Sophos XG Home License - Where to buy it?!

Hi,

why use such large print?

You do not buy/purchase a home licence, you create a Sophos account and then you fill in the forms and are given access to download a home licence.

Please refer to this forum thread.

https://community.sophos.com/products/xg-firewall/f/licensing/115582/xg-firewall-home-edition

Ian

Hello Ian,

Sorry for the big font, my screen settings are set to small, I edited the post.

I know that I don't have to purchase a home license, and I am satisfied with what it offers except for the port forward as I have a Static/ Real IP and i need it to go through the firewall "The home license don't allow it as I understand".

there is the evaluation license which gives 30 days trial with no limitation on that matter, I want to extend the evaluation by buying it and I can't seem to find how or where

maybe I am wrong if so does the home license offer port forward to assign an IP to a PC?

I even tried the UTM home edition as it has no limitation on that matter but to be honest it's not worth it..

I am open for suggestions :)

Hi,

the UTM is still better value than the XG in a lot of functions. The XG is slowly catching up.

The home licence XG has the same functions/features as the commercial XG except for ATP, Sandstorm, support (all support come through these forums).

How large a static IP range do you have? 

You create rules without enabling the NAT function.

Ian

Hi,

I believe you are right regarding the UTM vs XG but the problem is with the simplicity, XG has a more friendly user interface

Well i only have 5 IPs, yes i didn't enable NAT however i couldn't find the Port forwarding in the Firewall/ Business Application rules,

so the home edition enables port-forward? if so can you guide me to the correct topic to create the rules accordingly?

To have a better picture of my home environment, i have:

1- A total of 11 devices/15 MAC address

2- 5 Static IPs

3- Gigabyte G31/4 RAM/ Core 2 Due/ 250 GB HDD "I have a spare -G41/8 Ram/Core 2 Quad/ 250 GB" but i believe i don't need it as my usage is below the 4 GB Ram.

Hi Charles,

let me clear up a couple of misconceptions

1/. port forwarding that everyone refers to is done by creating firewall rules that allow specific port/protocols out of your local network.

2/. the UTM GUI is still way more logical the the XG GUI, though the XG GUI is getting better and looks a lot prettier than the UTM. The GUI update is quite slow on the lower end celerons

Friewall hardware

home user 

1/. fastest real 4 core CPU you can get and I do not mean I5, I7 or I9 they are way overkill

2/. make sure the NICs are not realty and intel i219 (not supported) if you want serious throughput

3/. a minimum of 4g of ram otherwise w]you will not be able to install v18.

Rules.

1/. you would need to create firewall rules for the statically assigned IP address devices without a NAT see item 3.

2/. for your locally assigned addresses (XG as DHCP server) you would need to create more firewall rules with a NAT. 

3/. you will need seperate physical networks and possibly put your real static IP addresses into bridge connection so as not to loose an IP address for the XG gateway.

4/. you will need to understand web, application and IPS policies, DPI and proxy modes if you want to get the best security from your XG

5/. you have tried some of the above and get stuck post screenshots of your rules.

6/. unless you have a server or similar that requires external users to access you will not at this stage require a WAF rule.

Ian

Hi Ian,

Sorry, It took a while to respond as I had to reinstall to “Home License” and changed the hardware “as you recommended”.

I created a firewall  rule to Remote Desktop my home server “Windows/ RD”, somehow something doesn’t work.. here is the rule:

I have 3 network interfaces, configured as the following:

  1- LAN

  2- WAN "Public IP"

  3- Not Configured

I can access my Sophos outside my network with the public IP successfully, but i can't remote desktop or even telnet the port, what am i missing?

By the way, what made me think that Sophos XG Home License had restrictions was:

• When I choose “All” [Firewall -> Business application rule -> DNAT/ Full NAT -> Destination & service -> Services -> ALL] the “Mapped port ” under “Forward to” was grayed out.
• The RDP service wasn’t listed under the “Destination & Service -> Services” and I didn’t see “Create New”

Hi,

my mistake, I should have asked you to start a new thread because this subject is now different to the initial thread.

I suggest you do a search of the forums for more details on your access issue, this subject has been discussed at length a number of times.

You cannot remote telnet into your XG or even remote desktop into it only, https or ssh and that is not recommended because it leaves you open to attacks.

You have a lot of connections in your access configuration, most are not required for a home user.

RDP is considered a weak access method.

ian

Hello,

I will open a new thread "after searching the forms",

But can you tell me what do you suggest i should use instead of RDP to *remote desktop* my server/windows?

Something like VNC "only used it on linux, not sure if it's available for windows yet" or do you recommend something better?

And if you can point me to the other discussion" subject has been discussed at length.." i will be greatfull.

Hi Charles,

please review these

community.sophos.com/.../131399

https://community.sophos.com/kb/en-us/123070

https://community.sophos.com/kb/en-us/132627

and this one specifically

https://community.sophos.com/products/xg-firewall/f/initial-setup/117129/setup-rdp-connection-on-sophos-xg135

Ian

Hi Ian,

Most Thankful :)