There are currently two Sophos Firewall operating systems out there. One is called UTM, which was originally developed by Astaro. The new system is called Sophos Firewall OS or "SFOS" for short. We are now discontinuing support for the UTM OS at the end of 2021.
A touch of nostalgia
In 2008 I had to deal with the Astaro Firewall for the first time, at that time still in version 6. It just sends shivers down my spine when I look at the screenshots of the version at that time. 🥶
Nevertheless, for that period of time, it was an excellent firewall!
My first task and immediately a bug
I can still remember my first experience with the Astaro Firewall. I remember it so well because not everything went smoothly. I had to upgrade the firewall from version 6 to version 7. After the migration, the IPsec connection could not be established. Unfortunately there was a bug, as I found out later. The pre-shared key (PSK) started with the digit 0, which the firewall apparently didn't like. When I replaced the 0 with a letter, the VPN connection could be re-established. 😅
At the beginning of 2015, Sophos products became our daily business. I had to take a quick look at our timeline myself to remember. Until then, the firewall was always just an option on our quotes, where we mainly offered remote desktop services. For the Sophos firewalls, there was also only the UTM operating system at that time, which was fast, very intuitive and functional. All reasons why many admins still love the system today.
SFOS v15 came straight from hell
In February 2016, the first version (v15) of the Sophos Firewall OS was released and Sophos has been beating the "NexGen Firewall advertising drums". In the middle of the year, we had the first major customer who wanted the new OS with the new hardware. It was a community with about 150 users. It was an absolute nightmare! 🧟
My psychological defense mechanisms were able to repress the memories of it as self-protection. 🤮 The system was so bad that we wanted nothing to do with SFOS until the end of 2016. No idea what Sophos was thinking throwing such an unfinished version on the market in the first place. V15 was a very early pre-alpha version at best.
By the way, the community has remained our customer and still relies on the XG firewall.
Everything new with SFOS
But what you really have to give Sophos credit for is that they stuck to the idea and vision of the new firewall operating system back then, despite a lot of criticism. They even admitted on stage a little later at a partner conference in Lisbon that v15 was really bad! 👏
After more than a year of advising everyone against SFOS and recommending UTM, we dared to try again with the release of v16 in October 2016. The further development could be evaluated as positive. We quickly ventured into smaller projects and things got better with each new update. Confidence in the system grew steadily and even before SFOS v17 was released, XG Firewall became our standard for new projects.
Migrations from UTM to SFOS
Since mid-2017, we have not implemented a single project with UTM to date and will not do so again. The last three years we were busy migrating firewalls with the UTM OS to SFOS. Today, we have reached the point where we are using SFOS for over 95% of our customers that we actively support.
Every now and then I still log on to a UTM to support individual customers. But the system has become alien to me and I miss the possibilities of SFOS.
If you look at the version history of the two operating systems over the last few months, you will see that SFOS is constantly evolving, while UTM has stood still. This is hardly surprising, because Sophos is also only blowing one horn in its marketing. The UTM is actually dead and the SFOS is touted as the next generation firewall. In several blogposts and podcasts we have already speculated when Sophos will stop supporting the UTM. For the security vendor itself, there still seems to be plenty of reasons to keep the UTM alive. However, when we look at our customer landscape, the time has come for us personally and also economically to say goodbye and no longer offer UTM support by the end of 2021 at the latest.
We only want to concentrate on one firewall operating system and preferably on the one that has a future. For those who still need UTM support after that, you can contact Sophos directly with "Premium Support" or we will open the tickets for you. But there is no direct support based on our expertise anymore.
- Is it possible to migrate from UTM to SFOS?
- There is no update button. However, you can still install the SFOS on the SG Appliance and take over the license for free. We have also written a manual for this: Install Sophos XG Firewall OS on a SG Appliance
- Is it possible to import the UTM configuration to SFOS?
- SFOS is a new operating system. There is a migration wizard that converts parts of the configuration for SFOS. However, a lot of things still have to be set up from scratch afterwards.
- Do you offer help with a migration?
- We already have several "UTM to SFOS migrations" behind us. We can support you with pleasure.
- What will happen to the UTM operating system?
- The UTM system will continue to run at least until January 2024, but development will not really continue. With v9.8, the new hardware is still supported, but that's probably it.
If you haven't looked into the SFOS at all, I can recommend the article 7 reasons why the XG Firewall (SFOS) is better than the UTM.