This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Where would I find the latest info on the HA "flavor" of the UTM for AWS?

I've been away from this forum and product for an extended time and I'm wondering what the latest info on the AWS HA version of the UTM is.   The instance I had set up back in June is still on v. 9.354-4.   Is there something newer than: https://community.sophos.com/kb/en-us/122202 describing this product?

thanks



This thread was automatically locked due to age.
Parents
  • is anyone else out there still working with the HA functionality on AWS?  Now that we have this sub-forum, I seem to be all by myself out here :)

  • Yeah, disappointing not much AWS + Sophos UTM 9 action here. I'm buried deep with AWS and Sophos UTM so I'll try to post more here. Just one caveat, I have yet to find a partner that will even sell services to our SMB so my view of the world is probably blurred and/or I'm completely ignorant.

    I have deployed in an active-active fashion across two AZs (Availability Zones) behind external ELBs. This works for our applications since we store session state off the ELBs. However, the annoying thing is that you have to be very careful to make sure that both appliances are configured exactly the same since SUM (Sophos UTM Manager) doesn't do a good job of that for you. Actually I ditched SUM once I realized it doesn't solve the problem of consistency. Also, the WAF logs will show the internal IP of the external ELB instead of the origin IP of requests so you have to cross check with your web access logs. 

    When I look at the HA features available Cold Standby and Warm Standby so doesn't make sense in the context of Cloud computing. I want self-healing, resistant designs, not ancient on-premises data center designs that require manual intervention every step of the way. I see there is an autoscaling HA feature that in theory would be awesome but with all the bugs I have to deal with on these UTMs, I'm not brave enough to even try it.

    I really want to like Sophos UTM on AWS but it has been a struggle to tame these little monsters. For better or for worse they are the best value on AWS right now (Looking at you Imperva, Barracuda, Palo Alto, etc.). However, once AWS WAF and AWS Shield becomes a bit more mature I think I will be ditching them. 

     

Reply
  • Yeah, disappointing not much AWS + Sophos UTM 9 action here. I'm buried deep with AWS and Sophos UTM so I'll try to post more here. Just one caveat, I have yet to find a partner that will even sell services to our SMB so my view of the world is probably blurred and/or I'm completely ignorant.

    I have deployed in an active-active fashion across two AZs (Availability Zones) behind external ELBs. This works for our applications since we store session state off the ELBs. However, the annoying thing is that you have to be very careful to make sure that both appliances are configured exactly the same since SUM (Sophos UTM Manager) doesn't do a good job of that for you. Actually I ditched SUM once I realized it doesn't solve the problem of consistency. Also, the WAF logs will show the internal IP of the external ELB instead of the origin IP of requests so you have to cross check with your web access logs. 

    When I look at the HA features available Cold Standby and Warm Standby so doesn't make sense in the context of Cloud computing. I want self-healing, resistant designs, not ancient on-premises data center designs that require manual intervention every step of the way. I see there is an autoscaling HA feature that in theory would be awesome but with all the bugs I have to deal with on these UTMs, I'm not brave enough to even try it.

    I really want to like Sophos UTM on AWS but it has been a struggle to tame these little monsters. For better or for worse they are the best value on AWS right now (Looking at you Imperva, Barracuda, Palo Alto, etc.). However, once AWS WAF and AWS Shield becomes a bit more mature I think I will be ditching them. 

     

Children
No Data