Jump to content
RESET Forums (homeservershow.com)
itGeeks

Sophos UTM is getting a new version and guess what? No more 50 IP Limit.

Recommended Posts

itGeeks

Jason at the time there was no 50.00 home license for UT so it was expensive for pcdoc to have full protection by the time UT came out with the home offer he already migrated to the free XG. That's how I remember it.

 

It does seem many are still having trouble with XG but I am not sure how much of that is user error, pcdoc does seem to be having good luck with it so I guess mileage will vary. I am using Untangle vs XG and I maybe switching to Synology RT2600AC after I test it. I went to purchase it this weekend but it's out of stock on Amazon and bhphoto. The online sellers that do have it are asking to much so I wait.

Share this post


Link to post
Share on other sites
Jason

itGeeks, sorry I know this isn't an Untangle thread but what triggered your desire to move from UT to Synology? Just want to use less hardware or have an all-in-one wireless router?

 

 

Sent from my iPhone using Tapatalk

Share this post


Link to post
Share on other sites
pcdoc

Pcdoc, I believe you ran Untangle prior to Sophos NG, correct? What prompted you to migrate?

 

I was looking at the Untangle online demo yesterday. Had never seen UT before. The UI is slick compared to UTM. Am not quite following the layout of the Sophos NG screens.

 

Also after reading the Sophos community threads about NG am afraid to test it

 

 

Sent from my iPhone using Tapatalk

 

At the time, I had been running Untangle and paying for their subscription service for two of their apps (Antivirus, and Application blocker) at a cost of $54/month. Given that this license was limited to 10 IP addresses, this is a significant amount of money to pay for security. I always found the UI on UTM a bit daunting and at first I struggled with XG until the release of V16.  Now I think the UI is awesome.  As for UT, I never found the filtering on par with XG though there UI is pretty nice. The UT pricing is now attractive but I still believe XG is more powerful and find it more configurable. 

  • Like 1

Share this post


Link to post
Share on other sites
itGeeks

Jason, Good question. For a few reasons really, Untangle has worked very well for me but my wants and needs have changed now see below-

 

1) I know longer want to run a UTM in a VM in favor of dedicated hardware.

2) I now have a need for parental controls to keep my two grand kids safe online.

3) I need timed internet for the grand kids and a way to easy turn off there internet at certain times with just a click of a button.

4) I need ease of use so my daughter and son in-law can manage it from a mobile app.

5) I am a big fan of Synology NAS already and I just love DSM and from the looks of SRM I will love that to, Have a look here for a review by Lon S. https://www.youtube.com/watch?v=tfEZU115e98&list=PL-Mpec9tEKUPz8uA1d3Z0xnAIeHwhDT5G&index=4

6) I am very interested in using the VPN-Plus package Synology has, Its a clientless VPN and looks very interesting, Have a look here: https://www.youtube.com/watch?v=tk9DZLX9fBc

 

This router also have several packages to you can download and install, Most notable is the VPN-Plus, DNS, IPS that I want to use. https://www.synology.com/en-us/router/app_packages

 

I will not be using the WiFi on the router in favor of Netgear Orbi.

Share this post


Link to post
Share on other sites
Jason

The RT2600ac is an interesting device. I may order one of these to play around with. While my Sophos UTM 9 generally works well, it's exhausting to troubleshoot when https exceptions fail to work and there's a never ending need to manage these exceptions. I agree that simplification isn't a bad thing. Not to mention the UI matters.

 

 

Sent from my iPhone using Tapatalk

Share this post


Link to post
Share on other sites
Jason

Ordered a RT2600ac for the router functionality. Am unfamiliar with Synology not having run any of their NAS units before. Am intrigued by the YouTube videos. It's time for me to move away from Sophos UTM.

 

 

Sent from my iPhone using Tapatalk

Share this post


Link to post
Share on other sites
Jason

Have UTM 9.4 running fairly well, but am receiving the 50 of 50 IPs used alerts now via email. It's unclear what these 50 IPs actually are as I am not physically using 50 devices. Have to believe WSE12R2 VPN and UTM's OpenVPN must be reserving a fair amount of these. Really wish there was a way to obtain an IP increase from Sophos without migrating to XG but they simply won't do it.

 

 

Sent from my iPhone using Tapatalk

Share this post


Link to post
Share on other sites
Drashna Jaelre

Have UTM 9.4 running fairly well, but am receiving the 50 of 50 IPs used alerts now via email. It's unclear what these 50 IPs actually are as I am not physically using 50 devices. Have to believe WSE12R2 VPN and UTM's OpenVPN must be reserving a fair amount of these. Really wish there was a way to obtain an IP increase from Sophos without migrating to XG but they simply won't do it.

 

 

Sent from my iPhone using Tapatalk

 

Management -> Licensing -> Active IP addresses. 

 

Tht will lsit the actual number. Also, they do have a ~5 leeway.

 

That said, WSE's VPN reserves a bunch of IP addresses. And I believe the UTM's VPN software does too.  And both should be configurable. 

Share this post


Link to post
Share on other sites
Jason

Thanks.  That's what I was hoping, but I can't quite figure out how to configure either - yet.

 

1.) am using Sophos UTM's DHCP server now.  Have since disabled my WSE12R2 server.  Felt like I was adding another layer of complexity I didn't need, at least for my environment.  I set the DHCP range from 192.168.0.10-254.  My Sophos box is actually 192.168.0.1 (the gateway).

 

2.) am using Sophos UTM's SSL VPN setup.  It allows you do use TCP or UDP for SSL VPN traffic and also any port you'd like (doesn't have to be TCP 443).  However I cannot see an option to define the SSL VPN IP range for clients either way.

Share this post


Link to post
Share on other sites
snapper

If you have devices that never need to access the internet, you can set them up with a static IP address but no default gateway.

As that traffic will never touch Sophos, it won't get counted...

 

Also turn off IPv6 (if not needed) as that will count as an extra address per device.

 

IIRC, the 50 IP limit is for traffic actually traversing the firewall.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



×
×
  • Create New...