untergasse4321 May 2020 11:53Hello! Is there anyone here familiar with the current Sophos XG models? Specifically the XG 115/125. I would like to know if these devices can be used as standard routers, like a Ubiquiti USG for example. I'm not particularly impressed with the USG, and the XGs even offer integrated DSL modem modules.
Thanks!
Thanks!
untergasse4321 May 2020 12:14Thank you! The network is slightly oversized anyway, so that’s not a problem. Am I correct in understanding that, in addition to the appliance, I also need to purchase the annual licenses for the advanced security features?
K
knalltüte21 May 2020 14:33untergasse43 schrieb:
.... Am I correct in understanding that, in addition to the appliance, I also need to purchase annual licenses for the advanced protection features? Yep!
That definitely adds up. And you want to manage it yourself? So, are you from an IT background or have you studied this intensively?
If so, this is certainly one (of many) ways to add extra protection to the network.
Alternatively, you could install pfsense or a similar solution. It doesn’t require license fees, but the deep packet inspection (DPI) is a bit more complex to manage...
(If you go with pfsense, you should buy the Sophos appliance secondhand for around 100 - 150 €.)
It would be a misconception to think that this would replace endpoint protection, but I’m sure you’re aware of that...
untergasse4321 May 2020 14:56Endpoint is a different topic. I have seen the XG simply as a convenient solution to combine firewall, antivirus, VPN, and powerful routing in one system. However, I believe the ongoing costs do not quite justify the benefits for a tech-savvy home.
The costs really aren’t justified.
The firewall on the USG is quite cumbersome. DPI and IPS are better than nothing. How many ports do you want to open? Usually, home networks don’t change much... The firewall rules between VLANs are also quite simple to configure.
For us, traffic from outside will run over VPN.
An alternative would be pfsense.
The firewall on the USG is quite cumbersome. DPI and IPS are better than nothing. How many ports do you want to open? Usually, home networks don’t change much... The firewall rules between VLANs are also quite simple to configure.
For us, traffic from outside will run over VPN.
An alternative would be pfsense.