Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 22 replies
  • Subscribers 9 subscribers
  • Views 57280 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Next best UTM product recommendations?

MW

We have begun our corporate search for the next great UTM product . 


With the writing on the wall for the UTM series going EOL in the next few years, I was wondering what other firewalls people have had good experience with?  We will be replacing our ageing 525 HA cluster but also need to select a product we use for our customers.   We like to eat our own dog food before we ask our customers to purchase our recommended firewalls.

So, whats out there?  We have tried the sonicwalls and they use the same per policy paradigm crap used by the SophosFS/Cyberroam. 


We need a solution that scales from SMB up to the enterprise space.  And home based usage would be a bonus too.

Ideas?




[locked by: Scott_Klassen at 10:50 AM (GMT 0) on 16 Jan 2016]
Parents
  • 0
    i did alot of testing of different firewalls and utm products. UTM 9 is still a product i would recommend and buy/subscribe today if we needed a UTM Solution.

    If you need scalability and just simple firewall without UTM features the former makers of Astaro made "ocedo", a network virtualization product that scales very well. It does not replace a UTM but can manage your networks pretty well if you have multiple locations etc. (lacking some features)

    UTM going EOL will be a problem in a few years, considering the current state of the "next gen firewall" we will not stay with sophos. That beeing said we are not going to ocedo either (it lacks too many features of the UTM) - It will definitly be "interesting" on what will be on the market.

    On the other hand i can not imagine that sophos will send UTM 9 EOL before having a product that is a "worthy" replacement. That would be stupid and bad for business.
  • 0 in reply to Ben
    While UTM won't be EOL for a few years, realize that this platform will be going into security patches and "sustain" mode much sooner. There is no way we can justify our own purchase nor recommend our customer buy a product thats not truly under development.

    Also realize that Sophos considers SFOS to be "worthy" now. SFOS is not much more than GUI update to cyberroam. In fact current cyberroam customers can upgrade to SFOS right now as a normal update. When Sophos bought Cyberroam, they considered the cyberroam product a full complete replacement and better option than UTM. They see it as just missing a few UTM specific features that will come in time. The cyberroam platform/codebase and ethos wont magically give way to a UTM code base in a future release.

    Back to my original question...anyone have experience with palo alto networks? Likes promising. I'll take a look at FortiNet too.

    Any others people would recommend?
  • 0 in reply to MW

    I'd also have a look at watchguard, which i think are very decent UTMs and have already adopted a few requested features on Astaro (which are currently not available on Astaro)..

  • 0 in reply to MW
    "SFOS is not much more than GUI update to cyberroam."

    Wow. I'd like to hear more about this.
  • 0 in reply to eganders

    This was discussed during the beta although sophos never officially said anything. www.astaro.org/.../59199-answered-feature-function-comparison-chart.html Read the posts by vilic, they are quite revealing.

    Also if you login to cyberoam NG demo http://demo.cyberoam.com/ user guest, pass guest you will notice that the functionality is exactly like SFOS minus the new kludgy gui.

  • 0 in reply to eganders
    Sophos has done well in hiding this. But current Cyberroam customer already can upgrade (and downgrade) to SFOS without a config change. And the way that SFOS works is identical to cyberroam. It just has a new GUI and a few UTM add-on features like RED support.

    But cyberroam was a bad product before Sophos bought it (well, not bad, but inferior to UTM) and its still bad even with its new GUI.

    It would be interesting why Sophos bought cyberroam when they already had the Astaro platform. Somewhere someone though Astaro was a dead-end and the cyberroam train is now full steam ahead.
Reply
  • 0 in reply to eganders
    Sophos has done well in hiding this. But current Cyberroam customer already can upgrade (and downgrade) to SFOS without a config change. And the way that SFOS works is identical to cyberroam. It just has a new GUI and a few UTM add-on features like RED support.

    But cyberroam was a bad product before Sophos bought it (well, not bad, but inferior to UTM) and its still bad even with its new GUI.

    It would be interesting why Sophos bought cyberroam when they already had the Astaro platform. Somewhere someone though Astaro was a dead-end and the cyberroam train is now full steam ahead.
Children
  • 0 in reply to MW

    "It would be interesting why Sophos bought cyberroam when they already had the Astaro platform. Somewhere someone though Astaro was a dead-end and the cyberroam train is now full steam ahead."

    I think that possibly every former knowledgeable original makers from Astaro simply left the boat. Also clearly that answer's as to why the urge of buying a new product (agreed, a bad one). I'm wondering if Sophos see's the hit on their sales numbers already, i do think so... A very bad move honestly.. I've already had some doubts about the endpoint code (which if i'm correct was/is a pure sophos dev: https://lock.cmpxchg8b.com/sophail.pdf) which I've moved away from though now there's not much left to keep me here. Well life is change, my future is elsewhere though as said i'm sad about this because I've been a firm endorser of the Astaro technology.. ahh well, move on...

    As for the watchguard pricing i ain't got no clue, i'm currently playing with their XTMv appliance (with no licenses yet...), it looks neat...

  • 0 in reply to MW
    Sophos could give a rats ass about real word functionality. Sophos' interest is large corporate installation, where buzzwords sell, not real world functionality. As long as they continue to win useless awards that mean nothing in the real world, corporate decision makers will buy the garbage and direct the subordinate IT department to deal with. By the time they realize the product is garbage, they will have invested too much to walk away and instead will simply throw more money at the problem, even if it means buying into the next generation of garbage.