Overclock.net banner

Once you go with a UTM firewall, you never go back

13K views 12 replies 4 participants last post by  deafboy 
#1 ·
I mean you could, but why would you want to? when you finally get it configured the reward is worth the effort.
I had a some spare parts lying around and decided to put them to use. I really really wanted to try out one of the many UTMs available. The few that I had in mind were

ClearOS
Simplewall
OPNsense

and

Sophos XG
or Sophos UTM Home

Oh, and pfsense

I liked the dual antivirus engines of Sophos (Avira/Sophos) and so I went with that. After spending half a day installing Sophos UTM and Sophos XG multiple times trying to decide which one i liked more, I settled on UTM.

After the initial install, clients don't "see" the default gateway that is the firewall itself. I somehow managed to log into the damn interface after I corrected a subnet mask issue. The firewall was configured for a 255.255.255.0 subnet mask but Windows was reporting 255.255.0.0, and I was getting an APIPA address on all my Windows clients. Some other quirks were that the firewall gives itself an IP address/default gateway of 192.168.2.100 which is in the same subnet as the DHCP pool (192.168.2.1-254) So I changed the DHCP pool to 192.168.2.100-254.

But enough of that.....here's a screen shot of the mouth-watering dashboard after a whole day of blood, sweat, and tears.



Some features that this and other UTMs offer (for the average home user) is gateway antivirus, malicious URL blocking (web filtering), a full intrusion detection and prevention system (port scan/flood detection) and having SSL, IPSec, VPN servers hosted right on the firewall itself.
The interface is fantastic, with more eye candy than an internet infographic.



My system is pretty low end, but faster and has more memory than any router you can buy.

CASE: Rosewill SRM-01 ($30)
MOBO: open-box MSI A68HM-E33 V2 Realtek GBe(-$10 after rebate) yes, it was free, and then a $10 rebate on top of that with the infamous Microcenter motherboard+CPU combo deals
CPU: AMD A6 ‑7400K ($59)
RAM: 4Gb DDR3 ($30)
SSD: Silicon Power 120Gb SSD
Ethernet: Realtek GBe PCI-e

Router: TP-Link WDR 4300 Gigabit.
With DD-WRT installed and used as switch/wireless AP
 
See less See more
2
#3 ·
No, Sophos has said the UTM will be supported for years to come.
https://www.sophos.com/en-us/lp/utm-upgrades.aspx

So far the UTM is working well, but I haven't messed around with creating firewall rules yet. The only issue I had so far was the web filtering of "web ads" being too aggressive and blocking https sites from loading images.

If I decide to keep the UTM permanently, and it looks like there's no reason not to, I might invest in a fanless mini PC, but most of them are bare bones and too expensive. Right now it's still better just to build yourself a spare PC if you have the room and don't mind the noise.

Most of the el-cheap-o mini PCs have dual core Celeron 1.8GHz CPUs, and if you want something faster, you have to either sacrifice the HDMI port and have none at all, or you get one with 6 com ports instead (I really don't understand it at all). the pricing for the faster mini PCs is outrageous considering most of them are bare-bones, and you need an expensive msata ssd because they "can't boot" from a 2.5" SSD.
 
#4 ·
ahhhh cool!

The mini dells work as good little firewalls, i5 + 4 gig of ram, virtually silent! Ones been my gateway for the past 2 years
 
#5 ·
Yea, UTMs with nice, user-friendly GUI are pretty fun to screw around with, especially compared to extremely simplistic functionality of the "stock" OS/controller on all of the "consumer-grade" routers or not-so-user-friendly pfsense
wink.gif
Sophos UTM is pretty good, though there's also Untangle which is slightly more user-friendly. The Untangle is not completely free (like Sophos UTM, which is I believe permanently free for up to 50 IP addresses for home users) but the price for home users ($50/year) is still pretty reasonable considering the amount of features and the antimalware engine (by Bitdefender) it uses for scanning the traffic.

Both of these (Sophos and Untangle) ran perfectly fine when I was playing with them using one of those fanless Celeron J1900-based systems (with Intel NICs) made by Qotom (yes, these don't have HDMI ports but I didn't really need them).
 
#7 ·
Quote:
Originally Posted by Rndomuser View Post

Yea, UTMs with nice, user-friendly GUI are pretty fun to screw around with, especially compared to extremely simplistic functionality of the "stock" OS/controller on all of the "consumer-grade" routers or not-so-user-friendly pfsense
wink.gif
Sophos UTM is pretty good, though there's also Untangle which is slightly more user-friendly. The Untangle is not completely free (like Sophos UTM, which is I believe permanently free for up to 50 IP addresses for home users) but the price for home users ($50/year) is still pretty reasonable considering the amount of features and the antimalware engine (by Bitdefender) it uses for scanning the traffic.

