Thread Info
  • State Verified Answer
  • +9 person also asked this people also asked this
  • Locked Locked
  • Replies 132 replies
  • Answers 1 answer
  • Subscribers 60 subscribers
  • Views 77641 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Where is V18 at?

rfcat_vk

Hi,

this request for an update on progress is for those of us that do not have access top partners/resllers.

Would some-one in the know who is allowed to provide progress on v18 please add to this thread.

I am not after guesses or conjecture, but real timelines (give or take a month).

Ian



This thread was automatically locked due to age.
Parents
No Data
Reply
  • 0 in reply to $parentForumReply.Author.DisplayName

    Big_Buck said:

    A UTM, by definition, is a jack of all trade.

    That is certainly not the definition of UTM. UTM stands for Unified Threat Management. DNS and DHCP have nothing to do with threat management.

    I agree that those services need to be secured, but it doesn't make them secure just because you are running them off of a firewall. 

    I understand that this is still a viable option for small businesses (and sometimes the only option), but that does not mean, that:

    DNS and DHCP shall run on a firewall for security reasons. 

    They should not, if it can be avoided. The more services you concentrate on your firewall, the less secure these services become. Once that one system is compromised, all services are compromised. Once that one system has a catastrophic failure (device dies, no HA), all your services fail. That's one (of several) reasons why no business that's serious about their security should ever do that. 

    What else do you want to run on your firewall for security reasons? Would you agree that your NAS, your phone system, your Wiki, your website, your project management system and so forth all need to be secured? Would you put them on a firewall?

    Not everybody who uses firewalls uses them in small businesses. Just keep that in mind. 

Children
  • 0 in reply to cryptochrome

    Putting NAS, phone systems etc onto a firewall is not really the same as putting networking components onto a networking device.

     

    Regarding DNS for satellite offices there is nothing wrong with putting forwarders on the UTM, with client devices using the IP address of the UTM as a DNS server - you would ideally have the firewall configured with rules that only allow DNS communication from the device to these forwarders.

     

    For the UTM, it is considered best practices to use the DNS functionality when dealing with external DNS servers, as in the UTM becomes the DNS server for internal devices - this provides an extra layer of security, and certainly with the SG firewalls by enforcing DNSSEC - and you will find that most firewall / security appliances support DNS on them for this very particular reason.

     

    For DHCP - you're damned if you do and you're dammed if you don't - it's not a security risk by having a permitter firewall perform this or not - and a lot of edge firewalls have DHCP in them for satellite offices - mainly offering DHCP relay, but some also have the ability to work as a DHCP server.

     

    Your firewall is the first line of defence, if this is breached then most of the time the hackers will be in the network anyway, so I really don't see how DNS and DHCP would be a worry at that point.

     

    The XG, as many other devices have these functionalities included as for the what if situations, as in what if a customer needs them...sometimes they do, sometimes they don't - there's no correct answer here if DNS & DHCP should be on the firewall or not - small business can enable them, larger businesses can disable them - no right answer.

     

    Reas Sophos's recommendations community.sophos.com/.../120283