This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM (Home) EOL and moving over to Sophos Firewall... options?

Hello there...

Apologies if there is already a thread of this type... search didn't seem to find anything.

So UTM has a EOL announcement and I'm not here to bleat.

I've been using UTM Home for over 10 years so its kinda baked into my network with many many years of tweaking etc. It works. I can gladly say I have never had any compromised systems in this time.

The "new" Sophos Firewall was presented to me by a vendor/sophos team a few years ago as a suggested migration and try out. I wasn't impressed when I looked at it a few years ago and didn't feel like being a guinea pig for a system that could have an impact of a functional home system with "working from home" aspects too.

I have since had a good look over a Sophos Firewall demo site and had a browse through most of the options. Functionality in all the basics seems to be there, just a matter of finding it. Its another learning curve I suppose I may need to undertake.

So options???

Any comments suggestions etc from the long time users of UTM who have made a transition?

Regards
Craig




[locked by: emmosophos at 3:34 AM (GMT -7) on 9 Aug 2024]
Parents
  • Notes on installing Firewall... thinking I had not done it right etc x 5 - (rufus usb iso)

    SW-19.5.1 ISO boots to display the following after an install
    "   Booting '19_5_1_278'
     _
    "
    Yep thats it....

    So in actual fact you need to connect to an AP (so wireless router with DHCP disabled,  plugged into one of the LAN ports) to access the box.
    Figuring out what ports on the firewall are LAN/WAN is you next step...

    The firewall interface is a "shotgun splatter" of activity and config.

    It seems to be doing a great job as a "firewall" but setting up user profiles and devices? WTF?

  • The firewall interface is a "shotgun splatter" of activity and config.

    So true!

    Any updates? How is the migration going for you? I'm still leaning towards migrating to one of the *sense's. I've been "playing" with several FW's and XG is just not a top pick for me. I'm hoping ease of use and feature parity with the UTM gets better by 2026. Fingers crossed.

    --------------------------------------------------------------------
    Sophos UTM 9.719-3 - Home User
    Virtual machine on Dell Optiplex 3070
    i3-9100 @ 3.60 GHz, 16 GB RAM
    --------------------------------------------------------------------

  • I have found nothing so far, that could replace the UTM 9 and the clock is ticking.

    Just wondering, is there a specific feature you need besides an easy-to-use UI that the UTM has? Does the XG simply not have the feature you need.... serious question.

     How difficult Sophos makes it to do simple things can make a person livid. The new version 20 coming out barely address the quality of life issues that are turning people away from the product.

     Things like

    difficulty of creating static IP and MAC hosts,

    lack of a searchable list of  host names  and IP addresses available to use in the web filtering exception Source list, 

    truncating words with ellipsis "..."  in the UI so the user can't even fully read it. 

    Version 20 is about cramming in more features without fixing the UI flaws first.

  • So i was looking at your list: 

    difficulty of creating static IP and MAC hosts --> Something which is on the backlog to improve but bigger customers do not use it for two reasons: Either they have a DHCP Server and use DHCP Relay or they use only the User Mapping for Firewall rules (So you use SFOS + User Auth and your firewall rules are LAN - GroupA to WAN and not the DHCP Static User like in UTM). But this request is interesting for smaller customers, who do not have authentication enabled or do not use an external DHCP server. 

    lack of a searchable list of  host names  and IP addresses available to use in the web filtering exception Source list --> You are talking about the Web Filtering Exceptions? So just curious, you are looking at the Web Filter Exception - Why not using DPI Engine instead? Which makes most of the Web Filter Exceptions obsolete in itself. 

    truncating words with ellipsis "..."  in the UI so the user can't even fully read it. --> Looking at the V20.0 changes with the FullHD resolution, you should have more space and most tables in UI shows the full context. There are still some things, which are being looked at to get more context in it, but most tables show the full values. 
    Showing the full context of some objects is still to do, but there were progress on that front. 

    So TLDR: Are those the points, UTM to SFOS is not "suitable" for Home Users?  

    __________________________________________________________________________________________________________________

  • Jeff, my understanding is WAF does scan ingress traffic based on the firewall policy defined under webserver/firewall profiles.

