I work from home pretty intensively, and as a result tend to have a pretty busy business-grade 120 down / 10 up home / small office internet connection. I have around 40-50 DHCP'd devices at any moment in time, including an outward facing Windows, Linux, and FreeBSD server and numerous laptops / mobile devices, mixed with the usual set of smart home appliances.I am growing increasingly frustrated with maintaining dd-wrt on a consumer grade router, and am looking for something more feature-ful and reliable. My initial gut instinct was to buy a pfSense appliance and maintain my own pfSense server, but I was told to take a look at some UTM gateways. While at first I thought it might be overkill or cost prohibitive, I've noticed that the Sophos SG's do seem to offer a lot of features interesting to me, and the pricing, while more expensive than maintaining my own pfsense firewall, is not unreasonable. I've looked at Meraki as well, but that is even further beyond my budget so I'm not sure I'd like to go that route.I've already spent a few days scouring data sheets, trying online demos, etc, so I'm not asking the community to do homework for me, but I do have some questions that I didn't find an answer to:. For a home network with 2 or so simultaneous active users (there's only two humans working here on most days, just a ton of laptops sitting around running various OS'es), what is the appropriate sized Sophos appliance? It seems like the AV filtering speed of the SG105 (rated 80mbit on the spec sheet) would impose a bottleneck.

Sophos UTM “With the Sophos appliances, we experienced greater. Can choose one of our pre-packaged licenses. Whatever suits your needs. BasicGuard FullGuard FullGuard Plus Modules - Choose the ones you need Try It For Free Try It For Free Try It For Free Essential Firewall - Free. Hardware appliance SG 105 SG 115 SG 125 SG 135 SG 210 SG 230. Apr 02, 2015  Contemplating a Sophos SG105/115 for a home network Have some questions. A look at some UTM gateways. While at first I thought it might be overkill or cost prohibitive, I've noticed that the Sophos SG's do seem to offer a lot of features interesting to me, and the pricing, while more expensive than maintaining my own pfsense firewall, is.

I would be willing to step up to the SG115, but I'd like to keep the option of using all the deep scanning capabilities open without imposing a bottleneck on a 120mbit internet connection. (And of course future proofing the possibility that'd go up to 200mbit in the coming years). Do I.need. to pay an annual license fee on the Sophos appliances? Some of the spec sheets seem to imply that 'basic' firewall features are included, though it's not very clear. While I'll gladly try out the fancy IPS / AV scanning / web protection features for a year or more, I would really like to have the option of having this serve as a firewall/router/gateway without paying.Finally, I'd love to know if this is not a good solution, or if something better fits the bill.

I've been tempted to try out deploying the free home edition of Sophos on an old computer for evaluation, but I'm getting pretty close to the IP limit already. Some of the fundamental features I'd like to have are:MUST HAVES:. Handles 120mbit down (preferably with even more margin) without breaking a sweat. Live and historical monitoring of traffic on the network.

(Preferably broken down by client and top 5 remote connections / how much transferred). I am constantly shocked at the Comcast bandwidth meter and how much traffic it says I've used. I have a hunch where it goes, but I'd like to have the tools to tell me for sure. Handles 50-100 simultaneous devices on the LAN side. Maybe only 1 or 2 heavy hitting devices at any point, but around that many devices with an IP address and sparsely issuing requests. Reasonable power consumption and noise level.

Electricity is expensive here, I'd rather stick to an under 20W budget and have it not involve dusting off an old PC tower. Decent usability. I don't care if configuration is done via GUI or CLI, but I would like all of my use cases to.actually. be supported.

Not one guy on a forum or some 5 year old outdated wiki page with 'put this config file here and that one there, type these 3 magic commands,.boom.' .

'Enterprise' reliability. I know that's a misleading term, but I'd like a product that is professionally polished and with a company that backs it up.NICE TO HAVE:. IPv6 support (Comcast centric currently, so DHCPv6-PD), with inbound control.

