Will the UTM continue to function after EOL?

I, too, would like to know. It's a shame that good hardware, SG210 in my case, would have to be trashed as e-waste. If possible, I would love to use the hardware in a lab environment. I wouldn't need to use many of the additional features like network, email, web, webserver, and wireless protection, sandstorm, and endpoint antivirus. So long as I can route data, I'd be happy.

Would there be a license that we can apply which would disable those features, along with disabling the Up2Date functionality? Or conversely, enable all features with the specific understanding that the device is for non-production-environment use since it would be susceptible to future attacks because the patterns will not be updated?

You can always convert an SG license to an XG license.

Hi Alan, good addon points.
The security issue would not be a problem if the software is simply no longer available for download online. But it would be fatal if all running instances were simply deactivated at a certain point in date or reduced to a minimum functionality without being able to continue to operate everything individually without restrictions.

Hopefully any company using it will already be switched over to XG by then.

I would recommend to start evaluating the SFOS platform (aka XG/XGS) now. Then you have enough time to decide.

I'm sure SFOS will be a worthy replacement especially within the next three years. By then maybe version 20 will be available.

I recommend Sophos firewall to t others whenever I can as a next gen firewall solution to anyone serious about their security. Thank you to Sophos for offering such a great product for home users. (UTM/XG)

Looks like I'll be moving to one of the *sense options. I need to be able to execute wpa_supplicant to get my isp authenticated. So far I see no way of adding it to XG, so no XG.

Also as mentioned elsewhere, the 6GB ram home user license limitation is significant unless you're running a very basic configuration.

Jay Jay said:

Looks like I'll be moving to one of the *sense options. I need to be able to execute wpa_supplicant to get my isp authenticated. So far I see no way of adding it to XG, so no XG.

Also as mentioned elsewhere, the 6GB ram home user license limitation is significant unless you're running a very basic configuration.

In that case you should check out ZenArmor. The free tier is similar to what SFOS offers but with no malware/botnet protection. works with pfSense/OPNsense.

It looks promising but I'm not giving up my Sophos access point and jump ship just yet. I'll wait to see how affordable the newer access points are when they are released

If you haven't' tried the XG due to RAM limitations, I was using the XG firewall and 6Gb or ram was plenty. With all IPS rules enable and web filtering /TLS decryption, my system was only using around 50% of RAM. just under 4Gb.

Oh I've tried XG a number of times... Each time I can't stand the UI and/or the logic flow. It makes little sense to me. Also, as a tinkerer it's too locked down for my tastes.

I agree the GUI of OPNsense looks very polished. But the features of XG are what would keep me using it. Maybe version 20 will have an improved GUI. The access points are kind of expensive for home users but worth it considering the firewall is always free.

It's not so much even the features, the flow makes no sense to me, illogical. I do understand your point if you have $$ invested in AP's, you got little choice of using a third party fw.

If you want to discuss the flow and life of a packet again, we can create another thread. But we should stay on topic on this thread as well for people reading this topic later. 

If you want to discuss the flow and life of a packet again, we can create another thread. But we should stay on topic on this thread as well for people reading this topic later.