Time to Move on

Farewell and thank you for the fish.

You have provided many lively discussions and eventually got some changes to the UTM for that we thank you.

Best of luck with the new direction of your business. I do agree with you that Sophos have lost the plot especially pushing the XG over the UTM.

William

I see your name in replies to a lot of the forum posts I have been reading recently so I value your opinion and so this is interesting to me.

I am a long time 'IT guy' of 15+ years and have not had a huge amount to do with UTMs/Gateway devices in the past as I'm mainly a Microsoft Server specialist. My limit has basically been your typical router with port forwarding where required.

So I have a family with kids and my home router was not up to the job (not fast enough and not enough features) so I looked around and from a long list decided to try Sophos UTM first (Untangled and PFSense were on the shortlist too).

The more I learn about Sophos UTM the more I am concerned that this is not a good fit for my requirement. What you say above and also (here) makes me wonder if the Sophos UTM is really fit for purpose when so many workarounds are required to allow 'the modern internet' to work. For example I switched on Web Protection this weekend and immediately the kids came to me because Amazon Prime and Netflix had broken on their iPads. Sheesh. I don't want to turn this into a 'how to fix' request, I'll try some of the other threads I have bookmarked before I come back and ask here.

My requirement is fairly typical of a home network (and also likely fits many small/medium businesses too):

• Protection from 'the bad guys':
  • Malware 'executables' and scripts etc.
  • Phishing sites and other URLs that you don't want people to go to for whatever reason
• Fast Internet connection with minimal interference in 'normal internet' traffic:
  • Web surfing obviously
  • Streaming media of all kinds
  • Allow fast downloads (peer to peer (legit stuff obviously), Dropbox, OneDrive, Steam updates, etc.)
• Block traffic when required:
  • Time based (stop the kids waking up in the dead of night and watching Netflix!)
  • Category based (for me this is mainly about protection from Malware)

Beyond that I am not sure I really need anything much more complicated. For example, I am not sure I need a device that does IPS. I don't run servers on my LAN so really no traffic needs to come from WAN to LAN unless in response to outgoing request, so I am not sure what a IPS really adds.

So I think this is on topic for the post: what can do this job for the home if not Sophos UTM? I see you recommend PFSense. I need to look at it again but I got the impression in my first look that it was just a basic firewall and that I needed to use Sophos UTM or Untangle to meet my requirements.

Any thoughts?

Ian

Hi Ian,

you can setup the UTM for some serious protection without using all the features. Enable web protection with URL filtering or use the ATP features will give you anti-virus etc on incoming traffic.

As a home user you don't need any of the work arounds. It does native IPv6 if interested.

I will certainly not give up right away, I need to try some of the workarounds I have found so far.

I am intrigued in your comment about IPv6, why is that important?

Hi william, sorry to see you go. I am not a partner so I can't comment on the low priority given to silver partners, however UTM hasn't really been the same since the old astaro days. The community is still great but UTM seems stagnant and XG ... well its XG. I don't know what your clients are like but sometimes we have to use one of the "Big Boys" products because that is what is expected in a company.

I was a big fan of vyatta and have used ubiquiti routers. I love their APs but they are not really a replacement for a UTM product. I had been a long time user of pfsense and used to love it before the whole licensing fiasco from BSD to weird pfsense license because they thought someone was going to steal their product??? BSD license by definition allows you to steal someone's product that is why apple uses it and calls it IOS. And now with chris leaving pfsense https://forum.pfsense.org/index.php?topic=115948.0 , frankly I don't trust them anymore. Also probably because I feel more comfortable using linux than BSD flavors. For smaller deployments, I tried IPFire and it is pretty similar to pfsense but not as flexible but the underlying system is linux so I feel more comfortable messing with the configs.

In any case, I am getting side tracked. I wish you good luck with your endeavors. The way firewall trends are these days, you never can really say goodbye to anyone if the client demands a certain product, so keeping my fingers crossed that we will see you atleast visit every once in a while[;)]

Good Luck

Bill

Excuse us William while we temporarily highjack your thread. Everyone gets very excited about IPv6, so I thought you should be aware.

And you don't need work arounds on the UTM if you are a home user.

rfcat_vk said:

Excuse us William while we temporarily highjack your thread. Everyone gets very excited about IPv6, so I thought you should be aware.

And you don't need work arounds on the UTM if you are a home user.

 

IPV6 is still borked here on comcast with UTM.  I got tired of them telling me I was wrong when I can point to more than a few threads.  IF they have fixed it..good....they'll break it again later.  Keep in mind SG is a dying breed.  XG is the sophos future..SG is jsut a cash cow they are milking.

Pfsense and IPV6=heaven.

Mine worked well until UTM 9.5b

Mine was working native on internode in AU. No special tricks required. Turned on IPv6 at ISP and UTM and bingo IPv6 appeared.

About to add details to a thread in the 9.5 forum on IPv6.

It seems like IPv6 is something that 'normal home users' should never need to worry about. At worst you might end up given an IPv6 public IP so you will need a router that can handle that, and then translating all IPv6 arriving on the edge and being translated to IPv4 for those devices on the LAN that need IPv4 (or routing IPv6 for newer devices that can use IPv6). To me it seems pointless forcing oneself along the IPv6 path, IPv4 works, ISPs won't make home users abandon it until they have decent working alternatives in place. Anyway just my 2 pence.

I need to look more at the UTM being replaced by XG, from what I can gather from comments here is that XG is not a mature product yet. If anyone can point me at a good comparison post between them two that would be great.

If PFSense is not a good Sophos replacement (and opinions seem to vary) what are good alternatives? Is Untangle worth the $50/year?

We were using Cisco 5520's in conjunction with untangle. It worked. However, we now use the UTM's.

I've used pFsense as well. Very good firewall although comparing it to the UTM is like comparing apples to oranges.

As for XG, my last look at it a month ago sort of frightened me off. I can see some good things but equally, I'm not quite sure I like the GUI as it stands.