Sophos UTM Reviews

• Network border protection for clients and internal company
• It is used for small to medium-sized businesses and networks.

Sophos SG has provided us with the tools to protect our networks, detect malicious activity, and customize security to our clients' needs.

• Sophos UTM Manager (SUM): It allows us to manage over 50 Sophos UTM devices from a central management console. 
• Creating rules, exceptions, and managing most features from SUM, and pushing to all or a section of devices as needed.

• SUM cannot manage app control
• Improve app control system as a whole
• Extend support for SG until XG has improved significantly.

We replace customers' old and expensive devices such as firewalls, anti-spam, etc. with Sophos, as it has all these features. You don't need four boxes if you can have all these features in one box.

The most valuable features are

• Web Protection - Protects you against problems originating from the internet.
• Advanced protection (Sophos Sandstorm) - Protects against crypto viruses in real-time.
• Email Protection - Really strong anti-spam.
• REDs (Remote Ethernet Device)  - Connects you from a remote workplace to your source network.

There is still room for improvement in wireless protection. I don't mean their WiFi device is bad, but there are still things to improve on, such as WiFi roaming.

No issues with stability.

No, everything works perfectly.

They have consultants who can help you quickly.

 You can use the wizard which will guide you through all the initial settings.

Sometimes more is less, meaning if you want more than three features, take the FullGuard licence.

We do not use this on AWS.

Before implementing the SG appliance, completely prepare the rules for your network; know what and where you want to implement.

We give customers a device that can handle next-gen security threats, which is way better than a typical router.

They are all good, but most-used are the Network Protection and Web Filtering licenses.

VPN needs IKEv2, but it’s in the roadmap.

All other new, cool features will only come to the new Sophos XG Firewall.

There are no more stability issues than with other vendors, so I would say it's very stable.

Scaling out cannot be easier, as there are many migration paths.

It’s satisfactory.

No previous solution. For next-gen firewalls, I began with Sophos.

It is straightforward. There is a wizard running at first boot, making it easy for you to select the level of protection you want.

For under 50 users, MSP licensing is profitable.

We don't use Sophos UTM on AWS.

I would recommend Sophos UTM. But also look at its successor, Sophos XG Firewall, as we do not know how many years Sophos UTM will "live." (Note that it will be free to migrate from UTM to XG).

• Providing the firewall to my small business office. We run it on a fanless PC and a supporting 50Mb/s VDSL connection.
• Supports 10 devices and has 40 rules.
• Using UTM and IPS extensively.

• Using the Home version to help Sophos develop the XG. I have not used the earlier UTM, which colleagues have recommended.
• The UTM features are reasonably strong and the patterns are updated on a regular basis
• Supports all the traditional firewall components

Not applicable.

• The lack of import/export functions for network and service options drives me mad.
• No route to NULL
• No Dshield.org integration

No.

Not applicable. 

Not applicable.

Originally Cisco 871 IOS IP Advanced Security, then Juniper SSG20, which was getting old and service contracts were too expensive.

Slow because of GUI and lack of .csv style object import.

In-house

Not applicable.

If you can afford it, go for a small Check Point, as it is easier to manage.

Linux ipchains and modern equivalents.

Takes awhile to build a comprehensive rule set because of the relatively slow Web GUI.

If you build, backup, restore and reconfig between the boxes.

• SSL VPN
• HTML5 VPN portal
• Application control
• Reverse proxy
• Web filtering

We used several vendor products before UTM, and now it is all in one box - firewall, proxy, and VPN. Sophos is much easier to manage and configure.

Every product has room for improvement.

I have used it for three years actively with several projects utilizing UTM.

No issues encountered.

No issues encountered.

No issues encountered.

We don't have direct contact with Sophos support so I can’t rate the level of customer service and technical support properly.

I did. Sophos UTM is far more easier to configure and it is very intuitive with configuration.

Setup is easy and straightforward. It is a browser based tool, so you can access it from every location, and with different operating systems.

We did it in-house.

I have some technical advice, but generally, always prepare steps to implement Sophos UTM and test your implementation before using it in production environment.

The Zeroeth Rule:

Start with a hostname that is an FQDN resolvable in public DNS to your public IP. If you didn't do that, start over with a factory reset; it will save you hours of frustration.

