Jump to content
RESET Forums (homeservershow.com)
itGeeks

Sophos UTM is getting a new version and guess what? No more 50 IP Limit.

Recommended Posts

pcdoc

Though I'm still dreading the thought of starting over from UTM 9, I'm getting closer to making the move to Sophos XG. Suddenly encountering constant alerts that I've hit my 50 IP home licensing limit. Perhaps my DHCP lease time of 7 days is too long...whatever it's become a nuisance.

 

 

Sent from my iPhone using Tapatalk

 

It only hurts for a short time  :) .  This is where a second box comes in handy.  I will wait patiently for results when you get there.

Share this post


Link to post
Share on other sites
Jason

Pcdoc, are you using QoS in Sophos XG? If so, do you find it works well? Am using in UTM 9 but may have some time coming up to migrate over. At a minimum to overcome the 50 IP limit. I found QoS both upload/download to be very granular with pfsense though the rest was a headache. Unlikely I'll return to that platform. Thanks.

 

 

Sent from my iPhone using Tapatalk

Share this post


Link to post
Share on other sites
nrf

haven't heard much on this topic of late, is xg ready for prime time yet? I've been using opnsense in the meantime...

Edited by nrf

Share this post


Link to post
Share on other sites
Jason

I know that pcdoc has been running it reliably for quite some time. Sophos still insists (as if 2/27/17) their UTM to XG migration took will "soon" be released for their business partners' testing. Will see.

 

 

Sent from my iPhone using Tapatalk

Share this post


Link to post
Share on other sites
Jason

Also, is it even possible, within Sophos UTM 9, to effectively use iOS devices reliably without bypassing HTTPS scanning altogether?

 

Outlook iOS app reports No Internet Connection found the moment HTTPS Decrypt and Scan enabled despite the CA being on the mobile device.

 

Yes, even after adding this lengthy target domains list to web exceptions, no luck. Requires the iOS device to bypass the web filter altogether:

 

https://community.sophos.com/products/unified-threat-management/f/web-protection-web-filtering-application-visibility-control/77994/office-2016-365-install-failing-with-error-30174-4-1392---possible-range-requests-issue?pi2132219849=3

 

 

Sent from my iPhone using Tapatalk

Share this post


Link to post
Share on other sites
itGeeks

It seems to me that peaple are still having trouble with XG, Everything from not being able to download Windows Insider builds to Netflix not working unless you bypass those devices. Now I have not used Sophos in almost a year now so I cant confirm the reports but if the reports are true then it seems to me that if you have to still bypass so many devices from the real security Sophos has to offer then y bother with Sophos at all. For this that have not tried Untangle give it a shot, Though not free its only 50.00 a year for the home license. Here is a live demo to look at: http://demo.untangle.com/auth/login?url=/setup/welcome.do&realm=Administrator

 

Has anyone other then me considered trying the new Synology RT2600AC router that's getting great reviews? I will have mine hopefully setup this weekend and if it works out it will replace my Untangle box.

The router offers IPS, VPN Plus, DNS and a few other packages. It also has great reporting on whats going on with your network and can be controlled threw a mobile app or web browser. This router is one to take a hard look at, Even Dave said in his first look video this will be his daily driver. Synology does a great job with there NAS products and security is front and center so I see this product being no different and as security centric as Synology is I feel very comfortable with there router protecting the edge of my network.

 

Dave's First Look https://www.youtube.com/watch?v=rYufQiCMOjs

 

SNB review https://www.smallnetbuilder.com/wireless/wireless-reviews/33075-synology-rt2600ac-router-reviewed?showall=&start=3

 

Lon S. review https://www.youtube.com/watch?v=tfEZU115e98

 

9to5Mac review https://www.youtube.com/watch?v=YXbbLZdY2p0

 

On closing I have had a lot of fun playing around with different router/firewall/UTM distro but the time has come that I want simplicity with good protection that does not require bypassing devices to make things work, Untangle ticked all the boxes but still had some complexity and I am looking for something my daughter can manage without pop. I feel Synology new router my fill that need. 

Share this post


Link to post
Share on other sites
Jason

I may very well consider Untangle this next time around. Even Sophos UTM 9, though mature, has issues they can't even seem to fix (yet). Since I already have Orbi for wireless, seems the Synology router with wifi would be redundant?

