Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 12 replies
  • Subscribers 6 subscribers
  • Views 17469 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Looking to buy the SG-105 but first I have a few questions

JoBrCo

I'm looking to replace my current home UTM solely because I just upgraded my broadband to 200Mb/s.  I can afford the SG-105 and possibly the SG-115 but that's about it. 

1) Does the SG-105/SG-115 "base appliance" include the "Essential Firewall Edition" as described on this sophos web page? https://www.sophos.com/en-us/products/free-tools/sophos-utm-essential-firewall.aspx

2) Does the appliance utilize the internet to do anything in the background, if so, can it be turned off? I prefer full manual control, I don't like auto anything!

3) How much is the IPS license only?

4) Does it have OpenVPN capability?

5) I'm assuming the following throughput specs are independent of one another, i.e., only one of them running at any particular time, yes/no?

SG-105: 1.5 Gbps Firewall Throughput, 325 Mbps VPN Throughput, 350 Mbps IPS throughput, 90 Mbps Antivirus throughput (proxy)

SG-115: 2.3 Gbps Firewall Throughput, 425 Mbps VPN Throughput, 500 Mbps IPS throughput, 120 Mbps Antivirus throughput (proxy)

I want to achieve an absolute minimum of 200Mb/s. Do you have any thoughts on how I can achieve it with either of these two models?

6) Are firmware/OS upgrades free?

7) Port forwarding, yes/no?

8) Stealth mode, yes/no?

9) UPnP auto pass through disabled, yes/no?

10) Can the 4 ports be assigned as different interfaces, i.e., LAN, DMZ, WLAN, etc?

 

That's all I can think of for now. Any help would be greatly appreciated.

 

TIA!

 

JoBrCo



This thread was automatically locked due to age.
  • 0

    Hey JoBrCo.

    Wow, lot's of questions. Let's get to it:

    1) Yes, all appliances are entitled to a essencial (or base) license.

    2) If you have a license, it updates firmware and patterns from Sophos Labs automatically. The default is to check every 15 minutes, but you can set it to manual. 

    3) For that you need to consult a local Sophos Partner

    4) With Network Protection subscription it does. Essentials provide PPTP and L2TP VPN.

    5) Well, it's the max theoretical throughput of each module. IPS considers firewall with IPS enable. Proxy is for Web Protection. If you want to have IPS enable, you will need a Network Protection subscription and a SG105 should be fine, but I would go for the SG115. I only like SG105 for very, very small setups, as it has very little memory. 

    6) For essentials I *think* they are only not automatic, you need to apply them manually.

    7) Yes, you can do NAT/Forward with Essentials.

    8) I don't know what you mean by that.

    9) UTM is a security product. UPnP is not really a secure thing, so, no.

    10) Yes, every port is treated individually. If you need them to act as one, you'll need to bridge them together. 

    Regards,

    Giovani

  • 0 in reply to giomoda

    Thanks much Giovani! I was beginning to think my questions were beneath anyone wanting to respond, that is to say, the questions were far too ignorant.  I just haven't been keeping up as much in my old age, as I did in my younger days, until very recently, I had no Idea Sophos even existed.

     

    The term "stealth" was coined, if my memory serves, by Steve Gibson of GRC.com/Seagate/Spinrite fame. This was back when the ZoneAlarm firewall by ZoneLabs first hit the free market. If not largely for Steve spreading the word of how great it was in those days, Checkpoint would probably have never bought ZoneLabs. It simply means that if a WAN IP is scanned via the web it doesn't return "closed" or "open," it just sits there dumb like, so the hacker moves on to the next IP in his queue, as he believes nothing is there, so why waste ones time.

     

    As far as #9 goes, good, I dispise MS's UPnP. ;-)

     

    Again I really appreciate your time my friend, as it's the one thing most of us shall want more of on that last day.

     

    Peace be with you!

     

    JoBrCo

    'I only know that I know nothing' --Socrates--

    A good place to start, devoid of ignorance!

  • 0 in reply to JoBrCo

    Hey JoBrCo.

    No such thing as ignorant questions. I'm glad I could help.

    As for stealth, UTM drops anything that's not specifically allowed, and, by default, does not reply to ICMP or trace requests. It actually drops instead of rejecting, so the requesting side just gets no reply at all, so I guess we can call this stealth. =)

    Best regards,

    Giovani

  • 0

    Hi and welcome to the UTM Community!

    If this is for home use, you don't want a Sophos UTM appliance.  You will want a device with more power than an SG 115, and you should be able to get one for less than the cost of an SG 105.  Check out the recent posts in *Unofficial* Hardware Compatibility List (HCL).

    Just remember to download the software version of the software and get a free home-use license from myutm.Sophos.com.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thanks for your reply Bob.  What I didn't mention is that the appliance has to fit into a Structured Media Panel and have low power requirements like the two appliances I referenced.

    But I really do appreciate you spending your time trying to help this Sophos forum newbie, Thanks!

     

    Cheers, my friend!

     

    JoBrCo

    'I only know that I know nothing' --Socrates--

    A good place to start, devoid of ignorance!

  • 0 in reply to giomoda

    Hey Giovani,

     

    Thanks for, your answer part two, I mean to say, hanging in there with me. I salute you!

     

    Yep, that's stealth alright.  I was thinking that these days it's probably the default for most appliances of this type.  Again, I just haven't been keeping up.

    Well now it's up to talking to a local Sophos partner, to see what my areas "Standard of Living" dictates.

     

    Again, Thanks for your help my friend, Saluti!

     

    JoBrCo

    'I only know that I know nothing' --Socrates--

    A good place to start, devoid of ignorance!

  • 0 in reply to JoBrCo

    So does anyone know which Processor is in the SG-115? Is Meltdown & Spectre an issue?

     

    TIA!

     

    JoBrCo

    'I only know that I know nothing' --Socrates--

    A good place to start, devoid of ignorance!

  • 0 in reply to JoBrCo

    Refering to this thread:

    https://community.sophos.com/products/unified-threat-management/f/hardware-installation-up2date-licensing/29647/real-world-performance-on-new-sg100-series

    CPU in SG115: Atom E3827 Processor @ 1.75GHz, Dual Core

     

    During this quarter Sophos will introduce new SG and XG dektop apliances. There are no specs available yet.

     

     

    Regards

  • 0 in reply to JoBrCo

    What I didn't mention is that there are devices listed in that thread that will fit into a Structured Media Panel and have low power requirements like the two appliances you referenced. [;)]

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    So you mean to say that there are some boxes listed in that thread that are 8.86" x 5.91" x 1.73" in size, and they only consume 4.83W @ idle/9.84W@full load?

    Are you talking about the thread itself or the HCL PDF document?

     

    Cheers Bob!

     

    JoBrCo

    'I only know that I know nothing' --Socrates--

    A good place to start, devoid of ignorance!

Unfiltered HTML