    Good question re haproxy. From what I was able to briefly search, it's primarily a reverse proxy/load balancer. It may be possible to integrate it with snort/suricatta to scan the traffic as well. This needs more research for sure.

    Yes, this is all true. The question is does either or both the UTM and *sense perform the scan before or after the traffic is decrypted. I'm assuming after but I've not been able to confirm.

    --------------------------------------------------------------------
    Sophos UTM 9.719-3 - Home User
    Virtual machine on Dell Optiplex 3070
    i3-9100 @ 3.60 GHz, 16 GB RAM
    --------------------------------------------------------------------

  • So TLDR: Are those the points, UTM to SFOS is not "suitable" for Home Users?

    It is as suitable for home users as the UTM is, which why I have been recommending it, but the majority of complaints coming from UTM users are mostly about the UI. Compared to OPNsense which I used briefly, SFOS is more "user friendly", but not as user friendly as the UTM was.

  • Well, 

    we are 6 People  2 Parents, 4 Kids, so:

    i got 2 lines

    one german DSL Line

    i have one fibre line 1gbit

    i got an intel i350-t4 network controller 

    on DSL i have all my hobby webservers , mailservers and stuff for my family with my own /28 network ip's.

    on the fibre line i have all the  stuff like Netflix and so on.

    i got 3 sophos 120 APs for each basement in our house.

    i am using NAT with additional addresses on interface,

    i am using masquerading, Firwall (of course)

    VOIP, Intrusion Prevention, Web Protection for the Kids, SMTP Proxy  and Wireless Protection

    i would say i am not the "typical" homeuser and because of that, there is not much out there that "fits my needs", beside the UTM right now !

  • Sry to bring my thread up again.

    asking myself:

    Will Sophos still hold on to it's decision to drop the UTM 9 ??

    Rumors tell it's like VMware, the customers running away to other vendors.

    So maybe there is some pressure to think about that decision, like Broadcom has to do with the vmware license model at the moment.

    They getting the heat right now.

  • From my point of view it is a different situation. 
    Vmware is ending the Free version (completely). Sophos is not ending the Free / Home version, as SFOS still offers full support of Home. 

    __________________________________________________________________________________________________________________

  • As far as I'm aware the "new" Sophos Firewall is the only option. Sounds like you are like me and many others, hanging on by our fingernails hoping some wisdom will arrive in the Sophos Pruduct managers/Exec team to keep UTM alive.

  • Kinda...

    I am with Opensense right now. But it's a BIG mess in comparison to the UTM.

    Logic Fails with interfaces , too complicated in areas. and so on.

    so many ways to solve things are just not logical there or split up in to many areas.

    so i hope after the Sophos UTM 9 is "dead" that there is some sort of "fork" .

    but i guess i'll take the pain right now, because i dont wanna end up with another company like Sohpos anymore

    and stay with open source.

    but it is indeed pain in the a......

  •   

    I see from one of your previous posts that you use intrusion prevention. With the UTM, you can terminate SSL with the WAF and IPS can then scan the unencrypted traffic. I can verify that it works really well for ingress traffic and it doesn't require installing a cert on the client computers. However, from what I've read, you cannot do this with *sense because the only IP you will be able to block is the IP of the firewall, itself. Do you know if what I said about IPS and *sense is still true? This is the main reason why I haven't bailed on Sophos, yet.

    --------------------------------------------------------------------
    Sophos UTM 9.719-3 - Home User
    Virtual machine on Dell Optiplex 3070
    i3-9100 @ 3.60 GHz, 16 GB RAM
    --------------------------------------------------------------------

Reply
  •   

    I see from one of your previous posts that you use intrusion prevention. With the UTM, you can terminate SSL with the WAF and IPS can then scan the unencrypted traffic. I can verify that it works really well for ingress traffic and it doesn't require installing a cert on the client computers. However, from what I've read, you cannot do this with *sense because the only IP you will be able to block is the IP of the firewall, itself. Do you know if what I said about IPS and *sense is still true? This is the main reason why I haven't bailed on Sophos, yet.

    --------------------------------------------------------------------
    Sophos UTM 9.719-3 - Home User
    Virtual machine on Dell Optiplex 3070
    i3-9100 @ 3.60 GHz, 16 GB RAM
    --------------------------------------------------------------------

Children