Replacing a UTM in an SMB - With What?
-
I have a Sophos UTM (SG-210) for the past 2 and a half years and the more time that goes by, the less I trust Sophos to release quality updates for it. Once I got used to the interface for the routing and firewall aspects, it is quite easy to configure. I am using the proxy (web filtering), gateway AV and IDS/IPS. However, there are several things that I am not using for different reasons- spam filtering, WAF, application control, etc.
What would you use to replace the firewall, proxy and IDS/IPS systems if you were going to separate them out?
-
My rule is... if you actually need a UTM, and you don't want Sophos, then Palo Alto is the clear choice. Otherwise, just get a Ubiquiti. I'm not a UTM fan, I don't like all of those functions on my network edge.
-
For firewall, Ubiquiti EdgeRouter. That's easy.
Proxy, Squid. Although I never proxy. -
@scottalanmiller I know you are opposed to proxy but I have had the filtering prevent users from downloading exes on several occasions. Obviously, that is a small part of running a proxy but important (at least to me).
-
@scottalanmiller said in Replacing a UTM in an SMB - With What?:
For firewall, Ubiquiti EdgeRouter. That's easy.
Proxy, Squid. Although I never proxy.I know there was a thread regarding the alleged fraud at Ubiquiti. I noticed that the CEO didn't say much until yesterday, which seems strange. I sure hope there is nothing to it and they can keep releasing value-rich products for business.
-
What about IPS/IDS? I found Snort and Suricata as appearing to be quite popular in the open source category. Does anyone have thoughts on either?
-
@wrx7m said in Replacing a UTM in an SMB - With What?:
@scottalanmiller said in Replacing a UTM in an SMB - With What?:
For firewall, Ubiquiti EdgeRouter. That's easy.
Proxy, Squid. Although I never proxy.I know there was a thread regarding the alleged fraud at Ubiquiti. I noticed that the CEO didn't say much until yesterday, which seems strange. I sure hope there is nothing to it and they can keep releasing value-rich products for business.
I would not be worried about that, at all. It was one guy, who makes his money making claims like this, with literally nothing on which it was based. That's like me claiming you stole a bagel from the guy outside this morning. I'm just a random guy on the Internet, that didn't observe you, making a baseless claim to get attention. It's not like a real financial firm, a government official, or even a respected journalist said something. It's a random sales guy (literally, he's a marketing guy) making a claim to get attention, which he got. It's such a worthless claim that it's no different, and I mean this literally, than "enlargement pill" spam ads.
-
@scottalanmiller - Yeah, I figured that is all it was. My concern was with how Ubiquiti didn't really respond with anything substantive right away.
-
@wrx7m said in Replacing a UTM in an SMB - With What?:
@scottalanmiller - Yeah, I figured that is all it was. My concern was with how Ubiquiti didn't really respond with anything substantive right away.
No reason for them to respond. There was nothing to respond to, that's my point. It was a fake report, they can't stop and respond to things like that, it's petty. Think about all those fake "And you'll never guess what happened next..." posts on Facebook ads. They are all fake, every one of them. They all look the same. And the companies, products, or things that they make claims about don't take the time to look at them and certainly not to respond. Ubiquiti is not in a position of needing to respond or even acknowledge a claim like that. The people repeating it are in a position of needing to justify why they are repeating a claim that, if read, is clearly made up and the publisher is openly admitted to being financially paid to do those things (he's a short investor.)
-
Is no one using IPS/IDS?
-
@wrx7m said in Replacing a UTM in an SMB - With What?:
Is no one using IPS/IDS?
In the SMB? Many do. With devices similar to the Sophos.
Personally, I feel they are nothing but a waste of resources.
-
@jaredbusch Where do you stand on proxies?
-
@wrx7m said in Replacing a UTM in an SMB - With What?:
@jaredbusch Where do you stand on proxies?
They are useless in the modern era of SSL everything and high speed internet connections. Proxies used to be great for conserving bandwidth as well as for filtering traffic with squid. but that was before everything was SSL. With it all SSL, you have no valid method to inspect the traffic.
-
@wrx7m We have a Watchguard XTM 515 here. A bit old but is quite powerful and never uses much of the cpu, even with IPS/Spam/Webblocker/Gateway AV/botnet detection/Reputation features enabled. Still gets software updates often, support is quite helpful.
-
@momurda - Thanks. I am trying to see if I can separate it out.
-
@wrx7m said in Replacing a UTM in an SMB - With What?:
@momurda - Thanks. I am trying to see if I can separate it out.
You could drop an Untangle system on your system in front of your router.
-
@jaredbusch said in Replacing a UTM in an SMB - With What?:
@wrx7m said in Replacing a UTM in an SMB - With What?:
@momurda - Thanks. I am trying to see if I can separate it out.
You could drop an Untangle system on your system in front of your router.
behind your router I meant.
-
@jaredbusch - I thought that is what you meant but did a double-take. LOL
