Sophos UTM 220
March 21, 2013
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Comprehensive feature set, integrates perimeter and endpoint security into one product
- Weaknesses: Nothing that we could find
- Verdict: A strong product for its target market and aggressively priced. We make this one Recommended
Perhaps best known for its anti-virus products, Sophos has produced a stellar UTM with its 220. Targeting small to mid-sized offices with up to 150 users, it combines standard UTM offerings with a few features we did not expect, making it something definitely worth looking at.
The initial setup proceeded about as we expected. We first set our workstation IP to match the system's default LAN network, then logged into the web interface with a default username and password.
We were presented with a one-page form where we specified a host name, administrator password and device location data. (Curiously, all fields were required, including the location city and country. We discovered later that those values are used to generate a root certificate for the product's encryption features.) After accepting the device end-user licence agreement (EULA) and submitting the form, the device performed a quick reboot and then launched a 10-step setup wizard, where we installed our licence file, configured our LAN and WAN interfaces, and made some simple selections to establish a basic rule base for the firewall and content filtering systems. Finishing the wizard initiated a final reboot, and at that point we were ready for fine-tuning. Overall, the initial setup from unboxing to basic configuration took around 10 to 15 minutes.
The UTM 220 has eight freely configurable network interfaces, providing plenty of space for WAN, LAN and DMZs. It can be easily managed with its excellent web interface, or clustered and centrally managed via the As taro Command Center software. It supports link aggregation and bridging, and offers border gateway protocol (BGP) or open shortest path first (OSPF) as routing protocols. Several types of authentication servers are supported, including LDAP/Active Directory, Radius and eDirectory.
A standard category-based content filter is provided, with support for user/group-centric rules and white/blacklisting. SMTP and Pop3 proxies can be enabled, with S/MIME and PGP encryption options available for SMTP. The product also provides support for SIP and H.323 protocols, dynamically opening ports based on activity in the control channels of those protocols. It contains a signature-based IPS and web application firewall, with numerous VPN options ranging from a standard IPsec tunnel to Amazon Virtual Private Cloud integration and a HTML5 SSL VPN.
Sophos extends its perimeter protection to the endpoints. By installing a workstation agent, the UTM 220 can provide centrally managed AV protection, as well as limited control over predefined storage, network and short-range devices.
The logging options on the device are impressive. Syslog is naturally supported, as well as log archival to FTP, SSH, SMB shares or email. Numerous charts are available and live scrolling views of all logs are easily accessible.
The documentation was more than adequate. A short quick-start guide is packaged with the unit, which provided all of the information we needed to get started. Well-designed administrator guides are available for the device itself and the optional Astaro Security Gateway central management software and both feature bookmarks, hotlinks and screenshots. They are clearly organised, easy to navigate and downloadable from the support website.
Sophos offers a number of support options, including 12/5 and 24/7 premium phone and email help. There is also a user support forum, FAQ section and online knowledgebase, which includes a number of how-to videos.
The UTM 220 is priced at £1,175 for one year, £2,640 for full guard (all subscriptions) and premium support is a further £285.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry