We use Sophos UTM as a firewall and access control. The firewall has web filtering and anti-fishing tools. We synced Sophos UTM with our Microsoft Windows Active Directory.
CEO at Tomans Consulting
Seamless scalability, robust, and flexible
Pros and Cons
- "The stability of Sophos UTM is very good. The solution has been stable since Sophos took over Cyberoam which was the original company providing this solution."
- "The initial setup was straightforward. The full deployment takes approximately two days which could be simplified to reduce the time. The major part of the process is the configuration and the policy setup."
What is our primary use case?
What is most valuable?
Sophos UTM is a robust solution and it provides flexibility.
For how long have I used the solution?
I have been using Sophos UTM for approximately five years.
What do I think about the stability of the solution?
The stability of Sophos UTM is very good. The solution has been stable since Sophos took over Cyberoam which was the original company providing this solution.
Buyer's Guide
Sophos UTM
March 2025

Learn what your peers think about Sophos UTM. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.
What do I think about the scalability of the solution?
The scalability of Sophos UTM is seamless if you have the right UTM device. However, for every device there are limitations, we have 150 users on it at this time.
How are customer service and support?
The support from Sophos is very helpful. We raise a support ticket on the portal and we receive a response.
How was the initial setup?
The initial setup was straightforward. The full deployment takes approximately two days which could be simplified to reduce the time. The major part of the process is the configuration and the policy setup.
What about the implementation team?
We did the implementation of Sophos UTM using our internal team. We have certified engineers that can handle the process. If there are any issues we can reach out to the support of Sophos.
We have two people that handle the maintenance for the solutions.
What's my experience with pricing, setup cost, and licensing?
There is a license for the device and for the software. We pay annually for the solution and the cost is competitive.
What other advice do I have?
Sophos has an aggressive 360-degree security deployment. They are securing your mobile phone and data, both data security and also device security. They're on the cloud too, if you look at the company they really working hard on a 360 approach for security. The coverages they offer makes them robust. You can always start from somewhere, and then you scale up. You can start with their device management solution, or with their firewall, and then you begin to scale up with other features seamlessly. The flexibility they provide is also very good with Sophos, I can recommend Sophos confidently.
I rate Sophos UTM a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.

IT Infrastructure Architect at a retailer with 10,001+ employees
A firewall that allows for web filtering and application control.
How has it helped my organization?
The Sophos UTM planform has allowed us to improve or implement the following security practices:
- Details Web filtering and user access Control
- SaaS QoS
- Network segmentation with firewall and IPS
- WiFi protection
- Web Application Proxy everywhere, inside and out
- WAN expansion with SSL VPN and IPsec VPN over the Internet
- Two Factor Authentication requirement for PCI compliance
- Reduced the need for expensive MPLS deployments
What is most valuable?
The UTM/SG platform starts off with the basic functionality of being a good Firewall, adding the additional modules opens up the products set and allows for full web filtering and application control, reverse proxy, APT detection, IPS, VPNs, User portal etc.
The licensing model works very nicely to allow you to get the right protection at the right price point for the right deployment size.
In the increasingly cloud focused word the Sophos UTM’s ability to deliver Safe web access, Web Filter and Cloud Application control has gone from being a nice to have to being a must have for any size company or organization. The rich access logs it records allows you to get real insight into what your users and devices are accessing on the cloud. Native reporting is basic, but can easily be improved by adding Fastvue Sophos Reporter.
What needs improvement?
At Enterprise level the SUM (UTM Manager) needs to be updated to reflect all of the capabilities
At the Reporting level for user internet browsing the On-box Reporting is very basic and even adding the Sophos iView only give you limited improvement. Having said that, Fastvue’s Sophos Reporter provides all of this and more and integrates seamlessly with the UTM platform to unlock all of the log data’s value.
The SG platform does however not scale to a large enterprise deployment. You can deploy at scale but this is where the platform shows its age and limitations. For Large and Enterprise the better option is to go with the Sophos XG Platform.
