and country groups then apply a blocking policy to the country group. Yes, painfully slow and tedious. The countries are all in the pick list provided.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0

    Thanks for the reply.
    I made a group of several countries to block but don't now how to make a proper policy.

    I now have the following policy:
    Source:
    Zone: WAN
    Networks: Blocked countries (holding the blocked countries)
    Services: ANY

    Destination:
    Zone: WAN
    Networks: #portB (this is my internet facing NIC (interface)

    Action: Drop


    The rules below I have 2 policies for "Business Application Rules".
    When I apply the (block) policy I'm still able to access the Business Application even when the
    block policy is applied.


    Second question: is it not possible to allow certain countries and make a second policy afterwards to block ANY?

Unfiltered HTML