Sitecom Cloud Security - Hitman Pro in the Router

I want to build a layered UTM stack at home. My thoughts are;

Modem-->Sitecom-->ZyXEL USG110/210 with ASUS RT-AC87 in AP mode only.

Sitecom would function as a front-end UTM, I want the WiFi disabled on it, handling DHCP. The USG would be plugged into one of the interface ports with a subnet from that, then the rest of the network/switches would come off of the ZyXEL. The ASUS would function as a powerful AP only, nothing else. In this configuration I would benefit from the limited IPS on Sitecom (in the scope of IPS), but the cloud AV scanning. Then all traffic would benefit from deep inspection in the USG110/210, with the expansive URL filtration (Bluecoat+Commtouch), in addition to Kaspersky w/Sharp Heuristics. Only hassle should be the port forwards, which would require port forwarding on both devices. I could possibly avoid much hassle with DDNS.

I wonder if the Sitecom would function in the capacity of a bridge appliance, with no task other than scanning traffic at the front end, and pushing traffic out the back.

 

Can you configure a Sitecom router to act as a Dumb switch so to speak and just scan traffic?

something like Sitecom > Router> Wireless AP? I want to be able to just scan traffic and bridge or pass though it to my router?

 

If it functioned in transparent/bridge mode it would be pretty valuable as a cheap UTM appliance. I wonder if we can get an answer or maybe contact Sitecom themselves? I doubt it has the capability to do this personally.

 

Im looking round for just that a bridge mode type of device for my network. I've looked around the net but havnt found anything yet

 

In the home market? Not going to happen. (UNLESS Sitecom can do it) In the enterprise market you have plenty of options. If I were you I would look into taking a slower PC, a refurb - plenty of $50-$100 refurbs, and turning it into a dedicated UTM running in transparent mode. All you do in this case would be Cable Modem--->Router (any old router in NAT)--->UTM in Bridge---->Any old switch----> Out to your network at large. Almost all of the opensource/free UTM solutions do this.. Sophos UTM9, PfSense, Untangle, ClearOS. The level of security this offers your network is pretty impressive.

ClearOS and Untangle use the ClamAV-UTM, with paid option on Untangle for Bit Defender Enterprise, and Kaspersky UTM for ClearOS. Sophos is the most powerful, but the most difficult to setup/configure, and it's heavily locked down - I found it unsuitable for home use as virtually everything in the home needed specific settings, and even then the IPS blocked our SmartTV. I haven't tried Sophos in transparent mode yet - soon.. Sophos has dual/single AV scanning options (AVIRA and/or Sophos). So for about $50 for a Craigslist PC, or a $75-$100 nice fast refurb from Microcenter, you have a transparent mode UTM on your network.

I use a ZyXEL USG60 NGFW as my router with full UTM, then back it up with a 'second opinion' Untangle in transparent mode with Adblocker, Virus Blocker Lite, and Intruder Guard. No point for me to pay extra for Bit Defender on that, as Clam is in the second opinion situation. ClamAV UTM is known to pick up 'strange' stuff other AV's tend to miss. Heuristics on Kaspersky are set to Sharp, Heuristics on ClamAV UTM I believe default to low to avoid FP's.

Summary;

1) Sophos UTM9 (free) - if you know your stuff, and don't mind working hard on it, and entering policies to get things working. (and working through potential aggressive blocks)
http://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx

2) Untangle if you just want ClamAV UTM, Adblocker, and Intrusion Protection.
https://www.untangle.com/store/get-untangle/

3) ClearOS if you want ClamAV and/or PAID Kaspersky UTM.
http://www.clearfoundation.com/

Happy medium is Untangle for the most part because you can have it running transparent mode in about 15 minutes with virtually no configuration needed. Untangle looks like a 12 year old designed the interface/icons, it's just lousy looking, but the community is filled with geeks and techies that prod and poke it nonstop. Sophos is gorgeous, and powerful, but again - not for the faint of heart - although it's not rocket science in transparent. ClearOS is a bit heavier (toss it 4GB of ram as it can max 2GB), but has a wonderful interface.

 

Any word of Sitecom can function in Transparent/Bridge mode?

It would be an exceptional solution for me if it could. I could toss it behind my ZyXEL (Enterprise Layer 7 UTM) in transparent, then hand off to my Untangle UTM. That'd be fun. No transparent, no go, and I would NOT trust this router on the front-end of my network. It's nowhere near the capability of a true enterprise Layer 7 NGFW - no matter what anyone says.

