Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 1771 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Your experience with migrating from UTM9 to Free Home Firewall?

dwmtractor

Greetings to the forum!

I'm a historic user of Sophos UTM9, free home license, for better than 20 years going back to when it was the Astaro Security Gateway.  I'm seeing information suggesting that support for UTM9 is going away, and anyway I'd like to upgrade to faster hardware (my existing box can't handle much more than 100mb throughput even with gig NICs).  This thread is to ask others who've migrated from UTM9 to Sophos Firewall:

  1. How intuitive (or not) did you find the new interface (which I can't seem to find screenshots of)?
  2. Did you use the migration tool (https://partnernews.sophos.com/en-us/2022/02/products/new-sophos-utm-9-to-sophos-firewall-migration-tool/)?  How did that go?
  3. How well do the features of the new firewall compare with what we used in UTM?

In addition to these questions, I'd be grateful for any hints of fanless hardware with at least 3 NICs that you've used and either loved or hated.

Truth be told, I'm trying to figure out if I want to stick with Sophos or go to a whole new router with (maybe?) OpenDNS or similar for filtering.

Thanks in advance!



This thread was automatically locked due to age.
Parents
  • 0

    The gui and the approach to network security is different. Built around zones. The feature set is different and depending on your configuration as to which pieces are currently missing.

    ian 

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Thanks, but I could use a little more detail. Perhaps if I list some desired features?  In my present UTM setup I have:

    • Three zones-  WAN, LAN, and DMZ -- with DMZ being connected to a remote wireless access point.
    • Separate DHCP for LAN and DMZ, including static addresses by MAC and dynamic addresses for a separate IP range within each (that is, for example, x.x.x.128 and above dynamic, and my a/v devices all given static addresses in the x.x.x.6x range)
    • Some packet filter rules that are for an entire subnet, others for specific IP ranges within the subnet, and still others for single IP addresses (for example, allows aggressive filtering of the dynamic range described above but minimal to no filtering for the a/v group)
    • Web content filtering (proxy) for some IP ranges but not others in the same subnet -- ie., some computers are filtered while others aren't (note ranges already described)
    • SSL VPN using the Sophos VPN client, hitting the firewall from an address registered on dyndns
    • antivirus & spam protection

    I think that covers the main features that I need.  Are all these possible with SFOS?  And if so, will the migration tool help me convert, or will I have to build from scratch?

Reply
  • 0 in reply to rfcat_vk

    Thanks, but I could use a little more detail. Perhaps if I list some desired features?  In my present UTM setup I have:

    • Three zones-  WAN, LAN, and DMZ -- with DMZ being connected to a remote wireless access point.
    • Separate DHCP for LAN and DMZ, including static addresses by MAC and dynamic addresses for a separate IP range within each (that is, for example, x.x.x.128 and above dynamic, and my a/v devices all given static addresses in the x.x.x.6x range)
    • Some packet filter rules that are for an entire subnet, others for specific IP ranges within the subnet, and still others for single IP addresses (for example, allows aggressive filtering of the dynamic range described above but minimal to no filtering for the a/v group)
    • Web content filtering (proxy) for some IP ranges but not others in the same subnet -- ie., some computers are filtered while others aren't (note ranges already described)
    • SSL VPN using the Sophos VPN client, hitting the firewall from an address registered on dyndns
    • antivirus & spam protection

    I think that covers the main features that I need.  Are all these possible with SFOS?  And if so, will the migration tool help me convert, or will I have to build from scratch?

Children
  • 0 in reply to dwmtractor

    All of those items in general are covered. You will need to use clientless to assist with separating your users.

    There are KBAs on the subject.

    I haven't tried the migration tool, so cannot offer comment on its functions.

    Building from scratch will give a better understanding of how to make the XG work for you. When you install the software choose the router mode. There are default rules to get you going, but they are not for real operating use.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML