One such hybrid firewall system is the Astaro Security Gateway, which is sold both as a pre-installed network hardware device. If you’ve read through to this point, then maybe it’s time you started to Test Drive Your Firewall Solution. I've seen some people on the forums saying they had to do the hardware refresh in less than a years time. Another thing is, that I don't think Astaro/Sophos is a Hardware seller. They make money out of the software and the needed licences. Upgrading to the new UTM9 version software may not be available if you have older Astaro hardware. See table below: The previous table provides on overview about ASG/UTM hardware models and revisions supported by UTM 9, where each revision belongs to one of. The Barracuda Firewalls are awesome products, also with their hardware refresh program you get a brand new firewall every 4 years, no need to worry about older hardware on your rack. I highly recommend them. As far as SAM's comment on charging them, I see. Astaro offers upgrade to unified threat management Antony Savvas Astaro has launched a beta programme for its new unified security appliance and is tempting testers with free Wii gaming consoles. Unified threat management (UTM) is an approach to security management that allows an administrator to monitor and manage a wide variety of security-related applications and infrastructure components through a single management console. Life After TMG: Sophos UTMLife After TMG: Sophos UTMAs you most probably know, Microsoft has discontinued Forefront Threat Management Gateway 2. TMG) without announcing an official successor. Astaro Hardware Refresh Program For CosmetologyWith no direct upgrade path being available from Microsoft, more and more loyal TMG users start looking around for a replacement. For a long time, many TMG users considered Microsoft Unified Access Gateway (UAG) as a replacement. Whether or not UAG is a suitable replacement for TMG was subjects to debates all around the net. While the two products offered, in general, some of the same capabilities, there is no way UAG could replace Forefront TMG as a front- edge line of defense. Astaro Hardware Refresh ProgramsBesides, Microsoft was slowly backing out of the forefront security market by taking features away from UAG, clearly deprecating some features as of UAG SP3. Finally, it came to the logical end: Microsoft has announced it will not deliver any future full version releases of Forefront UAG, effectively discontinuing the product on July 1, 2. Now is the perfect time to look around for a third- party alternative to Forefront TMG and UAG. One of such alternatives is Sophos UTM. Sophos UTM as a TMG Replacement. Sophos the company has been around for a long time as a developer of anti- virus products. As of 2. 00. 9, Sophos expanded its business by acquiring Astaro, the developer of Unified Threat Management (UTM) products. Apparently, they timed the market just perfectly. With Microsoft discontinuing Forefront TMG, the now current Sophos UTM is seen as a perfect TMG replacement not only by TMG users but by Sophos itself. In fact, Sophos clearly positions its UTM solution as a replacement for TMG. In this article, we’ll have a look at firewalling and intrusion prevention features of Sophos UTM, as well as its other features essential for securing the edge of your network infrastructure. Sophos UTM: a Unified Threat Management System. So what is Sophos UTM? According to Sophos, the product offers complete protection for the entire network. Sophos UTM offers a built- in firewall, IDS/IPS, forward and reverse authenticated proxy, anti- malware protection, and has applications to secure Wi- Fi, VPN, Web and email, the latter including spam protection. As you can see, this is a pretty extensive feature list. Let’s have a look at what this product can really do to secure your network, and whether it really is a viable replacement for Forefront TMG. Licensing. Unlike the original Forefront TMG and many of its alleged replacements, Sophos offers one of the most flexible licensing policies. If you settle with Sophos UTM, you can choose to license individual protection modules or buy one of the pre- packaged deals. With Sophos UTM, you can either assemble an all- in- one security system or configure just the bare basics depending on your needs and your budget. Installation. Sophos offers multiple deployment options depending on your requirements. You can get a stand- alone hardware or virtual appliance with Sophos UTM pre- installed. Alternatively, you can install Sophos UTM on a dedicated or virtual server (e. Hyper- V, VMWare or one of the many supported virtualization platforms). Since our goal is finding a replacement for software- based Microsoft Forefront TMG, we’ll try the software- based version of Sophos UTM. Sophos delivers the software- based UTM system as a bootable ISO disk image. If you were to deploy it on a dedicated server, you could burn the image on a physical DVD disc. In our case, we were installing Sophos UTM to a virtual server, so no physical blanc DVD is needed. To install Sophos UTM, we did the usual preparations, creating a new virtual machine in Hyper- V, attaching the ISO image supplied by Sophos and selecting is as a boot device. Booting the virtual machine opens the setup window. The setup goes smooth and with no surprises. Sophos UTM will need to re- partition your disk. You will also need to choose between 3. Wait till the setup finishes copying the files, and proceed to the actual configuration. After the setup has finished copying the files, you can configure the settings of the internal NIC by specifying its IP address, net mask and default gateway. Finally, you will see the prompt telling you how to open the configuration settings (they are configured via a Web interface by accessing the link https: //your- IP- address: 4. The server will then reboot. You will then have a couple more steps to complete the setup via the Web interface. At last screen, you’ll be specifying the hostname and location or the Sophos UTM server, administrator’s password and email address. You will have to accept