You're welcome! I'm glad you liked the video.

I'm glad you liked the video!

I'm glad you liked the video!

I'm glad you liked the video and found it useful!

Thanks, I'm glad you liked the video!

I love UTM and I have that deployed at the office and at home. It is extremely stable and I really like the UI. I haven't made the switch to XG because I haven't had a specific need to do that. I don't have much experience with XG other than some brief testing, but it is completely different than UTM. UTM is strictly network (firewall rules, IPs, ports, etc.). XG is trying to integrate PC health. They have the endpoint client and system health you can factor into firewall rules (example: block traffic to internal servers for systems without current antivirus definitions, etc.). If you take the time to learn it, it seems to be a good system. I'm happy with the simplicity of UTM right now. If you don't have any experience with either, I would go with XG because it is the newest platform. UTM is still supported, but they aren't actively developing new features. Only security and stability patches. XG is getting all the attention from Sophos. I've been told by Sophos support that the hardware will work with either platform. You can buy an SG model and install XG on it or buy an XG model and install UTM 9 on it. The only thing that isn't officially supported is using the home license on their hardware. They want the home license used on your own hardware or a VM. If you try to install the home license on the official hardware, it won't let you. I've heard there are some ways to get the home license working on the official hardware, but your luck may vary. If you really like UTM and you're worried about IP limits, the commercial licenses aren't that expensive for smaller units. I am running an SG105 with commercial license at home. I just have the network protection module and it costs about $97 for a 3-year license with unlimited IPs (so about $32/year). Other modules will cost more. I hope this was helpful. Let me know what you end up doing.

You're welcome! I'm glad the video was helpful. Good luck on your future project!

I am however stuck with port forwarding, likely because I have another gateway currently in front of the UTM. So I haven't yet worked out the correct settings to allow traffic from another router rather that internet. I guess your example the UTM was getting internet directly?

I'm glad you liked the video! Yes, in my example, the UTM is directly behind the cable/DSL modem. That is the recommended configuration. If you have an ISP-supplied router that can't be removed, try setting the UTM's IP address as the DMZ host within the ISP's router. That will pass all incoming traffic to the UTM. If you can get rid of the other router, that would be better.

@@G6TechnologyServices Thanks for your solid response. I managed to get it working using DMZ, not sure why I didn't think of that :P But in the end I took your advice and removed the router gateway I had sitting in front of the UTM, set external interface to PPPoE and turned on VDSL and changed the VLAN tag to 2. It works perfectly and so does the Port forwarding. Would of been so much more difficult with out your videos. Thank you! community.sophos.com/products/unified-threat-management/f/management-networking-logging-and-reporting/104183/support-for-pppoe-on-ethernet-interface-with-vlan-tagging

You're welcome. I'm glad you were able to get it working!

You’re welcome! I’m glad you liked the video!

You're welcome! I'm glad you liked the video!

Thanks, I'm glad you liked the video! If UTM 9 is installed directly on the server, it can't be used for other purposes, such as file sharing. The UTM 9 installation completely erases the hard drive of the machine it is installed on. If you want to run both services on the same hardware, you would need to use virtualization.

Thank you for replying! Ok so would I make that vm from the actual server? Or do I need to make a vm from my pc? If so how do I do that with sophos installed lol.

Is the 2950 already set up as a file server, or is it empty or can be easily erased without losing any data? Depending on that, there are a few ways to do it. One way that I would recommend would be to install a bare metal hypervisor on the server, like VMware ESXi, XCP-ng, or something similar, and then have UTM 9 as a VM and Windows Server or whatever you will be using for the file server as a second VM. With the 2950 being older, you probably would have to use an older version of ESXi or XCP-ng. If the 2950 is already set up as a file server, that might not be the best option since it will wipe the local storage.

I'm not sure if you can use a Wi-Fi interface for WAN. It may work, but I've never tried it. What I would recommend is to get a USB hub and a second USB Ethernet adapter so both connections are wired. Make sure the USB Ethernet adapters are on the supported hardware list so that the UTM will recognize them.

Can you give me a little more information? Why do you need the DD-WRT router? Just to be a Wi-Fi access point? Is there an objection to letting the Sophos handle DHCP? I just want to make sure I understand your situation so I can suggest the right steps.

I have 25+ static IP's on the DD-WRT and very familiar with it so I was hoping to keep it. And I have a backup router that I can flash the firmware with all my configs in case this router dies because I can't be down at all - too much automation in the house. Other than that, no, I don't "need" the DD-WRT router. If there is no other way around it, or it raises the complexity, I could recreate everything in the Sophos and have it do DHCP. Also, I did order the WiFi in the Protectli just in case I decided to use it. One last note, I do have a subnet in the DD-WRT. 192.168.10.1/24 and 192.168.2.1/24 but I'm weak on networking! Still stumped on why I didn't get out to the internet when connecting directly to the Protectli on either eth1(LAN) or eth2 when eth0 (WAN) got an IP from the modem.

I understand. That does increase the complexity a bit, but it should still work if you want it set up that way. When you say you aren't able to get to the Internet, do you mean when you have the DD-WRT connected to the Protectli? Are you able to get to the Internet if you plug a computer directly into the Protectli? What are the two different subnets for? Do you need to route between them? Sorry for taking so long to respond. Your comments keep getting sent to the held for review section and I don't get a notification.

@@G6TechnologyServices I could not get to the Internet when plugged directly into DD-WRT or directly into Protectli. I made sure the laptop had a fixed IP and can easily manager either box when plugged into one or the other. I do not route between the subnets. It's to isolate my boys from accidentally infecting any of the rest of my infrastructure and NAS data and to control hours of use, what they access, etc. Subnets are both WiFi and I restrict use after 11pm and 6am.

There are a few settings that need to be in place for an Internet connection to work on the UTM. One that gets overlooked often is the masquerading rule for each LAN interface. You also need a firewall rule like Any -> Any -> Internet IPv4. If you want the UTM to be right behind the cable modem, it will need to be the default gateway. Make sure the UTM has an interface on each subnet and connect to the DD-WRT LAN ports with VLANS for each subnet or separate physical connections. Then change the DHCP default gateway address to be the UTM's address on that interface. That might work if I'm following what you want. Time blocking features may not work on the DD-WRT if the UTM is the default gateway. Let me know if that works.

Make sure you set up an SMTP server under Management > Notifications > Advanced. If you use Gmail, make sure to enable "Less secure app access". myaccount.google.com/lesssecureapps

I can't really provide a detailed answer without more information, so here are some general tips. Sophos UTM 9 will only run on systems with x86 compatible CPUs and will not work with ARM-based systems like a Raspberry Pi. Assuming you are using compatible hardware, I would recommend re-downloading the ISO and burning it to a new disc or if you used a flash drive, format the drive and use Rufus rufus.ie/ or Etcher www.balena.io/etcher/ to copy it to the flash drive again. Sometimes it doesn't burn right and you have to retry a few times with different tools. If your computer has a CD/DVD drive, that tends to be the most reliable method. If you need to use a flash drive, try Etcher and if that doesn't work, try Rufus. The Sophos forum community.sophos.com/ can also be very helpful if you still can't get it to work.

@@G6TechnologyServices ..thanks for the help ... I recorded the .iso on a cd and now I get an error that I have less 1GB of ram; when in fact I have 2GB ... I will continue testing on another motherboard.

You're welcome. I hope you get it working.