We primarily use this solution for:
- VLAN separated network
- Proxy / SSL-Interception
- VPN (IPsec and SSL)
- Reverse Proxy / Webserver Security
- Email Security / Mail gateway
- HA (Hot-Standby)
- IPS / ATP
Sophos UTM was previously known as Astaro.
Download the Sophos UTM Buyer's Guide including reviews and more. Updated: January 2022
We primarily use this solution for:
This is a very good security solution for SMB, so this solution is a good fit for many of our customers.
We find all of the features valuable because together they fit the needs of our customers.
We would be happy with fewer new features over the same time, but with more stable updates!
We would like to have unique viewable IDs for rules and in the packet filter logfile, for easier debugging of old log files.
Sophos UTM shouldn't die.
We use this solution for IPsec & site-to-site SSL VPN.
My environment involves connecting all of our branches with the head office through one Sophos XG 210 device. This is done using IPsec and SSL VPN, after which we apply a web filter, as well as an application filter to ensure that we are getting a secure connection.
It allows me to easily connect with more than forty-five remote sites and more than fifty remote users between IPsec and SSL VPN, applying the web filter and application filter to ensure a secure connection.
This solution also gives me varieties of VPN policies for good data encryption.
The most valuable features of this solution are:
I would like to see the SD-WAN feature improved. I want to manage many lines and load-balance them, getting high availability by making SLA tests according to:
I switched to Sophos as it is more reliable.
This solution is less expensive than FortiGate.
We did not evaluate other solutions prior to choosing this one.
I use this solution in both the home and office, and I am also a reseller of the product. It is used for Unified Threat Management for SMB to Mid-Size companies. It provides VPN solutions for our clients, and it has the absolute best UI in the industry.
This solution makes remote support of clients extremely easy and flexible. Modifications can be made in minutes. New definitions of network objects, users, groups, etc. can be made from anywhere in the UI.
The most valuable feature is the user interface, which is flexible, powerful, and easy to understand. Configuration troubleshooting is eased by the use of the color-coded, live firewall log. Live logs for most features are also available.
Support for IKEv2 is needed in this solution. But, the handwriting is on the wall that Sophos will probably stop development in favor of their XG Firewall. No timeframe on that yet though.
We have been using this solution since it was the Astaro Security Gateway (/products/sophos-utm-reviews ).
We use this solution for communication endpoint, encryption, and network security. We are focused on providing security software to the small to mid-market enterprises; the essence of our delivery is internet security.
The features that I've known to be the most valuable are both the web security features as well as the web firewall capabilities. As a partner of Sophos firewall, we have some clients that are using Sophos firewall UTM and we use it as well.
One additional feature that should be included in the next release is
synchronized security, which would enable all the security to work together as a system. Another suggestion is to add advanced threat protection (ATP) to defend against sophisticated Malware. Seeing these additional improvements would be a great thing going forward.
The product is stable. It's a product that our clients are able to use and enjoy. We haven't had many complaints about the product at all. Internally we haven't experienced any problems.
The scalability is also fine. Currently, we have 20 employees using the product to date and only one employee needed to maintain the product. At the moment we don't have any plans to increase usage in the company. Not now, next year maybe.
We train our employee's on technical support. I don't need any outside technical support.
The only time we faced a problem or issue is when we place a ticket. We have found that the response is very slow. That seems to be our biggest problem.
We previously used Cyberoam but Sophos acquired Cyberoam. That's why we migrated to Sophos.
The initial setup was done with our engineers, they also set up that server firewall. The setup was straightforward.
The deployment took one month. We're a support base reseller. Our in-house team took care of it. We don't use anyone from the outside, we can deploy the product on our own.
Everything involving pricing and licensing is maintained by our Bangladesh Sophos country managers. The pricing is okay and the licensing is also included in the price.
Sophos UTM is a good product for security purposes and maybe if Sophos provided another company option to implement their products then I would say that Sophos UTM is great.
On a scale of one to ten with 10 being the best, I would give this solution a nine out of 10.
Protected it against malware and allowed us to serve our servers safely.
Application layer filtering.
Setup: Getting an exchange server to work behind Sophos is incredibly difficult with rules invoked that are simple numbers (e.g. 9054).
We are partners with Palo Alto and several IT certificate vendors, like Sophos. We deploy Sophos UTM for customers.
Internally we use Sophos, but we deploy solutions including both Sophos and Palo Alto Networks to our customers. We are an IT integration company. Our services include the deployment of security appliances.
Our environment includes Sophos UTM for internal use, which means it is protecting the network. It is protecting our environment.
We publish our services like the help desk, mail server, and other servers. Sophos UTM offers us protection for publishing and the VPN.
When we started with Sophos UTM, we were using Microsoft Threat Management Gateway (TMG) which formed part of the firewall. It's not anymore there, it has been discontinued.
Sophos UTM is an SSD appliance. It has a solid state hard drive and can boot in less than sixty seconds. It is an appliance that has more stability than software solutions. It all depends on which hardware you have installed.
Sophos UTM has improved the porting section. It has improved security by seeing the gaps. For example, when you discover that an entry has been using a certain application, with Sophos UTM acting as a Layer 7 firewall, you can block the application, not the port.
In the application firewall, you can block the next update for Bitcoin or for Facebook. It has settings to block a port or wifi or just block the application and firewall. Sophos UTM will be able to detect the application type and filter network users.
Sophos UTM did help us a lot on the throughput of the internet because at that time we were using ADSL. Now it is fiber, which means we are able to manage the throughput of the firewall by also putting the quality of service first.
For example, we are able to configure 2MB for YouTube or 5MB are guaranteed for the service which is published. In the past, with TMG you had to buy third-party tools that also did not have the same functionality.
Currently, Sophos UTM and XG are helping our customers. The features available in the UTM and XG are a combination of all the firewalls in the market which means all the features.
The IT Admin or IT Security in any organization would like to have Sophos UTM because it is full of all the features you think about for enterprise.
Sophos UTM normally will deploy a batch or an upgrade and add more features, every six to eight months based on the RMD.
To be quite honest, from my personal experience all the features of Sophos UTM are useful, which includes publishing templates and the ease of publishing any servicing needs.
From the VPN side, all the VPN protocols are available so you can choose from SSVPN to PPTP to other versions of VPN, and it's easy to deploy within minutes.
The firewall includes very good logging where you can see what's hacking your network. The IDS and IPS settings are based on your reliance and also alerts you if there is an attack.
We're happy with Sophos and we also have an XG version being used for other services, because we are a company that provides services. We have two versions, we have the XG and the latest one.
The Sophos UTM which is the previous version but still being in production is our main firewall for the company.
We happy with all the features, we have no negative comments on any of the features except that the XG has more ability to block based on countries.
On the previous model, the blocking of countries we had a problem with, i.e. if you use the NAT feature, you can't block countries. You have to enter the IP network.
With the XG version, you can just select when you publish via NAT not via WAF. You can select the countries.
That is the only difference between XG and the UTM which we did not really like, but other than that its all cool.
There is definitely room for improvement with Sophos UTM. For the SG version of Sophos UTM, they can add blocking of countries in the NAT section, not only in the firewall section.
When you are mapping, they should also add the ability to block countries in that section. That's not available right now. It's only available in the firewall if you want to block incoming traffic.
With Sophos UTM, there is a general rule in the firewall when the country blocking can block some countries from accessing your data. In the current version, you still need to add it by putting in the IP range.
This feature would be helpful for administrators and it gives them the advantage to block stuff in less time.
The web filter needs additional enhancement but that's the point of the XG upgrade. If they're going to continue with the production of the XG, then they will not add the same features to the basic version of Sophos UTM.
With the ability of the hardware, we haven't experienced any problems with Sophos UTM so far. Neither have our customers.
At the beginning of the XG version, three years back, they had hardware issues. After that Sophos deployed division two, three, and four as hardware appliances.
Sophos fixed the hardware issue for the lower models, i.e. the 525, the XG 125, and the XG 85. All of the larger Sophos UTM models were fine.
Now, all are stable, all are fine. We haven't seen any crash. One of our customers had a DDoS attack. Since he had the proper rules, we did not record any incident.
Sophos UTM blocked the DDoS. Although it is not a dedicated anti-DDoS solution, Sophos UTM has the features.
Sophos UTM is stable. I haven't seen any claims or issue tickets from our customers regarding stability.
Sophos UTM has different aspects. If you have an HA distribution, high availability, you can scale up.
When you go and purchase Sophos UTM, you have to plan and say what the environment is. This planning has to be done before buying. If you buy a small appliance and after two years, you are 50 or 70 employees there are upgrade options.
It should be between you and Sophos. They can give you a free appliance if you subscribe for three years on subscription, for example.
If you have an existing subscription and you want to have HA, this means another device has to be set as redundant. The only downside is that it has to be the same version and the same model.
In my company, we have around 35 loyal customers. These customers have purchased and are redeeming Sophos UTM with us. Altogether, we are 55 employees. Most of them are at the office. Concurrently around 35 others are on site at other clients. We have around 35 servers.
We have the published Sophos UTM on the main server, help desk, share point, etc. We've got around nine published services, plus 10 VPNs running concurrently for our support engineers to connect and work on our internal infrastructure for the allotment servers.
We have 50 Sophos UTM installations at least that are actively browsing, downloading, and being protected by the web filter and other features there.
It depends on the organization, but for us we only require one person to manage this solution, even working remotely at home.
