This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I like the UTM but......

I really like the UTM but I find the interface a little bit wildly at times.

For instance, just sticking with mail (which gives me the most grief)

1. I find that lots of spam was getting through even though I had extra RBL's set etc. The country blocking on the firewall solved this. It did however block some legitimate email going out as connections were refused by the destination mail server eg trendmicro in japan even though the destination email was for a uk address.

2. Putting exceptions in for this isn't the easiest task as a bit of detective work is needed as to why the mail is being refused. Perhaps Sophos could place something in the logs eg country blocked for that email instead of just "connection refused" from the destination mail server because it can't perform an rdns connection to ensure the mail server is legit. Maybe some sort of daily report could suffice here to at least let you know your mail spool is filling up and why?

3. When you do put a country blocking exception in, although it's nice to have all those flags etc, there are pages to scroll down and a bit of wasted space rather than the information right in front of your eyes. Especially when you have to add multiple exceptions. Perhaps these could be small summary eg grid form and then expanded if needed rather than a full blown page?

Minor niggles from me for an exceptional product but there's always room for improvement I think.



This thread was automatically locked due to age.
Parents
  • So many things are hosted in so many places, Louis.  Outside of a secure government site, I don't see any reason to block outgoing traffic.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I agree Bob but the spam filters just weren't performing and the more we got hit, the more got through. Extra RBL's didn't help it. We've just come away from a solution that wasn't doing too bad a job but was a little cumbersome.

    What we couldn't have was a sudden surge in spam getting through otherwise they would be moaning about the new UTM solution. Country blocking solved this instantly and to be fair, we don't do any business with outside countries much.

    Maybe if there was Country blocking just for email rather than completely block countries at the firewall? Or possibly some extra options for spam filtering to tweak it a bit more?

  • Louis, if you select "From" instead of "All" in Country Blocking, your browsing requests and sent emails will go through to the blocked countries, but emails and probes originating in those countries will be blocked.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Louis, if you select "From" instead of "All" in Country Blocking, your browsing requests and sent emails will go through to the blocked countries, but emails and probes originating in those countries will be blocked.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • I'm wondering how that would work with a RDNS attempt?

    It's a shame that the UTM can't send a mail and then override the country blocking for that country or IP address for say 10 secs or something to allow an rDNS request to be successful.

    We found that "blocking from a country" prevented an email server based in that country from accepting mail from us because as it tried an rDNS to our sending server, the connection was rejected and therefore they did not accept the mail we sent.

  • Good catch, Louis - Thanks!  An Exception for DNS responses is necessary.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA