This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Making the right decision? 3yr Licenses?

We are about to renew our Sophos Endpoint with expolit protection although our UTM's (3x SG330 clusters) aren't due for until the end of year.

Now they have served us well, coming from ASA 5520's and untangle beforehand. So, we could be comitting ourselves to another 3 years of UTM.

What do you think?



This thread was automatically locked due to age.
Parents
  • Strictly my personal opinion, but I think renewing your UTM license for more than a year would be a mistake as you may be wasting money on an unsupported platform. I honestly believe Sophos is going to pull the plug on UTM any day now as they're not putting much work into fixing the bugs in UTM. They've even gone as far as placing an ad in UTM 9.6 for their cloud platform and discouraging you from managing WiFi APs from UTM 9.6. XG Firewall is nowhere close to being ready to replace UTM... Sophos still hasn't released the UTM to XG migration tools they've been promising for several years.

    I will admit that my company does have Sophos Endpoint deployed and we will continue to use it for the foreseeable future as I haven't had any negative experiences with it.

  • Just want to give additional information. As flagged, i am a Sophos Employee - So most likely you do not want my personal opinion :)  

     

    Some Fact: 

     

    If somebody would renewal the current SG License, the license can be migrated with the same expiry date. 

    https://community.sophos.com/kb/en-us/124588

    https://community.sophos.com/kb/en-us/122768

    So basically if you want to stick with Sophos, this would be a good choice. 

     

    Another point is, the Migration Tool SG to XG exists. It is still EAP and only for Partners. 

    https://community.sophos.com/products/xg-firewall/f/sophos-utm-to-xg-migration/102430/migrating-tool-from-sg-to-xg/379034?pi2147=98&pi2151=2

     

    __________________________________________________________________________________________________________________

  • To be fair, the SG330's (with Sandstorm) have been good for us.

    We use everything on them bar the Wireless and have practically eliminated NAT with WAF too.

    The endpoint has also been good and all relatively simple to use/maintain.

    I've looked at the XG and it's certainly different and might be a bit of a nightmare to get used to.

  • When Sophos has decided to stop selling an appliance, they have given an end-of-sales date 18 months out and an end-of-support date 18 months after that, so, in addition to being able to move to XG for free at any time, I think we're at least 3 years away from having UTM be unsupported.  The situation with UTM Endpoint was different, but the fact that it was 12 months instead of 18 in each end-of should be better explained.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Don't get me wrong, I have 3 SG appliances deployed right now with no intent to decommission them any time soon. I'm simply questioning how much effort Sophos is actually putting into UTM going forward and if you should buy in for more than a year at a time. At least going back to 9.1 through 9.4 we were seeing updates monthly, maybe even every other week. Now we're seeing updates may be every 6 months at best. In my book 9.6 was a total dud as the only real feature they added was Lets Encrypt and nothing else. 

    Of course I could be totally wrong and Sophos is secretly plotting to make me sound like a jerk by release some sort of ground breaking feature update like SNORT 3 this summer...

Reply
  • Don't get me wrong, I have 3 SG appliances deployed right now with no intent to decommission them any time soon. I'm simply questioning how much effort Sophos is actually putting into UTM going forward and if you should buy in for more than a year at a time. At least going back to 9.1 through 9.4 we were seeing updates monthly, maybe even every other week. Now we're seeing updates may be every 6 months at best. In my book 9.6 was a total dud as the only real feature they added was Lets Encrypt and nothing else. 

    Of course I could be totally wrong and Sophos is secretly plotting to make me sound like a jerk by release some sort of ground breaking feature update like SNORT 3 this summer...

Children
No Data