Here’s what to expect from the upcoming UTM Elevated 9.4

Sophos UTM has arguably been one of the most impactful and disruptive firewall products on the market over the last few years. The UTM 9 platform, with compelling updates and the passionate support of our partner community and customer base, has helped Sophos UTM achieve unprecedented success in the market.

We’re as committed as ever to continuing this success with our first update of the year: UTM Elevated 9.4.

Why “Elevated”? Well, by including the option of adding Sophos Sandstorm to Sophos UTM, we’ve raised protection levels to all-new heights. Sophos Sandstorm lets you add enterprise-class sandboxing to your small and mid-size business networks. It directly addresses today’s ever-more evasive threats and raises the bar for delivering effective, affordable advanced threat protection.

In addition to providing access to the new Sophos Sandstorm, the UTM 9.4 release also adds some of your top-requested features including new WAF and VPN features as well as support for a number of new hardware options further extending our top-performing hardware line up. Read on to view the details.

Extending zero-day protection

Today’s hackers are employing more targeted attacks with highly evasive never before seen malware designed to breach security systems to gain access to a company’s resources, credentials and data. So while conventional anti-malware is still a critical first line of defense, it’s no longer enough in combating modern attacks.

goggles

Most next-generation sandboxing solutions designed to identify unknown malware are too complex and expensive for most businesses like yours to even consider. That’s why we’ve developed Sophos Sandstorm, a new subscription option that gives you an advanced malware defense solution that’s effective and affordable. Sandstorm is a cloud-based sandbox solution that provides targeted attack protection, visibility and analysis that rises above the competition.

It’s simple:

  • Easy to try – sign up through MyUTM and benefit from instant protection
  • Easy to deploy – simply activate the policy
  • Easy to manage – through your usual UTM workflow

It’s effective:

  • Blocks evasive threats – detects threats designed to evade sandboxes that other solutions miss
  • Policy control – simple, efficient policy control
  • Visible protection – granular, incident-based reports

It’s cloud-based:

  • Rapid deployment – instant protection with no hardware to deploy or appliance upgrade needed
  • Minimal impact on performance – all processing done in the cloud
  • Collective intelligence – analysis of threats detected across the broad Sophos customer base

And perhaps most importantly, it’s affordable. Sophos Sandstorm will be available in UTM 9.4 as a new Protection Subscription, at a great value price-point compared to competing enterprise solutions in this category. It’s enterprise-grade protection without the enterprise-grade price tag or enterprise-grade complexity.

Expanding the hardware lineup

UTM Elevated 9.4 adds support for a number of new hardware options, further extending our top-performing hardware line up.

SG 85(w) brings new New SG Series Appliances to the low-end of the line. The SG 85 is available in both an integrated wireless (w) model and without wireless. It is ideal for extremely price-sensitive deployments like retail or SOHO. Expected availability of the SG 85(w) is March 2016.

Sophos SG 85

4x10G SFP+ Flexi-Port Module for the 1U SG Series models brings a whole new level of flexible connectivity and performance with four port support for a variety of optical or electrical transceivers. Expected availability is March 2016.

RED 15w adds integrated wireless to the new RED 15 with a single radio supporting 802.11n 2×2:2 MIMO.  Expected availability is March 2016 with similar (aggressive) pricing to the new XG 85w.

Sophos RED 15

AP 15c packages the popular, new and affordable entry-level access point into a ceiling smoke-detector type chassis. It offers the same great performance and value as the AP 15 desktop model with a single radio with 300Mbps of 802.11n throughput – but now with a choice of band (either 2.4GHz or 5GHz).  Expected availability is March 2016.

Enhancing the firmware features

UTM Elevated 9.4 also delivers some of your top-requested features.

WAF Persistent Session Cookies improve the user experience when interacting with business applications protected by the Sophos UTM, reducing repeated sign-in prompts.

STAS (Sophos Transparent Authentication Suite) provides reliable transparent SSO authentication for network users, without requiring a client on the endpoint. STAS employs an agent on the Microsoft Active Directory Server that monitors and stores authentication activity and exchanges authentication information with the UTM, making user-based policy rules and enforcement easy.

IPv6 SSL VPN Support adds much requested support for IPv6 VPN connectivity with the UTM.

