Still don't get it, no replacement on market for UTM 9

Sophos, (sry for the bad english, no native speaker here)

why the heck do u kill this excellent product in favor for your XG whatever product, which is miles away from the UTM 9 instead putting all efforts in getting the UMT9 up to date ?

i can't get it. it's ridiculous.

after playing arround with XG , pfsense , untangle and how all this other crap is called, NOTHING comes close to the UTM 9, NOTHING !

and i don't say this because i don't wanna learn a new system, it's just the lack of features in those systems and logic how things are sorted.

What's wrong with u people to drop the UTM 9 ? Sryl ?!

I can't understand those management guys  and if i would be in charge, i would fire those guys.

geez it's just unbeliveable annoying how bad all those other firewalls are, expect the enterprise ones,

which are a simple no go for soho , mid size business , and so on.

i am so mad right now.....

[bearbeitet von: WolfgangS um 11:28 PM (GMT -7) am 27 Aug 2023]
  • You don't know how right you are.

    I've lost the "voice" and the desire to show how much, but how much is understandable (just think about the custom-made framework for UTM 9, incomparable with the one not designed for a firewall interface like Sophos Firewall).

    Furthermore, I don't understand why, as a customer, Sophos will maintain UTM 9 for AWS and no longer the standalone version....

    What a pity, but do we really need to focus only on strategies that, from the customer's perspective, bring only disillusionment and debugging work, and rush (and coercion) to purchase the license that covers until June 30, 2026, by June 30, 2023... I'm bitter, not to mention the costs between UTM 9 and Sophos Firewall...

  • I fully understand what you mean.

    Honestly speaking, some of the points given by Sophos are valid.
    UTM is heavily based on linux and especially iptables as filtering engine.
    Since it's creation the linux world has moved on, today ebtables is the natural choice and iptables considered legacy.

    I wonder how many of the nice Astaro Karlsruhe folks are still around and capable to build such a GUI for ebtables on the UTM, maybe many of them are retired (it's 20 years), frustrated or moved on t another company.

    What's disgusting me most is the special kind of rudeness Sophos uses to place their new product.
    This is something i'd probably tolerate (not welcome anyways) in the open source world, but not with a product you are expected to pay (ten)thousands of Euros for.

    There is another thread "unwanted parenting" which also expresses this. Cutting off functionality (mail) and forcing the user to the cloud (after all Sophos is non-EU and in a country being part of the five eyes) is an absolute red flag.

  • What does the 5 eyes have to do with anything? Are you alluding to Sophos purposely creating vulnerabilities, like how the UTM offers 4096 bit Diffie-Hellman key exchange for the remote access VPN, while the XG maxes out at only 2048 bits which I'm sure not many people would notice, but I did and no explanation was given about why the 4096 bit key exchange isn't available in the XG. I was always interested in knowing why. I'm not a cryptologist, but I would assume that in cryptology, more bits is better than less bits.

  • The problem is performance vs security. You will find some research about pros/cons about both. 

    Essentially the question is: Are 4096 bit key worth the performance decrease? 


  • They're saying that 2048 bit key exchange is safe up till 2030. How they know this, is probably due to Moore's law and how much computing power it would take to crack it based on today's CPUs.

    With Sophos having ZTNA now, and newer tech like cloudflared tunnels and Zerotier, ect. Who knows what the industry standard  replacement for SSL/IPsec VPN might be.