RANT

I've worked with many firewalls over the years and have never come across anything as buggy as Sophos XG. I don't even know where to start so will just do a brain dump.

1. Web Interface/CLI - The web interface is slow and clunky and sometimes just hangs. A reboot fixes it but sometimes on reboot it takes 5 min to come up, sometimes 15 min.

2. Configuration disparity - At times, the Web UI configuration will show different values to the CLI. Reboot needed to resolve and you never know which config you'll end up with.

3. OSPF - Adjacencies not forming. The configuration is correct, packets are arriving at the interface but the XG just decides not to process them. It doesn't drop them, it just does nothing. Again, a restart is needed to resolve.

4. Buggy firmware - It has happened more than once now where what should be a simple firmware update, bricks one of the devices in an HA pair. Rebuild needed to resolve.

The above has happened across multiple deployments now, all different models so it's unlikely I just got a bung unit.

What I think is the worst is the lack of consistency. As an engineer you never know if you did something wrong or if the firewall is having a tantrum.

Hope other people have had better experiences but for me this bridge has been burned.

RANT OVER

I try...I really really try to love it, but it is literally the absolutely worst firewall product I have ever used in 20+ years.I want to write a book on all of the things that are wrong with it, but I need to enjoy the rest of my life in peace.What are the things you all don't like? Maybe our lists will align.

EDIT: For clarification....this is hopefully going to provide some insight to Sophos on what to FIX... because, it doesn't seem like after 6+ years they are making much progress...AND, XG does actually have a lot of potential, it just needs a LOT of TLC. Maybe we can make a difference, and make the product usable and functional in larger and more complex environments (where it seems to fall on its face most often).

I love the concept of both but I’m conscious of the 4 core/6GB ram limit on the Sophos. I much prefer the fully included WAF/DPI vs the kneecapped “free” Zenarmor which offers the alternative for OPNSense.

Sophos seems to have more features as a NGF than OPNsense, but I’m worried I’ll loose performance due to the limits. Where as I have no limits in OPNSense.

I’m looking at getting a 6 LAN 2.5Gbe i3-N305 box or with the i5-1235u if that helps.

Please could users with experience of both give me advice on how you find them “real world”. I have only tested them in a lab environment before I pull the trigger and buy a firewall box.

We're a very small MSP with very good clients. So my boss is pushing the idea to start migrating UTMs to XGs, some clients are sold on it. I'm planing on staying with the company for about one more year.

Other than the fact that Sophos will at some point terminate the UTM, is there any really good reason to migrate, other than it being "next gen." and zone based? To be completely honest, the whole synchronised security thing smells like pure marketing to me, with only little value, and also, Sophos Central can isolate the endpoint without it as well.

Thing is, I really hate the XG, I've set up 2 new clients with it, I've dealt with support being unable to solve some of my problems which simply resultet in giving up and looking for workarounds, it just feels like a beta version all together, I am hating the whole logic and especially the logging, and I am 100% certain that in the future, I will not work for any company that will be using it unless something big changes with it.

I think you already got the idea, my plan is to push back on those migrations until I'm out.

So, thoughts? What do you think, does the XG offer any real advantages compared to any competing firewalls, the old UTM included?

Hi everyone,

I'm planning to build a 10 Gbit homelab and I have a Sophos XG 330 appliance which includes 2 x 10 Gbit SFP+ ports. I’d love to use these for high-speed connectivity in my setup.

However, according to the official Sophos Firewall Home FAQ (Sophos Firewall: Sophos Firewall Home FAQ - Recommended Reads - Sophos Firewall - Sophos Community - Connect, Learn, and Stay Secure), it seems that only 1000 Mbps is officially supported for the Home Edition.

Has anyone managed to get Sophos Home running with 10 Gbit interfaces? If so, does it actually work at full speed, or are there limitations?

Thanks in advance!

EDIT:
Update: Sophos XG Firewall Home Edition with 10 Gbit SFP+ – Successful Bare-Metal Setup

Just wanted to share a quick update for anyone following this thread or planning a similar setup:

I’ve completed a bare-metal installation of Sophos XG Home Edition on a Sophos XG 330 appliance, and everything is working flawlessly. All 12 interfaces are correctly recognized in the GUI, and I’m seeing a full 10,000 Mbps bandwidth on the SFP+ ports.