 

 

Sent from my iPhone using Tapatalk

Share this post


Link to post
Share on other sites
itGeeks

Jason I understand what your saying, I will not be using the WiFi on the Synology router in favor of Orbi. This is a great match, You get all the goodness from a well rounded router with the power of Orbi for WiFi. I don't think Dave is using the WiFi of Synology either in favor of Eero but I could be wrong. The router has a lot to offer without using WiFi.

Share this post


Link to post
Share on other sites
Jason

Very compelling review from 9to5Mac. Really like the UI. Will stand by and wait to see what everyone thinks. I do like the idea of using my existing hardware with Untangle...though I've no experience with any prior version of Untangle. As opposed to investing in yet more hardware with the Synology.

 

 

Sent from my iPhone using Tapatalk

Share this post


Link to post
Share on other sites
pcdoc

Sorry for the late replies...

 

Pcdoc, are you using QoS in Sophos XG? If so, do you find it works well? Am using in UTM 9 but may have some time coming up to migrate over. At a minimum to overcome the 50 IP limit. I found QoS both upload/download to be very granular with pfsense though the rest was a headache. Unlikely I'll return to that platform. Thanks.


Sent from my iPhone using Tapatalk

 

Not using QoS as I do not really have a need for it at this time.  I will have to experiment with it at work as we now have 5 XG installs so I will post the results when I get that far.

 

 

Also, is it even possible, within Sophos UTM 9, to effectively use iOS devices reliably without bypassing HTTPS scanning altogether?

Outlook iOS app reports No Internet Connection found the moment HTTPS Decrypt and Scan enabled despite the CA being on the mobile device.

Yes, even after adding this lengthy target domains list to web exceptions, no luck. Requires the iOS device to bypass the web filter altogether:

https://community.sophos.com/products/unified-threat-management/f/web-protection-web-filtering-application-visibility-control/77994/office-2016-365-install-failing-with-error-30174-4-1392---possible-range-requests-issue?pi2132219849=3


Sent from my iPhone using Tapatalk

 

It still does take a rule to for just android and iOS to bypass only the antivirus.  All other filtering now works fine so you can still block unwanted sites or access.

 

 

It seems to me that peaple are still having trouble with XG, Everything from not being able to download Windows Insider builds to Netflix not working unless you bypass those devices. Now I have not used Sophos in almost a year now so I cant confirm the reports but if the reports are true then it seems to me that if you have to still bypass so many devices from the real security Sophos has to offer then y bother with Sophos at all. For this that have not tried Untangle give it a shot, Though not free its only 50.00 a year for the home license. Here is a live demo to look at: http://demo.untangle.com/auth/login?url=/setup/welcome.do&realm=Administrator

 

Has anyone other then me considered trying the new Synology RT2600AC router that's getting great reviews? I will have mine hopefully setup this weekend and if it works out it will replace my Untangle box.

The router offers IPS, VPN Plus, DNS and a few other packages. It also has great reporting on whats going on with your network and can be controlled threw a mobile app or web browser. This router is one to take a hard look at, Even Dave said in his first look video this will be his daily driver. Synology does a great job with there NAS products and security is front and center so I see this product being no different and as security centric as Synology is I feel very comfortable with there router protecting the edge of my network.

 

Dave's First Look https://www.youtube.com/watch?v=rYufQiCMOjs

 

SNB review https://www.smallnetbuilder.com/wireless/wireless-reviews/33075-synology-rt2600ac-router-reviewed?showall=&start=3

 

Lon S. review https://www.youtube.com/watch?v=tfEZU115e98

 

9to5Mac review https://www.youtube.com/watch?v=YXbbLZdY2p0

 

On closing I have had a lot of fun playing around with different router/firewall/UTM distro but the time has come that I want simplicity with good protection that does not require bypassing devices to make things work, Untangle ticked all the boxes but still had some complexity and I am looking for something my daughter can manage without pop. I feel Synology new router my fill that need. 

 

The updating including insider updates works fine as of the release of V16 at least for me.  I Thing your statement on on having to bypass security on so many devices is a bit exaggerated however everyone has to find what they are comfortable with.  I have not had to mess with or make changes to my firewall in quite some time other than installing updates.  Maybe it is just me, but I still like XG V16 better than Untangle (the new and old versions) as I find it to be more powerful.  But like I said, this is highly subjective and very much a personal choice.  Fore me, I have not found anything that has the same or better level of filtering and control than XG.  Just my two cents...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



×
×
  • Create New...