What do I think about the stability of the solution?
Major firmware release can sometimes be buggy initially but are soon pathed and stabilized. My advice would be to sit tight for 9.x release for about a week before implementing 9.x.yyy releases often fix bug without introducing stability issues.
What do I think about the scalability of the solution?
The platform scales-out in a great way, if your deployment is basic and you do not exceed the capabilities of the current SUM. Several companies run large UTM connected networks with hundreds of site across multiple countries.
The platform scales up admirably in the format of the large tin deployments such as the SG550 or SG650 models. They are ably to handles massive throughput rates on the firewall modules but the Proxy and WAF modules cap out at a 10 000+ users or devices depending on the traffic, of course.
How was the initial setup?
For anyone with Proxy and firewall experience the setup is pretty straight forward with a wizard that will get you up and running in no time. The UTM / SG is also available in Hardware Software / Hyper-V/ AWS / ESXi / Oracle Virtual Box so you can set up a test or lab environment on almost anything to get started.
What's my experience with pricing, setup cost, and licensing?
The licensing options with virtual are great and scaling up and down is typically not an issue if you reseller is involved. Sometimes buying the hardware makes more sense than going virtual. The hardware is great and unlike the virtual licensing is unrestricted by user numbers. There are huge numbers of OS models that range from very small to very large. You will likely find a good fit for your deployment.
A great benefit is that you can migrate your Sophos SG license to a Sophos XG license in the future. You can safely Deploy on SG and later migrate over to the newer XG platform when you are ready. It offers a great feature set at a good price point.
Which other solutions did I evaluate?
Various other platforms were evaluated before choosing the Sophos SG including CheckPoint – UTM1, FortiGate, and Sophos XG (Beta – at the time). All have their own areas where they shine and should be short listed candidate for anyone looking to implement a UTM.
What other advice do I have?
Sophos is a great security partner for any organization. Investing in their suite of products gives you a good cohesive strategy for security. Adding Fastvue Sophos Reporter allows you to get better visibility into how well your UTM is protecting your environment as well as adding the ability to add real time alerts. It really adds additional features to the product without increasing the cost much and a relatively short ROI is often realized.
Disclosure: My company has a business relationship with this vendor other than being a customer: Through various methods, I have business relationship with Sophos and their reseller network. They are great guys who care more about making the internet a safer place than just extracting the maximum amount of revenue from you. Sophos listens to their customers and adds features as we request them. It really makes you feel like you have a security partner and not just a product supplier.
Buyer's Guide
Sophos UTM
March 2025

Learn what your peers think about Sophos UTM. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.
Information Technology Network Administrator at abl
Competitively priced option with a good application center for sandboxing
Pros and Cons
- "The solution's sandboxing, application center, and database engine are good."
- "The reporting system needs to allow for customizations because many reports do not include details that we expect."
What is our primary use case?
Our company uses the solution as an edge firewall.
We have 500 users and the solution is managed by five technicians.
What is most valuable?
The solution's sandboxing, application center, and database engine are good.
The endpoint device detection tool integrates very well with Edge devices.
What needs improvement?
The reporting system needs to allow for customizations because many reports do not include details that we expect.
It would be beneficial to have a security fabric feature like FortiGate that integrates with UTM devices and reports to expose issues.
For how long have I used the solution?
I have been using the solution for four years.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
The solution is very easy to scale up and has no limitations.
How are customer service and support?
Technical support is very knowledgeable and responds immediately to issues.
I rate technical support a ten out of ten.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup is easy and I rate it an eight out of ten.
What about the implementation team?
We implemented the solution in-house and it does not require much maintenance at all. Three technicians handle any maintenance needed.
What's my experience with pricing, setup cost, and licensing?
The solution's pricing is based on a licensing model and is competitive.
The solution was 20,000 Rial about five years ago.
I rate pricing a ten out of ten.
Which other solutions did I evaluate?
Per market analysis, the solution is in the top three with FortiGate and Palo Alto.
