RANT

I've worked with many firewalls over the years and have never come across anything as buggy as Sophos XG. I don't even know where to start so will just do a brain dump.

1. Web Interface/CLI - The web interface is slow and clunky and sometimes just hangs. A reboot fixes it but sometimes on reboot it takes 5 min to come up, sometimes 15 min.

2. Configuration disparity - At times, the Web UI configuration will show different values to the CLI. Reboot needed to resolve and you never know which config you'll end up with.

3. OSPF - Adjacencies not forming. The configuration is correct, packets are arriving at the interface but the XG just decides not to process them. It doesn't drop them, it just does nothing. Again, a restart is needed to resolve.

4. Buggy firmware - It has happened more than once now where what should be a simple firmware update, bricks one of the devices in an HA pair. Rebuild needed to resolve.

The above has happened across multiple deployments now, all different models so it's unlikely I just got a bung unit.

What I think is the worst is the lack of consistency. As an engineer you never know if you did something wrong or if the firewall is having a tantrum.

Hope other people have had better experiences but for me this bridge has been burned.

RANT OVER

I love the concept of both but I’m conscious of the 4 core/6GB ram limit on the Sophos. I much prefer the fully included WAF/DPI vs the kneecapped “free” Zenarmor which offers the alternative for OPNSense.

Sophos seems to have more features as a NGF than OPNsense, but I’m worried I’ll loose performance due to the limits. Where as I have no limits in OPNSense.

I’m looking at getting a 6 LAN 2.5Gbe i3-N305 box or with the i5-1235u if that helps.

Please could users with experience of both give me advice on how you find them “real world”. I have only tested them in a lab environment before I pull the trigger and buy a firewall box.

I try...I really really try to love it, but it is literally the absolutely worst firewall product I have ever used in 20+ years.I want to write a book on all of the things that are wrong with it, but I need to enjoy the rest of my life in peace.What are the things you all don't like? Maybe our lists will align.

EDIT: For clarification....this is hopefully going to provide some insight to Sophos on what to FIX... because, it doesn't seem like after 6+ years they are making much progress...AND, XG does actually have a lot of potential, it just needs a LOT of TLC. Maybe we can make a difference, and make the product usable and functional in larger and more complex environments (where it seems to fall on its face most often).

We're a very small MSP with very good clients. So my boss is pushing the idea to start migrating UTMs to XGs, some clients are sold on it. I'm planing on staying with the company for about one more year.

Other than the fact that Sophos will at some point terminate the UTM, is there any really good reason to migrate, other than it being "next gen." and zone based? To be completely honest, the whole synchronised security thing smells like pure marketing to me, with only little value, and also, Sophos Central can isolate the endpoint without it as well.

Thing is, I really hate the XG, I've set up 2 new clients with it, I've dealt with support being unable to solve some of my problems which simply resultet in giving up and looking for workarounds, it just feels like a beta version all together, I am hating the whole logic and especially the logging, and I am 100% certain that in the future, I will not work for any company that will be using it unless something big changes with it.

I think you already got the idea, my plan is to push back on those migrations until I'm out.

So, thoughts? What do you think, does the XG offer any real advantages compared to any competing firewalls, the old UTM included?

Hi everyone,

I'm planning to build a 10 Gbit homelab and I have a Sophos XG 330 appliance which includes 2 x 10 Gbit SFP+ ports. I’d love to use these for high-speed connectivity in my setup.

However, according to the official Sophos Firewall Home FAQ (Sophos Firewall: Sophos Firewall Home FAQ - Recommended Reads - Sophos Firewall - Sophos Community - Connect, Learn, and Stay Secure), it seems that only 1000 Mbps is officially supported for the Home Edition.

Has anyone managed to get Sophos Home running with 10 Gbit interfaces? If so, does it actually work at full speed, or are there limitations?

Thanks in advance!

EDIT:
Update: Sophos XG Firewall Home Edition with 10 Gbit SFP+ – Successful Bare-Metal Setup

Just wanted to share a quick update for anyone following this thread or planning a similar setup:

I’ve completed a bare-metal installation of Sophos XG Home Edition on a Sophos XG 330 appliance, and everything is working flawlessly. All 12 interfaces are correctly recognized in the GUI, and I’m seeing a full 10,000 Mbps bandwidth on the SFP+ ports.

Contrary to the official FAQ stating that only 1 Gbit is supported, I’ve encountered no technical limitations with 10 Gbit connectivity. Also, the interface naming mismatch that was mentioned earlier did not occur in my case—each port was mapped correctly from the start.

For the installation, I followed this excellent guide:
Sophos XG Home on a Sophos appliance | HiFish.ch
It was straightforward and very helpful for getting the Home Edition running on official Sophos hardware.

Thanks again to everyone who contributed insights. I’ll continue testing and will share more findings if anything interesting comes up. Feel free to ask if you're planning something similar!

This question raises a lot recently, due the EOL (End of Life) of XG Hardware. You can follow the Guide on the Sophos Community to install Sophos Firewall Home on your XG Hardware to reuse the hardware for Home / Community use cases.

https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/149172/sophos-firewall-install-sophos-firewall-home-on-sophos-xg-hardware

I just snagged a Sophos XG 210 Rev. 3 for $100, and I was hoping to get some insight as to the optimal configuration of this unit. I am interested to hear your suggestions and learn about your setups.