We don't have much need to speak with the vendor because we are educated and experienced with Sophos UTM. We are an integrator company.
For our customers, in the beginning, we give them training. After a week we do expect to have some calls because they are not yet educated or they're not yet used to it.
After that, that's it. They already told us if they are ready or not. Sophos' support is better than others because Sophos also can sell endpoint solutions.
If one of our customers has an issue and Sophos did support and send their team for the investigation it could be conflicting.
For example, one of our customers had an endpoint which is an antivirus and they had an issue. We have teams that were actively taking care of the customer based on our relationship with the client and their Sophos UTM device license.
We have no comment on the Sophos UTM support which we have seen at our customer sites because it was only with a government customer.
The customer told us that the Sophos UTM representative mentioned that they wanted to have the vendor take care of this issue.
Other than that, I have had no negative experiences with Sophos' technical support.
The initial setup of Sophos UTM is straightforward for both versions, the XG & UTM. In addition, they both provide a proper manual.
In the beginning, seven years back, Sophos UTM wasn't straightforward for beginners. You had to be already excellent in security. Now, it is very easy because you install the IP address, you log in, and you do the initial setup by routine.
These days its much easier than in the past but not everyone that has a firewall is secured. If you do it properly by choosing the right network, the right topology, and the right firewall rules, Sophos UTM will work.
There are orders for most of the rules. For example, if you put a deny rule below an allow rule, you are not going to have the proper result.
Sophos UTM requires knowledge. It's easy to deploy but also there is a responsibility on the person who is deploying to understand.
You must have the knowledge of security and networking, to make sure that the solution is working properly. Sophos UTM is very easy compared to other vendors somehow.
In our environment, we have defined previously the VLAN rules on our sheets because we had another firewall. In the beginning, we just copied the current rules and then enhanced them slowly so deployment took place quickly.
After fixing the appliance physically on the rack, it took one hour to be up and running and ready based on the rules. If you are a small environment that would take you less than 20 minutes.
It all depends on how many rules you have, how many demands, how many users, and public services. For example: if you have five websites, the main server, and a starter business, you might need more time because you would need to define the rules properly.
It all depends on how complex your environment is. Sophos UTM is easy and straightforward for me and for somebody who is certified on security levels.
We haven't opened a ticket with Sophos for 60 days, but we still have support. All our customers use us as the first level of support, even if they have to chase it.
Sophos UTM comes with a license. We are very aware and updated on Sophos solutions. We have good experience with it.
Although we sell other solutions, we are looking forward to building, selling, and integrating Sophos XG/UTM versus other vendors because of the ease of use.
We are more focused now. Our entire team is certified in Sophos Enterprise, while other vendors would likely still have just one or two members who are certified.
We feel more comfortable using Sophos equipment and solutions.
I can't mention anything on ROI because I'm more focused on the technical part. I'm not needed in the financial part. In our company, we have saved bandwidth and lots of network hardware waste.
The Sophos UTM solution did help us because we were depending on a software base from Microsoft. Microsoft is a great company but they are not great for our security. Now they have improved. When you go out and buy something, buy it from the specialists.
For example, if you go for virtualization, VMware is a company that only does virtualization. Go for specialized people. Don't go for people who are doing everything at once.
It's like when you go to a physician or a doctor and you have a problem with certain things. i.e you have a problem with the bones. Go to the doctor that is specialized in the bones, not a general doctor.
The Sophos UTM license is annual or you have a choice for a two or three-year term.
The Sophos UTM licensing is based on if you have an appliance. There are several layers of subscription you can take:
There is a huge price list. The prices in the MENA area (the Middle East and North Africa) is completely different than North America.
The products are completely different in the MENA area from the United States. Each region has its own scheme of pricing based on the VAT and the tax refund.
The price might be different for the people who are in the United States and the UK.
After you select the level of subscription, you pay once.
We tried and tested Fortigate from Fortinet. We tested several appliances about six years back. Not Palo Alto at that time, only Fortinet.
We evaluated other open-source Linux software but not appliances. We decided to go with Sophos UTM based on several factors related to the tests we did at that time.
Evaluation is very important so that you can see what are you buying and what you are going to face in the future.
My recommendation is that businesses should go for the XG version, not the SG because the XG version of Sophos offers next-generation firewall support and has more improvements.
Sophos XG is the next generation firewall that is not available on the UTM version. The difference is in the features between the two and how you deploy them.
Sophos XG version covers what is in the SG version plus additional bonuses: the dashboard, the heartbeat between the firewall and the input, etc.
I advise first evaluate, know your network, know your needs, and plan for the upcoming two or three years before you purchase.
Get in touch with the vendors because these days every vendor wants to sell. They are willing to help the customers and willing to show them what they will get.
Make sure you evaluate properly many platforms. Don't just go with one vendor. Go with two or three vendors. Evaluate and then short-list and choose the best for you.
The rating has to have criteria:
Sophos SG has provided us with the tools to protect our networks, detect malicious activity, and customize security to our clients' needs.
Our primary use case of this solution is IDS and IPS. We also use it for application availability.
The most valuable feature is the IPS. It also protects us from malware.
The solution could be improved by adding cloud soundboxing.
The stability is OK.
The scalability is not something I have experience with because our organization is pretty lean.
I have not used technical support.
It was easy to set up and quite straightforward.
When considering a new solution, I always make sure that there is good technical support. Also, the pricing is an important aspect.
A client wanted to trial Sophos UTM 9 before deploying it into a production environment because, historically, Sophos has not had the best of reputations in AWS. The client had used Sophos in other environments, hence they wanted to stick to what they know.
The solution allows the client to use cross-region AWS VPCs to connect remote dev offices.
Classic defence in depth, with layered features.
Nothing out of the ordinary these days, but the fact Sophos has such a big name and good support was a big plus for the client who already had a relationship with Sophos support. Also, auto-scaling of UTM workers using EC2 is a nice and handy feature.
UTM 9 brings along IPSec as well as iPhone and iPad support. This seems small but it’s useful.
Finally, Cold Standby CloudFormation script to one node, with persistent info in S3, is a convenient feature.
We procured this solution via the AWS Marketplace because of BYOL (bring your own licence). That was the driving force behind the choice. In addition, they had test and production environments in AWS already so it was easy to get a sign-off.
We didn’t find any issues but I know there have been some in the last few years. I can’t comment about Sophos on AWS previously but they seem fine now. There were no problems for our client so all I can comment on is the experience they had. I think it’s taken a little while for Sophos to get experience in solving problems with their product in the AWS environment, but they do seem to go the extra mile.
This solution rates an eight out of ten, based on our experience. Support was good. You will always find problems with installations so it does hinge on support.
Threat management for servers is our primary use case. We're not using it on all workstations, just a few. We're primarily using it on servers.
The version we're using is fully in the cloud, not on-prem.
We don't have to worry about viruses anymore. Before Sophos, we didn't have anti-virus at all because we're a newer company and we're just now starting to get into business-level stuff. When we installed it on a few of the users' machines, we saw that they did have very minor infections - they downloaded something they shouldn't have, something that could have hurt the computer. We were able say, "Well, we're glad they didn't click on that."
The isolation of infected machines is a big feature. Also, the ability to detect external sources that change files on a file server is really big.
The third key feature is something called EDR. It's a type of advanced file analysis. If you aren't sure what a file is you can click on it and it will upload a sample to Sophos and it will respond saying, "That's malicious," or "Not malicious." You can see every individual file and registry key that that file has ever interacted with, and what they did. It will show you every single thing it's done to the machine so you can clean up everything or check everything that it has ever touched. You don't have to worry about, "Oh, did I clean everything up?"
It does have built-in policies which enable you to disable USB devices, etc. It would be nice if they had more policies because there are not that many of them.
In terms of stability, it's definitely top-notch, a market leader. The ability to do things and the availability of it being online aren't an issue.
It seems very scalable. All you do is install the client, and it pulls it in. You don't have to actually have more Sophos servers running. It all goes back to their central, cloud-based platform, which is nice.
I haven't had to use Sophos' technical support.
The initial integration and configuration of Sophos in our AWS environment was incredibly easy. They give you a license key and a file. You download that file on the operating system type that you're trying to install it on. Install it and it's done. There's nothing else at all to do. It gets auto-configured for you.
We haven't seen ROI because we just got it two or three months ago. Over time we will.
The biggest issue with Sophos is the pricing. It's definitely more expensive. We looked at Webroot, which is a big alternative, and Sophos was almost three times the price of Webroot. That's a pretty big difference.
We actually went with both Webroot and Sophos. We went with Webroot for most of the client machines. We're only using Sophos for the servers and the really important client machines, like the ones the managers use. That way, we can split our cost up a little bit.
We looked at Webroot, primarily. That was pretty much the only one we evaluated that was even close to being a competitor. We did look at a few others, but we didn't even do the trials because \Webroot and Sophos offered so much more.
Webroot seemed really nice for Windows, but we have a lot of Macs. Our servers are Windows, and we definitely went with Sophos for the servers because it has a little bit more capability with Webroot.
An example would be that if you have a file server, it will actually detect if a source is changing stuff on the file server. Suppose that a client was connected to them. That client wouldn't even need protection. Sophos is smart enough to understand, "Hey, a client just uploaded this virus." Webroot wouldn't do that. Sophos also lets us do full isolations of the servers or workstations. So if something gets infected, we can isolate that machine with the click of a button, clean it up, and then release it back into the network. That's not something Webroot was capable of handling either. Those were two big things to us because both of those features stop viruses from spreading.
