OK guys.
After a lot of hesitations, I have decided to give XG a chance.
We are having two Dell 510 running UTM soft release in fall over formation.
There was a pressers from my Sophos dealer to give it a chance for quit a while, so I decided to install the XG on one of them.
Here are my impressions:
- Installation: The idea of the menu in the installation is nice, but misses two of the most important features – loading configuration file and define which Ethernet port is which. Because of that, and because I'm having 8 ports and we are using soft release (Dell server), it took us (me ,my Sophos dealer + help of Sophos support), nearly three hours just to find the right Eath port from which we can connect to the FW. Of course after loaded the converted configuration file all messed again.
- The converter of the configuration from UTM to XG works only partially.
(Objects and some definitions), but most of the configuration didn't pass, or pass incorrect, so you should be ready to spend a few days to reconfigure it all by yourself. (The good news, is that after that you will be very familiar with the XG J) - Profiles and other object –you cant's see if it's in use and where, so you can't delete it or find what will be the impact of the changing if you choose to do so, and where.
It is not implemented like on UTM in XG in the current state. - Not like UTM, in the XG, defending NAT configuration doesn’t auto create a firewall rule, but vice versa – the fire wall can create a NAT rule.
This is actually OK, but you have to get used to and be aware of it.
(During the configuration conversion, you will get lot rubbish in here, so be ready for some work). - Nat grouping is a nice feature, but at least for me. It's not clear, at which orders the Nat are working, while using groups.
- Users –didn't pass, so we had to create them all from scratch.
- Certificate – pass but didn't work as It should, so we had to re configure them.
- Firewall rules – you have to reconfigure most of them.
- The Monitors & Analyze – You can't re configure it for your convenient and for what you like (Like in the UTM), so for my taste it's a bit messy, and not very comfortable to see in a glance what you need.
Too much information is less… - I miss routing to a group of objects, so instead routing so many objects, you have only a few routing definitions.
- The searching possibility in some places, works only if you type the exact beginning of what you are looking for. It should be also work with any part of the name.
- Some of the lists don’t have search or filter in it, so you have to scroll down the entire list to find what you are looking for.
- Configuration file – not kept on the FW. Not very comfortable for some tasks if you want to go back.
- Disaster recovery - No such a thing in the XG and there is no way I found to load the backup configuration file from CLI – Only from GUI, so if you got stack you are in a big problem, while in the UTM all you have to do is inserting Flush drive with the configuration file, while booting up, and you are ready to go.
- As for CLI, XG is quite limited comparing to UTM.
My conclusion:
The XG is really nice, and if you are like me, and like to play around and explore new appliance - dive in.
BUT… if you are running a production system, you don't have the time (days or more) to do all the labor of conversion and reconfiguration, you want a peace of mind that everything is working as expected , and need a solid, mature and stable Firewall – stick to the UTM for now.
I think I'm going back...[:$]
This thread was automatically locked due to age.
