Sophos Utm Essential Firewall

Posted on  by admin
UTM & Next-Generation Firewall
Essential

The Ultimate Security Package

  • Our new product is called Sophos XG Firewall. This is a completely new platform and not the next version of either the Sophos UTM or Cyberoam OS. It combines elements of both Sophos and Cyberoam UTM and next-gen firewall technology but also completely new innovations and features many of you have been requesting for some time.
  • Complete unified threat management for your network. Existing customers may.
  • This license protects networks with up to 50 IP addresses and includes almost all features of the commercial version. The Sophos UTM Home Edition is available from the company's website. For companies, Sophos also offers the Essential Firewall, a free version which, however, again only provides basic security functions.
  • In this video we will go over how to install Sophos UTM sofrware firewall in a Hyper-V Virtual Machine. Links:My blog posting: http://georgebabichev.com/2016.

How to set up your UTM firewall. To set up your UTM firewall, you need to define network addresses, basic firewall rules and NAT (Network Address Translation). The great thing about Sophos UTM is that it will help you get things set up in no time. The built-in Basic System Setup will do all this for you.

Sophos utm essential firewall

Essential next-gen firewall protection for your network, web, email, applications, and users.

Wireless Access Points
Plug in Sophos wireless access points and turn your Sophos UTM into a powerful wireless controller.


Wireless Access Points are available in five models: AP10, AP15, AP30, AP50, and AP100. Compare Models.

Wireless Networking made Simple

Deploying Sophos Access Points is easy. Automatic setup and configuration means multiple wireless access points are up and running in minutes.

Simply plug the access point in and it automatically appears in the Sophos UTM where you can configure it in just a few clicks.

Top Performance and Security

With our AP 100 you get the latest high-speed three-stream 802.11ac wireless that offers 3x the performance of regular Wi-Fi - up to 1.3Gbps. And the dual-band, dual-radio AP 50 makes it ideal for establishing mesh networks to extend WiFi easily and reliably where wires just can’t reach. And all our models support the latest security with WEP-2 Enterprise encryption and IEEE 802.1X (RADIUS authentication).

Remote Ethernet Devices (RED)
Sophos RED instantly extends your secure network to a branch office or remote location.

Sophos RED makes extending your secure network to other locations easy. It requires no technical skills at the remote site; simply enter the RED device ID into your UTM and ship it. As soon as it’s plugged in and connected to the Internet, it will contact your UTM and establish a secure dedicated VPN tunnel. It’s that easy.

You can choose to direct all network traffic from the remote location back to your UTM for complete protection or only route inter-office network traffic via RED. All data between the RED and your UTM is encrypted to provide a secure private connection.

RED hardware appliances are available in two models: the RED 10 and RED 50.


Sophos UTM Manager (SUM)
Centralized management of all your Sophos UTMs.


Whether you have a few UTMs or a few hundred, Sophos UTM Manager (SUM) makes centralized management for your entire estate easy. It provides a single pane of glass for all your UTMs and it comes at no extra charge.

SUM Provides:

  • Easy management of multiple UTM installations from a single console
  • Configure web, email and network filtering policies across multiple sites or customers
  • View threat, network and hardware resource status across all your UTMs at a glance
  • Rapidly deploy and license UTMs and network security services (for qualified MSP partners)

SUM is available as a no-charge software appliance you can install on your choice of hardware or your preferred virtual environment including VMware, Citrix, Microsoft Hyper-V and KVM.

iView Reporting
Extend the UTM’s on-box reporting to provide consolidated and compliance reporting and much more.

Sophos iView is a dedicated reporting appliance that extends and enhances the UTM’s on-box reporting helping customers meet compliance reporting requirements, providing consolidated reporting across multiple UTMs, nearly limitless views and customization options, and a convenient backup and long-term storage solution for all your UTM reporting data.

Sophos iView provides:

  • Over 1000 built-in reports and views you can customize
  • Consolidated reporting across any number of Sophos UTM appliances
  • Compliance reporting for HIPAA, PCI DSS, GLBA, and SOX
  • Easy out-of-the-box setup and operation with Sophos UTM

Sophos iView is available as a software appliance you can install on your choice of hardware or your preferred virtual environment including VMware, Citrix, Microsoft Hyper-V and KVM.


Unified Threat Management (UTM) stands for complete protection. UTM systems filter incoming and outgoing network traffic, detect and prevent attacks, and block and quarantine viruses. If an appliance takes care of all these tasks, it needs to meet the customer's individual requirements precisely.

The UTM Firewall by Endian, a company founded in 2003, is one of the few open source firewalls available in both free and commercial versions. According to the manufacturer, more than 4,000 customers deploy Endian Firewall Enterprise, and more than 1.2 million users have downloaded the community edition. Both are based on the IPCop Linux distribution.