To start, the unit will be deployed for security purposes in my startup, which is in commercial property that I am living in- (Which makes it a Homelab, riiiiight?!?)

Not a ton of traffic or endpoints, (traffic is @ ~ 1Gbps , ~30 endpoints) but the network needs to be locked down.

After comparing the cost of getting a basic SFF PC like Optiplex or Elitedesk and a decent NIC, Mini PCs like MINIS Forum or Zotac, and even enterprise boxes like HP Z-series, I figured a 1U setup for $100 would be cost effective, robust, reliable, and simple to deploy. (Although, not particularly energy efficient). There is already a rack setup with some decent managed switches and space for a NAS, maybe a cloud-gaming server and some generative AI GPUs as well?

I was wondering what the possibilities are for a decent CPU upgrade, if there are any work arounds for the single SATA port to create a mirrored drive, and recommendations for OS / applications and/or hardware upgrades like Flexiport modules to utilize the full capacity of this rig by expanding to future proof the setup.

I am planning on OPNsense, Suricata, ZenArmor, VPN, basically all the IPS stuff I can throw at it, and hopefully learn about some cool new stuff as well.

I am aware of the limitation of Sophos Home, and am thinking OPNsense or possibly OpenWRT will be the best fit.

For hardware, ideally upgrade to 4c/8t T-series cpu, enterprise SSD, and 16GB of 2133/2400T-series RAM. I would like to know about the Checkpoint modules that may be compatible with this rig, as the Flexiport sells at a high premium.

From what I have gathered so far, I will start with a CPU upgrade that is ideally an i-series "T" variant, or Xeon "L" series. (I have a Xeon E3-1230 v5, i7-7500T, 6700k, and maybe a few other Skylake, Kaby lake CPUs to try).

Will I need to load up Sophos Home and try to update the motherboard BIOS before upgrading the CPU? (The motherboard is proprietary and the BIOS is not publicly available, correct?)

Depending on the health of the drive, I will get an Intel DC S3520 150GB (or something similar) or should I toss in a basic 120GB SSD?

Out on a limb here, but is it possible to use the PCIe port used by the expandable bay to run an NVMe adaptor or something?

Am I overlooking or missing anything, did I pay too much or get the wrong hardware? Thoughts and insights appreciated, thanks in advance!

***Random bonus question- can I get the LCD screen to work in OPNsense?!?

I work for a small business with <25 users distributed technically in 3 offices. We already had random issues with SSL VPN that worsened lately and now a previously fine IPsec tunnel broke down.. No matter how I redo our networks, re-create firewall and NAT rules the number of issues and bugs I run into just increases. The painfully slow hydra makes the already time consuming troubleshooting worse..

The good thing I just learn that we are not tied to Sophos even if our licenses are still valid for some more time.

I'm free to choose new product(s), get these devices nuked and re-architect our network infrastructure. So here I am starting my weekend with researching alternatives

Does anyone uses Sophos firewall home? Is it wort trying? I use PFSense now, with lots of settings ( pfblocker, snort, ha proxy, 2 VPN, 5 VLAN). Is the home version enough for these? Thanks for the answers.

Does Sophos still imposes a 6gb limit for ram?

I was hoping for those whom work with Sophos XG firewalls could provide some feedback.

We have a few in deployment, but on version 16 and 17 of their firmware have hit a number of issues this includes but not limited to;

• NAT rules not working (version 17)

• VPN connectivity issues - to other Sophos XG's (ver 16 to ver 17)

• A lot of HA issues - mainly the cluster dying after a failover. (both ver16 and ver17)

• Default administrator account locking out, no longer can use it after HA failure

I could go into a lot of detail about each of the issues if needed, and we've been intouch and working with Sophos on all of them. A lot of the issues were in the version 16 of firmware, we were assured these were all fixed in version 17, but we are still seeing various issues out in production.

I'd be greatful of feedback from those out there who either deploy or administer Sophos XG firewalls.

EDIT: full breakdown of issues experienced with one cluster here

We use SonicWALL firewall/UTM at our company. It's really nice and we make good use of it between the various security services, but it still seems to lack some of the functionality we are looking for. We did a little bit of research and Sophos XG looks like it might be a really good fit for us as a firewall/UTM, and we would also be using their endpoint protection services well.

I was just wondering if anyone had any experience with Sophos XG and could offer some input/ feedback. Was there anything unexpectedly negative about it? How is support?

We did have a product demo and everything looked really good but I'm still looking around for various bits of feedback from actual customers.

EDIT2: Rural County Govt - Solo Admin

We've been running Sophos UTM appliances for almost the last decade with very very few issues. On the most recent renewal we were told we HAD to go to the new XGS appliances and that it would be an easy transition. BULLSHIT!

EDIT We are a small team, there's just myself and the network admin and we are already stretched thin. Trying to tackle this has us both ready to down a bottle of Jack during the work day.