Looking beyond

While UTM Elevated 9.4 is a substantial release, it’s one more in what has been, and will continue to be, a great series of updates to this award-winning product. We have even more great plans for this product with UTM 9.5 and 9.6 releases already in the early planning stages, promising to bring you even more value, simplicity and security.

Image of flying airplane courtesy of Barn Images.

35 thoughts on “Here’s what to expect from the upcoming UTM Elevated 9.4

    • Thanks for your question. The team is looking at that as a possibility for a future release.

  1. please integrate a function to let import IP addresses from txt or CSV file to network definitions in Web Manager

  2. Dear Team, please think about integrating IKEv2.
    It’s hard to tell our VPN partners to go for IKEv1 because our “NGFW” doesn’t support it.

  3. Some quick answers to questions so far.
    1) As mentioned, let’s encrypt is definitely on our to-do list, but not in this release
    2) The request to import IPs from file is listed on our feature site, and we are looking at it, but it’s not decided currently.
    3) I’m expecting the beta to kick off any day now. Keep an eye on our community site for the beta forum to open, once it kicks off!
    4) To start with, sandstorm will require a paid subscription. It’s a great feature, and we want to get it in as many hands as possible, but the cost to include it in a free version is a bit high at the moment. For the moment, its not available for home use.
    5) IKEv2 is a tough one. it’s a big task to implement, and if we could have fit it in this release, we would have. We are working on it, and hope to include it in the next XG version.

  4. How will users of 120,220 and 320UTM hardware fair with this release? We have noticed that as more features are introduced the original hardware resource usage on the hardware is much higher. Will there be optimisation brought into 9.4 to ensure users of older hardware, not SG upgraded will be able to utilise the systems effectively?

  5. Hi Anon, 9.4 should have minimal impact on resource usage. For example, Sandstorm is the biggest feature addition, and that will not add significant workload on any system, as the primary effort is done in a cloud sandbox.

  6. Can you guys look at adding stand alone functionality to your access points? It’s a pain when fiber connected buildings are having maintenance done and they lose their wifi because the APs can’t see the UTM. Also while mentioning this, how about manual config options for access points. It’s a pain for remote buildings that use their own default gateway to have to setup separate networks/routing for the AP to use the primary UTM as default gateway.

  7. Is it planned to support onboard otp for a single virtual webserver? There are some feature requests since years.

    • I’m afraid, this will never happen, because it breaks the design of the RED, which is generally provisioned ootb via an existing Internet-Connection.

      Maybe it can be implemented in the Provisioning via USB-Stick, but I’m not convinced, this will ever happen. It’s been a requested feature for years now, w/o any visible progress.

  8. AP15C: We have only the choice between 2,4 and 5 GHz ? That make no sense. Every cheap AP has both frequencies and there are still devices with no 5 GHz, so if I buy a 5 GHz AP15C only the 5 GHz devices run? That is a joke

  9. There was a feature request submitted in 2012 “Hotspot redirection also on HTTPS access”, and there was a response in 2014 saying that it would be released in v9.3, but it never was. Will this feature be available in 9.4, or will we still be left with a half functioning hotspot feature?

    • Any word on this? I have a pending order for 20 AP55C’s, but will probably cancel and go with a different vendor if there are no plans to implement this feature in the future.

  10. Hello,
    I have heard rumors that the upgrade path from 9.3 to 9.4 will be a new installation with an backup restore and not a straight update ?

    • Hi Chris, I’m not sure how rumours like that get started, but that’s completely untrue. UTM 9.4 will be an Up2Date firmware update just like any other UTM 9 release.

  11. Does current UTM 9.355 version support exchange 2016 publishing i.e. OWA, Outlook anywhere, Exchange ActiveSync and off course general email flow in and out of organization?

  12. Where can I find the free version/home version of UTM 9.xx or UTM 9.4 download ?
    I want to install on my home machine.
    Thanks.

  13. Hey guys, I was about to go for 4* SG210, and I’m about to cancel my order as our clients require ikev2. How is it possible and you don’t support it yet? Honestly, I just shoot an email to Fortinet. I’m kinda disappointed with this as I’m very happy with your products.

    • Hi there, would you mind if someone got in contact with you to talk through this? Is your email the best way to reach you? Thanks, Anna.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s