All three solutions are comparable so the best fit depends on your engines, environment, and requirements.
What other advice do I have?
I rate the solution an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Administrator at Vegol
User-friendly with lots of online documentation and the ability to expand
Pros and Cons
- "The solution is stable."
- "The support could be better."
What is our primary use case?
The solution is used mainly for user management and access control.
What is most valuable?
It's a little bit easier to use. It's user-friendly, and then there's a lot of documentation for it online, so it's easy to manage without necessarily dealing with a big learning curve. It is easy to understand, basically.
If you need to troubleshoot, everything is basically on Google.
The solution is stable.
It's a scalable product.
What needs improvement?
The support could be better.
They need to improve their email protection. Their email protection is horrible. They have an email protection license that is paid for. However, they need to improve on email protection capabilities.
They need to have proper reporting. What they offer no is weird. I need to get another application to give me a clear diagram of my network. This should instead come directly from Sophos.
For how long have I used the solution?
I've been using the solution for two years now.
What do I think about the stability of the solution?
The product is stable and reliable. There are no bugs or glitches. It doesn't crash or freeze.
It is redundant enough. I don't have any issues with it.
What do I think about the scalability of the solution?
The solution scales well.
We have about 500 people on the product right now. We also have 100 users on the VPN.
How are customer service and support?
It is better to Google rather than use technical support.
They are slow to respond and then the response doesn't exactly give you what you want.
I understand they can't give you a solution to something that you'd expect them to. They try to give you something. You're going to go to Google and find the information on Google faster and easier anyway.
Which solution did I use previously and why did I switch?
We worked with Cisco mainly in the past. When we went to renew with Cisco, we found the pricing to be quite high. We're happy now with Sophos. We have no interest in switching to anything else.
How was the initial setup?
The initial setup is very easy. The interface makes it simple.
I'm not sure how long the deployment took exactly.
We have four people that are able to handle maintenance.
What about the implementation team?
I was able to set it up myself, however, you do really need to know it or work with someone who does.
What's my experience with pricing, setup cost, and licensing?
The cost could be considered reasonable based on other plans. However, when I was looking at when you renew our licenses, the pricing is a little bit weird. When you renew your license, the licenses are at the cost of buying a new device in your plan. I haven't renewed yet. However, I would need to figure out that aspect.
I can't recall the exact costs of the product as it's been a while since we originally licensed it.
Compared to Juniper, the difference is the pricing. It's more affordable than Cisco or Juniper, actually.
What other advice do I have?
I'm a user and a consultant.
I'd advise potential new users that they should let someone that knows how to do it set it up fast. You should work with someone that knows how to do it.
I'd rate it an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Manager at Cartlis
Stable with an easy initial implementation and a very nice user interface
Pros and Cons
- "The stability, overall, is excellent. I haven't had a problem in the last two years."
- "It would be nice if it had basic features, such as DLP (Data Loss Prevention)."
What is most valuable?
The solution's user interface is very user-friendly. It's very easy to navigate.
They have an all-in-one product for small businesses. Basically, I do not want to manage the firewall for four products. I'll take it all in one. It makes everything easier to manage.
It's really good and it's been working really well over the last few years.
The initial setup has been very simple and straightforward.
The stability, overall, is excellent. I haven't had a problem in the last two years.
What needs improvement?
It is a fine product, however, I need more endpoint protection.
They should release a license for more than 50 IPs. As of now I have had some discussion about with management, and we need to do some planning and around that to see if we can change things.
The pricing is too high. There are other options that are less expensive, such as Bitdefender. In fact, Bitdefender is very good, aside from lacking a firewall such as this. Beyond that, it's a very good product with central management on-premises.
It would be nice if it had basic features, such as DLP (Data Loss Prevention).
For how long have I used the solution?
I've only been using the solution for about two years or so at this point.
What do I think about the stability of the solution?
The stability has been excellent. It doesn't crash or freeze. There are no bugs or glitches. It's very good and very reliable.
What do I think about the scalability of the solution?
