Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 23 replies
  • Subscribers 53 subscribers
  • Views 68268 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG firewall, can't say I'm impressed

Sci-Tek

Attempted today to swith out the old UTM with XG firewall (home use). Been using this product since Astaro 4.7 (I think), and loved it since day one.

And I can't really say I'm impressed with XG firewall. The GUI is messy while im sure the touch fanboys will love it, personally I hate it. 

There don't seem to be a option to see live log. It could be that I didn't look good enough tho. 
Country blocking, couldn't get it to work. Don't know if it was even supposed to work. 
Specifying FW rules was horrible. I think I actually prefer Windows firewall rule adding to this. 

Reporting was powerfull and I can see thats a improved area.

Unfortunatley the XG firewall named Batman was decapitaed and nuked from orbit. Atleast I tried and wanted to like it.



This thread was automatically locked due to age.
Parents
  • 0
    Live log, doesn't really exist, in fact logging looks very much like a home router and even they in a lot of cases have more information.
    Countries does work. There is another thread I did answer this on. You need to create a country group, then use that group in a blocking/disallow policy at the top of the policy order.

    Ian M

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk
    Rfcat,

    I agree with you and I advice all to vote/open feature request. I think that we need to wait for a couple of release before they can integrate more features inside XG. For sure, logging and some other basic function should be already available but they did not spent so much time on these things but from my point of view the XG base is much better than UTM9, such as:
    Reporting
    CLI
    Unified Policy concept
    IPS: per rule so better performance in general
    Custom IPS rules
    OS: smaller and many packages are absents for better security (it's a firewall)
    Rules per users
    QOS per users
    Agent for Terminal Services

    At the moment I install XG and I still have it at home to get confidence with it, to find bugs, to open feature request in order to sell the XG in 2017, if they will integrate the proper features and improve GUI, otherwise we will see.

    Luk
  • 0 in reply to lferrara
    Hi Luk,
    yes the foot print is smaller than the UTM 9, but the feature set is also smaller.
    IPS, I am not sure about because the included package is older than the UTM 9 version.
    You can do rules per user in UTM, not sure why you would want to unless you had an AD to enforce access rules.
    QOS, again you could setup QOS in UTM 9 if you so desired.
    CLI is better and more easily accessed if you leave a console and keyboard attached to your SF-OS.
    I have been reviewing and voting for some of your feature requests.
    ATP does appear to work better.

    Adding my little bit of support so the product can grow.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk
    Thanks RFcat for your feedback and votes. I already wrote that IPS engine is older than the one used in UTM but I think they will upgrade to newer version.
    QOS/time access is much better than UTM now. ... if you think about Application control (time range rules is not possible) and users do not have bandwitdth allocation, so....

    At the moment we are in a hope and building phase.

    Keep feedbacking and writing!!!!

    Regards,

    Luk
  • 0 in reply to lferrara
    the only reasonable thing Sophos could do at this point is to torch XG and bury it deep in the backyard and than focus their work on UTM 9, build on that and keep a good firewall solution alive instead of trying to push down XG our throats.

    ---

    Sophos UTM 9.3 Certified Engineer

Reply
  • 0 in reply to lferrara
    the only reasonable thing Sophos could do at this point is to torch XG and bury it deep in the backyard and than focus their work on UTM 9, build on that and keep a good firewall solution alive instead of trying to push down XG our throats.

    ---

    Sophos UTM 9.3 Certified Engineer

Children
No Data
Unfiltered HTML