There are currently two Sophos Firewall operating systems. One is called UTM, which was originally developed by the Astaro company. The new system is called Sophos Firewall OS, or “SFOS” for short. We are now discontinuing support for the UTM OS at the end of 2021.
A pinch of nostalgia
In 2008 I had to deal with the Astaro Firewall for the first time, at that time still in version 6. It just sends shivers down my spine when I look at the screenshots of the version at that time 🥶.
Still, for the time, it was an excellent firewall!
My first task and immediately a bug
I can still remember my first encounter with the Astaro Firewall. I remember it so well because not everything went smoothly. I had to upgrade the firewall from version 6 to version 7. After the migration, the IPsec connection could not be established. Unfortunately there was a bug, as I found out later. The pre-shared key (PSK) started with the digit 0, which the firewall apparently didn’t like. When I replaced the 0 with a letter, the VPN connection could be re-established. 😅
Then, in early 2015, Sophos products became our daily business. I had to take a quick look at our timeline myself to remember. Until then, the firewall was always just an option on our offers, where we mainly offered remote desktop services. For the Sophos firewalls, there was also only the UTM operating system at that time, which was fast, very intuitive and functional. All reasons why many admins still love the system today.
V15 came straight from hell
In February 2016, the first version (v15) of the Sophos Firewall OS was released and Sophos has been beating the “NexGen Firewall advertising drums”. In the middle of the year, we had the first major customer who wanted the new OS with the new hardware. It was a community with about 150 users. It was a horror! 🧟
My psychological defense mechanisms were able to repress the memories of this as self-protection. 🤮 The system was so bad that we didn’t want to have anything more to do with SFOS until the end of 2016. I don’t know what Sophos was thinking of, throwing such an unfinished version on the market in the first place. V15 was a very early pre-alpha version at best.
By the way, the municipality has remained our customer and still relies on the XG firewall.
Everything new with SFOS
But what you really have to give Sophos credit for is that they stuck to the idea and vision of the new firewall operating system back then, despite a lot of criticism. They even admitted on stage a little later at a partner conference in Lisbon that v15 was really bad! 👏
After more than a year of advising everyone against SFOS and recommending UTM, we took another stab at it with the release of v16 in October 2016. The further development could be evaluated as positive. We quickly ventured into smaller projects and with each new update it got better. Confidence in the system grew steadily and even before SFOS v17 appeared, XG Firewall became the standard for new projects.
Migrations from UTM to SFOS
Since mid-2017, we have not implemented a single project with UTM to date and will not do so again. For the last three years, we have been busy migrating firewalls running the UTM OS to SFOS. Today, we have reached the point where we are using SFOS for more than 95% of the customers we actively serve.
Every now and then I still log on to a UTM to support individual customers. But the system has become strange to me and I miss the possibilities of SFOS.
If you look at the version history of the two operating systems over the last few months, you will see without discussion that SFOS is constantly developing, while UTM has stood still. This is hardly surprising, because Sophos is also only blowing one horn in its marketing. The UTM is actually dead and the SFOS is touted as the Next Generation Firewall. In several blogposts and podcasts, we have already speculated when Sophos will discontinue support for the UTM. For the security manufacturer itself, there still seems to be enough reasons to keep the UTM alive. If we look at our customer landscape, on the other hand, the time has come for us personally and also economically to say goodbye and to stop offering UTM support by the end of 2021 at the latest.
We would like to focus on only one firewall operating system and preferably the one that has a future. For those who still need UTM support after that, you can contact Sophos directly with “Premium Support” or we will open the tickets for you. However, direct support based on our expertise is no longer available.
- Is it possible to migrate from UTM to SFOS?
- There is no update button. You can still install the SFOS on the SG Appliance without any problems and take over the license for free. We have also written a tutorial about this: Installing SFOS on an SG Appliance
- Is it possible to import the UTM configuration to SFOS?
- SFOS is a new operating system. There is a migration wizard which converts parts of the configuration for SFOS. However, some things still have to be reset from scratch afterwards.
- Do you offer help with a migration?
- We have already done several “UTM to SFOS migrations”. We can gladly assist you with this.
- What will become of the UTM operating system?
- The UTM system will continue to run, at least until January 2024. However, the development does not really go further. With v9.8, the new hardware is still supported, but that’s probably it.
If you haven’t looked into the SFOS at all, I can recommend you the article 7 reasons why the XG Firewall (SFOS) is better than the UTM recommended.