1. Whenever something seems strange, always check the Intrusion Prevention, Application Control and Firewall logs
2. In general, a packet arriving at an interface is handled only by one of the following, in order, DNATs first, then VPNs and proxies and, finally, manual routes and manual Firewall rules, which are considered only if the automatic Routes and rules coming before hadn't already handled the traffic
3. Never create a Host/Network definition bound to a specific interface. Always leave all definitions with 'Interface
4. When creating DNATs for traffic arriving from the internet, in "Going to:" always use the "(Address)" object created by WebAdmin when the interface or the Additional Address was defined. Using a regular Host object will cause the DNAT to fail as the packets won't qualify for the traffic selector.
5. In NAT rules, it is a good habit to leave a field blank when not making a change. In the case of a service with a single destination port, this makes no difference. In the case of a service with multiple ports, or a Group, repeating the service makes the NAT rule ineffective.
6. There are only four reasons to sync users from AD to the ASG/UTM:
   • The user should be able to log on to a Remote Access VPN that uses certificates to authenticate the user
   • Email Protection is enabled and the user should receive Quarantine Reports and be able to manage personal black/whitelists and/or use Email Encryption/Signing
   • You want to do Reporting by Department for Web Protection (and I consider it a bug to require this when doing AD-SSO)
   • You want to use the Authentication Agent to populate "username (User Network)" objects
   • There's no other reason to sync users to WebAdmin - certainly not with AD-SSO

Valuable Features include Sophos Remote Access VPN, Country Based Firewall, Web Application Firewall, Ease of access (via browser) and Reporting.

Sophos UTM helps us to control incoming and outgoing network traffic. It also helps employees connect to the AWS VPC environment from remote locations. Web application firewall protects applications from different hacking attempts like SQL Injection, Cross site scripting, Cookie signing, URL hardening etc. On top of that, it also helps the organization adhere to compliance rules and provides an audit trail of the environment.

Sophos UTM is not a highly available and scalable product. Till now, it is a single point of failure.

2.5 years.

No issues encountered. We had a very smooth deployment.

No issues with stability.

Yes. Sophos UTM on AWS is not an scalable product. Sophos is actively working on scalability part from using a UTM manager which can control configuration deployment on multiple UTM's

Customer service level is top notch.

Very Good. All our queries were properly answered on time.

Yes. Earlier, we had used Checkpoint. But the deployment procedure and user interface for Checkpoint was very complicated. The amount of time to invest in checkpoint is nearly 2x than Sophos. Checkpoint requires tool to be installed on your system while Sophos is a browser based tool.

It was a very straightforward setup. As it is a browser based tool, it helps administrator to access it from different location and system. We don't have to download desktop clients on our local system. Also, we can access this product from different operating systems (linux, windows and Mac).

We deployed it in-house.

ROI for the product is very high. The cost of the product is based on the number of users and the licensing is not too expensive.

On AWS, instances/servers are charged on hourly basis. The yearly licensing cost for 10 years is nearly around $200-300.

While we were looking for deployment of UTM product on AWS in year 2011, there were only 2 stable products available in market i.e., Sophos and Checkpoint. We choose to go ahead with Sophos.

Easy to use, Easy to access, good for compliance. It is a very good product as compared to others available on AWS.

This is a next-generation firewall. I use it for mail security for clients. 

The mail security is very good. 

It's quite stable.

The solution can scale. 

The sanctions make it difficult for us in Iran to take full advantage of this product, like many others. 

It needs a better user interface. The one they have is not so good. 

I've used the solution for a while. 

The solution is stable and reliable. There are no bugs or glitches, and it doesn't crash or freeze. 

It is very scalable. The solution is very easy to expand as needed. That's not a problem.

We have 500 or 600 clients on the solution. 

I do not use technical support. Having never dealt with them, I cannot speak to the level of service they provide. 

For sharing and mail security, the solution is very good. I'd recommend it to other users. 

I'd rate the solution seven out of ten. If they offered a better user interface, I would rate them higher. 

I am using it for security, antivirus, and malware detection.

It has helped by identifying threats within the company. If there are computers or servers that are compromised, then we are able to identify them right away in the system.

It can identify threats quickly, then find the affected devices and quarantine them.

It ease of use: The GUI is easy to maneuver through; it is not complicated.

The support needs improvement.

It has been stable. We haven't had issues. It does what it is supposed to do.

Since it is cloud-based, scalability works great. We have around 300 users in our environment.

The technical support only communicates via email. I would prefer to communicate directly with someone.

We also considered Symantec and McAfee. We did not chose them because we had experience with both of them and were not happy with their platforms.

We chose Sophos for its ease of use and it detects malware and viruses that other companies can't detect.

The product works. It helps you identify threats within the environment.

We were able to integrate it with different devices and the installation is straightforward.

We are using the cloud-based version, but it is through Sophos directly. We are not using AWS. A lot of this stuff is also on-premise.