Today, after months in development representing thousands of hours of work, I am proud to announce that Sophos UTM 9 is being released. The next major version for the product formerly known as Astaro Security Gateway, UTM 9 is a major new version that offers over 60 new features and abilities. Received with much fanfare at various partner events and by our beta testers, excitement surrounds the ability to manage the security of your endpoints directly within the UTM itself. We now offer the ability to manage antivirus and device control on your desktops with the same finesse that has made our RED branch office product and integrated wireless management offerings so popular. There is a new captive portal system, allowing you to create wireless hotspots for guests in your company, hotels, coffee shops, or other public places. The Antivirus system has been bolstered with the addition of Sophos’ enterprise-class scanner, while UTM 9 remains one of the only products to offer dual scanning engines in parallel to give you extra security and choice. We yet again lead the way with a totally new HTML5 VPN system that is a true clientless system for accessing desktops and servers remotely: nothing to install, and nothing to remove when you are done! These and many, many more new features and improvements are clothed in a crisp new WebAdmin GUI look that is easier than ever to work with and full of enhancements.
With a public beta spanning 6 months, over 6000 posts were made across hundreds of discussion threads and the final fit and finish of UTM 9 shows – it is by far our most stable major release ever. Don’t forget that your votes at our public feature portal helped shape this release and we’d invite you to continue (or start) participating as we prepare for future UTM 9 versions and look to bring even more abilities into our UTM platform.
Full information for this major release; how you upgrade from ASG Version 8, where you can get UTM 9, release notes, and extended information is available inside. Read on for all the details!
Extended information about the features and changes in UTM 9 are included in the release notes. Below is an overview of the Major and Minor features which have been implemented, along with a small summary of other changes.
Sophos UTM 9 Overview
Major New Features
-
Endpoint Protection
-
Wireless Captive Portals
-
HTML5 VPN Portal
-
Sophos Anti-Virus Engine
-
New WebAdmin GUI Look
Minor New Features
-
Apple iOS Support for WebAdmin (and other touch enabled devices)
-
YouTube for Schools
-
1:1 NAT Rules
-
SSL VPN without Admin rights
-
New Appliance LCD Functions
-
HA/Clustering Cold-Standby option During Up2Date
-
New Constant Live-Log Button
-
Customizable Dashboard
-
Enhanced Listbox Functionality
- Support for Network Definition Ranges
- Download and Distribution of User VPN Configurations
- Support for Multiple Objects in Firewall Rules
- Interface Group Objects
- Time-Based Wireless Networks
- Extended Dynamic DNS Provider Provider Support
- Site Path Routing for Webserver Protection
- Support for International Characters & Spaces in SSL VPN
- Multiple Path Routing support in BGP
Other changes and items to note:
Licensing
As Astaro continues to integrate within Sophos, some small changes have been made to the licensing due to discount structures and slight tweaks to the partner program. The first is that special Virtual License have been removed and virtualized installations will now use normal Software Appliance keys. This reduces the complexity and number of different licenses (and SKU’s) needed and thus helps simplify the price list. Second is that the Full Guard Premium bundles have been removed as well as part of the integration and reseller structuring, while also reducing the SKU’s and price list size. This doesn’t affect your ability to have Full Guard with premium support of course; just purchase Full Guard standard and a Premium support upgrade for it. If you have any questions at all on this we’d be happy to answer them!
Hotspots with wired interfaces
While not the primary focus, it is technically possible to use Hotspots on wired interfaces. This is not recommended and can cause side-effects like locking you out of WebAdmin if used on the interface which is configured to communicate with a backend authentication server (which thus breaks the communication) and all local administrator accounts have been disabled.
UTM 9 Support on older appliances
UTM 9 can be run on all but the oldest of ASG appliances. If you have an extremely old appliance it will not be able to one-touch upgrade or install UTM 9 from ISO image. Appliances which might not be able to run the new features in UTM 9 and still service the target market for which they were originally designed have been designated as “Not Recommended”. Depending on the features you use, the size of your network, bandwidth of your Internet connection, and how close you are to being overloaded already in ASG V8, these appliances may run just fine, or end up having performance problems. All of the last line of Astaro-branded appliances are supported as of course is all of the White Sophos-branded units. If your appliance is older and you would like the latest unit at a special discount, you can take advantage of our Hardware Refresh Program to get a discount on a new one. See the release notes for more information around ASG appliances with UTM 9.
Endpoint Protection Licensing
Our new Endpoint Protection requires a separate subscription and is not part of the Full Guard licensing bundles.
Downloading UTM 9
Offical release notes can be downloaded here.
UTM 9 is now available as an ISO image which can be used to install UTM 9 cleanly on your own software appliances and supported existing ASG / Sophos UTM appliances. Be sure that you download the appropriate image since as always, the hardware appliance ISO will not install on a software/virtual appliance, and installing a software appliance image on a hardware appliance may cause issues like incorrect numbering of the network interface hardware. There will also an Up2Date package for ASG V8 to UTM 9 (see below) that will be made available soon, and this post will be updated with links and information at that time for these downloads.
Hardware Appliance (for our branded appliances like the UTM 320)
ISO Link: ftp://ftp.astaro.de/pub/UTM/v9/hardware_appliance/iso/ssi-9.000-8.1.iso
Size: ~461MB
MD5: MD5 file
*Smart Installer 1 & 2 hardware appliance images can be found here if you have this special Astaro-branded USB product. (A new, Sophos-branded version is coming soon!)
Software Appliance (for your own X86/X64 hardware platforms)
ISO Link: ftp.astaro.de/pub/UTM/v9/software_appliance/iso/asg-9.000-8.1.iso
Size: ~465MB
MD5: MD5 file
*Smart Installer 1 & 2 software appliance images can be found here if you have this special Astaro-branded USB product. (A new, Sophos-branded version is coming soon!)
Upgrading to UTM 9 from ASG V8
Existing hardware appliances will be able to one-touch upgrade to UTM 9 (provided they are not models that have been sunsetted for UTM 9 as discussed above). In the coming weeks near the end of August, we will issue an Up2Date for ASG V8 which will add the “upgrade” button to the Up2Date section of your ASG Version 8 appliance. Software appliances will need to install the ISO image and restore their backup as usual. We also plan for a short-term UTM 9.001 Up2Date to do a few minor post-release tweaks in early August.
On behalf of myself and the entire team at Sophos, I hope you enjoy this fantastic product as much as we did making it for you.
Angelo Comazzetto
Sr. Product Manager