This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IP address limits

Hi.

I'm on a UTM free home licence.

I tried enabling IPv6 and immediately ran over the number of IP addresses I could use.  "Active IP addresses" tab tells me I'm allowed 50, which is what I remember.  However, pressing the (?) help button takes me to a help page hosted on the UTM which states "The free Sophos UTM Manager license allows for unlimited IP addresses."

I checked in myutm.sophos.com and this states "Sophos UTM is available as a full version, free for home users with up to 50 IP addresses."

So.... which is it ?    I'd like to get IPv6 working, but cannot as doing so takes me over the limit; we're a tech-heavy household, and I run about 40 IPv4 IPs showing up usually..  (lots of IoT, several VMs I spin up as needed, some devices on two VLANs so using twice the number of IPs etc..)

Ta...



This thread was automatically locked due to age.
Parents
  • Most likely your issue is from the devices that use both IPv4 and v6 at the same time, that will count against you. So basically, implement one or the other type.  Otherwise, you can go over to XG where there is no limit on IP, but there are limits on hardware (CPU and mem).  Or, use something else altogether.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

Reply
  • Most likely your issue is from the devices that use both IPv4 and v6 at the same time, that will count against you. So basically, implement one or the other type.  Otherwise, you can go over to XG where there is no limit on IP, but there are limits on hardware (CPU and mem).  Or, use something else altogether.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

Children
  • On the whole, I hear the UTM is more IPv6-friendly and still has a better UI than XG, on the whole. Though I'm an XG user and find it works fine for me. I was even running a 6in4 tunnel for a while as an experiment. Though XG doesn't currently handle Prefix Delegation (PD) which many ISPs use. If you get a dedicated block (as I did through my 6in4 tunnel) it'll work, but PD does not.

  • The mess that is XG is something I will refuse to go through until it's the last straw and even then, I may just leave Sophos behind.  I completely agree that the UI is better in UTM and is so much more understandable than XG is.  For me in XG, when I think I've done something correctly because of how the layout is presented, I don't do it right at all.

    Whoever thought the UI for that product was a good idea is delusional.  The flow of that UI is horrid and makes no sense, and it's no wonder why so many of us are asking for access to a migration tool.  I'm a visual learner - if I can take my UTM config and migrate it to XG, then see where my rules and objects and such are placed, it would make a ton of sense to me, and I would most likely get to the point of using XG.

    But getting thrown into the deep end of the drained pool hurts way too much to even make an attempt.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • Our distributor is slowly pushing us to Fortinet (they partner with them as well). Reason is mostly GDPR (Sophos is Non-EU), but also pricing. The last renew for 1 year was almost the same price as the 3 year renewal before (10+ systems).

    I tried Fortinet but the UI is similarly messy to XG on the first view. No cloud requirement nevertheless.

  • Hello Alan,

    I know Sophos SG and XG, Fortinet, Cisco ASA, Sonicwall, Securenet and some Linux Firewall-GUIs from working with these platforms. I would agree that Fortinet is not intuitive. Me personally have the clearest overview of "what is happening" with the SG GUI, but maybe this is because of longterm usage since Astaro days. I have to admit, that XGS is getting better during the last releases, but I am still searching for things ...

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • It may be that it is easier to configure things with UTM than with Fortigate or Fortiweb, for example. However, this is opposed to the fact that there are not many security-relevant data with the SG, such as TLS for Syslog, TLS 1.3 for SMTP and IKEv2 for VPN.
    Although the SG / XG is free for the home user, usable. More functions and better security-related information, however, you have in my view clearly with Fortinet.
    Also, such functions as VPN to change the password or to govern password expiration does not exist in the SG.
    Since the beginning of the year, we have converted everything to Fortigate / Fortinet and will switch off SG at the end of the year.

  • Thank you both very much for your insights - highly appreciated.
    I'm a long term Astaro user as well (still have some of the black RED10s out in the field) and somewhat got used to the UI and cli.

    We're yet in the process of selecting a Sophos successor, there are still 9 months time left.
    I've installed the Fortinet vmWare demo and this was just my first impression - not a thorough evaluation yet.
    Our distributor offered to do a presentation of the boxes after holiday time - I think this will make some things much clearer.