Contrary to the official FAQ stating that only 1 Gbit is supported, I’ve encountered no technical limitations with 10 Gbit connectivity. Also, the interface naming mismatch that was mentioned earlier did not occur in my case—each port was mapped correctly from the start.

For the installation, I followed this excellent guide:
Sophos XG Home on a Sophos appliance | HiFish.ch
It was straightforward and very helpful for getting the Home Edition running on official Sophos hardware.

Thanks again to everyone who contributed insights. I’ll continue testing and will share more findings if anything interesting comes up. Feel free to ask if you're planning something similar!

This question raises a lot recently, due the EOL (End of Life) of XG Hardware. You can follow the Guide on the Sophos Community to install Sophos Firewall Home on your XG Hardware to reuse the hardware for Home / Community use cases.

https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/149172/sophos-firewall-install-sophos-firewall-home-on-sophos-xg-hardware

I just snagged a Sophos XG 210 Rev. 3 for $100, and I was hoping to get some insight as to the optimal configuration of this unit. I am interested to hear your suggestions and learn about your setups.

To start, the unit will be deployed for security purposes in my startup, which is in commercial property that I am living in- (Which makes it a Homelab, riiiiight?!?)

Not a ton of traffic or endpoints, (traffic is @ ~ 1Gbps , ~30 endpoints) but the network needs to be locked down.

After comparing the cost of getting a basic SFF PC like Optiplex or Elitedesk and a decent NIC, Mini PCs like MINIS Forum or Zotac, and even enterprise boxes like HP Z-series, I figured a 1U setup for $100 would be cost effective, robust, reliable, and simple to deploy. (Although, not particularly energy efficient). There is already a rack setup with some decent managed switches and space for a NAS, maybe a cloud-gaming server and some generative AI GPUs as well?

I was wondering what the possibilities are for a decent CPU upgrade, if there are any work arounds for the single SATA port to create a mirrored drive, and recommendations for OS / applications and/or hardware upgrades like Flexiport modules to utilize the full capacity of this rig by expanding to future proof the setup.

I am planning on OPNsense, Suricata, ZenArmor, VPN, basically all the IPS stuff I can throw at it, and hopefully learn about some cool new stuff as well.

I am aware of the limitation of Sophos Home, and am thinking OPNsense or possibly OpenWRT will be the best fit.

For hardware, ideally upgrade to 4c/8t T-series cpu, enterprise SSD, and 16GB of 2133/2400T-series RAM. I would like to know about the Checkpoint modules that may be compatible with this rig, as the Flexiport sells at a high premium.

From what I have gathered so far, I will start with a CPU upgrade that is ideally an i-series "T" variant, or Xeon "L" series. (I have a Xeon E3-1230 v5, i7-7500T, 6700k, and maybe a few other Skylake, Kaby lake CPUs to try).

Will I need to load up Sophos Home and try to update the motherboard BIOS before upgrading the CPU? (The motherboard is proprietary and the BIOS is not publicly available, correct?)

Depending on the health of the drive, I will get an Intel DC S3520 150GB (or something similar) or should I toss in a basic 120GB SSD?

Out on a limb here, but is it possible to use the PCIe port used by the expandable bay to run an NVMe adaptor or something?

Am I overlooking or missing anything, did I pay too much or get the wrong hardware? Thoughts and insights appreciated, thanks in advance!

***Random bonus question- can I get the LCD screen to work in OPNsense?!?

Does anyone uses Sophos firewall home? Is it wort trying? I use PFSense now, with lots of settings ( pfblocker, snort, ha proxy, 2 VPN, 5 VLAN). Is the home version enough for these? Thanks for the answers.

I work for a small business with <25 users distributed technically in 3 offices. We already had random issues with SSL VPN that worsened lately and now a previously fine IPsec tunnel broke down.. No matter how I redo our networks, re-create firewall and NAT rules the number of issues and bugs I run into just increases. The painfully slow hydra makes the already time consuming troubleshooting worse..

The good thing I just learn that we are not tied to Sophos even if our licenses are still valid for some more time.

