Hello to all,
I received my new Sophos XGS 126 in the beginning of April and have to say network performance is great.
What do I have and use?
- Ubiquiti Access Poiint AP-AC-PRO (PoE over Sophos XGS 126)
- Vodafone Home Cable Router
- Phillips HUE Home Bridge
- Company Laptop
- Private Laptop
- Sophos XGS 126 with Rackmount Kit
What I use to have?
- Ubiquiti Dream Machine Pro
- Sophos RED Appliance
Why switch to Sophos XGS?
The Ubiquiti Dream Machine Pro is very wonky in terms of basic Firewall Protection missing the Live View like Sophos does. I felt very insecure about what Rules truly do and when not. The other part was I needed a separate RED Appliance for connecting to the company network. Segmentation was done using VLANs.
With Sophos XGS I created multiple Zones and Segmented my Networks with different Subnets.
Example:
Have a RED Tunnel over the XGS as a Client that only the Corp. Laptop can go to over the Rules on the Firewall. Had to setup some Static Routes like this I can use Company resources. All unknown requests are managed by the Sophos XGS DNS for Internet use. Corp. Zone to WAN Zone ;)
My Private Laptop has DPI and SSL Inspection active. Like this I can learn what I need to do in the SSL Inspection Rules.
- Created Decrypt all Rule going to WAN
- Created Not-Decrypt Rule for IP based Traffic (Host and Services -> IP Host)
- Created REGEX Entries for Dynamic Domains that do not manage Decryption or other parts of the Security stack well (WEB -> Exceptions -> (MANUAL_URL_LIST))
HTTPS decryption
HTTPS certificate validation
Malware and content scanning
Zero-day protection
Policy checks
Otherwise, I did a default deny approach only allowing: HTTP, HTTPS, DNS, NTP on all Zone Rules facing the Internet.
The HUE needs to be able to accept connections from my Wireless Network to the WiFi Zone to HUE Zone has only HTTPS enabled.
--------
But not all is great had to RMA my Sophos XGS since my Fans always spun up to a very audible noise level. (54db - 58db) measured with a hardware DB-Meter.
Now the replacement unit is here and the transfer of license and integration to Sophos Central was easy as 1-2-3.
The load on Sophos XGS 126 is around 3-5% sitting at 3%
Even with the Replacement Unit the Fans are still very audible. -.- (54db)
It is inside a Network Rack with ample Airflow and the unit has no devices in near proximity that emit heat to it. (2 U above or below)
The device itself is warm to the touch.
Why do I complain?
It is marketed as a Desktop device - My thoughts were: Very Quiet, almost silent
The device could be next to me without giving me headaches.
Even my Laptop that is quite a performance monster (Alienware m17 R4) is quieter than the Sophos XGS and it has a i7 10Gen CPU and a RTX 3080 GPU built in. ^^ (It is running Windows XD )
Since I do not know what is inside and Sophos does not disclose that information publicly. Would suggest a vapor chamber and silent fans. The noise comes from the electric motors inside the fans. (And have a distinct HUMMMMM to them)
Thank you for reading - Best regards
Val.
This thread was automatically locked due to age.
