Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 15 replies
  • Answers 1 answer
  • Subscribers 9 subscribers
  • Views 6157 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM firewall being phased out?

R Hartes

I was visited by our Sophos reseller, he tells us that Sophos UTM is no longer being developed, and we should migrate to XG instead. We can keep the same hardware (SG300), we just need to install new software, and migrate the firewall rules. Licenses and support remain the same.

Anyone else heard that UTM is no longer being developed, and advised they should switch to XG?

Thanks,

Richard.



This thread was automatically locked due to age.
Parents
  • +1

    Hi Richard,

    Whoever that Reseller was, they can get a big fat ol' "WRONG" rubber stamp.

    However, doubling back that is not without a hint of truth and below is the current "score" from my personal perspective which is subject to change depending on Sophos' roadmaps:

    • The UTM is currently on v9.6 and there are a v9.7 and v9.8 listed in the roadmap for 2020 and 2021 releases respectively. There is no schedule for a v9.9 so no news on that for now
    • The number of features being implemented into the major-minor version numbering is a far cry smaller than those going into the XG
    • The development manpower assigned to the UTM is an order of magnitude smaller than the XGs development manpower
    • The support for the UTM is still going strong
    • The UTM is a big mature ol' beastie that still has a lot of fight left in him but because of the diversity and size (not to be confused with bloat) of the codebase the difficulty of adding new features is pretty major. v9.6 was meant to have the Charon support for Strongswan but implementing it to get IKEv2 support actually would have impacted the systems in far reaching ways that were unacceptable so Charon implementation was canned (that was a big thing)

    However, here is the kicker from the UK Partner conference last month which was the UTM was only mentioned once in pretty much the entire conversational topics and that was a footnote. Sophos is going cards all in on the XG and that will be the only firewall they will support in the future but for now the UTM is here to stay and will continue for while longer.

    Again, a personal observation is if we hypothesise there will be a v9.9 (unlikely, again personal observation) then 2022 will be the final release for the UTM, that will last for at least 2 years then go End of Sales Life (no new licenses/renewals can be purchases) and then 3 years till End Of Life so 2027/2028 is when we may light a candle outside Abingdon HQ and push a UTM appliance on a viking longboat across the moat outside the cafe (then maybe set fire to it).

    We also have to remember that some of these UTMs are installed on 5 year (or longer) life times and switching to the XG would take years of planning in large infrastructures so they have to scope for that as well.

    But please remember: What has been said above is my own personal opinion and is not reflective of the business I work for or from any other relationships/information I may/may not be aware of, it is not to be taken as gospel and is an objective observation on the UTM lifetime state.

    I would be interest to hear your thoughts on the matter,  as a gentlemen harkening back from the days of v4 Astaro!

    Emile

  • 0 in reply to Emile Belcourt

    Hi Emile, thanks for the comprehensive response and the thought behind it. It sounds like it's a long-term planning to phase out UTM rather than short-term to me. I question if we need to move this year to XG, since it performs perfectly well for us. Our support finishes next year (summer 2020) so i think this might be a project for next year.

    Regards, Richard.

  • 0 in reply to R Hartes

    I agree with the timelines proposed by Emile.

    I don't think Sophos wants to anger thousands of otherwise-happy customers so I don't think they will announce end-of-sales before they have a robust migration tool.  I started with the double-secret beta of that almost two years ago, but the XG had too few features and we all lost interest, as the devs at Sophos also seem to have done at the time.  I expect that there won't be much effort on that until XG is roughly at feature parity with the UTM.

    So I agree that there's no reason to be in a hurry to leave the investment in the UTM behind.  No reason to move to XG for most organizations.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I remember that beta (more alpha) migration tool and in the end, still, it's easier to do a complete migration manually.

    A lot of our customers take it as an opportunity for a cleanup or redesign of their security standpoint. I think the only thing i kind of want a migration tool for is network objects and maybe firewall rules & NAT rules. The web filter is so far different as well as the IPS it means a lot of reconfig.

    Emile

Reply
  • 0 in reply to BAlfson

    I remember that beta (more alpha) migration tool and in the end, still, it's easier to do a complete migration manually.

    A lot of our customers take it as an opportunity for a cleanup or redesign of their security standpoint. I think the only thing i kind of want a migration tool for is network objects and maybe firewall rules & NAT rules. The web filter is so far different as well as the IPS it means a lot of reconfig.

    Emile

Children
No Data
Unfiltered HTML