Both of these (Sophos and Untangle) ran perfectly fine when I was playing with them using one of those fanless Celeron J1900-based systems (with Intel NICs) made by Qotom (yes, these don't have HDMI ports but I didn't really need them).
I'll have to check that out.
 
#9 ·
Yea, you can do that with Linksys' router, but I'm not sure how well it'll perform - the CPU in it is pretty weak, same goes for using slow USB flash drive as a permanent storage device...

But hey, the whole set-up is definitely cheaper than ~$200 Qotom fanless PC + something like $100+ dedicated Wi-Fi AP.
 
#10 ·
Pretty interface...

I've been on pfsense for a while and love it, maybe have to checkout some other options and play around and see if it'd be worth making the switch when I roll-out my new box.

Absolutely love the features. anti-virus, adblock, caching, security, vlans, etc... all good fun stuff.
 
#11 ·
Quote:
Originally Posted by deafboy View Post

Pretty interface...

I've been on pfsense for a while and love it, maybe have to checkout some other options and play around and see if it'd be worth making the switch when I roll-out my new box.

Absolutely love the features. anti-virus, adblock, caching, security, vlans, etc... all good fun stuff.
Are you referring to pfsense or Untangle? I was under the impression that all the other UTM firewalls only had clam AV which based on popular opinion is like a screen door on a submarine.

biggrin.gif


One of the issues with Sophos seems to be the ipv4 lease tables not showing all devices connected to my network. I have a network printer and IP camera Connected though a switch in that respond to ping requests and work as expected but will not appear on the dhcp client lease table (ipv6 is disabled). And it's a widely documented issue with Sophos UTM that the dhcp lease table will not remove old entries. ....maybe because the free version only allows 50 IP addresses and the software keeps old dhcp leases to preserve leases for frequently reconnecting clients?

I might decide to reinstall the entire UTM in bridge mode which makes it an in-line firewall without the DHCP server, and let my router handle DHCP. It also provides one more layer of security if I setup OpenVPN on the router, isolating it from the rest of the internal network.

Also, who knows if Untangle uses the full signature database of bitdefender or is it a watered-down version?

One thing I like about Sophos UTM is the included Endpoint protection so that I can install the Sophos Endpoint Security on my Windows Server machine, which is the only free antivus which supports Windows Server.

Gateway/router mode or Bridge mode for either sophos or Untangle?
 
#12 ·
Quote:
Originally Posted by Rndomuser View Post

Yea, you can do that with Linksys' router, but I'm not sure how well it'll perform - the CPU in it is pretty weak, same goes for using slow USB flash drive as a permanent storage device...

But hey, the whole set-up is definitely cheaper than ~$200 Qotom fanless PC + something like $100+ dedicated Wi-Fi AP.
Yeah you're right...the router version doesn't have IPS and uses only cloud based antivirus lookup.
 
#13 ·
Quote:
Originally Posted by aweir View Post

Are you referring to pfsense or Untangle? I was under the impression that all the other UTM firewalls only had clam AV which based on popular opinion is like a screen door on a submarine.

biggrin.gif


One of the issues with Sophos seems to be the ipv4 lease tables not showing all devices connected to my network. I have a network printer and IP camera Connected though a switch in that respond to ping requests and work as expected but will not appear on the dhcp client lease table (ipv6 is disabled). And it's a widely documented issue with Sophos UTM that the dhcp lease table will not remove old entries. ....maybe because the free version only allows 50 IP addresses and the software keeps old dhcp leases to preserve leases for frequently reconnecting clients?

I might decide to reinstall the entire UTM in bridge mode which makes it an in-line firewall without the DHCP server, and let my router handle DHCP. It also provides one more layer of security if I setup OpenVPN on the router, isolating it from the rest of the internal network.

Also, who knows if Untangle uses the full signature database of bitdefender or is it a watered-down version?

One thing I like about Sophos UTM is the included Endpoint protection so that I can install the Sophos Endpoint Security on my Windows Server machine, which is the only free antivus which supports Windows Server.

Gateway/router mode or Bridge mode for either sophos or Untangle?
I was talking about pfSense but I can't say, I don't personally have any of those configed so I can't say how well they do/don't work.
 
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top