I'm free to choose new product(s), get these devices nuked and re-architect our network infrastructure. So here I am starting my weekend with researching alternatives

Hi everyone. I have a couple questions. I currently run pfSense in my home network/homelab. I was thinking of maybe trying out Sophos XG. I have no problem with my pfSense it runs great but when I was checking out Sophos it seemed to be more similar to what I work with at work which is Palo Alto. For this reason, I was thinking it may better for my learning to have a similar firewall software running in the house for learning purposes. I have one concern though and a couple questions.

My concern is related to hardware. The hardware I have right now running pfSense is a SuperMicro SYS-5018A-FTN4 1U Server barebone. The CPU in it is an Intel Atom C2758 2.4Ghz 8-Core. I have 16 GB DDR3 RAM and a 120GB SSD in it. I read that Sophos XG Home has hardware limitations which are 4cores and 6GB RAM. Is there no way to remove these? By that I don’t mean working around them but is there any paid subscription (that isn’t ridiculously high enterprise pricing) that will remove the hardware limitations? I am really interested in trying Sophos XG but really don’t like that it is going to neuter my hardware killing over half the power of my box.

The questions I had were as follows:

How do vlans work with Sophos XG? Right now, I have one NIC for WAN, one for LAN, and the other two in a LAGG and all my VLANS use the LAGG for the VLAN interfaces. Is it possible to set Sophos up in a similar way? Or is there a better way to set this up that I should be doing?

Any recommendations/guides for initially setting up rules for a home network? I have watched a ton of videos on setting up rules, vpn, web/app/intrusion/etc. policies, and other parts of Sophos XG. I will be turning on many of these things but will not be blocking things like games and other stuff that you would normally block in enterprise but not in a home environment.

Thank you for your help and time.

We use SonicWALL firewall/UTM at our company. It's really nice and we make good use of it between the various security services, but it still seems to lack some of the functionality we are looking for. We did a little bit of research and Sophos XG looks like it might be a really good fit for us as a firewall/UTM, and we would also be using their endpoint protection services well.

I was just wondering if anyone had any experience with Sophos XG and could offer some input/ feedback. Was there anything unexpectedly negative about it? How is support?

We did have a product demo and everything looked really good but I'm still looking around for various bits of feedback from actual customers.

Does Sophos still imposes a 6gb limit for ram?

I was hoping for those whom work with Sophos XG firewalls could provide some feedback.

We have a few in deployment, but on version 16 and 17 of their firmware have hit a number of issues this includes but not limited to;

• NAT rules not working (version 17)

• VPN connectivity issues - to other Sophos XG's (ver 16 to ver 17)

• A lot of HA issues - mainly the cluster dying after a failover. (both ver16 and ver17)

• Default administrator account locking out, no longer can use it after HA failure

I could go into a lot of detail about each of the issues if needed, and we've been intouch and working with Sophos on all of them. A lot of the issues were in the version 16 of firmware, we were assured these were all fixed in version 17, but we are still seeing various issues out in production.

I'd be greatful of feedback from those out there who either deploy or administer Sophos XG firewalls.

EDIT: full breakdown of issues experienced with one cluster here

EDIT2: Rural County Govt - Solo Admin

We've been running Sophos UTM appliances for almost the last decade with very very few issues. On the most recent renewal we were told we HAD to go to the new XGS appliances and that it would be an easy transition. BULLSHIT!

EDIT We are a small team, there's just myself and the network admin and we are already stretched thin. Trying to tackle this has us both ready to down a bottle of Jack during the work day.

After purchasing we find out that the quote we got to replace our UTM FULL GUARD doesn't contain the email protection so that's another 10k we have to pull from budget.

1. You can't just take your config and transfer it, you have to send it to Sophos and they will run some type of voodoo magic to make it compatible. But not all of it.

2. You have to rebuild all of your firewall rules manually, awesome, that's 600+ rules I have to compare and re-do in the new "intuitive UI".

3. Oh and your multipath rules don't carry over, you have to rebuild those.

4. Oh and that great feature of creating "Additional Addresses" for interfaces if you are using multiple Public IPs? Yeah that's not a thing, you can only create an un-named alias on the primary interface. And then you are creating your rules you have no idea which one it is since they are not listed sequentially and you have to mouse over each one to find the right IP.

