All-

After research concerning Intel AMT and management engine security issues, I became increasingly concerned that simply following Intel's guidelines was not enough to protect the UTM from nefarias internet activities. While I did have it configured but disabled, there always seemed to be a question if it really was. Research provided information that AMT/ME in most cases uses only the wired/wireless captive NICs on the mother board. While some of that information came from a Sophos competitor I believe it may arm others with additional information enabling each to make their own security choice. My election was to disable the internal NIC (captive) and replace the Wan/Lan NICs with an Intel E1G42ETBLK dual port PCI express x16 adapter. I encourage all who are interested to do their own research as they may find information I missed. If so, hopefully they will provide additional details. Below is one of the sites I noted although there are many more:

https://forum.level1techs.com/t/pfsense-and-intel-amt-vulnurability/115782/6

Thanks,

Jim