Sophos UTM Retirement / EOL announced

You also have a Platinum Partner announcing it on their own site, so yeah...

https://www.avanet.com/en/blog/sophos-utm-end-of-life-2026/

Thanks. That's one of the reasons why I couldn't follow along with the tutorial, since Sophos keeps making alterations from version to version. The tutorial I was trying to follow was from an earlier version of the XG which is why the guides are so hard to follow.

Astaro/Sophos SG was a really good ride, but things always change with time.  We've known since XG was first released the writing was on the wall for SG and this day would come.  We were a much larger Sophos partner many years ago, but when XG was missing features and we couldn't move larger clients over to XG from SG efficiently, we switched firewall vendors for most deployments by 2018.  We just didn't have enough reassurance or guidance since 2012/2013, other than "SG isn't going anywhere".  A lot of businesses we take care of are casinos and other niche industries that have extremely complex configurations and the tools to migrate never materialized by the time we had to make a decision.  If we were going to rebuild everything from scratch, were we going to stick with a developing and immature firewall or just do it with another stable vendor.  We reluctantly chose to go with another vendor as we didn't want to risk our relationships with clients.  Stable and consistent wins the day for us, always.

We still have about 30 Sophos SG firewalls in the wild along with a few XGS.  We had a good 85% moved by 2018 and the stragglers are really the smaller businesses who don't budget well for replacements.  I'm looking forward to replacing the XGS firewalls, not the SGs so much.  Since we were Sophos SG only for so many years, training our engineers just didn't take on XG/S.  We tried to get training many years ago, but they were almost always more sales oriented than technical training.  Features were always on their way.  

I think what XGS has become is really good.  I run it at home.  However, the lack of guidance and the way they were approaching the EOL on SG concerned me and I had to also think about our process, documentation, and training for engineers.  We held off for a few years, as we were told there is an easy upgrade path from SG to XG and it would all work out.  The only thing we accomplished early on was to get a fresh XG firmware installed on SG hardware.

It is a sad day, because Astaro/SG was just that good of a product.  It is definitely falling behind on features, but man it was solid and so easy to train people.  XGS could have been that as well, but there were such a lack of features and reassurances on timing that we got nervous and bailed.  Out of all the vendors we've ever used, we were loyal to Astaro/Sophos and really pushed them everywhere we could.  Our sales reps many years ago were also great.  There was a really good relationship there.  Probably the strongest we've had with a vendor.  That's what I'm going to miss the most.  I've never had as good of a relationship since then with any other vendor.  At the end of the day, I need a strong and viable product lifecycle that I can plan things around.  Everything else, including the relationship is second to that.

You cannot stop the inevitable.  However, planning years in advance is the only way we felt comfortable moving forward.  With sales ending in 3 months, that doesn't give larger organization a lot of time to vet and train employees on a new system, not to mention you are dealing with multiple systems for the foreseeable future.  Wait until the discussions with clients that thought they would get 5 years out of their equipment they just purchased comes up.  Larger organizations that spent tens of thousands of dollars for HA firewall equipment and licensing at the end of last year.  All of this is to say no one should have been selling SG for the past 3-4 years, as it was pretty much guaranteed it would be EOLd at a random future date, regardless if you were told, "SG isn't going anywhere".

Open source would be a great learning experience, but maintaining the updates and packaging it as a viable commercial product wouldn't work with the competition in the marketplace.  It would only allow for current SG devices to continue running, well past their expiration date, with no guarantee it would be maintained and taken care of.

I'm so glad I had the opportunity to learn and grow with Astaro/SG.  I learned so much from others and the many deployments I did with so many unique companies.  Without Astaro/SG, I don't think I would have jumped into networking headfirst and maintained such a lasting love for it.  It taught me so much and was a great foundation to build upon for my career so many years ago.

Hey Amodin ,

Partner news: https://partnernews.sophos.com/en-us/2023/03/products/sophos-utm-sg-lifecycle-notification-and-frequently-asked-questions/

Now officially also updated in the retirement calendar - https://support.sophos.com/support/s/article/KB-000035279?language=en_US

Will the RED 15-50 continue to work til 2026 with v9 Software UTM?  The EOL notification says 31-AUG-2023 but then says last supported is "Latest 9".

https://support.sophos.com/support/s/article/KB-000035279?language=en_US#sophosred

Thanks.

-Ben

Hello ButtonPuncher ,

Sophos UTM Software 

But Sophos Red Legacy devices will reach their End-of-Life date on August 31, 2023:

• RED 15
• RED 15w
• RED 50

OK.  Thanks for clarifying that.  Time to buy some RED 20's.

well written and you are damn right! For me, they could sell the product to another vendor or even declare it as open source. Anyway, it should be maintained longer than 2026.

Here's hoping I'll see some real benefits for going through the pain of learning a new platform and the expense of new hardware.  Hopefully this is just not a marketing ploy.

From the XG section: "If, for example, you do not upgrade to version 20 and continue with version 19.5, you can continue to manage legacy RED devices, however, there will be no further software support, including bug and vulnerability fixes, and no RMAs will be accepted for these EOL devices."

https://support.sophos.com/support/s/article/KB-000044880?language=en_US

So for me it sounds like they will also work until UTMs EoL, but without official support.