Everyone's going to get infected at some point. We just want to stop the spread as soon as possible.
If you're running a full Windows-based shop you're going to have a lot more options, so make sure you shop around. If you're running a Mac-based shop like we are, Sophos is definitely the way to go. Just make sure you can afford it.
Regarding how well Sophos integrates with other products, so far we haven't integrated it with anything. We have it on the servers and we have it scanning our Amazon accounts, but that's it. The integration with Amazon is cool. Maybe they could work on that because it seems like a newer feature. You can see what's available but not really do anything yet.
For the features, how well it works, and how easy it is to use, I would give Sophos a ten out of ten. Overall, I would give it a nine because it is very costly compared to all competitors.
Our datacenter cloud services such as email, and web services for internal and external use, had to be protected with different systems and the web services where left really unprotected, since we used an standard IPS/IDS to protect ourselves from web attacks (from the outside) which nowadays are really sophisticated. Also, we had to employ many work hours to have a protected, standardized network. With Sophos EndPoint and Sophos UTM, we simplified and also protected our network at the same time, with less work force.
The web filter and the ATP (Advanced Threat Protection) are great and easy to manage, and the integrated WAF (Web Application Firewall) allows the administrator to seamlessly protect HTTP/S services without having to pay thousands of dollars. The just introduced Sandstorm system for protection, is awesome as well.
Sophos UTM has many improvements that I would suggest, but the main one is for the Application Control to be managed with users as well, and with timeframes (schedules) for the administrator to allow certain apps outside an specific timeframe, or vice versa.
No issues encountered.
The scalability is awesome as when you need the network protection systems to grow immediately, you just activate and license the exact same box, and configure it in cluster mode for Active-Active mode in Cluster/High Availability.
This is where Sophos vendor outclasses every other vendor. They have grown so much throughout the last four to five years, but they have grown as well in their capability to attend support cases. We've had some really advanced cases, and we have never been forgotten or left behind.
We used a commercial product, Untangle, with our own brand called Rhino Box. Untangle did not invest in the development of features as we expected, such as the adoption of IPSec VPNs (they had it but very limited), and IPv6. This was what made us do research for our SMB/Enterprise market offering. We tried out Sophos UTM (recently purchased as Astaro UTM) and it was really easy to deploy and came with Sophos Support, which is awesome.
The initial setup is straightforward. Sophos brand is well known in the market for being a unique and powerful tool that is simple to deploy and manage. This is what makes it different from any other vendors. The Sophos UTM, comes with a deployment "Wizard for Dummies" since it show the wizard at the initial setup, and in less than three minutes, you can have your box up and running. Also for Policies deployment, you are clicks away to customize your security settings.
We always deploy by ourselves, so that way we can test how the customer will see the initial implementation. Our main advice, is to read the manual, and follow the wizards that comes with each tool. Also, it is strongly recommended to have a professional firm contracted for the initial setup, and support, as we are, to can design, and help with any kind of implementation issues.
The ROI is in 12-16 months, since with this kind of tool, we deliver the best of breed protection, and increment the focus of the end user, in being productive.
I recommend you get the three year licenses, since Sophos offers three years for the price of two. I would also recommend that you acquire any Sophos Licensing with Professional Services added, that way, you'll have the best experience possible.
They have supported our business venture since 2010, and will do for many years. We have studied closely the different product portfolio, and each one of them, are carefully developed.
As we are a solution provider and not product oriented, we give the best solution for our customers, with a good price. We are the number one company in the region, BTC, and operate in Egypt, Iraq, Jordan, Lebanon, and Saudi Arabia.
As both a firewall and UTM it's perfect.
No issues encountered.
For me, the customer satisfaction, and awareness, is the most important thing. I usually train all my clients on their chosen system.Technical Support:
As we are a service provider, we offer various other products to our customer:
For me, the installation and setup is simple. I work hard to do the simulation for the customer, and discuss all the requirements before implementation with the client.
In one project I implemented Sophos for was a bank. I had to involve the Sophos team as the client was asking for WAF in transparent mode with HTTPS inspection. They were 10/10.
Prior to Sophos, it was mainly Juniper and Fortinet.
Give us 10 minutes of your time, and we will show you the differences. When I do presentations, I give potential clients demo access to the solution(s) I am presenting.
We replace customers' old and expensive devices such as firewalls, anti-spam, etc. with Sophos, as it has all these features. You don't need four boxes if you can have all these features in one box.
The most valuable features are
There is still room for improvement in wireless protection. I don't mean their WiFi device is bad, but there are still things to improve on, such as WiFi roaming.
No issues with stability.
No, everything works perfectly.
They have consultants who can help you quickly.
You can use the wizard which will guide you through all the initial settings.
Sometimes more is less, meaning if you want more than three features, take the FullGuard licence.
We do not use this on AWS.
Before implementing the SG appliance, completely prepare the rules for your network; know what and where you want to implement.
We were looking for a solution which provided a single view for both a wired and wireless network. We were previously using the Cyberoam 200ia firewall appliance and wanted an appliance which could support 1500 to 3000 corporate users. The solution also required a wireless access controller scalable to at least a 125 second wave 802.11 ac wireless access point. We purchased a Sophos XG 450 appliance with Sophos wireless access points.
It improved bandwidth utilization and provided link load balancing features for internet and intranet lease lines. It also provided good security for internal users.
Initially, there were problems of wireless access points not getting detected and lease lines were getting disconnected after one hour. Sophos replaced the appliance, but the issue was not resolved . The matter got escalated to their international support and the issue was identified as a bug where long distance fiber connections are used over single mode fiber. The patch was shipped by Sophos with a promise to fix the issue in the next release.
Now, the appliance is working fine. The issue of wireless access points was due to some compatibility issues with the D-Link switch. I provided the Cisco 2900 series switches to connect to the wireless access points by creating a separate wireless LAN port on the firewall.
Initially, there were issues with the wireless network as wireless access points were disappearing from the dashboard after some time. Later issues were resolved by connecting the wireless access points through Cisco switches.
No scalability issues.
Support is very good.
We used to use Cyberoam 200ia. It required to an upgrade due to end of life and the changed requirement of its organisation.
The initial setup was complex as different VLANs had to be created for the business network, wireless network for corporate users, wireless network for guest users, and a separate VLAN for the communications network and the VC. QoS had to be enabled for different type of services. In addition, link load balancing was also configured and tested for internet lease lines and intranet MPLS lease lines.
We implemented through a vendor team, and their expertise level was good.
ROI has yet to be calculated.
We purchased the appliance with five years onsite support and licenses.
In India Cyberoam, which has been taken over by Sophos, has a vast support network and loyal user base. Migration to Sophos was the logical path. Further, pricing for the upgrade was very competitive as Sophos wanted to retain existing customers.
I am using it for security, antivirus, and malware detection.
It has helped by identifying threats within the company. If there are computers or servers that are compromised, then we are able to identify them right away in the system.
It can identify threats quickly, then find the affected devices and quarantine them.
It ease of use: The GUI is easy to maneuver through; it is not complicated.
The support needs improvement.
It has been stable. We haven't had issues. It does what it is supposed to do.
Since it is cloud-based, scalability works great. We have around 300 users in our environment.
The technical support only communicates via email. I would prefer to communicate directly with someone.
We also considered Symantec and McAfee. We did not chose them because we had experience with both of them and were not happy with their platforms.
We chose Sophos for its ease of use and it detects malware and viruses that other companies can't detect.
The product works. It helps you identify threats within the environment.
We were able to integrate it with different devices and the installation is straightforward.
We are using the cloud-based version, but it is through Sophos directly. We are not using AWS. A lot of this stuff is also on-premise.
It is used as an antivirus.
They could reduce the price.
The stability is good.
The scalability is good for us. We are only a company of about 400, so it is perfect.
I have not used the technical support.
The implementation with the AWS environment was good.
We haven't had any issues with deployment.
The pricing and licensing are both good and better than Sophos's competitors. This is why we went with the product.
We looked at Symantec, but liked Sophos's licensing better.
Consider the product, as it seems to be one of the top four.
We use the both the AWS and on-premise versions. They are both good and about the same.
We use it for antivirus.
It meets our compliance needs in an elastic computer environment.
It meets our compliance needs for antivirus.
The printed provisioning is the primary thing that needs improvement.
It is a little too CPU resource intensive, so we would like to see improvements there.
We are running about a couple hundred EC2 instances. Overall, the AWS Marketplace product should be a better fit, but it is a little pricier.
When we need technical support, we just engage the vendor, then figure out what our requirements are from there.
The integration and configuration of this product on our AWS environment is a little clunky right now.
The product is a standalone in terms of integration.
Going forward, we need to look at the provisioning pieces and the resource utilization.
The AWS version is easier to provision than the on-premise version.
I am using it to route traffic for developer access or regular traffic for my instances. I have a web application, and I control access to and from it in one of my environments.
All my needs are met at the moment.
Our policy is launch and forget. It works well without any maintenance. So far, it has worked pretty well regardless of the traffic.
The product could be simplified and made more self-explanatory.
I am stressing it quite a bit, and the stability is great. I haven't performed any maintenance on the instances in quite a while now. It works. I am happy because everything works well.
My throughput is moderate versus high throughput applications.
I am always holding a predefined number of instances, so I haven't had any issues.
I have not used the technical support.