This solution is perfect for small businesses.
How are customer service and technical support?
I don't have too much experience with technical support. I only recall one case where I had to contact them directly. I recall them being very helpful and responsive. I had a good experience and was satisfied with their level of service.
Which solution did I use previously and why did I switch?
The solution is being discontinued. Hopefully, whatever they replace it with will be very good for small businesses as well.
How was the initial setup?
The initial setup was not complex. It was very simple and very straightforward. It was not difficult at all. A company shouldn't have any trouble with the process. Specifically, if you have experience in IT, you will find it very easy to deploy these products.
What other advice do I have?
I am a Sophos customer.
I'm using UTM for home use only. It's only four 50 IPS.
I'd rate the solution at a ten out of ten. Overall, it's worked really really well. Everything from the updates to the signatures has been very helpful for our business.
I would recommend this product to other users and other organizations.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Head of Operations at Intersect Technologies
A solution that provides a balance of stability and scalability to its users
Pros and Cons
- "Stability-wise, I rate this solution a ten out of ten...Scalability-wise, I rate this solution a ten out of ten."
- "The solution's technical support for India needs to be improved."
What is our primary use case?
There are multiple use cases, and a few examples would be its use in the education, banking, or financial sectors. There are so many other locations and sectors where they deploy this solution.
What is most valuable?
One of the features of Sophos UTM that I find valuable is its user authentication functionality.
What needs improvement?
In Sophos UTM, there is room for improvement in certain areas. For instance, I believe that its feature known as Synchronized Security could be enhanced. The solution's technical support for India needs to be improved.
I will need to think about the additional features the solution needs to include in its next release.
For how long have I used the solution?
I have been using Sophos UTM for almost ten years now. It is a good solution. My company is a partner and an integrator of Sophos UTM.
What do I think about the stability of the solution?
Stability-wise, I rate this solution a ten out of ten.
What do I think about the scalability of the solution?
Scalability-wise, I rate this solution a ten out of ten. If I talk about the solution's suitability, then it is suitable for enterprises.
How are customer service and support?
Dealing with technical support can be time-consuming when communicating over the phone. I am unable to provide a rating for the technical support team. My suggestion to others would be that they provide the country location of the toll-free number in the solution. Although a toll-free number has been provided for India, the people in India are good. Compared to the UK, there may be issues with understanding and timing, which could lead to many problems.
Which solution did I use previously and why did I switch?
We use Sophos Access Point, Sophos Firewall, Sophos Switches, Sophos MDR, and Sophos XDR. We have been using Sophos MDR for three years.
How was the initial setup?
Whether the initial setup is straightforward or complex depends on the number of users or people to whom the solution is given.
What's my experience with pricing, setup cost, and licensing?
Compared to the current market offerings, like FortiGate or SonicWall, Sophos offers its solution at a good price.
Which other solutions did I evaluate?
I compared Sophos UTM with Fortinet and found that Fortinet's EPP, ATP, and hardware are good. Sophos UTM has also improved its hardware by updating its dual-core processors with a second processor that uses advanced technology, whereas previously, the hardware was handled by a single processor. However, we are still facing some problems with Multicast User Authentication.
What other advice do I have?
I recommend Sophos UTM, Sophos Access Points, Sophos Endpoint, and Sophos Switches to other users. Overall, I rate this solution a ten out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
It manager at MMA2
Simple setup, flexible reports, and high availability
Pros and Cons
- "The most valuable feature of Sophos UTM is reporting, it is flexible. I can monitor the end user's devices, even when they are not on my network. It has good drill-down capabilities."
- "The reporting could improve by providing information on where, or from which device attacks are coming from. We are already given the country where the attack is coming from but more information would be beneficial."
What is our primary use case?
This solution can be deployed on-premise and on the cloud.
What is most valuable?
The most valuable feature of Sophos UTM is reporting, it is flexible. I can monitor the end user's devices, even when they are not on my network. It has good drill-down capabilities.
What needs improvement?
