This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Home license regularly expiring - 50 IPs limit - alternatives

Hello,

My Sophos 9.7 (9.713-19) home license, beside being valid for 3 years, is "regularly" expiring (every 1-2 months) as shown after I login to the UTM web admin.

I suspect it could be due to the fact that my network is now having regularly more than 50 IPs (between 55-59) as it is serving a pretty advance smart home and also depending on people present at home (up to 5 persons).

Could anybody confirm this could be a reason for this earlier expiring?

In any case, beside I really like Sophos UTM 9.7, I have to start searching for alternatives due to this 50 IPs limit which is nowadays quite very limited. I know I could put devices like some IOTs behind a separate access point but I am interested in collecting/indexing/searching all the UTM events/logs (firewalls, etc) for ALL the devices of my network.

I would really love Sophos to offer an option to extend that home license limit for a decent price but it seems that this do not exists.


I am therefore obliged, against my whishes, to find an alternative. I've found these ones, that could run on the same Qotom server I am using for UTM and that are addressing the advanced home networking area. I wanted to get your feedback in case you tested or like me had to switch to one of them or if you have additional alternatives (software based or hardware/appliance based):

- Sophos XG Firewall Home

- PFSense

- OPNSense

Thanks a lot in advance



This thread was automatically locked due to age.
  • The Sophos XG firewall Home edition has no limit on the amount of IP addresses but it has a hardware limitation of only being able to use 4 CPU cores, and 6Gb of ram. It will solve your problem by removing the 50 IP address limit the UTM has and it should work on the same hardware. You would just need the "software .ISO" download.

  • Thank you @alan. A pity I will loose 2GB from my Qotom hardware (having 8GB of ram) but that’s acceptable. Compared with UTM home, any important feature will be lost? Also, are the logs of XG as comprehensive as the one of UTM? (I am collecting them in Splunk). Thanks again 

  • For a home user 6Gb should be plenty.

    I used the XG briefly. They have basically the same features. The XG has a DPI for web filtering, while the UTM only has a proxy (standard or transparent) for web filtering.

    The logs in XG are a bit more granular and users say it's better than in the UTM. Other things such as creating static IP addresses a.k.a. network definitions, from the client DHCP leases are not as intuitive in the XG.

    The way of doing things in XG since it's based on zones (Wifi, LAN, WAN, DMZ) takes getting used to, as the GUI does not have the same drag-and-drop simplicity of host/network objects as the UTM has when creating firewall rules.

  • Essentially you can use in SFOS (the OS of Sophos Firewall) Central Management for free as well. It will give you 7 Days Logs Retention in the Cloud for free as a Home user. Central Management gives you access to the firewall as well (SSO to the webadmin wherever you are). And Backup Management. 

    This is what you get in the cloud for free with Sophos Central. 

    Then you can use all features in SFOS for free plus Sandstorm (Zero Day Protection). This license is included in SFOS as well. 

    DPI + IPS is more optimized to run on your hardware as well. 

    Potentially you could loose Lets Encrypt Autorenewal, if you want to use it on UTM. You could potentially migrate this feature with Scripts, if you want to use it.  Sophos Firewall: [LetsEncrypt] How To in Sophos Firewall 

    __________________________________________________________________________________________________________________

  • Sophos Central Wireless is free for home use as well? By free, I don't mean a trial version, but free for the life of the license. I was under the impression it was free for both UTM and the XG, but Sophos Central is integrated into the Dashboard of the XG from what I recall when I tired it, and accessible from a web browser for UTM users.

    And I wondered, can you use a Let's Encrypt certificate for the TLS decrypt and scan, or must you use the Sophos' self-signed certificate for SSL/TLS decryption??

  • Central Wireless is also free to use. It will remain in every Central Instance.

    Lets Encrypt will never work for TLS Decryption. The reason is here: https://support.sophos.com/support/s/article/KB-000038420?language=en_US#Can-I-purchase-a-Certificate-Authority-that-allows-Decrypt-and-Scan-without-needing-to-deploy-anything-to-clients? The same is applied to LetsEncrypt. 

    __________________________________________________________________________________________________________________