I would like to be able to grant inbound IPv6 routing by rules on a per-host or per-port basis. Some QoS / traffic shaping ability. Would like to be able to enforce some level of fairness so a user with heavy traffic doesn't drown out someone else trying to stream a video, as well as the ability to deprioritize a guest network over the primary network. Support for VLANs, so I can put my less locked down hosts on a different VLAN, and support finer grained guest networking. Intrusion detection / prevention and other alerting/analytic ability.

I'm not running an ISP and I have a reasonable expectation that my computers do not have worms. But I would love having alerts about new MAC addresses seen on my network, or unusual traffic levels / access patterns on various hosts.Thanks in advance!

Thanks for the info about the hardware supplier, toby! Ck2 holder is of wrong holding type. I'm definitely considering bringing my own hardware but can't decide if it's worth it one way or the other. I don't have any computers lying around that could be a firewall host, so I'd have to buy new hardware anyway.

And considering I'm pretty close to the 50 IP limit already without anyone over, and that I'm interested in turning on IPV6 which allegedly doubles the number of IP's, the home edition would only be a temporary solution before I need more licenses again.(And I presume at that point, it's not substantially cheaper than buying hardware). Thanks for the advice! The Netgate APU4 is on my short list as my free approach. I am familiar with pfsense and have used it for basic things before, it's just the UI isn't nearly as user friendly or extensive as Sophos, who managed to package a lot of functionality into an easy to use interface that simplifies setting things up.I've been evaluating both Sophos Home and pfSense in a virtual machine environment, and still am leaning towards Sophos. The question is whether to run it on my own appliance or buy one of their ready-made ones.

I noticed that higher up Sophos models cost more per year for full licenses — makes me wonder what the cost is for licensing the full version in your own appliances beyond 50 IP's.Does anyone have advice on appliance sizing for the SG105 vs 115? I presume if I want to segregate into VLANS with a run of the mill layer 2 VLAN aware switch, then I'll have to pass through up to gigabit traffic through the firewalling appliance, where IPS/IDS bandwidth might need more horsepower.

Thanks, everyone! I ended up using a mid tier Mac Mini (for its combo of energy efficiency, compact form factor, and processing power) to run Sophos UTM Home under a VM. It firewalls gigabit - gigabit without even breaking a sweat, and barely uses 2GB RAM at any given point in time. I think in retrospect the SG105 would've been more than enough, and if I were to redo the whole project I would probably just go that route.I did end up hitting the 50 IP limit because I changed the IP numbering a few times, and that ended up making the licensing think I had twice the number of hosts as I did.

I ended up reinstalling and reconfiguring with the right numbering and I'm just barely under the limit (35 active IP's so far). IMO Sophos should consider either increasing the number of IP's for the Home Edition, or at least offering a reasonable upgrade license for home users. I'd gladly pay the equivalent of $100-150/yr for the equivalent of Home Edition with more licenses. However, that's only possible with the SG105 appliance. The price for 75 IP's on a virtual appliance is something like 10x that amount!I actually did find the essential firewall edition fairly nice, so that's an option too.

Overall though, the Sophos UI is REALLY nice. It's well thought out, clean, easy to use, and with contextual help at all the right spots. I am super impressed.So now I have to decide whether to return what I bought for this setup and get a SG105 appliance, or try to stay under the IP limit or downgrade to Essential Firewall Either way, I'm loving this setup and would recommend Sophos to other power home users. Thanks Michael!In fact, just installing ASG onto a machine / VM will start you off with a 30 day trial of the whole product. And then you can either get the Essential Firewall unlimited license for free, or the Home Edition. This is pretty awesome, and I think both are great products.I just wish that Sophos had a way for power users to pay for more home-use IP's at a reasonable price. The licensing scheme on the low-end appliances seem a lot more reasonable.Thanks everyone for your input!

I think I have all the info I need now:).