We are using the XG firewall 18.04 and having issues with it to run as an internet proxy.
Problems
- SSO, STAS, AD authentication, identity probe timeput triggers local login user portal. Fixable by not restricting internet use during identity probe.
- Web policy allow all with matched users will randomly block random categories. Even with allow all as web policy.
- unchecking match users with web policy default workplace policy becomes sloooow after a while and eventually the connection will time out. You see attempting to establish secure connection.before the connection times out.
This is still a test setup and http(s) scanning and decrypting is not even enabled yet.
Is Sophos coming with a Central alternative? Advise for other vendors like maybe zscaler? we would like to use SSO, AD groups to regulate web policies, url sets.
Thanks,
Fred