The UTM has an essential feature called "anti-portscan" that is seperate from DoS protection.Anti-portscan, if you are not aware, will detect when a source IP address is scanning the external WAN interface for open ports, and block, drop, or log the source IP.
While not necessary for functionality, since Sophos firewall will block all connection attempts anyways, portscan detection/prevention can at least provide an email alert to an admin that a device is scanning the external interface for open ports.
From what I gather, DoS is not necessarily the same, but is still erroneously considered "port scan prevention" but is not, since it is nothing more than TCP/UDP flood protection, to prevent infected hosts in the LAN from running denial of service attacks on clients/servers on the internet.
So the advantages of portscan detection and prevention are:
Sophos detects that ports are being scanned from the same IP address and the IPS can send an email to an admin.
The IPS automatically blocks, drops, or logs the IP so that the attacker cannot see open ports (or be DNAT'd to a device listening for connections) if there are any.
This thread was automatically locked due to age.