Although the free community variant is available for unrestricted free use in the enterprise, it lacks many of the features of the Enterprise Edition. Only the commercial version offers hardware appliances, virtual network drivers, professional support, a hotspot feature, and commercial-grade spam and content filtering. However, the community edition does provide the basic UTM functions, including antivirus, anti-spam, URL filtering, IPsec, and OpenVPN. It even protects larger networks easily. The ISO image of the community edition is available online [1]. If you want to test the Enterprise version, you can request a test key and the download link from the website [2].

Sophos UTM – first introduced in 2000 as Astaro Security Linux – has consistently focused on the needs of customers; it accordingly bills itself as 'the market leader for Unified Threat Management in Europe.' Although Sophos does not offer a community version, it does offer a home-use license for personal and noncommercial use. This license protects networks with up to 50 IP addresses and includes almost all features of the commercial version. The Sophos UTM Home Edition is available from the company's website [3].

For companies, Sophos also offers the Essential Firewall, a free version which, however, again only provides basic security functions. Except for the DNS proxy, it lacks all proxy-based features such as HTTP(S), SMTP, and POP3 and thus antivirus scanning, URL filtering, and application control. In terms of VPN protocols, however, IPsec and OpenVPN are missing; only L2TP over IPsec and the obsolete PPTP protocol are on board. At least, the former lets mobile devices such as smartphones connect via VPN. The installation medium for the Essential Firewall is available from Sophos [4].

Dosage Forms

Both Endian and Sophos offer their firewalls as hardware and software appliances. The latter both run on physical hardware and as virtual appliances. Sophos supports VMware, Xen, KVM, and Hyper-V.

Sophos Utm Essential Firewall Iso Download

Endian lacks official support for Microsoft's Hyper-V hypervisor. Although it can also be installed in a Hyper-V environment, it lacks drivers for the native Hyper-V network adapter, which limits the network bandwidth to a miserly 10Mbps. Additionally, full support for VMware and Xen is only available in the Enterprise version. Endian provides optimized images or virtual machines for the various hypervisors. Safety considerations for operating virtualized firewalls are discussed in the 'Virtualized Firewalls?' box.

A virtual firewall entails some risks: Its most important task is to isolate networks reliably from each other. However, in virtual environments, it is the virtual switches that keep the networks. This means the virtualization host is the highest authority. The security of a virtual firewall stands and falls with the security of the virtualization software used. If the host is compromised by a configuration error or a vulnerability in the hypervisor, the virtual machines and, ultimately, the firewall can be hijacked by an attacker. Most hypervisors have already been affected by such vulnerabilities [5][6]. A report by the IBM Security X-Force in 2010 came to the conclusion that one third of all hypervisors suffer from vulnerability gaps [7].

Virtualizing a firewall on the same host as internal IT resources (e.g., domain controllers or file or web servers) is generally inappropriate. If you do not want to do without the benefits of a virtualized firewall – rapid deployment of additional resources, as well as simple and inexpensive high availability – you should at least run it on a dedicated virtualization host.

HTTP(S) transports far more than just websites: With manipulations and tricks, almost any application can be tunnelled through this protocol. This approach works even better if there is no proxy between the server and the client. URL or content filtering alone is no longer sufficient to block resources, which is where application recognition comes into its own. It analyzes web traffic and discovers applications such as Skype, Facebook, Dropbox, and Google services by referring to patterns. Application recognition needs to update these regularly.

Both the Endian Firewall and Sophos UTM have appropriate modules. Endian blocks applications with the outgoing firewall, Sophos also supports traffic shaping and download throttling (QoS) at the application level.

The hardware appliances have the advantage that manufacturers tune their equipment exactly to the requirements of the software. Sophos uses only Intel hardware, Endian also offers Endian Mini, an ARM SoC (System on Chip) variant. The use of appliances normally leads to a leaner kernel than with software appliances, which also potentially need to support exotic hardware. The hardware solutions do not envisage upgrading, for example, the memory or hard disk capacity; hence, a small appliance only effectively supports small networks.

Licensing for software and virtual appliances is by protected IP addresses and users (see the 'Pricing Models' box). The reason is that the admin can expand the (virtual) hardware practically arbitrarily and thus significantly improve firewall performance.

