Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 40 subscribers
  • Views 12392 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SG135 to XG migration with IPV6 and endpoint protection

adhodgson

Hi Guys,

Currently have a SG 135 with the full guard license and 5 endpoint protection.  Only using the HTTP protection and WAF features, as well as desktop AV.  I read somewhere there were issues with IPV6 over PPoE with the XG firewall, is this still the case?  Also, if I upload my UTM9 license into the system, will my endpoint protection get migrated as well?

Thanks.

Andrew.



This thread was automatically locked due to age.
  • 0

    Adhodgson,

    I did not read nothing about the IPv6 bug. For the license, you have to contact your Partner in order to get your license converted. XG does not support Endpoint. You have to migrate to Cloud version and you can make your Sophos AV to talk with the XG (Heartbeat).

    Hope this helps!

  • 0 in reply to lferrara

    Hi,

    Well I tried the OS today on the test SG135 with an AP-100.  It has been a disaster so far:

    - Very sluggish web pages in IE;

    - I connect via PPPoE, the system expects a DHCP network connection on the WAN side to activate, had to find a spare router to get PPPoE up and working;

    - Followed the wizard and changed the IP address of the LAN to 192.168.0.1, this then broke DHCP which had to be set up manually;

    - I managed to get DNS hostnames to resolve, but unable to then browse out to the Internet on any port, I suspect this is because I need to add firewall rules, but not sure;

    - Unable to get wireless working at all - the AP-100 just didn't appear in the access points to register.  I moved back to UTM on the device and may have bricked my AP - I have another thread open for that.

    Overall underwhelmed with the product so far I'm afraid.

    Andrew.

  • 0 in reply to adhodgson

    What DNS servers are you using?  Local, Google, ISP?  I tend to recommend google for speed as a forward resolver on the XG.

    And yes, the XG requires all traffic be matched to a security policy (firewall rules) to get in and/or out.  So you will need to allow http and https out, and in the same rule apply any web filtering policies.

    As for the AP, i've chopped and changed access points between XG and UTM many times; if you do the golden rule is to ensure that the AP is authorised and receives the firmware from the chosen platform before you decide to disconnect it... IF it's the AP100 and it's not coming up in either XG or UTM as an unauthorised device, then there is high chance you've bricked it...

    ==

    When in doubt, Script it out.

Unfiltered HTML