This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF on AWS

Hello 

In this document - community.sophos.com/.../122742

it says - Other than WAF, no other features are supported on Sophos UTM Auto Scaling.

May i know which features are not supported ? 

Thanks,

Steve



This thread was automatically locked due to age.
  • Hi Steve,

    I forwarded this question to our AWS team, and this is the answer they provided:

    The auto scaling deployment model for AWS supports all existing UTM features. There are however a few functionalities that are harder / nonsensical to implement on an autoscaling cluster.

    For example, implementing client VPNs on an autoscaling cluster will work, but you will introduce significant routing issues due to having multiple individual routers (your workers) represent the same subnet (the SSL VPN clients) with none of the nodes being aware of the other’s IP address leases (so duplicate IPs are rampant) or the AWS router being able to accurately determine which worker holds the exact client it wants to send the return traffic to.

    This is why we recommend not using this functionality on autoscaled clusters, but we have no limitation (licensing or otherwise) in place should you still desire to use it.

    Similarly, your workers are all capable of running the Wireless Protection features and working as wireless controllers. Doing so makes no sense though as there is no significant performance increase to be gained and your wireless controller architecture is now needlessly complex due to the possibility of a controller suddenly ceasing to exist.

    And your wireless networks are not connected to each other so being on the same SSID doesn’t mean you are actually part of the same network anymore.

    So in summary, you are not limited by us in what you can use, but the platform and deployment model might limit you in which features you would want to use.

    Hope that helps,

    Karlos

    Karlos
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
  • Hello Karlos,

    Thank you very much for detailed response.  Yes those additional features wont make much sense.

    Is there a complete list of features that shouldn't be enabled when UTM is used just for AutoScaling. 

     

    Regards,

    Steve

  • Hi Steve,

    We do not have an official list, but we’d generally recommend using the autoscaling deployment for the following features:

    • Webserver Protection
    • Web Protection (using the OGW for traffic distribution)
    • Application control
    • Firewalling and IPS
    • DNAT/Server Load Balancing

    Cheers,
    Karlos

    Karlos
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
  • Your welcome!

    Also moved your post from General to UTM on AWS thread

    Cheers,
    Karlos

    Karlos
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.