Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos sizing tool - what is Authentication?

Hi,

I am sizing firewall for a company and trying to predict what HW I would need - XGS-136 or XGS-2100, as it is more than 100% price difference. And I am struggling with AUTHENTICATION. What does this mean, how many users will authenticate? What does this mean? Comapny has 150 users, but are they authenticated automatically, or I need to link local domain AD with Sophos or something? Do I need Authentication for WEB and MAIL filtering to work?

Because, if I enter:

  • 0-10 Authenticated users, XGS-116 is enough
  • 50 authenticated users, tool recommends XGS-2100, that's triple the price!



This thread was automatically locked due to age.
Parents
  • Hi Andrej Pirman

    Authentication means number of end users  behind the Sophos XG firewall 

    How many ISP will connect to Sophos XG firewall with bandwidth ?

    Regards

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • Huh, that's what I was afraid of.

    But do clients need to login anywhere, have any client installed, or RADIUS or AD authentication to be used? If it is bare user recognition as an identity, which uses resources, why is then called "authentication" if no authentication mechanism is used? I still hope you might be wrong Slight smile

  • Hi Andrej Pirman

    I believe it depends on the total number of users behind the Sophos XG firewall and total bandwidth you have from ISPs connected to meet your business needs 

    If you're unsure how to interpret the results from the tool or unsure of the correct inputs, please reach out to your channel account manager and your sales engineer for assistance.

    If you've got any feedback or need to report a bug for the Firewall Sizing Tool please email gsedevelopment@sophos.com.

    Thanks and Regards

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • Well, I do not want to sound rude, but it is unclear to me:

    I know firewall can also authenticate users either via some login form, or via some client. This is by my understanding some kind of authenticated user, because it interacts with user to exchange some login credentials. The other way firewall works is by identifying users by resource usage, for example, an e-mail recipient behind firewall is not authenticated, but is detected identity.

    So if there is an OPTION to use some authentication mechanism, but this option is NOT MANDATORY, I still do not have an answer, what does "Authenticated users" in this tool wizard mean:

    • is it meant as "uses behind firewall", be it authenticated via client, login form or un-authenticated, just as you said,
    • or is ti meant strictly authenticated user, which uses some authentication mechanism, which is NOT mandatory and firewall features, like WEB and MAIL filtering can be used without it

    I hope I clarified my question better now. :)

    ...or to rephrase my MAIN question - what firewall to use for my client:

    • 100/100 Mbps optical link, maybe will be upgraded to 200 Mbps
    • dual-WAN with conditional NAT, one goes into dedicated intranet, the rest goes to internet, depending on IP target
    • some 100 users, might grow to 150 in next years
    • users are not heavy (it is health institution), just light browsing and e-mail
    • 10 site-to-site IPSec VPNs to off-site locations
    • 3 VPNs to outsourced dedicated services
    • need protected WEB browsing and MAIL traffic

    I am targeting either XGS-136 or XGS-2100. Former is preferred due to acceptable price.

    Suggestion welcome.

  • Go with Recommended appliance 

    The same appliance you can use with and without Authentication 

    Regards

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • Thank you.

    I was hoping there's some glitch with this "Authentication" thing, which I still do not know, what it means and if there is an option to have un-authenticated users and what then in such case - do un-authenticated users (on UTM) count as authenticated (in sizing tool). But nevermind, I will search for this info elsewhere.

    Regarding sizing recommendations, those are way beyond customer's budget. And beyond my ability to explain, why would they go from existing Draytek router for 230 EUR to 18.000 EUR worth equipment UTM. No way anybody would understand.

Reply
  • Thank you.

    I was hoping there's some glitch with this "Authentication" thing, which I still do not know, what it means and if there is an option to have un-authenticated users and what then in such case - do un-authenticated users (on UTM) count as authenticated (in sizing tool). But nevermind, I will search for this info elsewhere.

    Regarding sizing recommendations, those are way beyond customer's budget. And beyond my ability to explain, why would they go from existing Draytek router for 230 EUR to 18.000 EUR worth equipment UTM. No way anybody would understand.

Children
  • Hi,

    authentication is when you want your users to be authorised to access the internet, there are a number of methods. If your approach is open connections that allow any users or device out, then you don't need authentication services on the XG.

    I hope that helps clarify the issue?

    The XGS136 with your load should be adequate. Do not buy the W version, buy seperate Shops APs to allow better placement.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Excellent, thank you very much for clarification! I do know something about firewalls in general as I manage some dozens, but I am far from Sophos UTM specialist, so it helps a lot to get some explanation :) I will still try to go with larger model XGS-2100 if customer will be able to find some budget.