Adventures with Sophos

Due to some issues lately, I’ve taken the excuse to upgrade the hardware on my network.

Specifically, my pfSense box now refuses to boot (CF Card isn’t taking any new flashes apparently), and my Linksys router is on the way out. By on the way out, I mean that turning on QoS causes the system to overheat and lock up. Frequently and quickly.

Due to some issues lately, I’ve taken the excuse to upgrade the hardware on my network.

Specifically, my pfSense box now refuses to boot (CF Card isn’t taking any new flashes apparently), and my Linksys router is on the way out. By on the way out, I mean that turning on QoS causes the system to overheat and lock up. Frequently and quickly.

This is left me in need new hardware, as I host a number of services off of my network. This blog included. That means that I need something that works, and works well. I’d been using pfSense, but it had left me wanting. It worked pretty well, but it wasn’t pretty and it wasn’t remotely simple to configure things. Especially more advanced features.

Since I was going to be upgrading the hardware and re-installing anyways, I took the opportunity to check out some of the available router/UTM solutions out there. The list is kind of small, unfortunately.

m0n0wall: A great simple router OS. However, it’s heavily Linux oriented and I don’t have the time or inclination to learn an OS just to provide a firewall and NAT and maybe more.
pfSense: This is what I had been using, but experiencing some weird issues with. May have been hardware related. However, the OS and options just felt lacking or like they took too much time and effort to get working right. Not turn key even remotely.
Untangle: A great solution, with a lot of options. Very turn key. However, pretty much everything but NAT and a basic firewall requires a subscription. And not exactly a cheap one. Great for a SOHO maybe, but not for me. And the UI still looks very dated.
Smoothwall Express: Spent about five minutes with this. It’s a glorified DD-WRT install. Or at least that is how it felt. Very plain and basic. Both in the UI and functionality. And no expansion to speak of. Avoid. At all costs.

Then I got to Sophos. It has a “Home” version mostly due to it’s roots as “Astaro”. But don’t let that fool you. It’ very light weight, incredible powerful, and looks incredibly polished. The WebUI is just phenomenal. It looks like something out of this decade.  However, as with most things with a lot of power, it’s very complicated to setup and use. Very. Because there isn’t a lot of great documentation or even a “real” getting started guide to speak of, for somebody that’s not a networking professional, setting this up initially may be tricky.

However, after spending half an hour or so just hammering at it, I managed to figure out how to setup Sophos, enable port forwarding and a few other things. A bit over 24 hours on Sophos, and I have to say that I’m not just impressed, but ecstatic about the software. It’s everything a tinkerer could hope for.

 

As I figure out how to use Sophos, I plan on releasing a series of blog posts on how to setup and configure it to work with my network, the way that I want.

First up? Talking about about Sophos’ awesome firewall.

Author: Drashna Jael're

Drashna Jael're

4 thoughts on “Adventures with Sophos”

  1. I liked your first impressions of Sophos, myself have been down the pfSense, Smoothwall, road to name a few. I just need a descent UTM for home and some non-profit organizations that I assist. I’ve had pfSense running at home for a few years on an old IBM Think Center pent 4 3ghz. Worked well and the price was right $60 used but time to move on. I built a new Sophos UTM around a ASUS mini ATX board with a mix of new and used parts for around $300. After installing Sophos 9.2 Home edition I was blown away with all thats included for free! Like you said documentation is hard to come by but then again I just dived in and rummaged around to get the feel of things. I had the new box setup on my test site to get the feel and learn where thing are, love Sophos UTM!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.