The solution's web filtering is an important feature for us in our company. We use it for VPN connections and routing.
General Director at Uzman Bilgisayar
A reasonably priced solution that is user-friendly due to its compatibility with other products
Pros and Cons
- "The solution's web filtering is an important feature for us in our company."
- "I would like to see improvements in the development of reports. The process needs to be made simple."
What is most valuable?
What needs improvement?
I would like to see improvements in the development of reports. The process needs to be made simple. So, reporting needs improvement.
For how long have I used the solution?
I have been working with Sophos Cyberoam UTM for about ten years. Also, my customers are using this product. My company is a reseller of the solution.
What do I think about the stability of the solution?
Sophos Cyberoam UTM is a stable solution.
Buyer's Guide
Sophos Cyberoam UTM
March 2025

Learn what your peers think about Sophos Cyberoam UTM. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.
What do I think about the scalability of the solution?
Sophos Cyberoam UTM is a scalable solution. So, scalability and stability of a solution are two important factors for us in our company.
How are customer service and support?
The solution's local technical support service is good. So, we don't need any other support.
Which solution did I use previously and why did I switch?
I have experience with Sophos SG.
How was the initial setup?
The initial setup for Sophos Cyberoam UTM was simple for me.
What's my experience with pricing, setup cost, and licensing?
The solution's pricing is good since it is neither too high nor too low. The price is good for our company and customers. So, we have no problems with its pricing.
What other advice do I have?
Considering the solution's interface, I can say that the product is easy to use. Also, the solution is compatible with other products. Moreover, it is easy to integrate it with other solutions. Overall, I rate this product a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Owner at a consultancy with 1-10 employees
Easy to set up and maintain but needs better support
Pros and Cons
- "The security capabilities are okay."
- "The product strategy of the manufacturer is strange. I don't understand what they are doing in that regard."
What is our primary use case?
We primarily use the product as a firewall solution.
What is most valuable?
The firewall capabilities have been good so far.
The security capabilities are okay.
It is easy to maintain.
We found the initial setup to be very easy.
The product is stable.
It can scale easily.
What needs improvement?
The product strategy of the manufacturer is strange. I don't understand what they are doing in that regard. Therefore, I'm seeking a different solution. I want something that has a clear roadmap.
Technical support could be better.
For how long have I used the solution?
I've been using the solution for ten years.
What do I think about the stability of the solution?
The solutiois stable. It is reliable;e. There are no bugs or glitches. It doesn't crash or freeze.
What do I think about the scalability of the solution?
It is quite scalable. You can expand it if you need to.
We have around five users on the solution right now. It's a firewall that protects the network, so anyone in contact with the network would be in contact with the firewall.
How are customer service and support?
Technical support could be better. We aren't fully satisfied with the level of service.
Which solution did I use previously and why did I switch?
We did not previously use a different solution. We've always used Sophos.
How was the initial setup?
The initial setup is very simple and straightforward. The maintenance, once it is installed, is also simple. You only need one person to maintain the solution.
I've used it for more than ten years and therefore cannot recall the exact deployment time. Likely, you need a half-day or so to deploy it.
What about the implementation team?
Installation was handled by our own team.
What's my experience with pricing, setup cost, and licensing?
I cannot speak to the exact cost of the product.
Which other solutions did I evaluate?
I'm currently evaluating other potential solutions.
What other advice do I have?
We're a partner.
I'm using the latest version of the solution.
I am not sure if I would recommend the solution to others right now. It's a good idea to look at a variety of options. I'm also looking into alternatives.
I'd rate the solution seven out of ten. The support isn't great, and my understanding is it is coming up on end-of-life.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
Buyer's Guide
Sophos Cyberoam UTM
March 2025

Learn what your peers think about Sophos Cyberoam UTM. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.
Network Engineer at BILL SMITH GROUP, INC
Low priced solution with internet access blocking feature
Pros and Cons
- "I find Sophos Cyberoam UTM very good. I like the feature of being able to block off Mac IDs that host users. For example, you have a Mac or Windows laptop and you created a hotspot. Other devices like mobiles and tablets e.g. iPads connected to that hotspot. We can block those devices that connected to the hotspot we created, only through Sophos. It's a good feature we didn't find in other UTMs."
