I have been using Sophos UTM for years now and was pretty happy with it.
In recent times it started to show that its not the prime product any more;
I have now troubles with my RED (UTM2UTM/site2site) tunnel which has been down for weeks now after an update;
Also my trusty fw/http ruleset is not cutting it any more with more and more pages using https and Sophos inability to handle this properly (without having to invest even more time in configure https scanning on a per webpage level).
So at this point I wonder whether it might make sense to change products to another UTM tool or maybe a bunch of tools... but o/c I have not kept up with development.
Basically I am looking for the following functionality
If there is no better tool for this than Sophos then thats fine too, will migrate RED to a Site2Site VPN then and
will need to come up with a solution for the https sites...
In recent times it started to show that its not the prime product any more;
I have now troubles with my RED (UTM2UTM/site2site) tunnel which has been down for weeks now after an update;
Also my trusty fw/http ruleset is not cutting it any more with more and more pages using https and Sophos inability to handle this properly (without having to invest even more time in configure https scanning on a per webpage level).
So at this point I wonder whether it might make sense to change products to another UTM tool or maybe a bunch of tools... but o/c I have not kept up with development.
Basically I am looking for the following functionality
- Firewall
- (Transparent) Web Proxy (ideally with AD integration for authentication mapping). I need time and user based whitelists. Predefined categories are a bonus, no need. Integration with web lists are another bonus. A smart way to allow singular Youtube videos would be great.
What would be really great was proper http(s) request tracking - as it is now I need to manually debug and allow subrequests to other domains myself instead that being tracked by the proxy (think static and dynamic content providers all needing separate whitelists). O/c I do need blacklisting inside the automaton to block tracking/ads
- Site2Site VPN capabilities via DynDNS names, both sides NATed)
- Syslog, SNMP, Netflow would be nice to have
If there is no better tool for this than Sophos then thats fine too, will migrate RED to a Site2Site VPN then and
will need to come up with a solution for the https sites...