After purchasing we find out that the quote we got to replace our UTM FULL GUARD doesn't contain the email protection so that's another 10k we have to pull from budget.

1. You can't just take your config and transfer it, you have to send it to Sophos and they will run some type of voodoo magic to make it compatible. But not all of it.

2. You have to rebuild all of your firewall rules manually, awesome, that's 600+ rules I have to compare and re-do in the new "intuitive UI".

3. Oh and your multipath rules don't carry over, you have to rebuild those.

4. Oh and that great feature of creating "Additional Addresses" for interfaces if you are using multiple Public IPs? Yeah that's not a thing, you can only create an un-named alias on the primary interface. And then you are creating your rules you have no idea which one it is since they are not listed sequentially and you have to mouse over each one to find the right IP.

Gone are the days of having x.x.x.x "<Application> Public IP", now it's "<Interface Name>:<vlan>:<random number>" And those new names don't even show in the interface list IN ORDER.

And you can't toggle those aliases on and off for testing, you have to completely DELETE the alias and in doing so any rules you had created using that alias just remap to the next one on the list. WHAT THE FUCK?!

5) For NAT rules, the UTM had an option to automatically generate firewall rules, awesome. Not in XGS, BUT if you create a firewall rule you can automatically create a NAT rule, as long as you check the box before clicking save, otherwise you have to delete the rule and do it all over again.

This has been the most frustrating and time consuming hardware migration I have ever been a part of, it took so long to get the appliances on site that we are now having to get monthly extensions of our current license and I can already tell the rep is getting annoyed, probably because we didn't pay Sophos directly ANOTHER 10k for 16 more professional hours. Sophos support was so horrible to the point we reached out to a contractor to help fill the gaps and even they are getting frustrated.

I'm working for an MSP and we're deploying Sophos firewalls. Reasons are the filtering capabilities customers like to have (although I'm not particularly fond of the configuration interface), central management with additional REDs and the bundling of other Sophos products. The firewall market is large though, so what arguments do you bring up when selling or using a Sophos firewall?

Hey there, I'm looking for a firewall for my homelab and home, I would really like to have some fun with NGFW features, like IDS, IPS and DPI, and maybe other features I'm not aware of now, I have never took a deep dive into next gen firewalls to be fair.

I'm considering buying a Sophos XG 330 Rev 2, and installing OPNSense, and run Suricata on a VM in my hypervisor, but I've read in a reddit post that Sophos Home Edition has some NGFW features and it's free.

Which path would you guys choose and why?

It would be possible to install it on a Sophos hardware since they're basically a PC?

Disclaimer: My home/lab contains less than 100 endpoints, two 1Gbps links but the usual traffic is about 200Mbps maybe

Ubiquiti: I know they have some IDS and IPS and a fancy dashboard, but I've saw a lot of users talking about how a lot of features are half baked and poorly implemented, and their updates always break something. All that makes me stay away from their L3 devices...

I have used Sophos XG Home for years mostly because it was the only solution I could find that would block P2P file sharing to avoid legal hassles from guest users and visitors.

However, their software has really went down hill since v16 of the firmware. It is almost completely unusable because of instability.

On top of that, the community isn't allowed to discuss actual problems.. anything disparaging is deleted and censored..

So if you post looking for assistance you will get responses like:

1. your hardware is bad

2. your wan link is bad or unstable

3. troubleshooting next gen firewalls is difficult

But really, a firewall product should work out of the box with default settings..

Hello.

I have been looking at some used Sophos appliances to install XG Home on for home use and I would like to learn more about them. Hence a few questions.

1. Are there any differences between SG appliances and XG appliances? (like SG 330 & XG 330)

2. Let's say I'm looking at an XG 330 appliance and I see Rev. 1 and Rev. 2 appliances for sale. Are there any/major differences between the revision numbers for that XG 330?

3. Should I buy the appliance with the latest revision or would make no difference?

I'm thinking of purchasing either a 1u Supermicro appliance or a Sophos appliance but I have not made up my mind yet, and I want 10g SFP+ capability.

Thanks for reading and if you post, thanks posting.

Hello, the CTO at the company I work for recommended that I learn about firewalls with a graphical interface and told me to look into getting a physical sophos firewall to practice on. I'm not sure which sophos firewall to get for home use. I have a cisco lab that I would hook it up too that I'm trying to make separate from my personal home network. Not looking to spend a lot of money. I'm trying to get into cyber security (hopefully without learning to code) and a little networking. I assume I have to learn the latter to get into the former. I know they get expensive, but any help would be appreciated.

Thank you

Hello. I am interested in Sophos for home use and I have some questions.

1. Can the home edition use more than 2 network interfaces?

2. Is the home edition limited in what network inteface chips/cards it can use?

3. Is there a way around the 4 core & 6 gig limitation as I would like to use a more robust system?

4. What anti-virus engine does it use?

5. Can one buy a used Sophos appliance and install the Firewall Home edition onto it?

6. Is the home edition a full blown software solution that would be as powerful as if one were to purchase an appliance that came with the software for business?

Anything else you can tell me would be greatly appreciated.

Thanks