- "The product had a hang issue. We needed to reboot, recreate the image, and reconfigure the previous image because the product hanged frequently."
What is our primary use case?
We used it for the POC so we tried it. We used it continuously for testing purposes for four to five months.
What is most valuable?
I find Sophos very good. What I like about it is that users can make hotspots in Mac and Windows systems through this solution.
I also like the feature of being able to block off Mac IDs that host users. For example, you have a Mac or Windows laptop and you created a hotspot. Other devices like mobiles and tablets e.g. iPads connected to that hotspot. We can block those devices that are connected to the hotspot we created, only through Sophos.
It's a good feature we didn't find in other UTMs.
What needs improvement?
The product had a hang issue. We needed to reboot, recreate the image, and reconfigure the previous image because the product hanged frequently.
Being able to block applications and services could also be a product improvement.
For how long have I used the solution?
We used this solution for four to five months.
What do I think about the stability of the solution?
The stability of this product is very good.
What do I think about the scalability of the solution?
I find the scalability of this product very good.
How are customer service and support?
Our experience with technical support is not good. I didn't understand if there was an issue with the physical device, or if it was a technical issue, or if it was their technical support. If our issues were properly managed, for sure we will purchase again, but we did not purchase because technical support is not good. They're not supportive as well.
How was the initial setup?
The initial setup of this solution was straightforward.
What about the implementation team?
We deployed it both in-house and through the vendor team.
In my team, I am capable of implementing Sophos. I tried implementing it with the vendor team who didn't have much of an idea and also saw that we weren't getting enough support from the Sophos technical team.
Suppose we have two side-to-side VPNs and we're using cloud servers. For example, my requirement is one public IP. If I go in any server part in the cloud, then I want one IP for sending data, while the other IP would be used for receiving data.
Sophos technical support couldn't help. Suppose we are already configured things on our Cisco router. They had no idea how to move the Cisco device configuration in Sophos. That was a big concern.
We deployed it physically via hardware, particularly the router, and not via cloud.
Which other solutions did I evaluate?
I evaluated Cisco Meraki.
What other advice do I have?
We got was the PUC part only. We are not using it right now. We are currently using ASA.
The product often had hang issues which was why we stopped using it. We will purchase again if there were no hardware issues.
The pricing for this product is good. Though its quality may not be that good, its pricing is very low, enticing small businesses to purchase it over its competitors.
I'm giving it a rating of eight out of ten because the product is really good, but you need to prepare the team, including the team handling the vendors because there are too many devices in the market. Everyone in the team needs to know how to move these things in Sophos devices, or in Sophos cloud-based technologies and application software.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Security Engineer at a tech services company with 11-50 employees
Has good standard firewall-type functionalities as well as a good web application firewall
Pros and Cons
- "I'm more inclined towards the conventional firewall. So for me, I'm more geared towards the standard firewall type functionalities as well as the web application firewall because that seems to work fine."
- "I would say there's room for improvement in terms of the GUI. Because it is better than some of the other standard firewalls. They have the drag and drop features."
What is our primary use case?
The majority of it is on-premise protecting the external to internal and then we utilize the features inside the Cyberoam XG series like their IPS and their web application firewall to do the filtering as well as their proxy server inside the application control.
What is most valuable?
I'm more inclined towards the conventional firewall. So for me, I'm more geared towards the standard firewall type functionalities as well as the web application firewall because that seems to work fine.
What needs improvement?
I would say there's room for improvement in terms of the GUI. Because it is better than some of the other standard firewalls. They have the drag and drop features.
Also, their logging systems need improvement because their logging systems sometimes look a bit complicated if you're not familiar with it.
For how long have I used the solution?
We have been using Sophos since the XG version, so around four to five years.
What do I think about the stability of the solution?
It's quite stable. When they first started out with the XG series it was a bit buggy but after a few releases, it became quite stable.
What do I think about the scalability of the solution?
The XG series is much better compared to the previous UTM. Because with the XG series you can actually approach the enterprise level. Previously we tried to go for these large enterprises when we talked about the Sophos Firewall. When they moved to Cyberoam XG series Firewall they were much more scalable and they're much more robust compared to earlier ones.
