Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 22 replies
  • Answers 1 answer
  • Subscribers 14 subscribers
  • Views 53804 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is a limit of 50 IP addresses still realistic for home use?

Paul C

I've recently started using a UTM 9 home license on a small firewall appliance (Intel J1900-based). It's working well, and I'm definitely a fan. However, I'm immediately running into the 50 'user' (really IP address) limit.

We're a typical family of three, admittedly a gadget-heavy household, but not ridiculously so. I expect that's likely to be a common trait of anyone sophisticated enough to want to run Sophos UTM 9 at home.

In short, I've exceeded the 50 IP limit by over 10% without even trying. Which surprised me at first, when I started counting the devices I've added to my network over the past few years, sure enough, the count was correct. For example: three eero WiFi units, 5 small 'web smart' network switches (i.e. each has a web interface), A/V receiver, four DVRs, two HDHomeRun Prime network tuners, two smart TVs, a Sonos system, a printer and an all-in-one, standalone doc scanner, two Nest thermostats, the main '24x7' Linux server, plus a small Synology and Qnap NAS, Xbox 360, nVidia Shield TV, security camera, sprinkler controller, SmartThings Hub, Roomba ...that's 32 IP addresses, before we even start talking about laptops, tablets, smartphones, kindles, etc. Even my Smartwatch requests an IP address...

As I understand it, the Home license allows 50 IP addresses, period. The only way past that limit is to purchase a commercial license, whose costs runs to four digits for even a subset of the functionality provided in the home license. If that understanding is correct, either I have to work around this limit by putting some devices on a NAT'd subnet (which seems counter to the spirit of the license), or give up and go elsewhere. Which would be a shame, the only other negative I've come across is the complete lack of UPnP port forwarding (yes, I fully understand the controversy - but believe it's a solvable problem).

I see the value being offered, and would happily pay to increase that limit to 100 or 150 IP addresses (say $99 or $149?). I'd rather not pay a subscription personally, unless it's significantly less per year. But I don't have either option, it seems.

Thoughts?

- Paul



This thread was automatically locked due to age.
Parents
  • 0

    The 50 IP Limit is fine for home use. What really bugs me is that any IPv6 addresses will count towards this limit, since windows for example pulls alot and you'll use 2 IPs for each machine, you'll run out rather quick.

    We can be happy sophos provides us with free licences, if they would give out 100 or 150 IP addresses they would have to pull functionality elsewhere or not buying a licence would become likely for some businesses. The way the XG firewall does the licensing is actually alot more forthcoming to home users if you look aside the fact that the XG is not compareable to UTM right now.

    ---

    Sophos UTM 9.3 Certified Engineer

  • 0 in reply to Ben

    I guess it depends on the home, perhaps 50 is fine for your home, but it turns out it isn't for mine. I made the same assumption, until I started adding up the various IoT & home automation devices I have. I'm at 54 devices without any duplication of IP addresses for the same device.

    Yes, I do appreciate their generosity providing a free license. But I think you may have missed my point - I'm not asking for a 'free' option with more IPs. I would be happy to pay for a larger license - with the same 'home use only' restriction, provided pricing is appropriate.

    I'm also pointing out that what constitutes a home network is changing, more & more consumer devices come prepared to connect. Even fridges, light bulbs and smartwatches...

    I'll have to look at XG firewall again, I skipped over it because UTM looked like what I wanted. Maybe XG is 'close enough'. Otherwise, I'm going to have to look elsewhere, which is a real shame.

  • 0 in reply to Paul C

    The original licence was for 10IP addresses which included the internal interface. After similar discussions as yours above the licence count was increased to 50 ignoring the interface address.

    Many small businesses would not care about the restrictions on localising the UTM so increasing the licence even if paying would cost more to administer than costs, so will not happen.

    You need to re-asses your requirement that all devices need access to the internet. Use one of your servers as the DHCP server and one of your smart switches as the gateway, that way you reduce the count of IPs the UTM sees as active.

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0 in reply to Paul C

    The original licence was for 10IP addresses which included the internal interface. After similar discussions as yours above the licence count was increased to 50 ignoring the interface address.

    Many small businesses would not care about the restrictions on localising the UTM so increasing the licence even if paying would cost more to administer than costs, so will not happen.

    You need to re-asses your requirement that all devices need access to the internet. Use one of your servers as the DHCP server and one of your smart switches as the gateway, that way you reduce the count of IPs the UTM sees as active.

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Children
  • 0 in reply to rfcat_vk

    What about reassessing the assumption that IP addresses = users? We have three people in our home, a true 50 user license would be more than generous. Even the original 10 user license would be perfectly fine. Most of the IP addresses are for IoT devices in the home, not even devices associated with one user. I see no need to 'reassess' my requirements, they are reasonable AFAIC.

    More and more devices are requiring internet connectivity for at least part of their functionality. I'd be fine segregating 'IoT' devices from 'User' devices. Protection appropriate for a IoT device can be way more restrictive than for a user's device. Almost all use few protocols, to a handful of hosts. That would be a tangible benefit, in my opinion.

    We're talking about the Home license, which specifically prohibits commercial use. So I don't understand your comment about small businesses. Unless you're saying Sophos is a small business? As far as paying to increase the number of IPs, I don't see how that would increase costs at Sophos - it would still be a home license, so no increase in support burden, and actual purchase could be outsourced if they didn't want to use the existing channel, e.g. through Digital River, Amazon Digital, etc.

    Sure, I could fool it into thinking I have fewer devices. I could probably figure out how to disable the mechanism counting IP addresses, if it came to that. But I struggle with the ethics of 'working around' the license restriction. Since I develop embedded software for a living, that would be rather hypocritical of me.

    I solved the problem by switching to OPNsense. I'd rather use Sophos UTM, but I can't live with a 50 IP address restriction, at least the way it's calculated today.

  • 0 in reply to Paul C

    I never implied that 1 IP = 1 user. My network has 37 IP addresses assigned, but only 2 people live at home.

    My blu-ray player is online, but I have to question why, I don't think has had a firmware update, neither have a number of other boxes.

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    I'm not saying you did - but Sophos does.

  • 0 in reply to Paul C

    Depending on what features you plan on using the XG would be a better fit.

    Home limit 4cpu (as fast as you can) and 6gb of ram.

    Most of your devices only require simple internet through the proxy and you can setup rules for the other devices to provide specific protection.

    V17b is due for release in about 3 weeks, maybe 4 and it is supposed to have many improvements, but still not up to UTM standard.

    A number of us diehard beta testers are waiting with baited breathe to see what is actually delivered?

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Have been running Sophos UTM 9.5 in a home environment and simply love everything about it EXCEPT for the Active IP list that is visibly populated by IPs that do not even exist for a device on my LAN.  Am unable to trace many of the Active IPs to devices anywhere on my network.  Have set a DHCP range from x.x.x.10 to x.x.x.40, and am creating static IPs outside of that range for other devices.

    Recently attempted to migrate from UTM 9.5 to XG Home in order to overcome the 50 IP limit.  Unfortunately found it to be cumbersome to configure and support to still be a bit lacking.  Examples of functionality that work painlessly in UTM for home use would include such things as QoS and Source Nat (SNAT) which I simply couldn't implement in XG.

    Look forward to XG's continued maturity or a viable migration tool.

Unfiltered HTML