Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

UTM Sophos | EOL | " "When someone in the control room doesn't know what they're doing."

Hello everyone

unfortunately, after 20 years of great satisfaction, indeed tremendous satisfaction, with a product you had purchased called Astaro, you have decided to discontinue it. This product has nothing to envy to other renowned brands, but it has surely been discontinued with the excuse that it is "old," as if Windows or Office had told us the same thing.
The version 7 developed by the UTM team of Sophos has achieved an exceptional level of functionality maturity. Having several UTM licenses, Sophos "forced" me to hurriedly purchase subscriptions (due to their subscription deadline of June 20, 2023), because migrating many firewalls, cannot be done quickly.

I have installed the latest version of Sophos firewall in a test environment and, trying to be fair, I compared the two solutions. In summary, the details make the difference:

The simplicity and sense of control over what is edited or managed from the UTM interface are not even remotely comparable to Sophos Firewall (those who are UTM customers know what I am talking about).

For instance, logics such as matching hosts or users to groups are limited in Sophos Firewall compared to UTM.

Real-time tracking and understanding if a firewall rule in Sophos Firewall is doing the right thing are not comparable to the immediacy of the UTM system.

When disabling a user, it is not clear from a rule assigned to them.

I could continue with dozens and dozens of other examples...

And I wonder, rather I ask: why was this EOL (End of Life) decided for the UTM solution but not for the one on AWS? Why are development or at least updates maintained only for AWS?

Sophos Firewall is not as mature as SOPHOS UTM today; I hope it will be by June 30, 2026.
Signed by a frustrated customer using Sophos UTM solution since 2004.

Shall we talk about the cost of UTM licenses VS Sophos Firewall licenses with the same features?
  • Those points are already discussed plenty of times here in this community and most likely boils down to own preferences. If you are used to use a product for 20 years, you are finding a new approach to be frustrating. 

    Most points are currently looked at and will be improved, if time is given but keep in mind, the main goal of a product like SFOS and UTM is to keep a customer secure. So the main focus of development costs are being invested in security features and some are going into quality of Life features. 

    I like to work with SFOS and like the improvements in handling certain instances. But again that is customer preferences. 

    You can use the UTM now for 3 years and re evaluate your options in 3 years, but what i am doing as a Sophos Employee (in Germany) for the past 5 years: Migrating customers to SFOS - And this works fine. 


  • "as a Sophos Employee" and "sales engineer"... hmmmm sure that is where loyalty lies. XG is not showing a user interface that is supporting a system for "trust". Regardless of how great the "black box" is underneath, I'm not buying it.

    "customer preferences" is bs... the functionality is clearly lacking. Yes UTM needs revision, but there is transparency in the product. I have no love for XG right now. I support Alessandro's post 100%

    Having been it IT for 30+ years I know my stuff too in regards to everything IT/Application/Corp

    Your statement " If you are used to use a product for 20 years, you are finding a new approach to be frustrating." is insulting

  • Maybe i phrased my first point wrong - Sorry for that - I just wanted to point out, i can understand, somebody, who used a product for 20 years found other products to be frustrating or illogical or something. I can now do some car analogies but you will get the point. 

    About the trust system: Trust systems basically goes hand in hand with NAC solutions. Home users often time do not have a NAC Solution. In SFOS you could do Radius Accounting SSO as well, which means, if a device is logged in via a WPA Enterprise service, you automatically take over the user information. Or the better approach, which most customers also choose - using the Sophos Endpoint to get the heartbeat. Thats the ultimate trust solution, as you can make sure, the device, you are logged in, is protected by Sophos and you get the user information based on this information:
    For a home user, those systems are not available. UTM was build to be used as a standalone solution - SFOS is a game with different systems, which customers have in place. 
    Also you could use systems like STAS to get user information based on your AD. 


  • Lucar, I honestly have no clue what you are trying to say here in the 2nd paragraph. I understand there is a possible translation loss here, so please rephrase your statement.

Reply Children