The configuration was pretty complex on my side compared to OpenVPN. However, this might imply that Sophos has more use cases and capabilities. It depends.
I am also using OpenVPN.
Partially, for historic reasons, things were built prior to me being able to evaluate stuff. At the moment, we are using both solutions. In terms of pricing, when I need to spin up anything small with smaller requirements, I am using the free OpenVPN instead of Sophos UTM.
Do your homework. Compare products. Use what you need depending on your needs.
We are only using the AWS version of the product.
Our Sophos UTM provides a secure VPN solution. It allows us to have a VPN solution that limits access to certain sensitive areas in our environment.
It has made our organization more secure, because we are using a VPN. We are not accessing services directly. It allows us to segregate some of the traffic for individuals which may be more of a developer role rather than an operational role needing access to developer resources, but not necessarily production operational resources.
Previously, it was all intermixed, and access was kept under control by other means. This makes it easier and more streamlined.
The UI on it could stand a little improvement. In some areas, it is a little slow and clunky. It is sometimes not easy to find something. However, once you get used to it, it is pretty normal to use.
We haven't had an issue with it yet.
Any given day, we have easily ten to 15 users on it constantly, plus some other ancillary services which go across the VPN to access resources in our environment.
It works for what we have, as we only need a couple of them. Scalability-wise, we don't need a whole lot.
We have used technical support one time for a weird upgrade issue. Their response was good.
It integrated well with AWS. The documentation was a little fuzzy on getting it to work with how the whole public exposure versus private exposure, then routing some of the traffic. However, once you read the documentation carefully, it comes out well. This goes back to the UI issue.
It makes it a lot easier for us to maintain things. Prior to it, things were more difficult. This means less time on us. We can focus on other things. The recovery is more in man-hours for us than anything else.
Purchasing through the AWS Marketplace is pretty straightforward. Because were entirely on AWS and don't have anything anywhere else. It made the most sense for us as a one stop shop.
The pricing is pretty reasonable. I don't think that it is overly expensive.
We looked at a couple other products. However, overall, Sophos UTM seemed to fit the bill. It has allowed us to have a solution that we can maintain and not have to babysit all the time.
It is definitely worth looking at. It is a pretty good product.
It is integrated with our LDAP solution, and that integration is okay. Any LDAP integration can be hit or miss. It doesn't matter what it is, because it's LDAP. Since we use LDAP as a service, it's a little different, but it does work well.
We use it for the AWS version.
We are using as a firewall product.
It helped to connect our satellite offices to the main Amazon infrastructure in a circular way.
It provides a solid firewall.
We had some problems with the configuration. They had provided a CloudFormation template, and we had to go several rounds to make it work.
It's pretty stable. For our usage, it has been pretty good.
We are a small company with a small infrastructure. For our infrastructure, it is perfectly solid. I don't have experience using it on a larger scale.
They could definitely improve on the support, especially in other countries. Right now, it is just average. For example, we have a team in India. When they face issues, they have to go to Australia or talk to somebody in the US to receive support. They should be more responsive and have more local offices.
AWS has been pretty good. It is well integrated and pretty user-friendly. Initially, we experienced issues with the configuration because Sophos provided us a CloudFormation template, which caused us some back and forth. By now, the process may have improved.
Purchasing it through the AWS Marketplace went smoothly. We did not have any issues and the pricing was decent.
We decided to purchase through the AWS Marketplace because of the integration with the AWS infrastructure, firing it up and configuring it was very seamless.
We originally considered Barracuda and another solution.
We chose Sophos because we thought that it provided superior service. Also, they have a long history in the market, and I received a recommendation from one of my consultants.
I would recommend to take a look a product, as it is a good product apart from the improvements that I mentioned. We are very happy with the product so far.
It is used as a standalone. We don't integrate it with other systems.
We are using the AWS version of this product.
Every single Virtual Private Cloud (VPC) has Sophos in front of it. I also use it for Outbound Gateways in my WorkSpaces environment.
Our company trusts Sophos without even seeing it, as it provides us comfortability while allowing for flexibility.
Its scaling capability.
Sophos has a single pane of glass which allows me to manage all my VPCs from a single instance, managing all my firewall from one place, which is huge for me. When you have multiple VPCs and multiple accounts, it becomes too cumbersome to use a product that you have to look at individually. With Sophos, I can look at one place and see everything: my logs, filters, firewall rules, etc.
I would like them to move from the Classic Load Balancer to the Network Load Balancer. This would make it easier to do certain things with Amazon. They are able to do some enhancements with Network Load Balancer that they are unable to do with Classic Load Balancer.
I have never had a stability issue with Sophos. It self-heals.
I have not run into a scalability issue since it is scalable past my license.
I have had great technical support. The only issues that I have experienced with technical support are when I get a Tier 1 support person who knows about the on-premise product, not the AWS side of the product.
The implementation and configuration through AWS is easy. They have cloud configuration templates, which are easy to deploy.
We originally purchased the solution through the AWS Marketplace. I started my proof of concept doing pay-as-you-go, then moved to a VAR for a 'Bring Your Own Licence' (BYOL) licensing model. The BYOL license still requires you to accept the terms of the AWS Marketplace to deploy.
It is easy to purchase through the AWS Marketplace. In addition, if you have a budget for the AWS Marketplace, then your purchases will appear on your regular Amazon bill, which makes things even easier.
I went and looked at Check Point eight years ago, because back then, I loved Check Point. They also weren't many solutions like this back then. AWS Marketplace did not even exist eight years ago!
After comparing Check Point and Sophos pricing, I questioned whether the decimal for Sophos was in the wrong spot. Sophos's competitors were so much higher in price.
Originally, cost sold me because Check Point and Sophos had the same features. Now, Sophos has surpassed Check Point's features.
If you haven't tried it, do so.
Amazon has their products (e.g., Amazon GuardDuty). However, when you are working in a multiple VPC environment along with digital enhancements and features, some of those enhancements and features are not always available with Amazon, but are with Sophos.
The primary use case for using this product is as a firewall.
It has ease-of-use and it fits the purpose of our firewall protection needs.
The most valuable feature is that it is easy to administer.
The price is an issue to consider for improvement.
The stability of the product is good.
We are not a very big organization, so we do not see any issues going into the future. We feel that it will continue to scale appropriately for our organization's needs.
We have experience with Sophus, as well.
The price is something that one will need to consider.
My primary use case is as a VPN, a firewall and a web filter.
We have a better level of protection and we have the ability for our devices to be more of a self-sustained type of resource.
The most valuable features are:
The memory and processing were problematic. The interface could be better.
I have no problem with the cost or licensing of this solution. This is a primary reason whay I wanted this solution. It does the same thing cheaper than other name brands.
It helps us with protection, with concurrent use of the VPN.
This solution improved our firewall capability. We installed an identity process, and this is extremely helpful.
The security is the most important, and without security, we cannot use our network on a weekly basis.
During initial configuration, I encountered a few issues.
The stability is very good.
The initial setup of this solution was easy. It was not complex.
When considering a product, I think support from the solution is very important.
We did not have experience with a firewall prior to installing this solution.
We use Sophos UTM as our main firewall with all its features included. Mainly, it controls all of our network perimeter security: firewall, IDS/IPS, and web application firewall (including VoIP).
Web application firewall (WAF): We removed our old internal reverse proxy, and it now controls all the security aspects of our web servers with Sophos UTM WAF.
Reporting: We have had to work manually in many of our reports.
Currently, we are using the product on-premise. However, in the future, we would like to deploy an AWS instance too.
This product helped us a lot in having a greater visibility into the network traffic coming inside and passing away from the company. The Sophos’s unique RED devices helped us a lot to build up extremely, easy Layer 2 VPN connections.
We have not encountered any issues with stability.
The Sophos UTM solution is very scalable. You can build a hardware cluster with up to 10 nodes.
Technical issues addressed to support team have been solved quickly.
Before we were using Cisco solutions, we switched because of the lack of UTM features.
The initial configuration is straightforward thanks to the web GUI. In 30 minutes, you can have a running firewall with UTM protection enabled.
The pricing for Sophos UTM is quite acceptable compared to other UTM vendors. If you would like to run an active-passive HA system, you only need to buy an additional hardware without subscription. At other vendors, you need subscription for both devices.
In the case of a software/virtual appliance subscription, you pay by protecting user/IP addresses. You can do this to as much hardware resources as you like.
We evaluated SonicWall, WatchGuard, and Stormshield (Netasq) solutions.
We highly recommend this solution for SMBs for its reasonable pricing and wide range of network services.
We give customers a device that can handle next-gen security threats, which is way better than a typical router.
They are all good, but most-used are the Network Protection and Web Filtering licenses.
VPN needs IKEv2, but it’s in the roadmap.
All other new, cool features will only come to the new Sophos XG Firewall.
There are no more stability issues than with other vendors, so I would say it's very stable.
Scaling out cannot be easier, as there are many migration paths.
No previous solution. For next-gen firewalls, I began with Sophos.
It is straightforward. There is a wizard running at first boot, making it easy for you to select the level of protection you want.
For under 50 users, MSP licensing is profitable.
We don't use Sophos UTM on AWS.
I would recommend Sophos UTM. But also look at its successor, Sophos XG Firewall, as we do not know how many years Sophos UTM will "live." (Note that it will be free to migrate from UTM to XG).
We have been rolling out the Sophos UTM platform to our clients over the past two years. About 80% of our managed clients have been moved to Sophos UTM. We have been migrating them mostly from SonicWall and Cisco ASA.
