Yes, I am running XG. Coming from UTM there are things I miss. Understand that Sophos UTM is the more mature product, but Sophos is moving to XG so you should take the XG path. They have been slow on porting the UTM features to XG, so people such as myself are frustrated to lose features such as IPv6 DHCP-PD (XG doesnt support Prefix Deligation, YET...Required for ISPs which offer native IPv6 with DHCPv6)
XG does have the far better interface and excellent reporting.
I do prefer PAN (Palo Alto Networks) and Juniper, but not willing to pay the price to own them. Hence I go with Sophos which is free.
I am running Sophos on a VMware VM. VM is the better way to go. You can buy cheap Intel i-7 boxes for $500 or less with 8GB RAM all day. Buying an applicance locks you into the hardware limitations. And when you want to upgrade to new hardware in the future, you simply move the VM to the new PC. Or upgrade your existing PC.
No problem with Orbi.
You should be prepared for slower "responding" Internet. Any TRUE security IPS firewall means delay on webpage loading and "some" apps ability to login. Example; My Internet connection is 300/30 Comcast (California). With Orbi as the router pages load FAST. Sophos and other IPS Firewalls means an extra 3 seconds of loading time. Logically every object must be scanned by the IPS engine, along with any extra AV/malware or content filter scans you enable. It's the price you pay for TRUE security.
As for downloads, I still get my full 300Mbps. It only affects the webpages and makes them feel less responsive.
My area is scheduled to get Comcast 1 Gigabit service sometime this year. From what I have read for other Sophos users with Verizon FIOS, Google and ATT Fiber...I hear Sophos handles itself very well with gigabit Internet connections. I may soon try this myself. Another reason to go with VM. Appliances are hardware locked. If the appliance you buy is not capable of a faster Internet speed you want 1-2 years from now...you are screwed...With a VM with an Intel CPU and 6GB RAM...I can do anything I want.
Definitions:
IPS - Intrusion Prevention Services
SYN - Syn Flooding is a method hackers and viruses, etc use to perform Denial of Service (DoS) attacks. TCP, UDP and ICMP are the types of packets they use to execute these attacks.
Three types of Firewalls:
Port Based firewall - Basic open or closed door firewall (from the 1990s). If the door is closed you don't get in. If open, you do. With everything we do on the Internet today with applications coming and going both direction this method offers no security.
IDS - Intrusion Detection - Orbi can only perform IDS. A basic low paid bouncer at the front door of the bar checking IDs, and maybe a pat-down. But no real guarantee that someone with SKILLS can't easily bypass your low paid bouncer with a fake ID and weapon hiding in thier butt. It does not learn or have any form of artificial intelligence to see new potential threats.
IPS (with Deep Packet Inspection) - Intrusion Prevention - Same as IDS, but requires a far more power CPU and software. Every packet of data will be opened, inspected for code or behavior that "doesn't look right". Using daily (or hourly) definition files the firewall downloads it knows of "known" threats, and can easily see that activity hiding inside the packet and stop it. Actively a better paid bouncer with a full body scan x-ray machine, and full forensic lab where every person wanting in must go through a full DNA blood check to insure they are not carrying a pathogenic virus.
The next form of security is ZERO-Day threats.
To name a few:
Sophos - Sandstorm
Palo Alto Network - WildFire
FireEye - FireEye
IPS is really good, but still requires being taught about new threats via definition file updates which normally are available every 24 hours. But a new, and fast moving, threats (less than 24 hours, hence the name "Zero-Day") can sneak by IPS. So now they are giving firewalls their own ability to learn new threats on their own. And if the firewall sees something it is not sure of, it will upload it to the firewall OEM and have their security team inspect it.
Welcome to the new Internet of 2017.....Where everyone is potentially infected with HIV or some life killing super virus, and if you don't have proper protection...well, its only a matter time. Sometimes due to no fualt of your own.
