Newbie Question

1) Start with XG Firewall instead, which is also available on a free license for home use.   Sophos switched strategic direction several years ago, from UTM to XG, and I do not expect UTM to change much in the future.

2) Reporting web usage is much more complicated than appears at first glance, because most websites contain many content pieces from many sources.   The web filtering device sees each request, not just the web page.   So it becomes difficult to know which pages were chosen and which pages were loaded invisibly.

3) The big benefit of web filtering is that bad sites are blocked based before your kids can get to them.  Not just useful for protecting your kids from poor choices, it also protects you from infected websites and clicks on malicious links in an email message.

As an example, one time a user went to a church website to check directions for a funeral.   But the church website had been infected and it tried to download malware from a Ukranian site.   UTM blocked it, sent me an alarm, and I was able to notify the church.

4) There are two modes of web filtering - with or without inspection of https traffic  (UTM calls this decrypt-and-scan).   Once an https session is established, the web filter cannot see inside it.   So the fear is that bad guys will use an https session to download bad stuff and sneak past the web filter.   HTTPS inspection uses a man-in-the-middle trick to create two secure sessions, one from the cllent to the web filter, and one from the web filter to the remote site.   This requires setup on each device, and it will break some websites, so it is recommeded not for a newbie.

Hope this helps.

1) Start with XG Firewall instead, which is also available on a free license for home use.   Sophos switched strategic direction several years ago, from UTM to XG, and I do not expect UTM to change much in the future.

2) Reporting web usage is much more complicated than appears at first glance, because most websites contain many content pieces from many sources.   The web filtering device sees each request, not just the web page.   So it becomes difficult to know which pages were chosen and which pages were loaded invisibly.

3) The big benefit of web filtering is that bad sites are blocked based before your kids can get to them.  Not just useful for protecting your kids from poor choices, it also protects you from infected websites and clicks on malicious links in an email message.

As an example, one time a user went to a church website to check directions for a funeral.   But the church website had been infected and it tried to download malware from a Ukranian site.   UTM blocked it, sent me an alarm, and I was able to notify the church.

4) There are two modes of web filtering - with or without inspection of https traffic  (UTM calls this decrypt-and-scan).   Once an https session is established, the web filter cannot see inside it.   So the fear is that bad guys will use an https session to download bad stuff and sneak past the web filter.   HTTPS inspection uses a man-in-the-middle trick to create two secure sessions, one from the cllent to the web filter, and one from the web filter to the remote site.   This requires setup on each device, and it will break some websites, so it is recommeded not for a newbie.

Hope this helps.