With the advent of IPv6 and the Internet of Things, I envisage a time in the not-too-distant future when I'll be banging my head against the 50-IP limit of the free Home Use license. I'm already close to the limit even before any guests get a DHCP address, and with IPv6 disabled across the board.
I know some folks were lucky enough to get an extension to 100 addresses as a reward for participating in a beta program or something, but for the rest of us, is there any chance of an extension in this brave new world of Things and v6?
XG is definately a lot faster in throughput than UTM is with same hardware. I have an old (don't exactly know which generation) i5 processor in my system and In UTM I could nearly get 180 Mbps out of it…
Hey Jon - long time no post!
The answer to this has always been "no way." One solution would be to change to the XG where there's a limitation on CPU and RAM, but not on the number of IPs.
Another solution would be to put your IoT devices behind a cheap wireless router. This is cheating if you use any of the capabilities of the UTM other than passing the traffic. - no IPS, no Web Filtering, etc.
Cheers - Bob
Hi, Bob. Long time indeed - UTM just keeps on plugging along, so I haven't needed to be here bugging you for a while.
Thanks for your thoughts; I actually downloaded and installed XG again last night - I had looked at it some time ago but shied away because it looks like such a different animal than the old familiar UTM - but I think I'm ready to give it another shot now. Did they ever come up with a tool to convert or migrate a UTM co9nfiguration to XG? I recall it was promised - or at least mooted - back then, but don't know if it ever came to fruition.
But maybe this is a good time to revisit the whole thing and start from scratch - my UTM configuration has gotten quite large and complex for a home setup over the years, and could probably benefit from some culling or rules and configurations that are no longer needed. I've also just switched to Google gigabit fiber but I'm not seeing anywhere near the bandwidth that I should (or that I can get if I jack the cable directly into a computer), so I have some troubleshooting to do to determine where the bottleneck lies. I suspect that my whole home network could benefit from the same culling exercise as my firewall config!
So you can expect a flurry of hapless queries from me over on the XG forum over the next few weeks!
XG should also allow faster throughput with the same hardware. The home license will only work with a max of 4 cores and 6 GB of RAM, but you will still want a very fast processor to deal with gigabit. Maybe a very fast dual core would be your best bet. I dunno - you'll want to join the XG Community and see what others have used to cope with gigabit speeds.
XG is definately a lot faster in throughput than UTM is with same hardware. I have an old (don't exactly know which generation) i5 processor in my system and In UTM I could nearly get 180 Mbps out of it using all the bells and whistles. With XG I get 500Mbps over IPSEC site-to-site with the same hardware.
As for the conversion: I was strongly advised against conversion by our reseller. They do have access to a conversion tool, but the thing is that in XG everything is incorporated into the firewall rule (IPS, AV, QoS, Webfiltering and NAT.
Rebuilding really gives the opportunity to make the best of the possibilities in XG rather than importing fw-rules and then creating more fw-rules based on QoS or webfiltering ie.
We are now in the process of moving one of our sites from UTM to XG and another will follow pretty soon after. At this time I am almost feeling a rooky with the number of questions I had to ask on the XG forum , but hopefully it is enough to have a smooth transition later this month when we make the switch on our first site.
Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.
Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.