Sophos Firewall XG

I’ve been using IPFire for a short time after testing other firewall OS out there. But I recently decided to look at Sophos XG.

First thing I like to check is the kernel version, in this case it’s Linux:

Good to see they’re using a long-term kernel (4.14.x) but using 4.14.38 which was released 30 Apr 2018 (Ouch!). I’d love to see how many commits from 4.14.38 to latest today (4.14.230). Can anyone be bothered to do a git diff?

Also like to check Spectre & Meltdown (and others) on my old-ish hardware with :

Not surprising to see so much red there with the old kernel but obviously no new Intel microcode is included in the OS either.

Obviously Sophos XG has some nice features, but at the expense of out of date packages and kernel. Glad IPFire is fully open source and is properly maintained.

1 Like

Also for the sake of it lets check the OpenSSL version too…

Screenshot from 2021-04-13 18-08-01

With OpenSSL 1.0.2 being out of support since 1st January 2020 and multiple CVE’s since. It’s quite embarrassing.

I’m don’t speak “git” so I can not help with git diffs. It looks like IPFire started to make the jump from 3.x to 4.14 in mid-2018. See:

I don’t see a 4.14.38 anywhere. Core Update 121 was 4.14.48 and then it moves forward from there.

I am using the current IPFire stable version:

IPFire version IPFire 2.25 (x86_64) - core155
Pakfire version 2.25-x86_64
Kernel version Linux ipfire.localdomain 4.14.212-ipfire #1 SMP Fri Dec 18 09:53:24 GMT 2020 x86_64 Intel(R) Celeron(R) CPU J1900 @ 1.99GHz GenuineIntel GNU/Linux

For reference - I was digging thru GitHub to find the above info:

1 Like

Here is my Intel Celeron J1900:

here is my version on IPFire core155:

[root@ipfire ~]# openssl version
OpenSSL 1.1.1k  25 Mar 2021
[root@ipfire ~]# 

I forgot to say… Hello Adam - Welcome to the IPFire Community!

Exactly! I was just pointing this out because I found it interesting :slight_smile:. I bet the IPFire team would find this funny but not surprising.

Even with the IPFire team being relatively small compared to Sophos, IPFire is still able to keep most packages up to date, or fairly up to date. Taking care of CVEs as a priority.

Thanks for the welcome :+1: