I am up and running on Sophos UTM thanks to MikeMT's recommendation. Sophos 9.3 HW: Dual Core 2.66Ghz, 4GB Ram - $89.00 Refurb Dell Slim from Microcenter. Tossed a couple Gbe NIC's in it w/Cat6a all around. My pipe is a 180Mbps Fiber. Setup was a breeze, this is a professional package. Once I got my port forwards, exclusions, and other tricks in, it was running brilliantly. I dialed up the security giving me full IPS/AV/WF on the gateway, and turned both AV engines on (Avira+Sophos). Some initial issues were; ROKU and Tivos need to be punched through with IPS exclusions. Security Server needed a hole. Encrypted VOIP required exclusions, and SIP enabled traffic forwarding. With all of the UTM features dialed up to maximum I am not seeing any speed degradation with any protocol at all. I streamed on netflix last night without any issues at all. Steam downloads are full speed, and gaming seems stable, and fast. FYI: Some speed tests may report inaccurate results. The reason is they use files to download, often compressed files. Sophos UTM seems to have a proxy AV, which means it is going to buffer then scan, which will skew the Java Applets in browsers. For example speed test is showing me at 6.52Mbps right now. However I can steam a 30 min 1080 Movie almost instantly. So don't pay too much mind to performance numbers on consumer speed test sites, they don't factory AV proxy. Also, I haven't tweaked, I may be able to change the proxy to tweak this - ZyXEL you can turn off scanning of compressed files (which includes EXE's) to make speed tests normal. On Fortinet you can switch to Flow-Through rather than Proxy. Both of which reduce security for a mere cosmetic change!
Mike.. Sophos is reporting 2Gb of ram on a machine I have 4Gb on.. Any ideas? Also, how can I check as to if I have the 32-Bit vs 64-Bit version installed? I THINK I chose the 64-Bit Version, but I may be mistaken. That may cause the ram issue, but I thought the 32-Bit one would show up to 3Gb? Any tips? Right now ram is pegged at 76% of maximum (2gb), which I have 4gb, so this is something I need to figure out. If I have to rebuild it from scratch that won't be pleasant.
Well duh on me.. I thought the server I dropped it on had 4GB, it has 2.. I ordered 2GB more overnight shipping ($24 hehe), that will fix that.. I don't like to run a server over 65% ram use consistently, so this should drop it down to 30-40% max. So far so good, I have netflix punched through fine now, still checking various devices/systems, and still haven't punched some of the cameras through. I think it's a keeper so far!
BTW to me you know what makes this the strongest solution I have seen? Full Reputation Web Filtration. I set anything under 'low' to be blocked, and I have been unable to push a single crappy IP/URL through it, and I have tried 50-60 per day. This reminds me of AV's reputation file systems but extended to the internet. I have seen $20,000.00+ fortinets not perform as well, or offer as deep features. This is a true Layer 8 NGFW.
Mike, is this ... AMAZING? Dual Scan Engines at the Gateway. PUA Detection, Ability to Block Scripts at the Gateway? I'm feeling like this is better than Fortinet and ZyXEL to be honest.
Now this is security.. Eliminating 'billions' of IP addresses, networks, proxies, relays from hitting my network, and almost all potential malware from dialing out of my network, not to mention countless ad-type programs, etc.
You forgot the "Mayahana standard period" at the end of the thread title. Are you using free version of Sophos UTM or a premium version?
I figure nothing comes out of Antarctica I need/care about, so why not region block in case someone is proxying out of there? Wild, I am using the free version. It can take 50 clients, and you can deploy up to 10 managed endpoint suites for free as well. VERY powerful!
Thanks. I am considering purchasing one of those tiny NUC's from Intel specifically for Sophos UTM now. It seems Sophos has extraordinary engineering along with a well designed user/admin experience. Keep us all informed of your testing, it is always appreciated.
Hi M When you install off ISO it detects X64 processor & prompts with options to either Go X64 route for better speed efficiency or remain on X32 install . From the control panel you can also back up daily / weekly / anytime your config files & restore as well. The is an awesome PDF manual you can download same as the contents in the ? icon on the web admin page. RE RAM: 30 - 40 % is the norm on 4GB. If I remember correctly all Linux distro's will try to take / reserve as much working memory as the system offers for efficiency, unlike their MS counterparts that normally just take whats needed the time. Mayahana.. I am by no means a Sophos UTM expert & still have a load to learn on this baby as I'm still a new kid on the block with this too. I went into Sophos again only recently when I was evaluating Untangle alternatives again. All I can say is on the boxes I have installed this on, it is doing a great job. IMHO a good way to go.
Did you guys notice the RED feature? https://www.youtube.com/watch?v=hQlEu_OEetc Time to ditch Fortinet Mayahana? /E
Fortinet won't be ditched. Everything is standardized, and heavily vetted where I work. We have mid-six figures invested in Fortianalyzers/Managers/Presence gear at our COLO. Also the fact that we have so many channels into Fortinet, we can get engineers on the line in a few minutes, and can get remote sessions initiated within an hour of a service call if we need it. But yes, I would love to switch to Sophos UTM, but it will never happen at work. Fortinet is very complex, and at times problematic. Sophos is a breeze in comparison, and also more powerful unless you CLI the Fortinet.
RED sounds amazing. Do you know the trouble we go through to do this right now with Fortinet? Multiple Devices, Multiple VLAN segregation, and VPN's to branch offices.. It's complex, difficult, and at times - unreliable.
I just wonder if the branch offices will experience notable drag and slowdown, depending of distance of course? But on the other hand, what an easy way of control and protect your users? Just punch in the id of the device and you are done, looks like built-in TeamViewer to me. Did you spend some time at CleanMX testing yet? /E
CleanMX was blocked 100% perfect by this UTM, every single link and file. RED isn't like team viewer, it's like what we do already with COLO's and Branch Offices. Usually a VPN through to the main office from the branch to facilitate day to day operations, sharing, etc. Also, these are VERY powerful settings;
I kind of feel bad for people still relying on NAT(layer2) to secure their network in this day and age... 22 hour statistics; 15,285 Packets Rejected 458 Direct Attacks Thwarted 27 Viruses Blocked 876 Websites Blocked 27 Attacks blocked on Endpoints
Pentagon..... It took military sanitizers 14 months to clean up the infection after the breach. Also, you wonder what type of UTM, Sony was using when they got hit....
No, but I used to. Needless to say I take security/privacy seriously, I have good reasons. If I toss a cheap consumer router on my network I am infiltrated within hours. At the very least, my home network makes a good testbed for security protocols and products. Also, I do not believe the security Sony used has been disclosed. I have heard everything from FireEye to Cyberroam were used. But most important.. Sony was hacked because they were lazy, and didn't have IT people that were observant, and likely didn't even have DLP activated on their network. Security software, and firewalls aren't to blame. Incompetance, and laziness were to blame. Sony was trying to make themselves look good. When the CEO uses the password 'sonyml3' you can't blame your software, blame your brain. http://www.billboard.com/articles/business/6413955/sony-security-kevin-mitnick-electronic-frontier McClure said that his research leads him to believe the breach was accomplished through some sort of social engineering, rather than by a computer program. One striking thing to have emerged from the data that the Guardians of Peace have so far disseminated is the lack of security around passwords at Sony, including the revelation of an embarrassingly simple password CEO Michael Lynton was apparently using. It’s a clear sign that the company did not have sufficient corporation-wide password standards. “There was clearly stuff going on with Sony’s security that was well outside of any industry best practice, and these were not one-offs but occurred en masse,” said Maiffret. McClure noted that using even the basic encryption tools native to Windows may have prevented a good deal of the damage. Electronic Frontier Foundation staff technologist Seth Schoen says that compromised passwords are a likely vector of infiltration in the hack, especially given Sony’s size.
@Mayahana This is interesting reading, keep it up. Sophos has a few other interesting free tools in addition to UTM. The Virus Removal Tool is one. I've been looking for something that I can cold scan hard drives with for infections.