We do not use Sophos UTM in AWS. However, we have deployed a few Sophos XGs in an Azure environment.
The UTM product has definitely improved the way our organization functions. We have set a standard across clients and engineers. Everyone is trained on the product and knows how to manage the devices. UTM is probably the most complete all-in-one firewall that I have used to date. Having the UTM Manager has probably made the most impact, with over 150 firewalls in our portal, management and monitoring have never been easier.
The most valuable to features are: Web Application Firewall, Sophos UTM Manager, IDS/IPS, Remote Access, and RED.
This product could use some improvement with web filtering. It takes a lot of time and effort to set up and maintain.
I have never come across any major stability issues. I have seen some bugs on newer firmware releases which have only affected units configured in HA. Sophos is usually quick to fix these bugs.
You should never come across a scalability issue if you follow Sophos’ sizing guidelines. Finding this information can actually be difficult. Also, Sophos does not make it clear what they mean by “users” when you are sizing a firewall, which then leads to undersized implementations.
I am going to flat out say technical support is terrible. I will admit that it has gotten better over the past year. Previously, hold times would be 45 minutes at minimum. After the long hold times, you would receive an extremely under qualified engineer. The knowledge of engineers has definitely increased over the year and the time on hold has gone way down.
Being a Platinum level customer, I am not happy with the support.
SonicWall used to be our primary choice of firewall. I am just an engineer and I do not have control over which products we use. We started using Sophos Antivirus, then they eventually sold us on firewalls, encryption, mobile control, and a lot more of their products. The synchronized security model is really what was sold flexible to the product.
Initial configuration was super simple. I am a network engineer, so simple to me may not be simple to someone who does not understand routing and switching. When we were told we were switching to Sophos UTM, I downloaded a trial of the virtual firewall and was able to get it up and running in about an hour with no prior training. After actually going to the training courses provided by Sophos, configuration became even easier.
I am not in sales and cannot comment on this. I design and implement network configurations.
I would recommend to follow Sophos’ sizing guidelines for choosing which license and model to use. Sophos has their own way of going about this and supplies partners with all the information required. If you follow their documentation and guidelines, there should be zero questions about licensing and sizing.
Sophos also offers free training when selling their products from within the partner portal.
As a networking engineer, all new products in this category interest me. I find myself testing a lot of different products personally. Here at Flexible Systems, I did not try any other products prior to switching to Sophos. Since we are an MSP, we have had plenty of exposure to many brands of firewalls (Cisco ASA, SonicWall, WatchGuard, Fortinet, ADTRAN, and Edgewater). I personally would choose the Sophos UTM over any other product, including the Sophos XG platform.
I can’t recommend this product more!
Though, stay away from the wireless models, since you cannot put them in HA. They start to give you some weird issues once you start getting into multiple SSIDs and networks. The number one piece of advice is to read and follow the sizing guide, if you do not, you will undersize the firewall.
Just to reiterate:
My company has rolled out devices as small as the SG 105 and as large as the SG 330. I personally have an SG 210 in my home. I have gone through all the training involved for configuration and implementation. I also use the product at home and have been extremely happy with Sophos UTM overall.
We use to use a sort of "security as a service," and I had all kinds of issues getting visibility into the system to see if there were issues with my network. That is no longer a problem, I can now see every packet that passes in and out of my network.
To me it is the Web Server Protection, it is not an easy task to protect your web servers from the big bad internet. This solution does it elegantly and, if configured correctly, even hides the server's base system from prying eyes.
The UI can be cumbersome and, sometimes, features are not where you think they should be.
No stability issues at all.
Our current use of the product doesn't need any scaling out.
Their support is prompt and will find the issue for you.
We were using an offsite solution that was at least 20 times the cost over a year.
Go to a vendor and let them assess your needs so you can get a right-sized device.
I use it in a self-hosted implementation.
We have quite a lot of web service hosting, either websites or hosting APIs. We use Sophos as a two-factor authentication process. So, if they are outside or working in a remote office, they will need to use the Sophos VPN, which is gotten from the Sophos UTM, then ideally they will be developers. However, they can also be BI guys, DevOps people, etc.
Sophos UTM allows you to compartmentalize different sections or different people, having those people connect to different services.
We use it for primarily for two-factor authentication, for VPN to allow employees security access the servers and to ensure people do not access things they should not have access to.
You (currently) need to buy the Sophos software per availability, zone, and per VPC. It should offer an account-based solution.
When you buy a Sophos license, you have to buy a license for each location. We have clients in the US. We have clients in Ireland. We have clients in the UK. With GD-PI coming, the clients' data needs to stay in-house, so when you buy the Sophos license, it only works for the UK. Then, you have to buy another in the USA and another one in Ireland, then you have to have a VPN tunnel between all of them to have them talk to each other because Sophos blocks them talking to each other.
So, ideally, a multi-VPC or a multi-talented Sophos would be great because it would take away the fact that you need to build a tunnel and you have one management console for all your different locations. Instead of having three different locations with three different IP addresses and having to add users to probably two out of three, sometimes all three, having just one centralized location would be good.
No, we did not. Backups were done daily, and its Linux backend gave us no issues.
Adding new servers was seamless. Adding new users and allowing for VPN access was also fantastic.
For the AWS version, it was atrocious. None really. For the bespoke cloud space that we designed though, they were very good.
To further clarify, there is absolutely no support when using AWS. If you buy the on-premise Sophos solution, you get support and you get all the stuff. Whereas if you are using the AWS version, you do not. So, you kind of have to research. There's something simple really which affects Sophos quite a bit during setup.
No, we didn't. It was our first choice and it was definitely a good one.
For a user who hasn't done it before, it may be a bit complex but with a general understanding of networks, it was fine.
However, when you build everything up using the AWS version (setup), it actually does not work until you write it on the Sophos UTM and in the networking, you have to change the source destination check. You have to do that at the end of it, but there is nowhere in the documentation or anything where it tells you that. It was just somebody happened to find that out. It is a pretty straightforward setup, but it should be some sort of documentation that takes you step-by-step to help set it up for your VPC. There really is not that much difference setting it up in different VPCs, but there is not enough information out there. It is a very good solution that a lot of people would be using more of except you are doing different things, and you have to try and figure it out yourself.
The support, there is none; AWS themselves, they support it the best, because they have some knowledge of it, but they do not fully support it because it is not their product. It is a third-party product.
Licensing is a bit complicated, as it is based on products -- so define your requirements and find what best suits you, as you do not need the whole suite of software they provide.
For AWS, it is pretty straightforward. You buy it, then you have all your licenses that you need, approximately 60 or 70, or it might even be unlimited. However, that is for one margin to expand to different margins. If you have an on-premise AWS, or one of our clients wanted on-premise AWS Assistant, the problem is to build the Sophos UTM on it. We get the software, then the licensing was not explained well because when you buy the licenses, you buy five (or 50) licenses, that is for the first module. So if you expand to second module, you have to buy more licenses of that.
Again, it is one of those things where it is not well explained. Unless you are in the United States, or you have to use Sophos, you can't contact Sophos directly. You have to use a third-party company, and they all have different ways of how they explain their licensing. So, we have clients that want the database on-premise, and we went to get the Sophos licensing system and stuff like that. It was just they were doing it a different way to who we had in Ireland, so the conformity is a bit iffy.
It is one of those things where it is not very well explained, so it is a lot of grunt work, a lot research has to be done before you progress, and there are the pitfalls that you encounter. There are quite a few of them. Once you get it working, it is a fantastic product. It is just getting it that is the issue.
We looked at a few, but I can't remember right now.
Great product which works without issues or downtime.
Originally Cisco 871 IOS IP Advanced Security, then Juniper SSG20, which was getting old and service contracts were too expensive.
Slow because of GUI and lack of .csv style object import.
If you can afford it, go for a small Check Point, as it is easier to manage.
Linux ipchains and modern equivalents.
Takes awhile to build a comprehensive rule set because of the relatively slow Web GUI.
If you build, backup, restore and reconfig between the boxes.
Before using the Sophos appliance, we consistently struggled with users clicking on things they shouldn't be. This led to virus/malware infections that seemed to propagate through the network at an alarming speed. Since we incorporated the appliance into our network, we don't have to worry as much since it does in-line virus checking, and if a computer does get infected the Sophos appliance lets us know via it's Advanced Threat Protection so we can get a much faster response time.
I wish the internet failover worked better. As it stands right now, when we have an internet failure on WAN1, it takes several minutes before our WAN2 connection picks up the traffic, with many things not working until I manually fail over to the other WAN.
I've used it for seven years.
Initially, we had issues configuring the web filter and getting the right policies applied to the right users. After several calls to Sophos, they were able to assist us in getting to where we wanted to be. Other than that, deployment was easy as long as you pay attention to what you are doing and have the setup guide handy for any questions you have.
The appliance has been very stable, only being rebooted to apply patches for security vulnerabilities, which fortunately is not very often.
The UTM 220 has served our purposes very well, it has allowed us to scale up on the computing side as well as the server side with no issues at all.
Their customer service is fantastic.Technical Support:
I have never had an issue go unanswered when I've had to involve Sophos technical support. Above all, it's their technical expertise that truly sets them apart from other vendors we have tried.