the displayed Terms and Conditions and either upload your license file (specifying which features of Sophos UTM will be activate) or run the product in time- limited demo mode. As you can see, in- place upgrades are supported at any time by simply uploading a new license file. The next steps of the wizard will help you configure the actual security system. You will specify the internal and external interfaces and choose the rule template that applies to internal users. By selecting the appropriate template you can restrict your internal users to Web only, allow or disallow instant messaging or peer- to- peer file exchange, and so on. Depending on your network configuration, you’ll need to specify which IPS policy templates should be loaded. There are templates for securing various network components against specific types of attacks, e. In addition, you’ll specify whether or not the UTM should responds to ICMP, enable or disable network visibility, configure malware protection to scan certain types of content, specify URL categories to block, and enable or disable spam protection and mail filtering for either SMTP, POP3 or both protocols. Finally, the very last page of the wizard displays all your configuration settings, and allows you deploying these settings on your new Sophos UTM server. After deploying the settings, you’ll be transferred to the main menu of the Web interface. At this point, Sophos UTM is already up and running. As you can see, the installation of Sophos UTM is very similar to the setup of Forefront TMG. Anyone who deployed TMG in their network will have no trouble installing Sophos UTM. Web GUISophos UTM is conveniently controlled via a Web- based user interface. As a result, you won’t need to set up MMC extensions on every computer you’d like to be able to control Sophos UTM from. Instead, you can just enter the server’s address (by default, it’s https: //server- IP- address: 4. Windows. The settings are protected with an admin password specified during the installation. The interface itself is tidy up to the point of being minimalistic. This minimalistic approach works very well here with no distracting bells and whistles. However, a real- time firewall chart is still included in the user interface. As you will see, the user interface reminds that of a typical router or firewall appliance. This is only logical considering that you can get Sophos UTM as a stand- alone hardware appliance. The user interface is highly consistent throughout the many configuration screens. This consistency makes interpreting data easy at first glance regardless of which screen you are looking at. The UI contains real- time charts for many types of logging and data. These real- time charts will come handy to both newcomers and seasoned administrators, presenting an overview of what’s happening around the network in a glance. When it comes to usability, this user interface may even beat Forefront TMG. One thing to note about this user interface is the default logout time. You will be logged out automatically after 5 minutes of inactivity. This is a user- configurable setting, so you might want to change that to a longer period of time before configuring all the rules and settings. Sophos UTM: Functionality. In this part of the article, we’ll discuss the various functions of Sophos UTM such as routing and firewalling, authentication, proxying, VPN support, and some advanced features such as mail filtering, malware inspection and so on. Firewalling. Configuring the firewall does not differ much from doing such in Forefront TMG. The firewall is configured via the Web interface through firewall rules. To create a rule, one should specify one or several sources such as IP addresses, networks or user groups; specify protocols (objects) and destinations (which, again, can be an IP address, a network or a user group). You will then specify an Action to allow or disallow the activity. You can optionally specify the exact time period during which the activity is permitted or disallowed. While creating a new firewall rule, you’ll be selecting the options from a list pre- configured objects. Of course, you have an option to create them just before selecting them. This, too, is similar to how TMG handles things. Shall you need to diagnose how a particular rule works, you can enable the “Log” option for that rule. This creates a log very similar to one produced by TMG. As you can see, firewalling in Sophos UTM looks deliberately similar to that in TMG so far. However, there are some new firewalling options named “Country blocking” and “ICMP” that were not available in TMG. Country Blocking. Country blocking, as the name suggests, is used to block all traffic originated from certain countries or entire continents based on the information returned by Geo. IP. Forefront TMG did not have such an option, although experienced administrators could be able to create an advanced rule to perform a similar task. Country blocking comes handy when you want to enforce your security policy, improve malware protection and URL filtering. ICMP Control. ICMP options are used to control ICMP traffic on a per- packet basis. The firewall can be configured to perform a certain action based on the packet properties, e. This enables you to control which information you make available to the world. Sophos UTM 9 AKA Astaro Web Demo . All Astaro products offer nine security applications in three categories - Web Security, Email Security and Network Security - fully integrated on a single management platform. Astaro products are distributed by a worldwide network of 3. Sophos UTM 9 Released. Today, after months in development representing thousands of hours of work, I am proud to announce that Sophos UTM 9 is being released. The next major version for the product formerly known as Astaro Security Gateway, UTM 9 is a major new version that offers over 6. Received with much fanfare at various partner events and by our beta testers, excitement surrounds the ability to manage the security of your endpoints directly within the UTM itself. We now offer the ability to manage antivirus and