Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 8869 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

The big challenge this weekend cutover to XG

IanMorehouse

I have built my vlans, not tested.

I have limited mail policies in place - outgoing mail gets scanned on the incoming profile.

I have a country blocking policy in place - nothing blocked yet.

I have a voip policy - not tested and this where the country blocking should come into play.

Two APs will die until I am happy the VLANs and VoIP are working.

I have spent a lot of time setting this up and compared to a UTM, the UTM is way easier.

The interfaces are not friendly at all, though they are better than the beta versions.

I am not convinced the web proxy works in transparent mode because you need to enable NAT which defeats the proxy.

I have clientless users and I am looking forward to the next release when the clientless users can be created without an email address.

I would like to see only clientless users that have passed traffic to appear in the daily reports. I have setup about 20 extra clientless users for visiting relatives and athletic PC. To go through an disable these after the users leave is an absolutely stupid idea and quite time consuming.

Ian

More stuff. I have created new clientless groups for the VoIP phones and users on the user vlan. Debugging will be a pain, there aren't sufficient tools that you can have opne while reviewing policyies.



This thread was automatically locked due to age.
  • 0
    Why in the world would you migrate to XG ? The sophos UTM is great firewall, but the Cyberroam/XG is not. People keep calling this a v1 product but this is just great marketing. Its cyberroam with a new GUI....and cyberroam has sucked for years. Thats not changing because it has a new GUI.

    There are much better firewalls on the market than Cyberroam/XG.
  • 0
    Yes, I agree with your comment about it being a v1 basic release. I am trying to understand the configuration of this product. I have found a lot more features that I can use, but there is lots of room for improvement.The approaches taken appear to be the way of future security devices.
    I have been able to mail scanning working which I had not been able on a UTM.
    I have finally got scanning working on the web proxy (NAT).
    Documentation is very poor and wrong when it comes to smtp setup. In a recent thread comeone posted a pointer to the smtp kba ID 123359.

    I like a challenge and if this works I can save the configuration until the supposed mid Jan 16 release which might have IPv6 and other goodies or just leave it as the guest and mobile device internet access.

    Ian

    Ian,

    home UTM 9.x running in ESXi 6 e3-1275v2

    AP55c and AP10 (courtesy Astaro)

    Three other UTMs, SUM and SFM in hibernation

    XG 15.x MR3 in hibernation

  • 0
    Didn't go to well. VLANs worked eg devices were asigned IP addresses from the vlan ranges. No traffic from the VLANs passed the policies. Don't understand that one because they were in the same policy as the normal network.
    Other issue is the Netgear managed switch will not talk to any port on the XG. I had to put another switch between the XG and the Netgear, strange. Connected the netgear back to the VM UTM and conencted straight away.

    Back to the drawing board.

    Ian

    Ian,

    home UTM 9.x running in ESXi 6 e3-1275v2

    AP55c and AP10 (courtesy Astaro)

    Three other UTMs, SUM and SFM in hibernation

    XG 15.x MR3 in hibernation

Unfiltered HTML