This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DPI: Does SophoS UTM 9 have DPI

So If I read this 

https://www.sophos.com/en-us/medialibrary/pdfs/factsheets/sophos-utm-feature-list-dsna.ashx  it says 

Intrusion protection: Deep packet inspection engine, 18,000+ patterns

But the following suggest  DPI is found  Sophos (XG) Firewall  not UTM

https://community.sophos.com/utm-firewall/f/general-discussion/127587/utm-deep-packet-inspection

So I'm confused whether  please can someone kindly clarify 



This thread was automatically locked due to age.
Parents
  •  many  thanks . What I didn't add to my post  at  the time  was that  a person on the Sophos Website expert chat also said  "for DPI you need to use  Sophos XG it's not in UTM" , and is why i starting researching my self. I'm guessing  the Sophos XG has a richer DPI engine ?

    I have found a nice diagram  of flows through the  XG and XG  DPI engine , but  cannot find similar diagram  for the Sophos UTM, does anyone have such diagram?

    TIA

  • Everyone is pushing XG, because it's their new baby.  The older brother, UTM, is treated as being on its deathbed, lol. 

    I don't know that a diagram exists for UTM on DPI; I would bet a reseller/partner would have something.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • DPI Engine is some sort of a "new phrase" for a particular way to work with data. 

    DPI means Deep Packet Inspection, and this kind of technology is in both products. It is the IPS in a nutshell. 

    But DPI Engine in SFOS means the xStream Architecture. It is a technology to work on a stream based level (therefore the name). Stream based technologies will not act as a proxy or anything. Instead it will copy packets into another space and analyse them while the client is still communicating with the server. It is likely to be a flow / stream between client and server. 

    Stream based technologies can decrypt TLS1.3 and analyse those packets. IPS is able to do this, but it is lacking the decryption part. While UTM can only decrypt TLS1.2 on Web based traffic, SFOS can decrypt all packets on all ports and the IPS can look at those decrypted traffic to increase the security. 

    That is the big difference between both products. 

    __________________________________________________________________________________________________________________

Reply
  • DPI Engine is some sort of a "new phrase" for a particular way to work with data. 

    DPI means Deep Packet Inspection, and this kind of technology is in both products. It is the IPS in a nutshell. 

    But DPI Engine in SFOS means the xStream Architecture. It is a technology to work on a stream based level (therefore the name). Stream based technologies will not act as a proxy or anything. Instead it will copy packets into another space and analyse them while the client is still communicating with the server. It is likely to be a flow / stream between client and server. 

    Stream based technologies can decrypt TLS1.3 and analyse those packets. IPS is able to do this, but it is lacking the decryption part. While UTM can only decrypt TLS1.2 on Web based traffic, SFOS can decrypt all packets on all ports and the IPS can look at those decrypted traffic to increase the security. 

    That is the big difference between both products. 

    __________________________________________________________________________________________________________________

Children