Most of our clients are enterprise-size. We have one customer that's using almost about 200 units of the XG series firewall. Then we have other customers using it on their larger network, so they cater to about 300 to almost 500 users
How are customer service and technical support?
I don't have any problems with technical support so far because any time I ever contacted technical support it was for a major issue. Other than that I don't have any issues with technical support.
Which solution did I use previously and why did I switch?
I previously worked with Nokia, Checkpoint, and FortiGate. Checkpoint is in the enterprise range, it is very high end. It's not a very cheap product compared because when it comes to pricing Checkpoint is very expensive. If you're comparing Sophos to FortiGate they are more or less similar. FortiGate can do a virtual firewall that Sophos cannot.
How was the initial setup?
The initial setup is straightforward. The deployment is very fast. With an engineer, it can take a few hours.
What's my experience with pricing, setup cost, and licensing?
Sophos is quite flexible when it comes to pricing.
What other advice do I have?
I would just say keep it simple, don't make it too complex. Keep it simple and then from there scale it up.
I would rate it an eight out of ten.
To make it a higher score, Sophos should look at the virtual firewall feature because most of the current players like Juniper have the option for a virtual firewall. That way you can actually split up into multiple different firewalls or one physical firewall.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: distributor
Pre Sales Engineer at a manufacturing company with 501-1,000 employees
The price is very competitive and the licensing is easy
Pros and Cons
- "User and network policies to be managed on a single screen with powerful filtering and search options."
- "On-box sandstorm should be available. As of now, it is from their cloud."
How has it helped my organization?
- Easy to deploy.
- Great IPS
- Managing APs is now easy
- Infected machines cannot connect the ERP until it is clean, so my internal servers are protected.
- Great reporting tool
- User, app, and protocol all are in control.
What is most valuable?
It has many features that no other competition has in single box so far, such as:
- Dual AV engine for web and email.
- Optimized three-clicks-to-anywhere navigation.
- New unified policy model enabling all business.
- User and network policies to be managed on a single screen with powerful filtering and search options.
- Policy Templates for common business applications, like Microsoft Exchange, SharePoint, Lync, and many more defined in XML enabling customization and sharing.
- Custom IPS, Web, App, and Traffic Shaping (QoS) settings per user or network policy on a single screen.
- Sophos Security Heartbeat connecting Sophos endpoints with the Firewall to share health status and telemetry to enable instant identification of unhealthy or compromised endpoints
- Policy support for Sophos Security Heartbeat to automatically isolate or limit network access to compromised endpoints
- Application Risk Meter provides and overall risk factor based on the risk level of applications on the network
- FastPath Packet Optimization
- Hotspot support for (custom) vouchers
- Password of the day
- T&C acceptance
Other valuable features include:
- Wireless guest Internet access with walled garden options
- Time-based wireless network access
- Wireless repeating and bridging meshed network mode with supported APs
- Advanced Threat Protection (detect and block network traffic attempting to contact command and control servers using multi-layered DNS, AFC, and firewall).
- Sandstorm Cloud Sandbox Protection
- Patent-pending SPX encryption for one-way message encryption
- Recipient self-registration SPX password management
- Hundreds of on-box reports with custom report options: Dashboards (Traffic, Security, and User Threat Quotient).
- Applications (App Risk, Blocked Apps, Search Engines, Web Servers, and FTP)
- Network and Threats (IPS, ATP, Wireless, and Security Heartbeat)
- VPN
- Compliance (HIPAA, GLBA, SOX, FISMA, PCI, NERC CIP v3, and CIPA)
- Robust hardware
- Huge RAM
- SSD
What needs improvement?
On-box sandstorm should be available. As of now, it is from their cloud.
What do I think about the stability of the solution?
No issues.
What do I think about the scalability of the solution?
No issues.
How are customer service and technical support?
Customer Service:
Very nice.
Technical Support:
Very good.
Which solution did I use previously and why did I switch?
Used cyberoam iNG firewall/UTM.
The new model is Sophos XG and I am upgraded to that, which is a great solution.
How was the initial setup?
The initial setup is very easy.
