Overview
Sophos Cloud UTM9 Auto Scaling is an AWS Security Competency approved NextGen Firewall Auto Scaling solution that helps customers with their shared security responsibilities by offering multiple layers of protection in a single solution that scans, controls and reports on traffic entering and leaving a VPC.
Security features include a Web Application Firewall (WAF), a pre-tuned and automatically updated Intrusion Prevention System (IPS), an Outbound Web Proxy/ Layer 7 Application Engine to protect and control connections to the Public Internet, an Advanced Threat Protection engine to identify and block unknown and evasive threats, and VPN Gateway features to securely connect remote sites and users. The UTM9 NextGen Firewall solution also provides detailed logs and reports which can be viewed on system and/or exported to the AWS CloudWatch Logs service and any Syslog compatible device.
Sophos provides a CloudFormation template to easily deploy the Active/Active solution across multiple Availability Zones while integrating with key AWS services such as Auto Scaling, CloudWatch, and S3 to comply with AWS Best Practice guidance on secure architecture. UTM9 Auto Scaling also provides Outbound Gateway which provides for secure, scalable outbound traffic protection, and a secure REST API to automate configuration.
Part of a complete cloud security portfolio. A selection of Sophos AWS Marketplace offerings is included below, while more can be found at www.sophos.com/cloud .
- Sophos UTM Auto Scaling: https://soph.so/utm-autoscaling-payg
- Sophos UTM Standalone or HA (Free Trial): https://soph.so/utm-payg
- Sophos XG Firewall Standalone (Free Trial): https://soph.so/xg-firewall-payg
- Sophos Cloud Optix (CSPM with Free Tier): https://soph.so/cloud-optix
If you have any questions about Sophos solutions or if you need assistance with deployment or configuration, please contact the Sophos Public Cloud team at aws.marketplace@sophos.com .
Highlights
- Control infrastructure and security costs by combining multiple security tools into a single, easy to deploy, scalable solution.
- Web App Firewall (WAF) protects your web apps against common threats like SQL injection and Cross-Site Scripting. Next-Gen Firewall protection and reporting with stateful traffic inspection, Layer-7 application control, secure proxies, and IPS.
- Outbound Gateway (OGW): automatically scale up or down for outbound network packet inspection, or URL filtering and whitelisting to help ensure your applications are accessible only to authorized services.
Details
Features and programs
Financing for AWS Marketplace purchases
Pricing
Vendor refund policy
Terminate the EC2 instance(s) or delete the CloudFormation stack at any time to stop incurring charges. You may email aws.marketplace@sophos.com for questions regarding Sophos UTM charges and refund requests.
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
Auto Scaling using CloudFormation
This CloudFormation template allows you to deploy Sophos UTM in an Auto Scaling scenario to automatically scale up and down with your application in AWS. The template will deploy three EC2 instances: one EC2 instance hosts the UTM Controller used for administration, and two EC2 instances host UTM Workers used to inspect traffic. The UTM Controller resides in an Auto Scaling group and stores configuration details, logs, and reports to an S3 bucket. The UTM Workers reside in another Auto Scaling group behind Elastic Load Balancing (ELB) and automatically increase the number of UTM Workers during demand spikes to maintain performance and decrease the number of UTM Workers during lulls to reduce costs. The UTM Workers use the configuration file stored in S3 to launch new UTM Workers for Auto Scaling and to propagate configuration changes via notifications from Amazon Simple Notification Service (SNS).
Sophos UTM Auto Scaling also offers an additional layer of security called Outbound Gateway (OGW) which allows customers to inspect and scale security based on outbound connections. OGW works by deploying gateway instances into VPC subnets (both local and remote) that forward all traffic to UTM workers via Generic Routing Encapsulation (GRE) tunnels. OGW provides failover across Availability Zones (AZs) and supports VPC peering to allow you to direct all application traffic to a Shared Security VPC.
CloudFormation Template (CFT)
AWS CloudFormation templates are JSON or YAML-formatted text files that simplify provisioning and management on AWS. The templates describe the service or application architecture you want to deploy, and AWS CloudFormation uses those templates to provision and configure the required services (such as Amazon EC2 instances or Amazon RDS DB instances). The deployed application and associated resources are called a "stack."
Version release notes
Additional details
Usage instructions
You can manage your Sophos UTM on AWS from the Web Interface using HTTPS (TCP port 4444), the command shell using SSH (TCP port 22), and via the RESTful API.
Sophos UTM requires a valid email address for administration purposes. This email address is not used for any other purpose and remains local to the Sophos UTM AMI. Please refer to the Sophos Privacy Policy for more details. https://www.sophos.com/en-us/legal/sophos-group-privacy-policy.aspx
Sophos UTM on AWS Quick Start Guide https://www.sophos.com/en-us/medialibrary/PDFs/documentation/SophosUTMAWS.pdf
For additional information about deploying on AWS please see: https://www.sophos.com/en-us/support/documentation/sophos-utm.aspx
Resources
Support
Vendor support
Sophos provides technical support via phone and web portal as part of your BYOL subscription. Phone: +1-844-591-2756 Web portal:
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Customer reviews
Don't even know it's there
Easy to administer Firewall for small AND big business
Many features
Stable and reliable product
A lot of community support possibilities
CLI complicated
Sophos UTM Review
Network protection
Wireless protection
web protection
No support for earlier versions
Complicated system