This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Looking to upgrade our UTM hardware - what are our options?

We're running a small SG115 unit at the office. It used to be quite sufficient for all our needs, however since a lot of things shifted to online work and the company has expanded we've had more and more trouble with performance.

The main culprit - Webserver Protection. This seems to be quite demanding when even a single client opens a lot of connections (example: a colleague working from home was restoring Nuget packages using our local DevOps Server feed as the source and this killed the SGs performance to such a degree that general internet connectivity was negatively affected).

I'm trying to find a way if I can't proxy our DevOps in some other way, but I'm also looking if upgrading the hardware is even a possibility. From what I can tell Sophos has a new line-up of network devices - the XGS series... which probably come preinstalled with the XG Firewall.

Now, to be honest, I'm not a fan of the XG Firewall. The entire control scheme seems a wee bit backwards AND it's still missing Let's Encrypt support, which I think kills it for us at this time. So... can the XSG series devices have UTM installed on them? Will Sophos be willing to convert / sell our current UTM license so that it works with a new XGS device should it be compatible?



This thread was automatically locked due to age.
Parents
  • Can you post the dashboard of the performance graphs when you have a heavy usage of that box?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • You mean this one? I've marked two instances where the UTM flat out failed to process DNS queries as it got overloaded. 

    In both instances the "culprit" was tracked to httpd processes hogging the CPU, and further investigation (using a web application firewall status page) showed there being numerous connections to our DevOps, all from a single IP, which I've then tracked to a colleague working from home. He had a VPN active, but since the VPN did not use our office as the default gateway he would be using the public IP of our DevOps (rather than the internal IP).

    The issue was remediated after I asked my colleague to use a "default gateway" VPN and after I had restarted the webserver proxy service. Still, this is more of a workaround than a proper solution and that makes me nervous...

  • Your options are:

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • I would recommend either SG135 or SG210. Software cost is the main point here.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • See my reply to  ... I'm not sure what's going on behind the scenes, but the reseller we're currently in contact with essentially told us any new SG units are impossible to get. If this is some ploy to get us to move to newer hardware and SFOS then it's rather dirty...

    I wouldn't even mind moving to SFOS (and it's somewhat backwards configuration design when compared to UTM), but it lacks LE support and we need that.

  • We have dozens of both models available.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Reply Children
No Data