We did originally try to use PFSense. The software was hard to use, and the level of technical expertise was not good. Ultimately, after several demos of both products, we decided that Astaro (at the time we purchased our original device) was the right vendor to work with. Since that time, Sophos purchased Astaro and it would appear that they kept a lot of the same people working on these devices because the transition was smooth, and the level of knowledge never faltered.
The initial setup was very straightforward. I will say that you do need to have a certain level of knowledge to set up the more advanced functions. Configuring the network was the easiest part, and the firewall was very straightforward once you figured out exactly what rules you needed to put in place. NAT was a bit confusing to start with, but once you went through the process it was easy. Intrusion prevention was easy to set up, flip the switch to the on position and decide what rules you want to apply. Web filtering took a few calls to Sophos to set up properly, as we were trying to set up filtering policies based on Active Directory groups, and were not successful in the initial configuration, but we did finally get this implemented.
I implemented the product in-house. The one bit of advice that I can give is to organize yourself prior to deployment. Determine what services you want to utilize in your environment, and focus your learning to those parts of the guide, this will make your deployment much easier.
Our return on investment is the fact that we are protecting the business' data, lowering administrative costs, and are better able to manage every bit of our network security.
The licensing model is very straightforward, it's a bit pricey, but for what you get, it's well worth it.
The IPS and endpoint protection function.
A standard Firewall of an access router, monitoring up to OSI level 4, is unacceptable anymore these days. The endpoint protection solution is integrated, thus running along with the notification function.
All the necessary functions being incorporated into one solution with notifications configured, I know I am secure against threats from the internet. (Up to the limits of the solution in the constantly evolving and dangerous Internet).
I've used this solution for three years.
Some with the IPS function (snort).
In my case, when restarting the system (because of an update), I doubt that snort starts correctly and do a manual restart of the IPS function (see my answer for 'Room for Improvement').
As a free home user, I have not used the support services up until now.
Once, I did upload an Office document that appeared to give a false positive, but never got a notification. I understand this because of the priorities that have to be given, but I would have liked to receive a (even small) reaction.
I did take a look at other open source solutions, but found the Sophos UTM, being the best professional free for Home UTM solutions, full blown, and updated daily, to be the best solution.
The setup wizard provided me with just enough insight into the basics of the solution -- to be able to start using the solution fully after some self-study and exploration of the various knowledge bases and forums.
I looked at some open source variants but being able to use the best professional (free for the home version) product with regular updates -- convinced me to use the Sophos UTM solution at Home.
The instability and best effort service of a community of the open source solution did not give the right trust to depend on in the battle against the negative sides of the worldwide internet
Start simple and step-by-step, and start using the product fully.
RED remote Ethernet Device layer 2 site-to-site tunnel.
RED is a layer 2 tunnel based on SSL protocol that you can establish tunnel, with or without static public IP form provider and this is a feature you will not see among another vendor.
I have done hundreds of setups of this solution.
Sophos is number two on the market, and from my experience, even if there are some drawbacks, they have workaround solutions in the product. Every day, Sophos makes developments in the firmware that are free if you have a valid license.
I've used this solution for five years.
No, correct sizing will fit.
Fast response time. Easy management, good support.
Pricing is competitive.
Reverse proxy, SSL VPN, web & email protection
For me, those features were most valuable from a security point of view;
• Reverse proxy is very important for shielding application frameworks.
• For VPN, we all knew that PPTP was broken and is not secure anymore. For Ipsec, you need to have opened ports, and if you are in a hotel who only has ports 80 and 443 opened, you can’t do anything.
SSLVPN is one of the solutions. Yes, you can use DirectAccess, but there are some limitations, too.
For DirectAccess, you need to have all those computers joined in one domain.
• Web & email protection is a nice feature because you have all of those controls in one dashboard. This is of course for small and maybe some mid-size companies. For larger and enterprise, it’s another story.
Less and faster administration, full control of traffic, and a lot of futures included in the base price.
The goal for small companies is to have one administration dashboard -- from where you can manage antivirus for computers, firewalls, IDS, IPS, mobile phones, tablets, etc.
Sophos UTM is on the right path to getting there.
Sophos UTM 135 = two years.
Sophos UTM 115 = one year.
No problems with stability.
No problems with scalability.
The technical support is really good and the representatives are very responsive.
The setup is straightforward, but I suggest hiring an expert for integration. This is your first line of defense, and there is no room for mistakes.
Sophos UTM’s are not the cheapest but they are not the most expensive. Create a checklist of what you need, and go through it with a sales representative. They will advise the right license for your company and I’m sure you can get some discount.
Cisco, CheckPoint UTM-1
Create a checklist with your requirements, test the solution, and if it passes everything, implement it.
The Sophos UTM planform has allowed us to improve or implement the following security practices:
The UTM/SG platform starts off with the basic functionality of being a good Firewall, adding the additional modules opens up the products set and allows for full web filtering and application control, reverse proxy, APT detection, IPS, VPNs, User portal etc.
The licensing model works very nicely to allow you to get the right protection at the right price point for the right deployment size.
In the increasingly cloud focused word the Sophos UTM’s ability to deliver Safe web access, Web Filter and Cloud Application control has gone from being a nice to have to being a must have for any size company or organization. The rich access logs it records allows you to get real insight into what your users and devices are accessing on the cloud. Native reporting is basic, but can easily be improved by adding Fastvue Sophos Reporter.
At Enterprise level the SUM (UTM Manager) needs to be updated to reflect all of the capabilities
At the Reporting level for user internet browsing the On-box Reporting is very basic and even adding the Sophos iView only give you limited improvement. Having said that, Fastvue’s Sophos Reporter provides all of this and more and integrates seamlessly with the UTM platform to unlock all of the log data’s value.
The SG platform does however not scale to a large enterprise deployment. You can deploy at scale but this is where the platform shows its age and limitations. For Large and Enterprise the better option is to go with the Sophos XG Platform.
Major firmware release can sometimes be buggy initially but are soon pathed and stabilized. My advice would be to sit tight for 9.x release for about a week before implementing 9.x.yyy releases often fix bug without introducing stability issues.
The platform scales-out in a great way, if your deployment is basic and you do not exceed the capabilities of the current SUM. Several companies run large UTM connected networks with hundreds of site across multiple countries.
The platform scales up admirably in the format of the large tin deployments such as the SG550 or SG650 models. They are ably to handles massive throughput rates on the firewall modules but the Proxy and WAF modules cap out at a 10 000+ users or devices depending on the traffic, of course.
For anyone with Proxy and firewall experience the setup is pretty straight forward with a wizard that will get you up and running in no time. The UTM / SG is also available in Hardware Software / Hyper-V/ AWS / ESXi / Oracle Virtual Box so you can set up a test or lab environment on almost anything to get started.
The licensing options with virtual are great and scaling up and down is typically not an issue if you reseller is involved. Sometimes buying the hardware makes more sense than going virtual. The hardware is great and unlike the virtual licensing is unrestricted by user numbers. There are huge numbers of OS models that range from very small to very large. You will likely find a good fit for your deployment.
A great benefit is that you can migrate your Sophos SG license to a Sophos XG license in the future. You can safely Deploy on SG and later migrate over to the newer XG platform when you are ready. It offers a great feature set at a good price point.
Various other platforms were evaluated before choosing the Sophos SG including CheckPoint – UTM1, FortiGate, and Sophos XG (Beta – at the time). All have their own areas where they shine and should be short listed candidate for anyone looking to implement a UTM.
Sophos is a great security partner for any organization. Investing in their suite of products gives you a good cohesive strategy for security. Adding Fastvue Sophos Reporter allows you to get better visibility into how well your UTM is protecting your environment as well as adding the ability to add real time alerts. It really adds additional features to the product without increasing the cost much and a relatively short ROI is often realized.
The most valuable features are:
The ability to disconnect the VPN connection needs to improve. Currently, in order to disconnect an existing VPN connection of a device, the admin needs to change the password of the user.
I have used this solution for two and a half years.
We encountered stability issues more on the Web Filtering feature where certain valid websites are blocked or the video cannot be played and it requires extra exceptional configuration.
There were no scalability issues.
I would rate the technical support a 8/10.
Previously, we were using WatchGuard UTM. The pricing and ease of use of the configuration were the reasons as to why we moved over to this solution.
Setup is straightforward.
From time to time, there is a promotion and it is more cost effective to get the 3 years subscription licensing upfront.
We looked at Fortinet.
All the features are valuable.
Before implementing Sophos UTM, we had a lot of problems with:
After implementing Sophos UTM, the percentage of infected computers because of bad URLs was been reduce by 90%. A lot of spam emails were blocked. Additionally, I created a whitelist for company emails and a blacklist for unnecessary emails.
Branch offices have the same protection like the main office and communication between offices is very easy. We created rules for one-way communication for some branch offices and two-way communication for another office. You have got a lot of abilities for different configurations between offices.
But after migrating to Sophos XG and the new XG OS, things got easier, more secure, and more interesting. Specifically, we had the ability to generate different reports for different protection types, different end users, or different services.
With the new XG OS, I have better control of my network and I can easily detect malicious and unnecessary traffic.
We used UTM for four years, and XG for one year.
At the beginning, there were stability issues, due to a poorly configured switch. I had problems with HA, but after that, there were no stability issues.
I only contacted technical support five or six times. They were very professional. I will rate them as excellent.
We did not use a different solution before this one.
The initial setup, at the beginning, was very complex. After some time, everything got clear. I did the migration of UTM to the new OS XG by myself and I didn't need help from technical support.
