Sophos SG-230?

Samir

Well-Known Member
Jul 21, 2017
1,739
620
113
46
Anyone familiar with these? Do they require subscriptions to work or do they have some basic features like nat, ipsec tunnels, etc out of the box. Thank you in advance!
 

Skud

Active Member
Jan 3, 2012
129
70
28
For the most part they’re just regular x86 network appliances. You can install just about anything you want.

I have an SG330 as my main firewall and I’ve had pfSense, OPNSense, Sophos UTM, SophosXG, and I’m about to give Untangle a try.

If you want to stick with Sophos then you can get free for home licenses but you’ll need to reinstall the Sophos software from the home edition download for the UTM version. Not sure about XG. The “appliance” version doesn’t allow the home licenses IIRC.

There is little difference in the two software versions other than the LCD software and maybe a few other inconsequential things. Even so, there are ways to get the LCD working again. Just search around the Sophos forums.

The 330 I have it quite nice and fairly quiet. I do know that the older models don’t have variable speed fans and can be fairly loud though.

Riley
 
  • Like
Reactions: Samir

Samir

Well-Known Member
Jul 21, 2017
1,739
620
113
46
Thank you for the insight. How are they in stock form? Do they have the usual enterprise features like nat, ipsec vpn, mobile ipsec/l2tp, etc without requiring additional licenses or contracts? I wouldn't want to mess with the home version or installing anything else on it--just use it as is if it has the features.
 

Skud

Active Member
Jan 3, 2012
129
70
28
Thank you for the insight. How are they in stock form? Do they have the usual enterprise features like nat, ipsec vpn, mobile ipsec/l2tp, etc without requiring additional licenses or contracts? I wouldn't want to mess with the home version or installing anything else on it--just use it as is if it has the features.
No problem. I can't speak of the non-home licensed version as that's all I've used.

With the Sophos product it's all done by licenses. So I suspect you'd lose a lot of features. It might still function as a basic router/firewall. You also won't be able to receive any updates.

I left the Sophos UTM because they still haven't implemented IKEv2 and IPv6 was broken. This was a while back though so things might have changed since then.
 
  • Like
Reactions: Samir

Samir

Well-Known Member
Jul 21, 2017
1,739
620
113
46
Gotcha. Ah yes, licensed products--like the Meraki I'm guessing. Yeah, those are major broken pieces.
 

jang430

Active Member
Mar 16, 2017
256
27
28
48
Thank you for the insight. How are they in stock form? Do they have the usual enterprise features like nat, ipsec vpn, mobile ipsec/l2tp, etc without requiring additional licenses or contracts? I wouldn't want to mess with the home version or installing anything else on it--just use it as is if it has the features.
You have to get licenses for it to work. Subscriptions are Network, Web Filtering, Web Server, Email, and some more.

I got the XG Home user firewall working on a Supermicro appliance. Home user license comes for free, and you get all the subscriptions mentioned above (that comes with pay if commercial). Only limitation is 4 cores, 6 GB memory. Which, is almost as powerful as an Sophos XG210 appliance. You are not limited to # of users, instead, hardware limitation which is more than enough for home use.
 
  • Like
Reactions: Samir

Samir

Well-Known Member
Jul 21, 2017
1,739
620
113
46
Thank you for the reply and additional insight. These do sound like the Meraki boxes that are pretty much just raw hardware without an active license. :(
 

Dangi_All

New Member
Aug 5, 2019
5
4
3
Sophos will give you a free license for home use, UTM is limited to 50 IPs and XG is limited to 4 cores and 6Gb of ram.

Those boxes are X86 and a lot of them have a VGA port on the back, or the pinout in the motherboard.
 

dswartz

Active Member
Jul 14, 2011
502
51
28
I love UTM but finally bailed. My home network was always close to the 50 IP limit (especially on the holidays, with guests/family visiting.) To make it worse, I don't yet have IPv6 from my broadband provider, but that would put me way over the top.
 
  • Like
Reactions: Samir

Samir

Well-Known Member
Jul 21, 2017
1,739
620
113
46
Sophos will give you a free license for home use, UTM is limited to 50 IPs and XG is limited to 4 cores and 6Gb of ram.

Those boxes are X86 and a lot of them have a VGA port on the back, or the pinout in the motherboard.
Interesting to know about the hardware. I bet that home license wouldn't included ipsec tunnels for free though. :(
 

Samir

Well-Known Member
Jul 21, 2017
1,739
620
113
46
I love UTM but finally bailed. My home network was always close to the 50 IP limit (especially on the holidays, with guests/family visiting.) To make it worse, I don't yet have IPv6 from my broadband provider, but that would put me way over the top.
Was that just for the UTM or for the dhcp as well? Because if it is for the dhcp, I'd have to use a separate dhcp server to serve the almost 90 IPs I've got atm. :eek:
 

dswartz

Active Member
Jul 14, 2011
502
51
28
If memory serves, it does. There are a few customizable features you don't get, but I was running web filtering, email proxy and an L2TP server for my daughter who lives overseas and needs access to US sites. 99% of the problem is the limited number of IP addresses. And if&when I get IPv6 from verizon, that would have imploded...
 
  • Like
Reactions: Samir

Samir

Well-Known Member
Jul 21, 2017
1,739
620
113
46
If memory serves, it does. There are a few customizable features you don't get, but I was running web filtering, email proxy and an L2TP server for my daughter who lives overseas and needs access to US sites. 99% of the problem is the limited number of IP addresses. And if&when I get IPv6 from verizon, that would have imploded...
That would be cool if it has ipsec as I may consider using it at as an endpoint at smaller sites. I wonder what type of throughput it can handle?
 

Dangi_All

New Member
Aug 5, 2019
5
4
3
UTM has the old nicer UI, more stable.

XG is newer the last time I tried it had some kirks, but for a VM I will try XG, 4 vCPUs and 6 Gb of ram, for home use you should have more than enough

I'm running OPNSense on a HP T610 thin client.
 
  • Like
Reactions: Samir

Samir

Well-Known Member
Jul 21, 2017
1,739
620
113
46
So is the dedicated hardware even worth it considering you can run the 'free' version in a vm or baremetal?
 

dswartz

Active Member
Jul 14, 2011
502
51
28
Possibly not. I only switched to a dedicated HW (UTM in a generic PC) because I change stuff a lot in the home lab, and don't want the internet to go down for more than a few seconds.
 
  • Like
Reactions: Samir

Dangi_All

New Member
Aug 5, 2019
5
4
3
Not really.
Acording to this guide from Sophos, that SG 230 rev 1 has a Pendium Dual Core 3,2 GHz, and 8Gb of ram.
https://www.infinigate.de/fileadmin...oducts/sophos-sg-series-sizing-guide-sgde.pdf

SG 310 has an i3, so it will be cheaper to get your hands on some Dell SFF with i5 and 8GB and it will be faster.

The only thing that you lose is the LCD, and some ethernet ports.


Still, I'm waiting to get my hand on one of those units from work, to put in my rack just for the lulz.
 
  • Like
Reactions: Samir