Since XG is still buggy as hell, why doesn't Sophos upgrade the UTM 9 home license to 100 for home use?

you need to change you setup not to include the UTM as the default gateway, that wil reduce your licence count. Your suggestion of a change to licence count based on the failings of XG won't happen. XG is their current baby and Sophos do not appear to be taking any notice of bad critisism of their preferred product.

I hear you on the they are not listening to anyone, or if they are, they ignoring everything and just listening/reading, but it would be nice for them to comment once in a while.

I am not a fan of pfsense, however, that may be next choice and drop sophos all together. Sophos' reverse proxy is much better than pfsense and in a whole & more stable than pfsense. Even with the new gui in pfsense beta, it still not intriguing enough to go with it.

I don't want to buy new hardware for anything, but I just might have to. Since XG doesn't support cciss, i can't use my current hardware HP 400i. Maybe just toss the raid card and put a newer one in it, or go your route that you talked about.

Many devices in your home do not need to use the UTM such as TV's, Media Streaming Devices such as Roku/Fire TV, and Cell Phones.

If your cell/mobile phones have better data allowance than your internet, then phones need to access the UTM. If you are streamin media, how do you stream the data from the internet if your streaming device is not connected? Lightbulbs now they definitely don't need to be connected, but maybe a controller does.
The real issue is the double counting for IPv4 and IPv6 address allocations to the same MAC device.

>I had to cut back on a lot of things at home. I have 75 ips in use (VM's, crap load of wifi devices along with fire tv's, AP's, etc.) >Hell it even counts my switches & AP's, grrrr.

I'm in the same situation, when my daughter and my son and his girlfriend are at home they all use their smartphones and tablets and notebooks together with my wife's and my own equipment - two IPTV devices, three switches, three AP, a print server, two PC and a lot of other stuff.

But I never reach the 50 IP border... there are a lot of devices which do not need to have a gateway address like switches, print servers and even my AP's do not have one. If you use the UTM as the central DHCP server all the Wifi devices will use it automatically as the gateway, no need to set one on the AP.
My AP's (Three Archer C7) even do not allow to set one if they are in AP mode. I tried the dd-wrt software and then you can set a gateway in the network config, but dd-wrt is pretty bad on 5GHz transmission and so I reverted and that didn't make a difference in Wifi usability for mobile devices.

TedAmes said:

Since XG is still buggy and from what I have read, not even ready yet, I have tried XG on a vm, and not impressed yet.

That is because the XG UTM is still basically a beta at best, in my honest opinion.

After the New York Times got hacked and Symantec got a crap storm of bad press, they moved to integrate Check Point and Palo Alto Network appliances with the Symantec Endpoint.  Basically they are attempting to do what FireEye does by developing network boxes that integrate with software endpoints. Sandboxing and running what they can on the network appliances and having the endpoint react accordingly, if the network appliance finds malicious code.

With XG, Sophos introduced "Heartbeat," which allows the UTM and the endpoint to work together, through the Sophos cloud. Sophos already announced and is the process of developing "Sandstorm" it's cloud based sandbox which will upload files to Sophos to test before users open them. In all honestly, not all that much different than what Check Point, Palo Alto Networks, and FireEye does.

Sophos released XG at the same time that Symantec first released there Symantec/Check Point appliance. Coincidence, I very much doubt it. Basically I am saying that XG was rushed to market to counter the Symantec release. I believe XG will be a solid product when it is fully developed, but currently I would consider it beta software.

That all being said, Sophos is the only vendor that allows home users to use there network appliance. Also, I looked at the Symantec network appliances and they are designed to work best for large scale clients, ie., large corporations and huge universities; however, Symantec does not even open the network appliances, they are relying on third parties to develop there boxes, which are all hardware boxes.

Basically, for anyone running a home/small business/medium sized business, the Sophos UTM and Endpoint integration is the perfect solution.  Although many small business Symantec Endpoint, it would be ridiculous for them to buy a Symantec appliance.

With your network issues, you might want to consider splitting your network into two and implementing two UTMs. If your issue is VMs, you might be able to just virtualize a second UTM for your VMs. Not a perfect solution, but depending upon your setup, might be worth while.

I'm in the same boat. My kludge for a while was to have all the non server/lab gear (phones, tablets, tv's, etc) run behind an Asus router which was behind the UTM. This made all of those devices show up as 1 IP, but it also meant that streaming media from a file server was having to be routed through the little Asus router, which was a serious bottleneck. I recently setup an XG VM and have been running everything through it. It's one of the buggiest firewalls I've ever used. The default protection rules kill Netflix access in apps but not in browsers... it reboots randomly... and it doesn't do IPv6 prefix delegation.

I really like UTM, it's been extremely reliable and performs really well, XG is garbage in comparison. And at this stage I'm about to pull the trigger on buying an actual SG appliance, the recently announced SG85 sounds promising. Or if I can figure out the licensing, I'll get a UTM s/w license to run on my own hardware. Anybody have any pointers on where to go to buy UTM for SOHO use?

*edit: Forgot this one, XG doesn't retain logs after a reboot. Good luck troubleshooting that pile of garbage if it starts rebooting on you randomly....

*edit2: I keep remembering things the XG fails at. The reporting sucks too. It can't count bytes it seems. Executive reports that it sends out, don't actually show anywhere near the right number for amount of data transferred.

I wrote to Sophos licensing about the 50 IP limit, and got the (below) email response. I called'em too, and on the phone was told emphatically "NO" you cannot add IPs to a UTM home license, all you can do is buy the commercial license.

It should be no surprise, I suppose, but when Astaro went to Sophos, things started going downhill. Now, with XG, they have a solution to "50 isn't enough", but the solution is "use buggy XG".

---

Hello,

As far as the IP for the UTM Home License, this is restricted to 50 IP.
If you really wish to add more IP, then you may do so but there would be cost for adding additional IP.

You will also need to coordinate with a Sophos Reseller for the options you can get for adding additional IP.

I have included the Link on checking the Nearest Sophos Reseller on your area if you would like to add Ip's to your current MyUTM Home License

www.sophos.com/.../partner-locator.aspx



Thanks!

NSG Licensing

Sophos Inc. | www.sophos.com
3 Van De Graaff Dr. Burlington, MA 01803