 

Sitecom is dead, are they even in business anymore? Nobody carries them, and even the buy page on their website is full of dead links.

https://www.sitecom.com/en/search-for-stores/67

If HMP was smart they'd cut a deal with a US Manufacturer of routers, like Trend did with ASUS. The market for this stuff is going to be huge!

 

I tried to get Untangle to look at HMP UTM a couple years ago when they dropped Kaspersky. HMP UTM as it looks to me is setup to work with Untangle without a whole lot of work on both ends since HMP UTM is setup up to use a module in Linux as is Untangle. But now Untangle dropped the JUNK Commtouch/Cyren AV for a good BitDefender gateway AV.

 

Untangle has issues.

1) It's overpriced as heck if you start turning things on, and have more than a couple clients.
2) Untangle doctrine that SNORT should mostly be off, and that NAT is enough is extremely flawed.
3) It looks like a 6 year old designed the interface.

If Untangle offered realistic packages, the paid versions would be acceptable. I run Untangle in transparent as a second opinion, but I much prefer fast, dedicated UTM appliances on the front gateway over these half baked, or buggy distros. I'd like to buy Sitecom but they appear out of business these days.

 

They already are in contact with larger vendors, we eagerly awaits what Marc or Eric have to say about it
Regarding finding it in the states I found this:
http://icecat.us/en/p/sitecom/wlr-8100/routers-4054842819142-Sitecom-X8-AC1750-18150056.html
Maybe that can help?
I just had contact with their support last week looking for a firmware update, they said they were updating their site so they cant be dead.

EDIT! Sorry, that was not a sales place I found...

/E

 

If you contact them again could ask if they plan to make the routers available through US resellers?

 

Just contact their English office and see if they can help?
Maybe here: https://www.sitecom.com/en/sitecom-welcomes-testing/205

/E

 

Still no luck with this.. I wonder if I can get one sent to me for testing/evaluation, and write up about it extensively here?

Most important questions I have are;

1) Where do I renew the sub when it runs out - and I am in USA?
2) Can the radios be disabled?
3) Can it function in transparent mode?
4) Does it have advanced routing features? (statics, dual wan, PF, and vlan?) If not, does it have any, and which?

My thoughts are if it can transparent, and still scan, I will place it behind the Trend, since both have zero impact on speed, followed by Untangle, then into a switch, and AP's off of the switch. But I do need some discovery on the device, and haven't had any luck locating any data.. Most worrysome is I cannot find a click-to-buy site for renewals on the HMP cloud sub if I should buy one. They are cheap, I would buy the N300 version, toss off the radios, and use it as a network security scanner.

 

If I remember correctly the sub was easy, you go via the GUI to the "store". I even think I got a heads up via the browser, like it does when a new firmware is available.
But I could be wrong, I only remember it was an easy task.
Radios? You mean Wifi? If so yes, from inside the GUI.
No transparent mode, I asked for this already in early 2013. I do not understand why they did not consider that? I wonder how many people get a modem/router with their internet subscription these days?
Making it very hard to sell them another router, even with this kind of protection. Router on router is not a good idea IMO.
A more businesses like router is this one: http://www.sitecomlearningcentre.com/products/wlr-4002bv1001/wireless-gigabit-vpn-router-n300 or https://www.sitecom.com/en/wireless-gigabit-vpn-router-n300/wlr-4002b/p/1507
Maybe you find some answers there? I really like the 7 port Gbit switch in the back. 140 Mbit in throughput with the cloud filter on.

/E

 

Thanks for the reply.. Not having transparent/bridge seems... Like a huge oversight.. Similar to how Bit Defender is releasing 'Box', which I think will be a huge failure, mostly because it is using dated, 10/100 hardware. 140 Throughput is a bit low, are you sure Sitecom's offer only 140 with scanning? I may be getting a 150/150 or 300/300 connection soon, which is why my ZyXEL needs to be sold off, it only supports 90Mbps with 'all' UTM features turned on, and that's nowhere near enough.

ASUS w/Trend has transparent/bridge but for some ungodly reason they disable Trend when you go into transparent! The thing has a wealth of 'extra' hardware/processors/ram in it, to think they automatically disable Trend when you go transparent for no apparent reason other than laziness sort of bothers me. But these are consumer grade appliances so I can't complain too much.

I just subbed for Untangle Bit Defender+Commtouch AV scanning since I can't get Sitecom's local here, and I don't feel like dropping $955.00 on a Fortigate 80D.

 

If you don't mind me asking, how much would you be selling the ZyXEL for? Also, approximately how much are the yearly license renewals?

 

@mark or Erik
Do you guys have some new info on what to expect for the UTM in the future?
Is all info classified or do you have some goodies for us?

