Customers might be unable to connect with us via the Sophos Malaysia Support Hotline number. Our teams are actively working on a fix. In the interim, we request customers to use the backup hotline number - +65 3157 5922 (Singapore) or raise a support request at https://support.sophos.com/.

Help us enhance your Sophos Community experience. Share your thoughts in our Sophos Community survey.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Replies 5 replies
  • Subscribers 10 subscribers
  • Views 3302 views
  • Users 0 members are here
Options
Suggested

Still don't get it, no replacement on market for UTM 9

WolfgangS

Sophos, (sry for the bad english, no native speaker here)

why the heck do u kill this excellent product in favor for your XG whatever product, which is miles away from the UTM 9 instead putting all efforts in getting the UMT9 up to date ?

i can't get it. it's ridiculous.

after playing arround with XG , pfsense , untangle and how all this other crap is called, NOTHING comes close to the UTM 9, NOTHING !

and i don't say this because i don't wanna learn a new system, it's just the lack of features in those systems and logic how things are sorted.

What's wrong with u people to drop the UTM 9 ? Sryl ?!

I can't understand those management guys  and if i would be in charge, i would fire those guys.

geez it's just unbeliveable annoying how bad all those other firewalls are, expect the enterprise ones,

which are a simple no go for soho , mid size business , and so on.

i am so mad right now.....



e
[bearbeitet von: WolfgangS um 11:28 PM (GMT -7) am 27 Aug 2023]
Parents
  • 0

    I fully understand what you mean.

    Honestly speaking, some of the points given by Sophos are valid.
    UTM is heavily based on linux and especially iptables as filtering engine.
    Since it's creation the linux world has moved on, today ebtables is the natural choice and iptables considered legacy.

    I wonder how many of the nice Astaro Karlsruhe folks are still around and capable to build such a GUI for ebtables on the UTM, maybe many of them are retired (it's 20 years), frustrated or moved on t another company.

    What's disgusting me most is the special kind of rudeness Sophos uses to place their new product.
    This is something i'd probably tolerate (not welcome anyways) in the open source world, but not with a product you are expected to pay (ten)thousands of Euros for.

    There is another thread "unwanted parenting" which also expresses this. Cutting off functionality (mail) and forcing the user to the cloud (after all Sophos is non-EU and in a country being part of the five eyes) is an absolute red flag.

  • 0 in reply to Alan Brand

    What does the 5 eyes have to do with anything? Are you alluding to Sophos purposely creating vulnerabilities, like how the UTM offers 4096 bit Diffie-Hellman key exchange for the remote access VPN, while the XG maxes out at only 2048 bits which I'm sure not many people would notice, but I did and no explanation was given about why the 4096 bit key exchange isn't available in the XG. I was always interested in knowing why. I'm not a cryptologist, but I would assume that in cryptology, more bits is better than less bits.

  • 0 in reply to alan weir

    The problem is performance vs security. You will find some research about pros/cons about both. 

    Essentially the question is: Are 4096 bit key worth the performance decrease? 

    https://danielpocock.com/rsa-key-sizes-2048-or-4096-bits/ 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    They're saying that 2048 bit key exchange is safe up till 2030. How they know this, is probably due to Moore's law and how much computing power it would take to crack it based on today's CPUs.

    With Sophos having ZTNA now, and newer tech like cloudflared tunnels and Zerotier, ect. Who knows what the industry standard  replacement for SSL/IPsec VPN might be.

Reply Children
No Data
Unfiltered HTML