Gone are the days of having x.x.x.x "<Application> Public IP", now it's "<Interface Name>:<vlan>:<random number>" And those new names don't even show in the interface list IN ORDER.

And you can't toggle those aliases on and off for testing, you have to completely DELETE the alias and in doing so any rules you had created using that alias just remap to the next one on the list. WHAT THE FUCK?!

5) For NAT rules, the UTM had an option to automatically generate firewall rules, awesome. Not in XGS, BUT if you create a firewall rule you can automatically create a NAT rule, as long as you check the box before clicking save, otherwise you have to delete the rule and do it all over again.

This has been the most frustrating and time consuming hardware migration I have ever been a part of, it took so long to get the appliances on site that we are now having to get monthly extensions of our current license and I can already tell the rep is getting annoyed, probably because we didn't pay Sophos directly ANOTHER 10k for 16 more professional hours. Sophos support was so horrible to the point we reached out to a contractor to help fill the gaps and even they are getting frustrated.

I'm working for an MSP and we're deploying Sophos firewalls. Reasons are the filtering capabilities customers like to have (although I'm not particularly fond of the configuration interface), central management with additional REDs and the bundling of other Sophos products. The firewall market is large though, so what arguments do you bring up when selling or using a Sophos firewall?

I have used Sophos XG Home for years mostly because it was the only solution I could find that would block P2P file sharing to avoid legal hassles from guest users and visitors.

However, their software has really went down hill since v16 of the firmware. It is almost completely unusable because of instability.

On top of that, the community isn't allowed to discuss actual problems.. anything disparaging is deleted and censored..

So if you post looking for assistance you will get responses like:

1. your hardware is bad

2. your wan link is bad or unstable

3. troubleshooting next gen firewalls is difficult

But really, a firewall product should work out of the box with default settings..

I’ve been using Sophos UTM in my home lab for a while now and I like it. Nothing too fancy; just some vlans, fairly basic firewall rules, hairpin NAT, IP, web filtering. My only issue is that I’m coming up on the 50 IP address limit, so I thought I’d check out XG.

I’ve installed XG in a VM and have been mucking around with it a bit, but haven’t gone too deep yet. The question is, do I gain anything in XG besides a bit fancier (and albeit more complex) UI and unlimited IP’s? I don’t have a ton of complicated rules, so I wouldn’t worry about “migrating”, and would just do it all manually.

From what I’ve read, most people hate XG in an enterprise environment, the migration from SG/UTM seems to be the biggest pain point. Well, that and people sure don’t seem to like the UI.

Anyway, just wondering what homelabbers think of it.

Thanks!

EDIT: Got this (mostly) up and running. Looks like everything works, except DHCP Relay is busted on VLANs. For now just using the DHCP server for the VLANs while I mess with this some more.

Hey there, I'm looking for a firewall for my homelab and home, I would really like to have some fun with NGFW features, like IDS, IPS and DPI, and maybe other features I'm not aware of now, I have never took a deep dive into next gen firewalls to be fair.

I'm considering buying a Sophos XG 330 Rev 2, and installing OPNSense, and run Suricata on a VM in my hypervisor, but I've read in a reddit post that Sophos Home Edition has some NGFW features and it's free.

Which path would you guys choose and why?

It would be possible to install it on a Sophos hardware since they're basically a PC?

Disclaimer: My home/lab contains less than 100 endpoints, two 1Gbps links but the usual traffic is about 200Mbps maybe

Ubiquiti: I know they have some IDS and IPS and a fancy dashboard, but I've saw a lot of users talking about how a lot of features are half baked and poorly implemented, and their updates always break something. All that makes me stay away from their L3 devices...

Hi We are a small business that is using one of the SOPHOS XGS firewall that is coming to end of life. We have got an update option for 8 months but charging us double for the license fee. What happens if we don’t buy the license. The basic license is till 2099 . It’s a small office up to 10users. Any other suggestions that can help us so that would be budget friendly.

Anyone try using a Vault Pro VP6630 – 6-Port Intel i3?