What about the implementation team?
Very good.
What was our ROI?
Almost 100%. It saves a lot of man hours and bandwidth. Management loves its reporting.
What's my experience with pricing, setup cost, and licensing?
The price is very competitive and the licensing is easy.
Which other solutions did I evaluate?
Cyberoam iNG.
What other advice do I have?
- Value for money
- Easy deployment
- Sophos has a great vision, works on information security, products are available like endpoint, mobile mgmt., encryption, WiFi, server protection, email gateway, web gateway, and many more.
- Sophos Cloud is great.
Disclosure: My company has a business relationship with this vendor other than being a customer:
Technical Operation Head at a financial services firm with 51-200 employees
An advanced security software that offers agent protection
Pros and Cons
- "I believe it's the advanced security software that offers SMPP protection for the agent."
- "The reports need to be more detailed and granular."
What is our primary use case?
We work in the finance domain and use the solution for security firewalls.
What is most valuable?
I believe it's the advanced security software that offers SMPP protection for the agent.
What needs improvement?
The reports need to be more detailed and granular.
For how long have I used the solution?
I have been using the product for four years.
What do I think about the stability of the solution?
Sophos Cyberoam UTM is stable.
What do I think about the scalability of the solution?
The product is scalable. It covers 400 endpoints in my company, deployed in multiple locations.
How are customer service and support?
We contact our local partners for support.
What was our ROI?
We have seen ROI with the product's use.
What other advice do I have?
I rate the product an eight out of ten. I think it's very beneficial, especially for our investment in our engineering team, like working on finance. It is beneficial for data privacy and security for our clients.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Architect at a consultancy with 11-50 employees
Feature rich, flexible payment options, and highly reliable
Pros and Cons
- "There are plenty of features that are valuable in the Sophos Cyberoam UTM. We use all the features, such as email Security, firewall rules, web server security, web devices, web protection."
- "Sophos Cyberoam UTM could improve by adding VPN site-to-site capabilities. The correct version does not work with Microsoft Azure Cloud."
What is our primary use case?
We use Sophos Cyberoam UTM to protect company networks from attacks from the internet and to separate internal networks into different nodes. The Intrusion Prevention system of Sophos Cyberoam UTM protects different networks from attacks from other networks. This includes the company's network or from the outside of the company's networks.
What is most valuable?
There are plenty of features that are valuable in the Sophos Cyberoam UTM. We use all the features, such as email Security, firewall rules, web server security, web devices, web protection.
What needs improvement?
Sophos Cyberoam UTM could improve by adding VPN site-to-site capabilities. The correct version does not work with Microsoft Azure Cloud.
For how long have I used the solution?
I have been using Sophos Cyberoam UTM for approximately 18 years.
What do I think about the stability of the solution?
Sophos Cyberoam UTM is a very stable solution and it's a well-formed and clear-built solution. You can easily have flexibility in configuring. The Sophos XG has a strong connection to the cloud and that's not good for security.
What do I think about the scalability of the solution?
The solution is scalable.
We have approximately 30 customers using this solution. We support other IT service providers who don't have knowledge about IT security.
How was the initial setup?
The installation is straightforward. The length of time it takes for the implementation can vary drastically based on the organization's network structure. Addiotnanly, how well the organizations want to be protected. An easy installation can be done in two to three hours, and other implementations need much more time to prepare the firewall or to create an object. Adding more complexity to the installation can add one to three days.
What about the implementation team?
The technical team that is needed to support the solution depends on the size of the organization. For smaller companies, we only need one technical engineer on our side and IT support from the customer. Larger companies with substantial-sized departments need much more support personnel. Additionally, we need one person from the management because we have to prepare outage times.
What's my experience with pricing, setup cost, and licensing?
There are many options for payment of the subscription license. You purchase a subscription every one, two, or three years. You can also have monthly subscriptions but we typically offer subscriptions for three years because from the financial perspective it is better to have a three-year subscription.
What other advice do I have?
We don't like Cloud solutions in the IT security area. Firewalls feature critical infrastructures, such as networks. We don't advise our customers to use Cloud solutions.
I would recommend Sophos Cyberoam UTM.