/E

 

They need to work with a bigger router manufacturer.. Imagine HMP in Netgear?!?! (for them to compete with Trend in ASUS) Their penetration in the NA market is ZERO.

Right now there is a glut of UTM's that are affordable that can handle higher speed. My connection is pushing 200Mbps right now, and unless I want to spend $1000.00+ on a router, and another $600+ a year for the UTM subscription my choices are very limited!

 

Last we heard from Mark was in post 131 in this thread I think?
They are working with a chip manufacturer, but this was classified information as of then.
I guess a lot of their work have been focused on their Alert solution, also a first class software in my book.
But it would be nice with a bigger brand implementing their solution (as long as it is not spelled D-Link), why Untangle is ducking this is a mystery to me??
I would set up an Untangle in bridge mode on all my installations if they implemented this UTM solution, maybe Mark or Erik could contact them?
Both me and I think Blues something? in this forum have informed Untangle about this solution but we are not being taken seriously, strange behavior by Untangle IMO.

/E

 

Untangle are strange.

They had an almost entirely non-functional IPS in their product for YEARS, and simply told people that 'NAT is enough' while claiming to sell a layer-7 solution focused on security. Then I discovered some 'issues' with their AV detection engine. Also their AV engine ONLY works on HTTP/HTTPS, it doesn't actually scan other ports, streams, or packets so it really doesn't qualify as a true gateway AV in my opinion. Also the AV doesn't integrate with the IPS, and for a NGFW it's crucial for the IPS and AV to 'talk' in my opinion. So NAT is enough. IPS is a waste. AV scanning of anything but HTTP is pointless, and IPS doesn't need to talk to AV? That doesn't qualify as a real solution in my opinion! As soon as I find what I want to change to I am dumping Untangle. Right now it's a bit overkill for a home, but underwhelming for a corporation. I pay $50 a month for it, which includes a LOT of features I want - policy manager, detailed policies/fw rule construction, web caching, and the web filter. Untangle has a remarkably good web filter and adblocker at the gateway!

Despite the good, the bad tends to make me feel Untangle isn't a complete solution, or the best I could be using. My connection is so fast now I need to go up to mid-level UTM's, which cost thousands, and then require expensive yearly renewals. Something I am not ready to commit to. So I am left with Untangle, and creative network security via VLAN's and such until something else comes along..

 

I sent Erik a PM a while ago to get some news regarding the UTM development, maybe he did not read it yet, or development is handled by 007 in secret mode right now

/E

 

With all due respect - are there any reason to rush things ??

Current series of routers from Sitecom with SurfRight UTM works great.

You sell these - you know they work.
Looking at other forums where these Sitecom routers are mentioned - users say they work.
Not that it matters, but I have several of these (Sitecom X8 AC1750 WLR-8100) running at several locations - they work perfectly.
Going through this thread - users say they work.

I have only seen one person make a big drama about this in his daily fantasy tales here at Wilders (and it´s not you, Esse )

Meanwhile out here in the real world, these Sitecom routers do their job. They catch the nasty stuff that SurfRight designed their UTM solution to catch.

 

1) Sitecom isn't available in North America.
2) Sitecom isn't FCC Certified in the USA.
3) Warranty? Support? If it's not NA based, or NA supported, these could be issues.

Which was why we are asking for the development status, or negotiations with other hardware vendors. I appreciate that Sitecom's are working all over the place, but here in the NA? I would guess there aren't more than a handful deployed in the entire country. So in this fantasy land of IT professionals we need to consider a lot of variables, it's not a deployable solution in NA as it is stands. Hence the questions, and somewhat sense of urgency at wanting a low cost, deployable UTM solution for SOHO.

 

I cannot disclose anything ... as far as there is anything to disclose. Hope you understand.

 

Thanks for the reply Erik.
I do not want to rush things, I was just curious regarding the development, and Mark mentioned that there should be some new coming in October last year (read back in the thread).
Sitecom routers do work, but I do not sell them anymore.

Today most homes get a modem/router from their ISP if they order a ADSL/VDSL/Cable, making it really hard to sell them another router on top of that.
Not to mention how wrong it is to put a router after a router, and Sitecom does not have a "bridge" mode in their router as I know of.

Fiber installations usually calls for a router, as the users only gets a access point with their installations, but it is hard to find a router with the hardware needed to scan/inspect the traffic, at least in a home solution.
Sitecom maxes out around 140 Mbit with the cloud feature enabled (I do not know about the X7 and X8 models), this will work fine on a 100 Mbit installation.
But more and more are using higher speeds than that when they order, 250 Mbit and up.

This is the cause of my interest in this UTM feature development, I need products with more throughput to recommend.

/E