I have been wanting to upgrade from my PIX 515E firewall for some time now. I was originally looking into an ASA 5510, however seeing this is for my home network it is hard to justify the costs of such devices, even purchased off eBay. I looked into other vendors as well, and while many of the devices are “doable” in cost, although still stretching it in the budget, it is the licensing that always gets me. Many of them needing to have multi-thousand dollar licenses renewed per year. That ended up being a deal breaker for me.
While attending RSA last year I found out more about Sophos and what they offered. When I returned home I researched it further and found that Sophos offered their UTM firewall software for free, you just need to provide the hardware. I just so happened to be upgrading my PC which was a dual core with 8 GB of RAM and a 512 GB HDD. This computer, while fairly old and obsolete by today’s standards runs the UTM software just fine in my network.
This will be a general overview of the Sophos UTM firewall, at a later time I will go into more detail about specific areas and how I overcame various issues, in particular with the web filtering section.
Installation of the firewall is very straight forward, just visit Sophos site and check under free tools. You will download the Sophos UTM Home Edition ISO. This is the same software you would get if you purchase the hardware version and will provide protection for the network, mail, web application security and VPN access. The license is limited to protecting up to 50 IP addresses within your network. Once the ISO is downloaded just burn it to a DVD and boot it on your computer you have set aside to function as your new firewall. This process will wipe out anything that is currently on the computer, so make sure you have removed everything you need from it first. The installation process will ask you a number of questions such as which NIC is going to be the outside interface and which one will be the inside interface, and allow you to choose the IP addresses for both interfaces. Usually you’ll pick DHCP for the external so it can pick up an IP from your cable or DSL modem. The internal interface will have a static IP and that will be the new default gateway for all your computers on your network. You can also then setup your DHCP and DNS server on the firewall to provide those services for your internal network. All the questions are straight forward and once it is done it will be protecting your systems right out of the box. You’ll want to go through all the options on the firewall and fine tune them next. To access the firewall you will just go to the IP address you picked such as https://192.168.0.1:4444 and then login with the admin account you setup.
The dashboard is where you will start off, it gives you information at a glance on the status of your interfaces, and all the services you have active. Also you’ll find information on the CPU usage, and disk space availability. On the left hand side of the screen you will find all the other available options on the firewall. You will want to go through each one of these and determine if it is something you will want to use or not.
The management page is where you will change and adjust system settings, backup the configuration files, update the firmware of the firewall, and enter your license information. Definition and Users is where you can define your users if you choose to use authentication on the firewall with each of your users. While it is not needed if you have each computer authenticate with the user you’ll see their username in the logs instead of just the IP address of the device.
Interface and Routing is where you can setup the routing, and make changes to the interfaces if needed. You’ll also have options of OSPF and BGP in this section, for a basic setup there would be little to change in here, and you can always come back here later when required depending on your needs.
Network Services is where you can configure DNS, DCHP and NTP for your network.
Network Protection is where you see what is going on with the Firewall itself. It will show you the top source and destination packets dropped as well give you options to making changes to the firewall rules. In this section you can also configure NAT, Advanced Threat Protection, Intrusion Prevention, Server Load Balancing, VOIP, and advanced settings. The Intrusion Prevention section has areas to protect against DoS attacks and Port scans. You can also set your interfaces to ignore pings from the outside and inside to increase your level of protection overall.
Web Protection is a nice feature to have, especially if you have a family with younger children. In here you define what categories you wish to block from your network. At least you would be blocking malicious web sites, which will get ads, spam, pop ups, etc. Anything else would depend on what you do and do not want on your network at home. You can setup multiple policies for web traffic and have some users with more unrestrictive access and others such as teenagers with more restrictive access. There is a policy help desk section where you can test if a site is blocked or not based on the user without having to try on the computer itself. This is also the section where you’ll spend a lot of time tweaking, as I found issues with Netflix not working on the Apple TV’s in the house, mainly due to the fact that Sophos was scanning the web traffic for viruses at the same time. A future post will cover in detail what I needed to do to resolve this and many other problems that would happen on a home network.
There is an email protection section as well, however if you are not running your own POP server on your network you will not use this feature. It will scan for viruses and spam in your mail, so that’s a nice feature.
One really nice feature I like is the End Point Protection. From here you can push clients to your PCs, or download them from a provided link and then Sophos UTM will scan your computer for viruses and malware. You can activate it to also check for PUA’s (Potentially Unwanted Applications). Changing the policy from the default levels you can also setup the computer to scan on a schedule. Other features which might be useful depending on the network is the ability to block the computer from accessing USB, CD/DVDs, Bluetooth, and other removable media on a per policy base which can be assigned to groups or users.
The firewall will also act as a wireless controller and you can purchase Sophos access points and place them in your house for greater security and control than a consumer based device. The costs are higher though with models ranging from just over 100 dollars to 800 dollars.
Other sections to check into would be the VPN and Remote access sections. Here you can setup user and VPN accounts using either SSL or IPsec. You can then access your computer and network from anywhere in the world with a secure VPN connection.
The last areas focus on logging, where you can view daily executive summary logs, and logs on every function of the firewall. You’ll also notice on each tab there is a section to view live logs, which will come in handy when you are troubleshooting firewall and web filtering issues. You will want to have the live log open and try to access what you are unable to and see what is being blocked. From there you can make the needed changes to get you back into shape.
In all, the Sophos UTM firewall is a great piece of software that brings enterprise grade protection to the home user. While you may not use all the functions available to you, it is nice to have them at your deposal, and if you are like me and wanting to learn more about security at all times you’ll enjoy playing around. In all, I had the system up and running within an hour, and spent the next week making various adjustments to the system until I had it the way I liked. As mentioned before, be on the lookout for my future posts as I go into more detail on the firewall and web filtering section of the firewall.
Until then, stay safe.