I rate Sophos Cyberoam UTM an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Network Administrator at a non-profit with 201-500 employees
I like the remote VOIP routing through the VPN.
What is most valuable?
Site to Site VPN, and local web filtering.
How has it helped my organization?
The ability to have a site to site VPN, yet have the users use their local internet rather than sending all traffic back to our main site is crucial to their day to day operations. Remote VOIP phone system routing through the VPN we have extension connections to those remote campuses.
What needs improvement?
We have issues with IPS and DoS attacks taking down a couple of our sites. I've changed the IPs of the external interfaces yet the attacks still happen and the Firewall will disconnect the VPN connection as well as stop all internal traffic from flowing externally. I am still able to HTTPS to the external interface, but it takes a full reboot of the appliance to get any traffic flowing again.
What was my experience with deployment of the solution?
Deployment only has one snag. Our VOIP system initially tried to communicate over the internet before the VPN connection is active. Once that happened, unsuccessfully, the phone switch stops trying. But support was able to diagnose the problem and come up with a solution to keep traffic blocked going to the internet, causing it to wait for the VPN to be active and traffic flow successfully.
What do I think about the stability of the solution?
Seems like the main instability I have found is with my Austin site and the DoS attacks that take down the VPN and internet ability for the local site. I have 7 remote sites and this is the only one that has these issues regularly.
What do I think about the scalability of the solution?
Yes, currently with the Sophos buy out of Cyberoam. My CR15iNG models show not to be upgradable to the new Sophos IOS. Meaning I have to purchase new equipment to get any of the new features and performance. Causing me to investigate other firewalls.
How are customer service and technical support?
Customer Service:
I have always had great luck with customer service. I have been with them for so long that they know me and are pretty responsive to any issues I've had. I have had hardware issues in the past and received a replacement the next day. I've also been on the phone for quite some time for them to diagnose an issue I have and come up with a good solution. While their support is not in the US, I have not had a problem getting someone on the phone when I call.
Technical Support:There is always another level. First level of support is very capable of helping with configuration issues. While when something more complicated is in need they have engineers to speak with and view your appliance to be sure they have all the information and diagnose appropriately.
Which solution did I use previously and why did I switch?
We used Cisco firewalls prior. They worked great, were more complicated to setup and cost significantly more initially and to renew each year.
How was the initial setup?
Very straightforward for setup. I had a few issues with my VOIP setup but once that was figured out setup for all other sites was a snap.
What about the implementation team?
In-House deployment.
What was our ROI?
Much less travel expense. Even when I have issues, as with my Austin site, I'm able to rectify them remotely in most cases. With the Cisco I had to travel if I was needing to change the configuration.
What's my experience with pricing, setup cost, and licensing?
These, CR15iNG remote/small office firewalls, units are pretty inexpensive and renewal pricing is well worth the support cost. They do not have a hardware replacement support agreement at this time with Cyberoam. I do believe Sophos is changing that portion of the support agreement though.
Which other solutions did I evaluate?
Not really, we had the Cisco in place. We had a vendor at the time that was really high on Cyberoam as they have done the evaluation of others for us.
What other advice do I have?
I liked the product so much I purchased one for my home as well.
Prior to Sophos taking over I had a great sales support staff and technical staff. Since that has lagged a bit. I'm hoping that with my upgrade to the Sophos OS that will change, if I stay with their product.
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide
Download our free Sophos Cyberoam UTM Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Product Categories
Unified Threat Management (UTM)Popular Comparisons
Check Point NGFW
Sophos UTM
Juniper SRX Series Firewall
Untangle NG Firewall
KerioControl
Buyer's Guide
Download our free Sophos Cyberoam UTM Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Cyberoam or Fortinet?
- I am looking into getting a Cyberoam UTM, what do you think?
- FortiGate 200E or Cyberoam 300iNG-XP?
- When evaluating Unified Threat Management (UTM), what aspect do you think is the most important to look for?
- What UTM solution do you recommend?
- Why is a UTM solution important?
- Which tool is better for internet protection: Meraki MX or Fortinet?
- Why is Unified Threat Management (UTM) important for companies?
Have you always had this access to multiple IPs? Do you have recommendations for users that don't have that option?