Running UTM in a VM works great. One caution is that you have an unsecured connection coming into your VM Host - I just prefer the separation of incoming connections to my internal systems.

I hadn't seen you can run Synology on a VM - that's cool.

Aaargh - Know what most of this stuff means but have never implemented it and wan tto. I'll keep monitoring and check back in late April. Have a severely underutilized synology that I would love to learn more about.

Updated links and prices... looks like NetGate ramped up the pricing...

APU1D4 System Board $145
PCEngines Red Enclosure $10
MyDigitalSSD Super Boot Drive mSATA SSD 64GB $49.00
Sophos UTM Home Edition $Free

anybody have experience with the Sophos RED (remote ethernet device) boxes?

I am seriously looking into getting a SG210 for my main office just so I can use the RED boxes at a couple remote location.

I have had not so good luck with the red devices with several clients and have ended up pulling out almost all of them for the full UTM with a VPN. The issue is if the main site goes down so do the remote sight depending on how you set it up.

This is what I've done for my least tech-savvy friends and customers that MUST use a desktop or laptop and cannot use a tablet. ElementaryOS LINUX on their old Windows XP box--no fancy devices and no antivirus subscriptions. Very little training time, and they get to use the same hardware without having to buy new stuff for Windows 10.

The number of "help me, I've got these weird pop-ups with naked ladies" calls has dropped to zero. They can still shop on Amazon and watch videos on Hulu (albeit the Flash Player setup with HAL for DRM is a pain, so I steer them towards set-top-box appliances for TV streaming like Roku, etc.) and do schoolwork using LibreOffice for Word documents.

ElementaryOS has been recently surpassed by Linux Mint lately for it-just-works-right-out-of-the-box setups.

that makes perfect sense if you are using the RED device to route all traffic, intranet and internet, to the main site, that if the main site goes down that the RED device loses all connectivity.

I see that you can run them in split-mode so that only intranet traffic is set to the home base and internet traffic goes out the on-site router.


initially, I am just planning on putting some remote printers and IP phones behind the RED device at some home offices so I think I should be OK.

for something more advanced where I would have servers and clients, then yes, going with a full UTM would be a better solution.