I signed up for the XG license. The 50 IPs brings up a question I had regarding my network setup. Is there an advantage to letting Sophos handle the DHCP or can I continue to let my ASUS router manage the DHCP to save on the max IPs? The planned trace would be
Cable modem
...Sophos box
.......ASUS router
...........AP
...........clients
...........switch
................clients
I would suggest you create a text document or spreadsheet that lists all your LAN IP addresses and prepare to assign these things out. For example:
192.168.1.1 - Sophos
192.168.1.2 - Asus AP
192.168.1.3 - Router
192.168.1.4 through 192.168.1.9 (spare)
192.168.1.10 through 192.168.1.29 DHCP
192.168.1.30 FreeNAS Main Machine
192.168.1.31 through .39 FreeNAS Jail IPs
192.168.1.40 --------- More stuff
192.168.1.100 Dad's Cell Phone
.101 Mom's Cell Phone
.102 Yet another cell phone
.103 DirecTv
.104 BluRay Player
.105 (spare)
----
.120 Main Computer
.121 Second Computer
.122 Yet another computer
So the goal here is to establish static IPs and this would be done in Sophos. And the reason why is because sometimes you want to just bypass all the firewall/protection/blocking and if you assign static IPs, you can then push those items into areas that will either be a DMZ or similar. So in the situation above I would take items like DirecTv, BluRay Player, Roku, Internet Radio, etc... and put those on a DMZ. Cell phones could be on a little more restrictive access but not a DMZ. Computers of course are fully protected. But you get my point. And anything on the DHCP gets full protection as well.
I have run into issues where some items like my internet radio or Samsung TV would not realize there was a firmware update and by placing them in a less protected area, it allows them to work normally.
But this is just what I did, it helped me sort things out. If you find a nicew way to use DHCP to get the same results, I'd love to see it posted.