Skip to content
Avanet
Sophos UTM – End of Support at the end of 2021

Sophos UTM – End of Support at the end of 2021

5. FEBRUARY 2021

There are currently two Sophos firewall operating systems. One is called UTM, originally developed by a company named Astaro. The new system is called Sophos Firewall OS, or “SFOS” for short. We are now ending support for the UTM OS at the end of 2021.

A pinch of nostalgia

In 2008, I worked with the Astaro firewall for the first time, back then still in version 6. I still get chills when I look at screenshots of that version 🥶.

Astaro Security Gateway v6 NAT Rules

Still, for that time it was an excellent firewall!

My first task, and straight away a bug

I can still remember my first encounter with the Astaro firewall very well. It has stuck in my mind so clearly because not everything went smoothly. I had to upgrade the firewall from version 6 to version 7. After the migration, the IPsec connection could no longer be established. As I later found out, there was a bug: the pre-shared key (PSK) started with the digit 0, which the firewall apparently did not like. Once I replaced the 0 with a letter, the VPN connection could be restored. 😅

Daily business

At the beginning of 2015, Sophos products became our daily business. I even had to briefly check our timeline to remember. Until then, the firewall had only been an option in our quotes, where we mainly offered Remote Desktop Services. At that time, the only firewall operating system available from Sophos was UTM, which was fast, very intuitive and functional. All reasons why many admins still love the system today.

V15 came straight from hell

In February 2016, the first version (v15) of Sophos Firewall OS was released and Sophos heavily beat the “NextGen firewall marketing drum”. In the middle of the year, we had our first larger customer who wanted the new OS together with the new hardware. It was a municipality with around 150 users. It was a horror! 🧟

My psychological defence mechanisms managed to suppress those memories for self-protection. 🤮 The system was so bad that by the end of 2016 we did not want to have anything more to do with SFOS. No idea what Sophos was thinking when they decided to bring such an unfinished version to market. V15 was at best a very early pre-alpha version.

The municipality is still our customer, by the way, and still uses the XG Firewall today.

Everything new with SFOS

What really has to be credited to Sophos is that, despite heavy criticism, they stuck to the idea and vision of the new firewall operating system. At a later partner conference in Lisbon, they even admitted on stage that v15 was really bad! 👏

After we had advised everyone against SFOS for over a year and recommended UTM instead, we tried again when v16 was released in October 2016. The further development could be rated as positive. We quickly started tackling smaller projects, and with every new update it got better. Confidence in the system steadily increased and even before SFOS v17 was released, the XG Firewall had become the standard for new projects.

Migrations from UTM to SFOS

Since mid-2017, we have not implemented a single project with UTM and will not do so anymore. Over the past three years, we have been busy migrating firewalls running the UTM OS to SFOS. Today, more than 95% of the customers we actively support use SFOS.

From time to time, I still log in to a UTM to support individual customers. But the system has become unfamiliar to me, and I miss the possibilities offered by SFOS.

Our decision

If you look at the version history of both operating systems over the last few months, it is clear that SFOS continues to evolve, while UTM has stood still. That is hardly surprising, because Sophos is now only marketing one system. UTM is essentially dead, and SFOS is promoted as a next-generation firewall. In several blog posts and podcasts, we have already speculated about when Sophos will end support for UTM. For the security vendor itself, there still seem to be enough reasons to keep UTM alive. When we look at our customer base, however, the time has come for us personally and economically to say goodbye and no longer offer UTM support from the end of 2021 at the latest.

We want to focus on a single firewall operating system, preferably the one that has a future. For anyone still needing UTM support after that, you can contact Sophos directly via “Premium Support”, or we can open tickets for you. However, there will be no more direct support based on our own expertise.

FAQ

  • Can you migrate from UTM to SFOS?
    • There is no update button. However, you can easily install SFOS on the SG Appliance and transfer the licence free of charge. We have also written a guide on this: Install SFOS on an SG Appliance
  • Can you import the UTM configuration into SFOS?
    • SFOS is a new operating system. There is a migration assistant that converts parts of the configuration for SFOS. Afterwards, however, quite a few settings still need to be configured from scratch.
  • Do you offer help with a migration?
    • We have already completed quite a few “UTM to SFOS migrations”. We are happy to support you.
  • What will happen to the UTM operating system?
    • The UTM system will continue to run at least until January 2024. However, development is not really progressing. With v9.8, the new hardware is still supported, but that will probably be it.

If you have not yet looked into SFOS, we recommend the article 7 reasons why the XG Firewall (SFOS) is better than UTM.

Patrizio

Patrizio

Patrizio is an experienced network specialist focused on Sophos firewalls, switches, and access points. He supports customers and IT teams with configuration, migration, and clean network segmentation.