How much money did you willingly spend to acquire devices that consume more than 50 IP addresses in your home?
Each of your cell phones probably cost more than one commercial license for UTM.
Do you have any sense of obligation to the people who work hard to keep those 50+ devices away from the bad guys?
Consumers, both business and residential, always want a deal, but we also need our suppliers to stay in business.
Treat Sophos fairly. They could drop the home license program in a heartbeat and be none the worse for it.
For the record, it seems foolish to ask how to violate a contract in a public forum, especially, the public forum of the people whose contract you want to violate.
How much money did you willingly spend to acquire devices that consume more than 50 IP addresses in your home?
Each of your cell phones probably cost more than one commercial license for UTM.
Do you have any sense of obligation to the people who work hard to keep those 50+ devices away from the bad guys?
Consumers, both business and residential, always want a deal, but we also need our suppliers to stay in business.
Treat Sophos fairly. They could drop the home license program in a heartbeat and be none the worse for it.
For the record, it seems foolish to ask how to violate a contract in a public forum, especially, the public forum of the people whose contract you want to violate.
To be clear, my intent wasn't to violate any agreement, but rather understand how to work within Sophos UTM's 50 IP limit for home use. I certainly wouldn't have been opposed to paying for additional IPs for the home license though I understand that isn't an option. Regardless it was a bit peculiar that Sophos UTM was reporting > 50 active IPs within my network when I have fewer than 35, many with static IPs. Only using IPv4 w/ IPv6 disabled).
Have since attempted to setup and configure the latest Sophos XG Home v17 platform without success. I simply found it too cumbersome to configure and operate relative to UTM.
At this point, have moved over to Untangle NG HomePro license (no IP limit) and confirmed my active IP quantity to be 33 as suspected. This is with all devices (home and guest) operating simultaneously. While I didn't like it quite as much as UTM 9 upon install, it's addressed my concerns and the UI and capabilities are growing on me.
Would recommend Untangle v13 NG HomePro license ($50/yr) as a viable alternative to Sophos UTM 9 Home.
I am regretting being so difficult. I am sorry.
Your question got me thinking about the "Internet of Things" (IoT for short). "Experts" are worried that the IoT is a huge security problem, because vendors either fail to design security into their products or because the products are too stripped-down to have room for security features. Either way, the end-user (often the homeowner) doesn't know until a breach occurs. One website infamously showed the security cameras from many homeowner's not-very-secure security systems. On another occasion, home cameras were used to create a DDOS attack against the DNS root servers. So protecting our appliances and our TVs from bad stuff is necessary, but is it possible?
I am guessing that most of these devices create https sessions back to the vendor(s). You cannot do https inspection because you cannot install a UTM CA certificate on the device, and you cannot see anything useful if you cannot do https inspection. TVs and other streaming media may not use https, but even the UTM configuration pages do not recommend filters on streaming media because it is likely to create performance problems.
For any of you homeowner who are hitting the 50-license limit, is it occurring because of IoT devices? If so, do you see any evidence that UTM is useful for protecting these devices?
If only a few devices are receiving value-added services from UTM, then the reasonable answer to your question would be to split the network. Use UTM to protect the devices that can benefit (PCs and tablets), and bypass it for the others. Putting UTM in bridge mode behind a residential-grade firewall should allow you to have one subnet and one external IP address. But because most home devices are wireless, you would probably need two WiFi networks on separate hardware.
If IoT is the next big threat to our networks, and we don't have a way to protect ourselves from sloppy vendors, what hope is there?
If you're problem is just the 50 IP-limit, then you could change to XG firewall instead of UTM. In XG there's no limit on the number of IP's (but instead there's a limit on memory and I believe processor cores).
Trying to use all kind of "tricks" to circumvent the IP-limit brings you into a grey area of what is and is not allowed. Having a different routed subnet behind your UTM will probably not help you, since these IP's are all traveling the UTM when they need to access the UTM"s internal network. Only preventing some devices to use a default gateway or using double NAT will help in achieving this, but I think it's better to either buy a license or switch to another product (like ie. XG).
Yes I do think having a real next-gen firewall in a home environment adds to the overall security of at least your own devices and data (and privacy), but it's not something for every home (not everyone will be able to manage it).
Having said this; security is not only implemented by having firewall technology; it should be something that is "by design" starting with the end-user; the end-user should check upfront if any new devices they are preparing to acquire are secure and/or have a record of fixing security holes when found and not walk to a store to blindly buy the first internet-connected device they see which has an attractive price.
Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.
I am wondering what will happen when somebody calls a manufacturer support line to say,
"I think my laundry appliances have malware! My firewall indicates abnormally high traffic volumes coming from those devices and going to an unexpected country."
I doubt that it will be an easy conversation...
