Hi everyone. I have a couple questions. I currently run pfSense in my home network/homelab. I was thinking of maybe trying out Sophos XG. I have no problem with my pfSense it runs great but when I was checking out Sophos it seemed to be more similar to what I work with at work which is Palo Alto. For this reason, I was thinking it may better for my learning to have a similar firewall software running in the house for learning purposes. I have one concern though and a couple questions.
My concern is related to hardware. The hardware I have right now running pfSense is a SuperMicro SYS-5018A-FTN4 1U Server barebone. The CPU in it is an Intel Atom C2758 2.4Ghz 8-Core. I have 16 GB DDR3 RAM and a 120GB SSD in it. I read that Sophos XG Home has hardware limitations which are 4cores and 6GB RAM. Is there no way to remove these? By that I don’t mean working around them but is there any paid subscription (that isn’t ridiculously high enterprise pricing) that will remove the hardware limitations? I am really interested in trying Sophos XG but really don’t like that it is going to neuter my hardware killing over half the power of my box.
The questions I had were as follows:
How do vlans work with Sophos XG? Right now, I have one NIC for WAN, one for LAN, and the other two in a LAGG and all my VLANS use the LAGG for the VLAN interfaces. Is it possible to set Sophos up in a similar way? Or is there a better way to set this up that I should be doing?
Any recommendations/guides for initially setting up rules for a home network? I have watched a ton of videos on setting up rules, vpn, web/app/intrusion/etc. policies, and other parts of Sophos XG. I will be turning on many of these things but will not be blocking things like games and other stuff that you would normally block in enterprise but not in a home environment.
Thank you for your help and time.
There is no way to remove Home’s RAM/core limitations. That’s part of making it free.
I think you can set it up as you say (I don’t use LAGG, though, so can’t be sure). I’m currently using 3 VLANs from my AP, one of which is bridged to my LAN — two ports plus VLAN is my LAN. Also, you want to group things into Zones to make rules independent of device ports or VLANs changing. (Of course, you must update the Zone definition, but no change necessary for firewall rules that use zones.)
Why are you using LAGG? You can easily have multiple LAN segments on separate device ports and you can add them all to a zone for firewall table purposes. LAGG is really for a single high-speed device that can exceed your line speed and which itself supports LAGG. As far as I understand.
Firewall rules are pretty straightforward. There’s an uneditable Drop All at the bottom of the list — the rules are examined top-to-bottom — so everything is dropped until you allow via higher-up rules. Rules mostly are outbound, which then applies to the bi-directional traffic associated with it.
They have an application-based category to restrict high-risk applications that I use at home. Then again I don’t torrent, etc. The major home trick is if you enable SSL/TLS decryption, and Amazon Prime Video, say, adds another domain to its operations and you’re blocking it due to not having it in the SSL/TLS local exclusion list. (Of course, there are multiple steps to get your devices to accept TLS man-in-the-middle.)