In an earlier article, I "reviewed" 4 different Open Soure UTM (Unified Threat Management) products, and 1 closed source (but still free) product. While not necessarily Open-Source, it still fits well within my "Zero-Cost" Proof-of-Concept. Here I will cover my experiences with actually installing it on an old desktop PC, configuring, and configuring it as a firewall.
The install was a piece of cake... Boot off the DVD and follow the on-screen instructions. I was so surprised with how quick and easy it was that I didn't quite realize that it was done. To be quite honest, I thought the install process had crashed when I saw it rebooting. But once the login prompt came up, I knew the install was successful. The login prompt tells me that the rest of the configuration is done through their WedAdmin.
For those of us familiar with Checkpoint and it's distributed system, this WebAdmin is a pretty big change. Once you familiarize yourself with the WebUI, it is actually very reasonably well set up, but it can take a bit of getting used to.
Navigating the WebAdmin took a little bit of getting used to (in fact, it still takes me a few moments to remember things when I open it up). But eventually I managed to get a few network definitions, VPN Users, VPN Connections, and some firewall rules all set up. Since my 9-5 job is with Checkpoint, though I try not to, everything seems to be compared to agains Checkpoint in my head.
A nice PLUS for Sophos vs. Checkpoint is the "HTML5 VPN Portal". This is very similar to Checkpoint's Mobile Access Blade (MAB) page. The plus for Sophos here is that they have some built-in "clients". So for example, with Checkpoint's MAB, you can define a variety of VPN Connections, and resources behind the firewall, but the VPN Client PC needs to actually have the client app installed on it. So for example, I can define an SSH connection to an internal resource, but the client PC needs to have an SSH client of some kind. With Sophos however, they have built-in HTML5 clients, so when I give SSH access to an internal resource here, the client PC has no need of any SSH client, the HTML5 VPN Portal has the client built-in. It has clients for the following types of connections: RDP, HTTP/S, Telnet, SSH, and VNC. Another plus for Sophos here, is that when you define these connections/applications, you don't need to define any additional rules in the firewall rulebase to allow these connections.
The HTML5 VPN Portal is a nice feature. I got a couple of basic apps set up, SSH and VNC to an internal host, and I can say that it works great! I have been able to access my internal resources in this manner from just about everywhere.
So far, Sophos seems to live up to the expectations I got when I checked it out in a Virtual Machine.
The next task, will be to burn-in the hardware, make sure the hardware is as reasonably sound as I can test it, and actually put it into "production". Since this will require some physical reconfiguration of my home network, this might take a little while, but it is certainly my next step here. Stay tuned for further writings on this subject!