Sophos and Endian offer their products both as hardware appliances and as software for installation on your own hardware or as a virtual appliance. Both provide licenses for their software and virtual appliances on the basis of user or IP addresses; no restrictions apply to physical appliances. Both manufacturers always provide software with identical functionality with their physical appliances. Small and large appliances do not differ in this respect; the usability scope depends solely on the hardware resources. An exception is the Sophos UTM 100 appliance with a BasicGuard subscription, whose license artificially restricts throughput and functionality.Whereas Sophos offers a purely modular subscription model, Endian adds a maintenance model. Maintenance covers the basic functions of the Endian Firewall Enterprise, including Endian Network, and already includes – at Advanced Maintenance level – support by the manufacturer. Only third-party software such as the Panda antivirus scanner and Commtouch Content Filtering require an additional license from Endian.Another difference exists in licensing for high-availability (HA) mode: In Endian's case, all appliances in active/passive HA mode of operation require maintenance and corresponding subscriptions. For Sophos, a license is sufficient, in principle, for active/passive mode.Tables 1 and 2 contain the entry-level and mid-sized appliances from Endian and Sophos, with the recommended pricing when this issue went to press.

Endian Pricing

Model Price Maintenance Price (1 year) Total price (1 year)
Mini US$ 995 Advanced US$ 385 US$ 1,380
Mercury 50 US$ 1,510 Advanced US$ 715 US$ 2,225
Mercury US$ 2,794 Advanced US$ 850 US$ 3,644

Sophos Pricing

Model Price Subscription Price (1 year) Total price (1 year)
UTM 110 BasicGuard Bundle US$ 695
UTM 110 US$ 595 Hardware Only
UTM 220 US$ 1,275 Hardware Only
UTM 220 FullGuard Bundle US$ 2,870

Endian 3.0

Endian released the new version of its firewall in January. The version jump from 2.5.2 to 3.0 already shows that this is a major release. With the latest version, the developers have visually modernized the user interface and extended it to include other languages. In addition to English, Italian, and German, it now supports Japanese, Spanish, Portuguese, Russian, Chinese, and Turkish.

Cleaning up the GUI has also had a positive effect, especially in the VPN configuration dialogs. The dialogs in the past were not very intuitive, and the system lacked its own certification authority (CA) for certificate management. Additionally, several new features have been introduced, including the previously missing HTTPS proxy.

Sophos utm home

The outgoing firewall is now familiar with applications like Dropbox, Facebook, Twitter, and Skype and thus allows more finely tuned firewall rules (Figure 1). In version 3.0, the Endian Firewall also replaces the ntop tool for visualizing network traffic with its successor ntopng[8] (Figure 2). It also uses the new Application Control Module (ntop Deep Packet Inspection library).

Figure 1: The new application control in the Endian Firewall now also blocks specific applications and services.
Figure 2: In version 3.0 of the new Network Monitor, ntopng finds its way into the Endian firewall; it also detects applications in the network traffic.

Installing Endian Firewall

If you want to test the Enterprise Edition before buying, you will find an online demo on the Endian site. Alternatively, Endian provides test licenses for the commercial version but only with registration [2]. The activation code required for the installation and a download link for the ISO image are sent to you by email. Also, the community edition is available for free downloading.

Whether you use a physical system or a virtual machine for the test, you need a dual-core processor clocked at 2GHz, 1GB of RAM, and 20GB of free hard disk space. After completing the installation, you can initially access the web interface on the default IP address of http://192.168.0.15:10443. You need to use the passwords for the root user for shell access and admin for the web interface and register your account with the Endian Network for the Enterprise version. This cloud-based management center for Endian Enterprise installations lets you monitor the remaining maintenance period, as well as the hardware resources and your licenses – for example, for the commercial antivirus and URL filters.

The Endian Network also handles the installation of updates and the remote management of Endian Enterprise installations. Access for this purpose is via a reverse HTTPS or SSH tunnel. Additionally, the Endian Network provides a free OpenVPN client for Windows, Mac, and Linux as well as disaster recovery keys (USB images) for restoring Endian hardware appliances.

The Endian Firewall enables the most important services in the direction of the Internet following a default installation: HTTP(S), FTP, SMTP, POP3(S), IMAP(S), DNS, and ping. You can configure this under Firewall Outgoing traffic. New firewall rules need to specify the source and target networks or the interface and the desired protocol.

Sophos Utm Essential Firewall Software

Endian uses the same color coding as IPCop for the network interface (Figure 3). Green refers to the internal network (LAN), red to the external WAN interface, orange the DMZ, and blue the WiFi network. The new Endian version has an Application field that also lets you ban individual protocols or applications. For example, it prevents the use of Facebook and Skype:

Figure 3: Color highlighting enhances readability of the information.

Sophos Utm Forum

This rule must come first in the outgoing firewall configuration. It is followed by a rule that allows HTTP to the outside and with no restrictions for applications.

Sophos Utm Essential Firewall Hardware Requirements

The integrated open source ClamAV antivirus scanner can be supplemented in the commercial version of Endian UTM by a license for the Panda antivirus scanner. IT works with HTTP, SMTP, FTP, and POP3 proxies; the configuration is found below Services Antivirus Engine.