device control on your desktops with the same finesse that has made our RED branch office product and integrated wireless management offerings so popular. There is a new captive portal system, allowing you to create wireless hotspots for guests in your company, hotels, coffee shops, or other public places. The Antivirus system has been bolstered with the addition of Sophos' enterprise- class scanner, while UTM 9 remains one of the only products to offer dual scanning engines in parallel to give you extra security and choice. We yet again lead the way with a totally new HTML5 VPN system that is a true clientless system for accessing desktops and servers remotely: nothing to install, and nothing to remove when you are done! These and many, many more new features and improvements are clothed in a crisp new Web. Admin GUI look that is easier than ever to work with and full of enhancements. With a public beta spanning 6 months, over 6. UTM 9 shows - it is by far our most stable major release ever. Don't forget that your votes at our public feature portal helped shape this release and we'd invite you to continue (or start) participating as we prepare for future UTM 9 versions and look to bring even more abilities into our UTM platform. Full information for this major release; how you upgrade from ASG Version 8, where you can get UTM 9, release notes, and extended information is available inside. Read on for all the details! Extended information about the features and changes in UTM 9 are included in the release notes. Below is an overview of the Major and Minor features which have been implemented, along with a small summary of other changes. Sophos UTM 9 Overview. Major New Features. Endpoint Protection. Wireless Captive Portals. HTML5 VPN Portal. Sophos Anti- Virus Engine. New Web. Admin GUI Look. Minor New Features. Apple i. OS Support for Web. Admin (and other touch enabled devices)You. Tube for Schools. NAT Rules. SSL VPN without Admin rights. New Appliance LCD Functions. HA/Clustering Cold- Standby option During Up. Date. New Constant Live- Log Button. Customizable Dashboard. Enhanced Listbox Functionality. Support for Network Definition Ranges. Download and Distribution of User VPN Configurations. Support for Multiple Objects in Firewall Rules. Interface Group Objects. Time- Based Wireless Networks. Extended Dynamic DNS Provider Provider Support. Site Path Routing for Webserver Protection. Support for International Characters & Spaces in SSL VPNMultiple Path Routing support in BGPOther changes and items to note: Licensing As Astaro continues to integrate within Sophos, some small changes have been made to the licensing due to discount structures and slight tweaks to the partner program. The first is that special Virtual License have been removed and virtualized installations will now use normal Software Appliance keys. This reduces the complexity and number of different licenses (and SKU's) needed and thus helps simplify the price list. Second is that the Full Guard Premium bundles have been removed as well as part of the integration and reseller structuring, while also reducing the SKU's and price list size. This doesn't affect your ability to have Full Guard with premium support of course; just purchase Full Guard standard and a Premium support upgrade for it. If you have any questions at all on this we'd be happy to answer them! Hotspots with wired interfaces. While not the primary focus, it is technically possible to use Hotspots on wired interfaces. This is not recommended and can cause side- effects like locking you out of Web. Admin if used on the interface which is configured to communicate with a backend authentication server (which thus breaks the communication) and all local administrator accounts have been disabled. UTM 9 Support on older appliances. UTM 9 can be run on all but the oldest of ASG appliances. If you have an extremely old appliance it will not be able to one- touch upgrade or install UTM 9 from ISO image. Appliances which might not be able to run the new features in UTM 9 and still service the target market for which they were originally designed have been designated as . Depending on the features you use, the size of your network, bandwidth of your Internet connection, and how close you are to being overloaded already in ASG V8, these appliances may run just fine, or end up having performance problems. All of the last line of Astaro- branded appliances are supported as of course is all of the White Sophos- branded units. If your appliance is older and you would like the latest unit at a special discount, you can take advantage of our Hardware Refresh Program to get a discount on a new one. See the release notes for more information around ASG appliances with UTM 9. Endpoint Protection Licensing. Our new Endpoint Protection requires a separate subscription and is not part of the Full Guard licensing bundles. Downloading UTM 9. Offical release notes can be downloaded here. UTM 9 is now available as an ISO image which can be used to install UTM 9 cleanly on your own software appliances and supported existing ASG / Sophos UTM appliances. Be sure that you download the appropriate image since as always, the hardware appliance ISO will not install on a software/virtual appliance, and installing a software appliance image on a hardware appliance may cause issues like incorrect numbering of the network interface hardware. There will also an Up. Date package for ASG V8 to UTM 9 (see below) that will be made available soon, and this post will be updated with links and information at that time for these downloads. Hardware Appliance (for our branded appliances like the UTM 3. ISO Link: ftp: //ftp. UTM/v. 9/hardware. In the coming weeks near the end of August, we will issue an Up. Date for ASG V8 which will add the . Software appliances will need to install the ISO image and restore their backup as usual. We also plan for a short- term UTM 9. Up. 2Date to do a few minor post- release tweaks in early August. Source: http: //www. UTM9. Buy Here: http: //www.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2017
Categories |