The Ultimate Home Firewall

Posted on December 28, 2018 5:51 AM by admin

Are you tired of poor quality consumer grade firewalls with limited configuration options and a clunky admin interface? Do you want an expanded feature set and more advanced admin interface? Well, we’ve got the answer!

Introduction

Please allow me to introduce Sophos (formerly Astaro) UTM Home Edition! Sophos UTM is a robust, reliable, and full featured enterprise grade firewall solution. To quote from Sophos directly:

“Our Free Home Use Firewall is a fully equipped software version of the Sophos UTM firewall, available at no cost for home users – no strings attached. It features full Network, Web, Mail and Web Application Security with VPN functionality and protects up to 50 IP addresses.”

Sophos sells hardware with the UTM software pre-installed with a complete range of licensing options for business use. The software version can also be licensed for business use. The home edition has all features unlocked, but only allows up to 50 IP addresses at a time. I’ve been running this system for several years (since before the name change), and I’ve never had a problem running out of IP addresses. This would, however, depend on your specific network configuration. There is a newer version of this software available called Sophos XG Firewall which also has a free home license, but has no IP address restriction. The licensing is instead based on hardware specs. This article will be referring to the UTM 9 based version of the software.

Basic Setup

If you want to test the software without installing it, Sophos provides a web-based demo, available here.

Minimum System Requirements – Quick Start Guide

  • Intel compatible CPU 1.5 GHz+
  • Dual Core (Quad Core recommended)
  • 1 GB RAM (2 GB recommended)
  • 20 GB hard disk drive (40 GB recommended)
  • Bootable CD-Rom drive or Sophos Smart Installer
  • 2+ NICs (WAN, LAN)

Recommendations

  • Read the Quick Start Guide before starting.
  • Use Intel NICs when available.
  • Avoid USB NICs.
  • Use Rufus to make a bootable USB flash drive if your firewall box has no optical drive.
  • If you have an optical drive, just burn the ISO to disc instead of trying to get a USB flash drive to work.
  • Don’t scrimp on hardware. The minimum requirements are low and will produce a functioning system, but you may get better performance from a better CPU, and more RAM. This depends on your network configuration and type/volume of traffic.
  • If you plan on turning on the web filter’s caching or a lot of logging options and setting the retention to a long term, make sure to use a larger disk drive. You can get away with a smaller one if you won’t be using the web filter with caching and logging is off or limited.
  • Set up automatic backups! The UTM can email automatic backups to the administrator. Take advantage of this. It will save hours of configuration if your hardware dies.
  • Run your updates. Once the UTM is up and running, make sure to apply the updates whenever they are available.
  • Set up notifications. Notifications can be set up for many types of data. One important notification is the software update notification. It is important to keep your UTM up-to-date.
  • Make manual configuration backups before making major changes. That way, if you make a mistake and can’t fix it, you can just restore from a backup.

Resources

Hardware Suggestions