Sophos XG Review

Gives us customizable policies, modifiable templates, and customized rules for single users


What is our primary use case?

It's being used as a UTM, no firewalling. So it acts as a bridge. It doesn't provide the IP services, it doesn't provide DNS, it doesn't provide DHCP services, and it doesn't operate as a router or a point of mapping. It's only being used for filtering: Web and application filtering, as well as antivirus. I usually disable the anti-spam on all those units, because I have a gateway anti-spam server in place.

What is most valuable?

The web and application filters, as well as the quality of service. It has a very friendly interface like the Cyberoam iNG units, it has customizable policies, it has proper templates that you can even modify, and you can customize the rules, down to each single user.

It gives flexibility in the rules and the filters that you apply, based on, for example, the level of usage and the managerial level, etc. It's highly customizable.

The dashboard is customizable as well. It gives you the feature of including what you need to see as soon as you open the dashboard and to remove the non-necessary stuff, which varies from one organization to the next and from one IT manager to the next. And it has a wide variety of reports as well, template and customizable reports.

What needs improvement?

The major problem that I am facing, and I know that others are facing as well, is with the HTTPS classic, in general, or any classic that works on Secure Socket Layers. Let's say I set up a rule to block users from accessing YouTube or Facebook. The rule will only block the HTTP traffic, which is non-secure traffic. But most websites right now, most of the reputable web services providers, for extra security for their own web servers and for the user's security, provide a connection over Secure Socket Layer.

The problem comes when you are trying to block, or allow, similar traffic that uses HTTPS. You have to create a certificate and import it into the users' web browsers, whatever they are using. Now, this is not a problem when you're dealing with users stationed and fixed in a specific site or location. They are using desktops, they will never take the desktops and go home with them, nor will they ever take the desktops and travel to another country, or another site with it. The problem occurs when you're dealing with roaming users who use laptops and have to move between different sites that have different types of policies applied to them. You have to import all sorts of certificates from each site into their browser. Doing so will most probably conflict with something else that is totally irrelevant and cause a problem.

A way around this is if you are using authentication with Active Directory. But most of the time, especially if you're operating in a remote site with a very slow internet connection, if it's available in the first place, authentication with Active Directory is impossible. 

So it needs an easier way to apply HTTPS filters, without importing certificates into users' browsers and without the need for using an Active Directory. There must be a way around it. There are workarounds. But with applied workarounds, it will work out once, it won't work out properly 10 other times. That is my only request.

Also, since Sophos took over Cyberoam, the online technical library and support library have become super messy. To get a piece of information is becoming a nightmare. They need to reorganize the online technical support and technical library. The easiest way to overcome this is to look at how the Cyberoam online technical library was structured and to build the Sophos technical library the same way. It is messy, totally unorganized, time-wasting. Instead of getting what you want in five minutes it takes half an hour.

What do I think about the stability of the solution?

Stability is good. I was so happy with the Cyberoam iNG unit, and I think the Sophos XG series is exactly the same as the Cyberoam iNG unit. It's a very good unit for a smaller or medium business. It's very stable and it takes overload easily, so it can add to the throughput. It has versatility, it will support extra users, it will support extra bandwidth, to a limit, and it keeps on working as a monster. I have barely replaced any of those units through the years.

What do I think about the scalability of the solution?

Scalability is brilliant.

How is customer service and technical support?

I usually deal with one of the major partners in Egypt. The name is Gateworx. I've been dealing with those guys since my previous company, back to 2002. Even when we're buying devices that will be used in other countries outside of Egypt, we get them from them.

They provide outstanding technical support and they provide outstanding pre-sales services. If I require a device to be delivered to a country outside of Egypt, they contact the partner directly and they set up everything, and I get the hardware delivered. They are outstanding.

This is one of the major reasons we didn't look at another UTM or firewall through the years. These guys were a proper representative of Sophos and Cyberoam.

Which solutions did we use previously?

I've used heaps of them through the years. I've used Fortigate, which is now Fortinet. I've used Websense, they issued something like that years ago. ISS issued something like that years ago.

Sophos UTM, along with Cyberoam UTM, since they are both the same - it's only a different interface and a different hardware look - they provide the best value for the money. You get the best features for the best cost. They are the best, to a certain limit for a certain usage. I never use any of those units as a firewall. What I usually do is, I have an edge firewall responsible for routing, switching, and firewalling. And then I deploy the UTM behind it, only for filtering.

The most important criteria when selecting a vendor include getting the best features that you can get for an equivalent cost, so you're paying for what you're getting. You don't want to be paying for the name or the brand or the reputation of it. Also important are pre-sales services and "1000-percent" technical support services, in the environment and the remote areas we operate in, the warranty services as well.

How was the initial setup?

The setup is straightforward. But what could be a straightforward setup for me might be complex for others. It depends on your level of experience, the training that you got, and the engagements.

They have a setup wizard, and I have had heaps of technicians, over the years to set it up, even initially.

Which other solutions did I evaluate?

I was looking at either Cyberoam iNG or Sophos XG.

What other advice do I have?

My advice would vary based on your requirements. If you have a dedicated edge firewall, like Cisco ASA, you should get Cyberoam iNG and Sophos XG. They will do the job brilliantly. They will take the load, they will do a fantastic job.

If you are looking at units that will do both jobs - being an edge firewall and a UTM at the same time - with routing features, if you are going with Cyberoam and Sophos XG, I'd always recommend that you buy a higher model than what will meet exactly their requirements. So let's say that I'm looking at features that could be fulfilled with an XG 125 or 115, but I want to use the same unit as a firewall. I'd step up and buy an XG 135. You will always need those extra machine resources when you're providing routing, switching, and firewalling as well. Both of those products provide the best support ever, for the money being paid.

I rate it at eight out of 10. It's not higher because of the HTTPS issue that I told you about. That's my major issue. That's a super-disastrous issue that, unfortunately, cannot be solved easily.

And, sometimes we'll get a specific detailed report, stressing a certain aspect and it's not straightforward. I'll be able to do it, but then I'll have to combine or merge more than one, two, or three reports to get the results that I want. So more specific reports would be good. But then, again, there is a work-around by customizing the reports you want and then getting several reports and comparing them together. It's workable. My only issue is trying to save time, administration time is an issue for us.

But other than that, I'm happy. The product is brilliant, support is brilliant.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email