Review: Sophos UTM 220

The initial setup proceeded about as we expected. We first set our workstation IP to match the system's default LAN network, then logged into the web interface with a default username and password.

We were presented with a one-page form where we specified a host name, administrator password and device location data. (Curiously, all fields were required, including the location city and country. We discovered later that those values are used to generate a root certificate for the product's encryption features.) After accepting the device end-user licence agreement (EULA) and submitting the form, the device performed a quick reboot and then launched a 10-step setup wizard, where we installed our licence file, configured our LAN and WAN interfaces, and made some simple selections to establish a basic rule base for the firewall and content filtering systems. Finishing the wizard initiated a final reboot, and at that point we were ready for fine-tuning. Overall, the initial setup from unboxing to basic configuration took around 10 to 15 minutes. 

The UTM 220 has eight freely configurable network interfaces, providing plenty of space for WAN, LAN and DMZs. It can be easily managed with its excellent web interface, or clustered and centrally managed via the As taro Command Center software. It supports link aggregation and bridging, and offers border gateway protocol (BGP) or open shortest path first (OSPF) as routing protocols. Several types of authentication servers are supported, including LDAP/Active Directory, Radius and eDirectory.

A standard category-based content filter is provided, with support for user/group-centric rules and white/blacklisting. SMTP and Pop3 proxies can be enabled, with S/MIME and PGP encryption options available for SMTP. The product also provides support for SIP and H.323 protocols, dynamically opening ports based on activity in the control channels of those protocols. It contains a signature-based IPS and web application firewall, with numerous VPN options ranging from a standard IPsec tunnel to Amazon Virtual Private Cloud integration and a HTML5 SSL VPN. 

Sophos extends its perimeter protection to the endpoints. By installing a workstation agent, the UTM 220 can provide centrally managed AV protection, as well as limited control over predefined storage, network and short-range devices.

The logging options on the device are impressive. Syslog is naturally supported, as well as log archival to FTP, SSH, SMB shares or email. Numerous charts are available and live scrolling views of all logs are easily accessible. 

The documentation was more than adequate. A short quick-start guide is packaged with the unit, which provided all of the information we needed to get started. Well-designed administrator guides are available for the device itself and the optional Astaro Security Gateway central management software and both feature bookmarks, hotlinks and screenshots. They are clearly organised, easy to navigate and downloadable from the support website.

Sophos offers a number of support options, including 12/5 and 24/7 premium phone and email help. There is also a user support forum, FAQ section and online knowledgebase, which includes a number of how-to videos.

The UTM 220 is priced at £1,175 for one year, £2,640 for full guard (all subscriptions) and premium support is a further £285.