This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

And Sophos kills off the SUM

Since the Thomas Bravo purchase Sophos has been a slow train wreck.  The latest is them killing off the SUM with no real way to centrally manage XG firewalls (which are slower then UTM).  What are your guy's thoughts?  Are you finding a new vendor?  Who are you choosing?



This thread was automatically locked due to age.
  • I gave some insights about the movement to SFOS here: https://community.sophos.com/utm-firewall/f/utm-manager-formerly-acc/131045/sum-manager-eol-december-2022---how-to-migrate-xgs-to-central-with-xgs

    But what do you mean by "Is slower then UTM"? Can you give us some context to this statement? 

    __________________________________________________________________________________________________________________

  • Simple.  Click on connect.  Wait.  Click on next menu.  Wait.  Click on apply. Wait.  Every click we wait costs us money.  I know for a fact there are very large partners that manage a very large number of UTM through a SUM.  Why have they not moved?  Because the XG is so much faster?  NO!! You cant efficiently manage the XG product line.  Prove me wrong and I might change my opinion.  

  • Did you contact your local SE Folks to get a XGS demonstration? 

    __________________________________________________________________________________________________________________

  • Do you have a way to manage XG centrally that I dont know about? 

  • Yes - Via Central. 

    You can publish most of the needed configuration via Central. Most Partners start with one appliance, convert the configuration via XML into a Export. Then they push this XML to one firewall. This Firewall will be used to import the template to Central and will be applied to multiple firewalls. 

    Most partners (especially in the MSP field) use migration scripts (Python) to convert any product config to XML format. I even wrote a small guide to convert this via notepad++ : https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/122450/creating-xml-objects-with-notepad-for-mass-import

    Then import this to one firewall - Import it to Central - Done. 

    Most likely you do not need to do the busy work anymore, if you are able to use scripting / notepad++. Having the CSV is enough to create everything. 

    __________________________________________________________________________________________________________________

  • Where is the list of all our firewalls?

    How do we press one button and push a firmware update?

    Why does it take literally seconds between mouse clicks on the XG menu?

    Why does it take multiple times to attach to a XG firewall via Central?

    UTM SUM = Update all firewalls quickly

    UTM SUM = Quick logins to firewalls

    UTM = No pause between mouse clicks on menu

    UTM SUM = Lists all firewalls.  No need to track them via another method (excel spreadsheet)

    Now I ask you.  Do you just work for Sophos and have done all their training, or do you also run or have run a business where you pay for your techs to make those mouse clicks?

    I was promised a year ago that they would build an effective API to our PSA.  Not delivered

    I was promised over a year ago you could easily manage XG via central.  Not delivered.

    And today the ONLY effective central management for the UTM is being pulled.  

    Besides none of my questions were directed at you.  You are an employee.  But just maybe someone will actually listen at Sophos and get this *** done.  Or does Thomas Bravo have so much control that they are willing to burn off all of the Sophos fans (used to be me) and find new ones.  Time will tell.  But my time is very short. 

  • Just to answer some of your points: 

    How do we press one button and push a firmware update?

    You can upgrade all firewalls within a group. Schedule or "now". 

    Why does it take literally seconds between mouse clicks on the XG menu?

    This should not be the case on potent hardware. For example the XGS Hardware is faster compared to a SG105. The difference between UTM and SFOS is basically the way those products interact with the configuration. UTM uses a middleware, SFOS uses a database approach. Which means, the database will be queried on each and every "click" as you say. This highly rely on hardware and if you give the OS a potent hardware like XGS, it is most likely quicker compared to UTM. 

    Why does it take multiple times to attach to a XG firewall via Central?

    This should not the case? So basically if you integrate a firewall within Central, it will create a token based connection and should stay there. I am not aware of any cases, which looses the connection. But for the next release, there is a easier way to integrate Central with a SFOS appliance via API credentials. 

    UTM SUM = Update all firewalls quickly

    As you can see above, this is possible. 

    UTM SUM = Quick logins to firewalls

    You can use Central to SSO to all appliances without the need of setting any site to site tunnels or even expose the webadmin. 

    UTM = No pause between mouse clicks on menu

    See above. 

    UTM SUM = Lists all firewalls.  No need to track them via another method (excel spreadsheet)

    You can track the customer firewalls and also the partner managed firewalls via Partner dashboard. No need to host a own solution for this purpose as Central is free. 

    Now I ask you.  Do you just work for Sophos and have done all their training, or do you also run or have run a business where you pay for your techs to make those mouse clicks?

    I basically advise partners and customer to migrate to SFOS in plenty of integrations. Therefore i know the blockers and limitations, which can come up. And for a customer with 200 firewalls for example, you should consider to revamp the entire network stack anyway. Most likely those customers run there entire config for 10 years + and there configuration is "old school", which means, there are rare security reports run, nobody knows what is going on in there network etc. Even network segmentation is not everywhere implemented in 2021. So it would be a good step to rethink there network: Like VLAN segmentation, like Firewall rules, like proxy implementation. Are you doing HTTPS decryption? If not, why not? Do you know the risk of running such networks in 2021? See: https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2021-threat-report.pdf

    I was promised a year ago that they would build an effective API to our PSA.  Not delivered

    Did you look at the PSA Integrations, which are today available? https://www.sophos.com/en-us/partners/managed-service-providers/integrations.aspx

    I was promised over a year ago you could easily manage XG via central.  Not delivered.

    There were some significant changes in the last months to Central. Maybe you should take a look at it. 

    __________________________________________________________________________________________________________________

  • I am very disappointed in this news, I recently renewed the licenses on my 31 utm devices trying to buy a few more years before having to replace.  I use SUM to manage all the devices and it works great especially for distributing objects and permitting or blocking sites on the web.  I picked the UTM/SUM setup specifically because it is not cloud based and mostly in-house.  I do not want my firewall settings stored and managed on a public accessible platform, great effort but no thanks.

  • I would consider Central to be "not a public accessible platform" per se. Simply because the architecture of central mandates thinks like MFA, a secure password and is secure built. See: https://docs.sophos.com/central/Framework/security-framework/index.html

    Its the same discussion as "whats better: A on premise hosted solution or a public cloud solution?". And from my point of view, i assume you cannot build such a security level like Central uses on premise. 

    __________________________________________________________________________________________________________________

  • Does MFA protect against vulnerabilities in the underlying OS or web platform?  Or from backend network connections we have no visibility on?  Application exploits from authenticated MFA users on a different instance?

    If I remember correctly, sophos hosts on AWS, correct?

    https://techmonitor.ai/technology/cloud/aws-servers-hacked-rootkit-in-the-cloud

    To each his own but I would prefer something like SUM for the XG or XGS platform.