This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No update since September 2020? Really?

The list of CVEs concerning bugs in the linux kernel is steadily growing, but the rate of updates we're getting for the UTM is in steady decline.

I know that UTM can be considered a dying horse, but nevertheless this thing is still supported and should at least be getting security fixes. None are coming.

What do you guys think about this? Are you as nervous as I am? Or am I simply too nervous about this "well-hardened" security device getting hacked?

What firewall alternatives with a good security track record are you examining?

Regards

Alex



This thread was automatically locked due to age.
Parents
  • The only surprise here is that you are surprised.   Sophos made it clear many years ago that XG Firewall was their future.    The synchronized protection is a great marketing story, while UTM's architecture is so unique, and so poorly documented, that a new admin learns the architecture by accident after making a configuration error.

    Over the last few years, we have seen disastrous UTM development mistakes:  Everything between 9.408 and 9.506, and I so distrusted all of 9.6x that I went from 9.508 to 9.703.    Be glad that you have a pretty solid release now. 

    The development problems have left me wondering if an all-in-one box is inherently too complex to sustain reliably.  Certainly, UTM's features are not equally appealing.   Web Filtering is a gem, and it's best feature.   Site-to-Site VPN is inadequate without IKEv2.   HTML VPN seems to remain exactly the way it was obtained from Astaro.    2-Factor authentication is useful, but is hindered because it has no server functions, so it can only authenticate other UTM functions.  Email filtering is simply insufficient on many grounds, and the future of email filtering is in the cloud, not in appliances.  After many false starts, Sophos EMail Security in the cloud appears to be a competent offering.  

    We have gotten several good years out of UTM, and I expect we will hang onto it for quite awhile more.   But my next solution architecture will probably be multiple specialized platforms instead of one box which tries to do it all, inconsistently.

  • Ok ... finally got the exim vulnerability to be fixed. No other updates available since september. In my opinion the Sophos UTM can be finally declared as 'dead' beside all promises that there is no end-of-sale or end-of-life timeline.

  • In the meantime, 9.705009 was released to many of my clients.  If you've done that Up2Date, please comment on https://community.sophos.com/utm-firewall/f/general-discussion/127962/what-s-your-experience-with-the-9-705007-up2date.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply Children
No Data