Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Functionality going from UTM to SFOS - got a map?

I am going from using UTM for years, to SFOS v20 on XGS 3300 hardware.

I haven't been able to find any reference that would map functionality from UTM to SFOS.

Does such a thing even exist?

Thanks!



This thread was automatically locked due to age.
Parents
  • First of all: I want to highlight the Migration script by Sophos to get the "busy work" done. https://github.com/sophos/Sophos-Migration-Utility-CLI This tool essentially is a script to migrate stuff from UTM like host objects etc and gives you an XML Import file for the firewall. 

    You cant migrate things, which are differently in SFOS like firewall rules (UTM Rules make no sense in the SFOS, as SFOS approaches Zones differently). 

    Points from  are valid, if you face them. For example: Customers in your size often use a DHCP Server, therefore a DHCP static mapping is not applicable. 
    Drag & Drop is more a "how do you like to do it" feeling. You can search in the field of SFOS to "click" it and not drag and drop. 
    Easier or complicated is more a discussion in terms of "Are you used to a different approach". 

    Things to notice from  : NTP Server can be done by a NTP Server workaround:  Sophos Firewall: Using NAT to achieve NTP proxy like functionality  
    Lets Encrypt is more for the WAF Features, depends if you use WAF on UTM or not - In SFOS the WAF Subscription is exclude from the bundle, as customer start to not opt-in for it anymore. 

    Most - If not all - feature gaps are tracked by Sophos internally and considered to be addressed in the future (or not). Depending on the needs and the time to invest. For example a NTP Server on the firewall is easily workaround able and the time needed, to build a fully featured NTP Server and harden the system (as it is a service the firewall services, you have to harden the system), is much higher then the potential outcome. 

    __________________________________________________________________________________________________________________

Reply
  • First of all: I want to highlight the Migration script by Sophos to get the "busy work" done. https://github.com/sophos/Sophos-Migration-Utility-CLI This tool essentially is a script to migrate stuff from UTM like host objects etc and gives you an XML Import file for the firewall. 

    You cant migrate things, which are differently in SFOS like firewall rules (UTM Rules make no sense in the SFOS, as SFOS approaches Zones differently). 

    Points from  are valid, if you face them. For example: Customers in your size often use a DHCP Server, therefore a DHCP static mapping is not applicable. 
    Drag & Drop is more a "how do you like to do it" feeling. You can search in the field of SFOS to "click" it and not drag and drop. 
    Easier or complicated is more a discussion in terms of "Are you used to a different approach". 

    Things to notice from  : NTP Server can be done by a NTP Server workaround:  Sophos Firewall: Using NAT to achieve NTP proxy like functionality  
    Lets Encrypt is more for the WAF Features, depends if you use WAF on UTM or not - In SFOS the WAF Subscription is exclude from the bundle, as customer start to not opt-in for it anymore. 

    Most - If not all - feature gaps are tracked by Sophos internally and considered to be addressed in the future (or not). Depending on the needs and the time to invest. For example a NTP Server on the firewall is easily workaround able and the time needed, to build a fully featured NTP Server and harden the system (as it is a service the firewall services, you have to harden the system), is much higher then the potential outcome. 

    __________________________________________________________________________________________________________________

Children
No Data