This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Options for replacing an XG SFOS 18.5.1 with something that can send email reliably?

I'm reaching the end of my ability to deal with my XG firewall. Came from a working UTM that expired. The XG just cannot/will not reliably relay email from internal servers to the internet. Messages keep hanging and Sophos tech support keeps deleting lock files and restarting the service to get some mail to move then dead again. So many hours burned up with tech support and no closer to an answer. 

What are people moving to that just can't get a stable XG environment working? Obviously I am going to be asking other places, but hoping a good samaritan will help a desperate brother out of the wilderness. Then my only problem will be convincing my employers that the money spent on Sophos is lost and I need more to buy from another vendor.

I'm sorry, but the XG is NOT ready for production use. 



This thread was automatically locked due to age.
Parents
  • Hello Mark,

    Thank you for contacting the Sophos Community.

    Sorry to hear you are having issues with the Sophos Firewall.

    I checked some of your cases related to email, and they seem to be related to setup, "web mail, imap, pop3, Outlook https configuration"

    Have you tried reaching or did you reach out to your Sales Engineer or Professional Services, to help you with your setup?

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Additional info;

    Two fiber WAN connections, two internal mail servers, one internal web server, 30 internal network computers/clients. Nothing weird or exotic

  • Likely caused by the WAN Connections. Whats your SD-WAN PBR precedence and the rule for SMTP? Can you show them to us? 

    __________________________________________________________________________________________________________________

  • What is an SD-WAN PBR and where do I find that *#$@.

    What SMTP rule are you interested in? The MTA firewall rule that was autocreated with its linked nat rule, or the rule that Sophos created and turns on and off depending on whether they think that will help when they restart the smtpd service?

    This may all be a moot point since I am back to a situation where this junk wont connect any site to site vpn I attempt. And why do the published instructions for setting up VPNs all specify using old, outdated, insecure protocols? Is that a hidden message I am missing? Sorry, I just really need something to work, anything to work, for more than 24 hours.

  • OK, you may have hit on the issue. I am dual wan connections, but I don't require both. It is a transitory period until I can get out to the remote vpn sites and adjust them to the new provider. Since I cant get any vpn's to reconnect to the XG on the old provider address I might as well cut it loose now and start the process of correcting the vpn configs at the remote end. The absolute last thing I want to add to the mix now is more configuration issues to support a dual wan config I don't really need.

Reply
  • OK, you may have hit on the issue. I am dual wan connections, but I don't require both. It is a transitory period until I can get out to the remote vpn sites and adjust them to the new provider. Since I cant get any vpn's to reconnect to the XG on the old provider address I might as well cut it loose now and start the process of correcting the vpn configs at the remote end. The absolute last thing I want to add to the mix now is more configuration issues to support a dual wan config I don't really need.

Children