Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG with Sophos UTM downstream for Mail Hygiene

Looking for some advice on how to configure both Sophos XG and Sophos UTM for my Home Lab

 

Currently, I run Sophos UTM for everything, but I want to replace it with Sophos XG

The biggest problem at the moment is that XG doesn't handle Mail in the same way as the UTM - specifically POP3 Prefetch - so I can't switch the UTM off without an impact 

 

Is it possible to configure the XG so that its my main Firewall (Proxy, NAT, WAF, etc...) but then send all mail requests via the UTM ?

 



This thread was automatically locked due to age.
Parents
  • Hi,

    the XG scans POP3/S so where are you having configuration issues with the XG mail? If you are using an Apple device then yes, there are scanning issues, but if you are using MS devices I am not aware of any issues.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Hi,

    the XG scans POP3/S so where are you having configuration issues with the XG mail? If you are using an Apple device then yes, there are scanning issues, but if you are using MS devices I am not aware of any issues.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Children
  • Yeah its more the lack of the pop3 prefetch facility thats in the UTM where it can scan a remote POP3 mailbox for  different users & email domains

    As far as I can see, XG doesn't have this facility, and I need to modify MX records, which is a bit awkward for a home ISP...

  • Assuming you are using private IP addressing between the XG and the UTM, you would setup two rules on the UTM, one to pass all but POP3 and the other to scan POP3 which from memory is actually a proxy you enable.

    The XG would have the NAT rules and other firewall ctivities.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Gatt,

    If the XG is the edge device, create a rule for pop3 traffic coming from utm IP address.

    For the rest use XG.

    Regards