I have been using the Sophos UTM Appliance at home for about 3 years. It has been my internet gateway all this time and also has been useful for the lab I run at home.
It’s pretty much the full featured enterprise edition but its limited to 50 IP’s on the lan side. The feature set is huge and needs its own blog post.
I am just going to describe the basic endpoint side here. It’s been on my todo list to blog about this but I saw a fellow vExpert’s elderly father in law fall prey to a scam that Sophos would have probably caught…
If your interested in the product you can obtain it here.
To enable features in the UTM you typically turn them on globally then they can be configured.
Once this has been done you can deploy the endpoint package (encompassing the AV and control agent)
This can either be done with a direct download or with a unique URL see screenshot. For any homelabers a push with group policy is required.
After that its a next next installer
Im not sure what the third party software it removes is but its a nice feature.
And your done nice and simple.
Once the agent is deployed it updates itself and runs a full scan. This can be monitored from the client end but also centrally in the UTM console.
The example above is one of my fileservers.
One of the really cool things is the tamper protection seen above which means if you or your try and uninstall the agent from the client you will get the below message. You need a password to uninstall!!
I am just running with the basic protection for me which includes all of the following
As you can see web protection and blocking of malicious sites is enabled. This is fully customisable and able to apply the same filtering as the firewall implements. It has a large numbers of categories and a policy checker to see how a site will be handled. The best part of the UTM is these are applied when the device is not behind the firewall. Think Kids or Old people etc.
I have this implemented for a few friends and family but with slightly different policies.