Think twice when you are choosing your Sophos UTM/XG. I made a mistake the first time because I needed more powerful hardware for my network. I did not choose very well. The price and the license are definitely elements for which you must think twice. I had excellent cooperation with the Sophos sales team and my mistake was quickly resolved.
I love all Sophos products, but the combination of Sophos XG, Sophos RED, and Sophos advanced endpoint protection with intercept X is something that all IT professionals and security officers will love and want to have.
All the features are similar; we are real, hardcore users of the Sophos UTMs.
This product is for beginners and for hardcore professionals; beginners can get their feet wet and professionals can easily look into the product.
Certificate Management should be improved.
I have used this solution since 2014, i.e. for around three years.
The Sophos UTM Internal DB sometimes has problems which affect its scalability.
Technical support is very good, but only to the distributor. Support is poor if the distributor escalates to the vendor or we complain directly to the vendor.
It was not a change; in general, we have used many firewall vendors, but no one is as good as Sophos UTM.
The initial setup is easy.
Unfortunately, the pricing is very expensive, but for licensing, there are some "cheap" options for some scenarios.
If you'd like to look into a system which is very robust and hardcore, then select Sophos UTM.
Great security and logging. Easy GUI.
It really needs to update IPSec to enable IKEv2.
Customer service is great and responds really fast.Technical Support:
Technical support might be a bit better and there are not enough easily accessible guides.
Previously used the OpenSource pfSense which works great, but Sophos adds the little extra that is needed in security.
I evaluated pfSense, and still go with pfSense where IPSec to AzurePack services are needed because Sophos does not support IKEv2.
At first I did not like Sophos UTM but after second setup and config I liked it a lot and now recommend it to all my customers. It has great security features, and together with Sophos Endpoint Protection it works perfectly.
The Sophos UTM products helped us manage and a global network of more than 20 sites.
Their ability to firewall, filter and monitor network traffic and provide VPN connectivity really helped us day to day with such a complex network.
We chose the product initially because the user interface was simple to understand and made sense without requiring a long training course for an experienced network engineer to utilise.
Central Management is made easy with the Sophos UTM Manager which allows you to set configurations, see patch status and pull reports from all your estate.
While the product was originally with Astaro the low end (1xx) units had serious reliability issues and support was extremely challenging to engage with. However, once Sophos took over their world class technical support teams soon brought responsiveness up to the level I would expect from a premium product. And the newer hardware is much better quality.
The ability to have either software, hardware or virtual appliances allows excellent freedom of choice.
High Availability is easy to configure and works really well, with options to have either active \ active or active \ passive depending on your needs and budget.
The fact you can use the full product for Free at home is a wonderful idea for engineers to become more familiar with the product and keep their skills up to date.
I have used both Sophos and Fortinet products in production and I have found the Sophos UTM appliances (hardware and virtual) to be a better fit most of the time -- with a few caveats which I will touch on below. In both instances, the transition from TMG will be mostly straightforward. The main hang-ups will be with the VIP/load balancing and SSL. For some reason that completely escapes me, both of these vendors make getting valid certificates onto their boxes unnecessarily difficult -- the Fortinet appliances more so than the Sophos UTM appliances. At one point a Fortinet engineer had to write an entire manual on how to get an SSL certificate uploaded successfully on the 4.x firmware.
Sophos: The one feature that is missing (and this makes some amount of sense) from the Sophos appliance is BITS caching for updates. Other than that, Sophos offers a full replacement for TMG on UTM9. The XG platform also offers a replacement for the TMG; however, some of the rumblings about upcoming releases suggests that Sophos is going to give XG the Apple iOS treatment and "streamline" the interface...potentially cutting out/hiding some functionality. On the effectiveness of the NGFW, Sophos is mostly good but has a few issues blocking all pieces of an application. For instance, we had to build custom blocking rules for OpenVPN (the vpn was being used to bypass the content filter) because the default Application Control wasn't effectively blocking the application.
Fortinet: If it wasn't for Fortinet's terrible tech support we would still be deploying Fortigates exclusively. So perhaps that answers your last question right upfront. FortiWeb is not absolutely required for what you are proposing; however, the FortiWeb does make the transition from TMG much easier as the FortiWeb is purpose-built to do what you are requiring. Related, the AD-integration used with Fortinet is one of the strongest implementations we have used: The SSO agents ability to poll data from the DCs without an agent allows the use of SSO with non-Windows machines that are bound to AD, which we have used extensively at both educational institutions and shops running CentOS. Transitioning to Fortinet is relatively simple: The UI makes a lot more sense than it did in the old 4.x releases, the firewall rules are straight-forward, and the reverse proxy settings are well-documented.
The product has provided us with unified threat management as well as comprehensive list of reports.
Their new product range which is the new SG Series UTMs, especially the wireless versions, should at least include two radios for 2.4 Ghz and 5 Ghz bands. Currently we can only run one or the other, but not both.
I've used it for around 18 months.
No at this stage.
Only thing we have noticed as of late was that their firmware updates break something else that was working in a previous version. Only noticing this on some customers though not all customers.
I’ve used other products like NetboxBlue, SonicWALL in my previous roles. We chose the Sophos UTM because of pricing, rich feature set and the fact that it can be either a Virtual App or Hardware Appliance.
The initial setup was very straightforward. It was done through a wizard and there not much needed doing while setting up the UTM.
We are a reseller so we use the same product that we sell to our customers. That’s how much we love the product.
We used several vendor products before UTM, and now it is all in one box - firewall, proxy, and VPN. Sophos is much easier to manage and configure.
Every product has room for improvement.
I have used it for three years actively with several projects utilizing UTM.
No issues encountered.
No issues encountered.
No issues encountered.
We don't have direct contact with Sophos support so I can’t rate the level of customer service and technical support properly.
I did. Sophos UTM is far more easier to configure and it is very intuitive with configuration.
Setup is easy and straightforward. It is a browser based tool, so you can access it from every location, and with different operating systems.
We did it in-house.
I have some technical advice, but generally, always prepare steps to implement Sophos UTM and test your implementation before using it in production environment.
The Zeroeth Rule:
Start with a hostname that is an FQDN resolvable in public DNS to your public IP. If you didn't do that, start over with a factory reset; it will save you hours of frustration.
The Sophos solution provides a branch to head office distributed network for a construction company across New Zealand, and the reliability of the equipment makes it possible to provide stable connections and is easy to implement and support.
Would be great if it would be possible to improve IPSEC site-to-site VPN connectivity over slow/unstable internet connections.
This particular configuration has been in use for about two and a half years.
No issues encountered.
Very rare cases of appliance lost admin password or web-service hangs.
No issues encountered.
Since I’m an engineer, I probably cannot evaluate this aspect, however as far as I know equipment order and upgrade was always fineTechnical Support:
4.99 out of 5 – support is very helpful, only once there were misunderstanding about licensing and number of supported Sophos WAPs and that was resolved promptly and fully.
For this project, the Sophos infrastructure has been planned and deployed from the start and there has been no need to change it
It's logically straightforward and the transparent interface made possible a quick deployment. However, a little time was needed to get familiarized with the interface.
It was implemented in house.
Nothing is perfect, but with Sophos those are really small – sometimes it is incorrect firmware upgrade paths, or rare log in problems (device forgetting admin password). All those though can be fixed, there is plenty information in the Internet and support is usually awesome. Also, you need to plan the solution and costs involved, while having in mind potential growth of users/connections; e.g. creating virtual appliances and allocating resources (RAM, CPU, NICs) minding potential workload.
They are all valuable, but the most valuable is the uplink balancing. This is very useful when dealing with more than one ISP, and the wireless capability for our guests.
It's scalable and easy to manage.
The web filtering engine needs to be improved as, sometimes, the service hangs for a while and restarts randomly. Alas, there was an issue with authorizing Lync traffic but it's all good now.
I've used it for eight years.
No issues encountered.
No issues encountered.
It's good.Technical Support:
It's acceptable because sometimes there are delays with answering our requests. We are using the regular support, so we don't have the ability to contact Sophos directly.
We did, and we switched due to the costs and the functionalities.
It was very easy.
We used a vendor team to implement it.
It's a nice product that is full of interesting options.
I think the RED appliances and APs make a difference, and add value to Sophos. Also, it is easy to configure, robust and is a stable appliance. The licensing is great, because you don't have to pay the same license fee for a standby appliance.
Actually, we were not used to firewalls in our organization, but I was working at a distributor previously so I had a chance to do many demos. The customers like its GUI because it's easy to manage and RED takes attention of the customer which has distributed locations like shops, cafes, fast food stores etc.
They should have more powerful appliances. The appliances throughput and performance is suffering under high traffic usage. Also, I think they need better appliances for enterprise and high end customers.
I've used it for one year.
Because we have local laws about logging, we had to get permission to develop a logging mechanism. Also, we had lots of requests to improve URL filtering categories.
I had an issue with transparent mode in a demo, but mostly it is a very stable appliance and software.
Sophos has a sizing guide which is a great during the planning phase in ensuring you are getting the sizing right. I have used it many times when I preparing customer demands. I haven't had any problems yet.
I was working with Sophos' Germany office, and they always supported me. It was really great working with them.Technical Support:
They're 6/10. I had many cases, but they don't like to do a remote session immediately. To be honest, I have worked with better support teams from other vendors,.
It is very easy.
I implemented it but got help from the vendor when I got stuck wit something. They are great.
It is great solution for customers who have small, branch offices. I would advise you get Sophos for distributed locations (with RED and APs).
Firewall and Web Protection
Advanced Threat Protection is a good "dashboard" feature to see if there is any network issues
Its a key point of keeping your network secure which once setup requires minimal ongoing monitoring. Also this unit can act as the whole security suite so everything in your network is protected.
Its identification of users without the need of setting up Proxies or Identity software could be better, that is probably the trickiest section to setup.
No issues other than ensuring what has been configured matches the requirement of the company/client.
The only stability issue we have encountered was an update caused the unit to over process things. Everything kept running but it did slow down Internet access because of this.
I have only done basic High Availability setup which is very good but not Scalable solutions. However, as long as you follow the sizing guides and get the right UTM for the company there has been no issues.
Not outstanding but I have noticed significant improvements over the last 12 months
We used to use SonicWall. I still think its a good product though its web filtering and SMTP filtering were no where near as good as Sophos UTM. The reason we switched was the partner relationship between Dell and the IT Solutions company soured.
You can setup the unit in simple mode and get 90% of what you want done. That is very straightforward
You can also setup each component manually. This requires understanding of the unit but even that is not difficult.
Probably the only difficult part of the Sophos UTM is the WebControl as this can be setup many ways. Ensuring you have mapped out a solution that is adaptable to the company is probably the most complex part.
As we are a supplier, we bounce off ideas with their sales engineers. They are excellent.
Unsure as I don't deal in the money side of things but I think the clients get excellent returns as their security is totally covered if they include EndPoint protection.
Most companies I have dealt with handing them a unit find they don't have to do much ongoing work on the unit. Once its working, its working and adjustments to rules and policies are easy.
No, we had a good relationship with Sophos and after comparing it to our previous solution (SonicWall) we were convinced it was a good product.
If you are a IT Consultant shop, become a partner and do the training.
If you are the IT of a company, you can either get a IT Service company to set the unit up for you or if you are confident with firewalls you can purchase premium support to get assistance for troubleshooting purposes.
The web application firewall and web filtering. We are using the UTM to be the gateway for the private cloud solutions we offer.
Easy management of the firewall, with one URL to control the firewall/web filters for our entire cloud.
HA needs to be improved for the software appliance because if Sophos is deployed in ESXI/Hyper-V then the HA is unstable. Also, the web application firewall only allows the use of ports 80 and 443, and if we could use others ports than that would be a welcome addition.
For two years now in our datacenter, and also several deployments at some of our customers.
Setting up the link aggregation group (NIC teaming) gave us some problems with the ethernet VLAN option for WAN, but after a firmware update, the issue was resolved.
If you enable the intrusion prevention option in the firewall any Wordpress deployments on a Plesk server behind the firewall slows down to a crawl, and there is no fix yet. The current workaround is disabling the intrusion prevention option at the moment.
No issues yet.
7/10. Getting a new license for the SG220 sometimes takes a long time, but they will give you a 30 day demo license to compensate for it.Technical Support:
9/10. Any question or issue is solved within minutes after calling technical support.
SonicWALL was our previous product, and we switched to Sophos because of its ease of use.
When you start the initial setup you`re helped with wizards, but if you use the software appliance and make a mistake by selection wrong interfaces in the wizard it can result in the firewall becoming unreachable.nThe hardware appliance is (almost) plug & play.
We implemented it in-house.
It's around six to nine months.
We looked at several open-source firewall options whose names I will not mention, and the reason we did not use them was because of the ease of use, and what our support desk could do.
If you want an easy to manage, and powerful firewall then take look at Sophos UTM.
Proven UTM technology, excellent security and threat management are valuable features. The fact that I can provide scalable solutions for a SoHo environment on a small appliance, run on my own PC/server or even a virtualized environment allows me to accommodate almost any business, regardless of size. The software works in the same way across all the models. I have managed all my clients via the Sophos UTM Manager, a centralized console. I am a MSP, so having a centralized system to managed and maintain all of my client UTM firewalls is just gravy.
Customers appreciate the extensive built in reporting, rock solid IPS and security features. Coupled with a centralized Wireless and Remote Ethernet Device (RED) Device extends my service offerings. Lastly, the Total Protect bundle offers an affordable, comprehensive solution for the SMB market.
Using the SUM (Sophos UTM Manager) Central Console, each client UTM is configured to report to my RMM and CRM system for monitoring, SLA, ticketing, and support. We can administer a majority of our management such as firmware updates from our Sophos UTM manager. With many other products, this needs to be done and case by case basis.
We also schedule weekly automatic backups of the clients UTM configuration. These backups are emailed to our support portal and preserved. We keep spare/loaner equipment in stock so if a client’s UTM has a catastrophic failure, we prep a spare unit, apply their most recent configuration, and within 5 minutes have a functioning loaner unit we can deliver while their warranty replacement is processed. A simple drive to the client’s location and a swap out is done which gets them back in business on the same day. You can also get a 30 day full trial license for appliance or software. My sales staff can place a 30 day trial of fully functional unit as part of a proof of concept.
The unit offers great failover and load balancing features that can be complex to understand, some streamlining of the process would help. More predefined port rules would help the novice user/technician as well.
I have been a Sophos/Astaro Partner for over 10 years. I started with Astaro v6 and have continued with them following their acquisition by Sophos a few years ago. The product keep getting better and better. I have over 200 units I have installed and managed. I am currently selling the SG Series with UTM v9.309. The SG series have models that fit small business up to large enterprise environments.
Alongside the hardware versions, we also use a virtualized version running UTM 9.
The only issues I have, have been due to human error.
The solution is very stable if you size the unit to the environment. An SG125 is great for a 25 person office with web, email filtering, application control, etc. but it would not work well in a 100 person office. You need to know the proper sizing prior to deployment.
As stated, unit needs to be scaled to the environment. So if I don’t do my job of understanding the client's environment, it is possible to undersize the unit just like every other product. For clients who are planning major growth, we tend to sell either a virtualized UTM or software base unit. Then it is simply a matter of adding license capacity, RAM, CPU, etc. when needed.
They have a great account team and customer service is solid. 85% of the time the issues are resolved on the same day, and 97% by the next business day.Technical Support:
They have excellent technical support. I can submit a ticket request via their portal, with a call, etc. I can get someone 24/7 and usually within an hour. They also have a great escalation procedure.
I have used many, such as SonicWALL, Cisco, Juniper, WatchGuard, and FortiGate. Sophos is consistent and deep in their solutions and I like a consistent platform and support.
Simple small offices are a breeze. We have some template configurations, which only require us to stage and activate a license(s), install a basic template and modify the interfaces to meet client specifics and then add the unique definitions. More complex setups start with a basic template which even my technicians can load, and then require an engineer or security specialist to finish off.
We are a managed service provider (MSP) so we do it in-house for clients. We provide our customers with basic training and complete documentation package.
As with most hardware, margins could always be better. I can get competitive pricing on larger deals. Our biggest ROI is the monthly management fee, which is very reasonable for our clients. Since we do all of our management (updates, reports, etc.) from the SUM we spend very little time on this and a technician can do it. It has a very good economy scaling and the annual subscription renewals are pretty standard with not much of a margin. This solution fits the MSP model very well due to it being a centralized control/management solution.
A SoHo setup takes about an hour, which is US$125 and the monthly management/maintenance is US$30, but it all adds up.
We have evaluated many
The product has a shallow and a deep end. Getting a small business/SoHo running up quickly and reliably is straight forward, but the deep end takes some technical skills, just like any solution. What I really like is that my Tier One guys can get a quick status update, have a look very quickly, and then resolve most basic issues. Tiers two and three are not as involved unless there is a major issue or complexity. Also, when buying the product, get the audit/chance tracking built in too!
Valuable Features include Sophos Remote Access VPN, Country Based Firewall, Web Application Firewall, Ease of access (via browser) and Reporting.
Sophos UTM helps us to control incoming and outgoing network traffic. It also helps employees connect to the AWS VPC environment from remote locations. Web application firewall protects applications from different hacking attempts like SQL Injection, Cross site scripting, Cookie signing, URL hardening etc. On top of that, it also helps the organization adhere to compliance rules and provides an audit trail of the environment.
Sophos UTM is not a highly available and scalable product. Till now, it is a single point of failure.
No issues encountered. We had a very smooth deployment.
No issues with stability.
Yes. Sophos UTM on AWS is not an scalable product. Sophos is actively working on scalability part from using a UTM manager which can control configuration deployment on multiple UTM's
Customer service level is top notch.Technical Support:
Very Good. All our queries were properly answered on time.
Yes. Earlier, we had used Checkpoint. But the deployment procedure and user interface for Checkpoint was very complicated. The amount of time to invest in checkpoint is nearly 2x than Sophos. Checkpoint requires tool to be installed on your system while Sophos is a browser based tool.
It was a very straightforward setup. As it is a browser based tool, it helps administrator to access it from different location and system. We don't have to download desktop clients on our local system. Also, we can access this product from different operating systems (linux, windows and Mac).
We deployed it in-house.
ROI for the product is very high. The cost of the product is based on the number of users and the licensing is not too expensive.
On AWS, instances/servers are charged on hourly basis. The yearly licensing cost for 10 years is nearly around $200-300.
While we were looking for deployment of UTM product on AWS in year 2011, there were only 2 stable products available in market i.e., Sophos and Checkpoint. We choose to go ahead with Sophos.
Easy to use, Easy to access, good for compliance. It is a very good product as compared to others available on AWS.