The reporting could improve by providing information on where, or from which device attacks are coming from. We are already given the country where the attack is coming from but more information would be beneficial.
For how long have I used the solution?
I have been using Sophos UTM for approximately five years.
What do I think about the stability of the solution?
The stability of Sophos UTM is good.
I rate the stability of Sophos UTM an eight out of ten.
What do I think about the scalability of the solution?
Sophos UTM is scalable.
I rate the scalability of Sophos UTM an eight out of ten.
How are customer service and support?
I have used the support from Sophos UTM a few times. My experience was good. However, the resolution time can improve.
I rate the support of Sophos UTM a seven out of ten.
How would you rate customer service and support?
Neutral
How was the initial setup?
The initial setup of Sophos UTM is simple. It can be down within one hour.
I rate the initial setup of Sophos UTM a seven out of ten.
What's my experience with pricing, setup cost, and licensing?
The solution is affordable compared to others, such as FortiGate. The price is important.
I rate the price of Sophos UTM a seven out of ten.
What other advice do I have?
I rate Sophos UTM an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Manager at Manual Workers Union
Great features with easy centralized reporting and good performance
Pros and Cons
- "So far, the solution has been problem-free."
- "We'd like to see them offer their services on mobile devices like tablets. I'm not sure if that's an option or not."
What is our primary use case?
The features that we're currently using are mainly just for the endpoint protection, which is for the service and the workstations. We basically use it for the servers, the main servers, and then from there for the client, which is basically the laptops and the PCs.
How has it helped my organization?
The fact that it's not heavy on the machines has really helped. It's basically lightweight. One advantage is that we, having a cloud solution, do not require a physical machine that we have to administer on our network.
What is most valuable?
The fact that it's on the cloud means we don't have to administer it on our network or deal with a physical machine, which saves us money.
The solution has many great features.
From the console, we can start different scannings on different machines. We enjoy the centralized reporting part of it.
The initial setup is simple.
We enjoy its general stability.
The solution can scale.
So far, the solution has been problem-free.
What needs improvement?
We don't need any extra features. We only use it for the servers and the workstations. We'd like to see them offer their services on mobile devices like tablets. I'm not sure if that's an option or not.
For how long have I used the solution?
I've been using the solution for over a year now.
What do I think about the stability of the solution?
It's been very stable. In fact, we haven't had any complaints or any issues with it. There are no bugs or glitches. It doesn't crash or freeze. The performance is great.
What do I think about the scalability of the solution?
The scalability is quite good.
Right now, we have 40 users.
We will definitely scale in the future. As we get new employees, we just request additional licenses.
How are customer service and support?
I've never had any issues.
Which solution did I use previously and why did I switch?
I also use FortiGate.
How was the initial setup?
The implementation process was straightforward. What basically happens is that you just have to pick that certain client from the console and then you just install it on the machines. From there, of course, you handle connectivity after that. It's pretty straightforward.
A full deployment on one machine took less than 20 minutes. The thing is, if you have fast internet, it can even be much less.
Maintenance is very simple. Support is inbuilt from the manufacturer's side. Therefore, internally, if there are any issues on the client machine, you just reinstall it. There isn't much to do really, in terms of maintenance, except maybe the licenses. It's hosted on the cloud and updates are automatic, and are available from the portal.
What about the implementation team?
We did not need a reseller or consultant's assistance. It was all handled internally.
What was our ROI?
I haven't really explored ROI. I only have worked with it for slightly over a year. Maybe we need to start looking at it.
That said, so far, we are protected and we haven't been hit so far. We're getting the returns from it in that sense.
What's my experience with pricing, setup cost, and licensing?
Having a cloud option is a real cost saving.
In terms of licensing, we pay on yearly basis. From there, what happens, in the last month, we request a quotation for renewal, and then from there we just pay through the local reseller.
We're thinking of maybe dealing with the supplier, the manufacturer, directly, however, right now, we're still using the local supplier for licensing and payments.
What other advice do I have?
We are on the latest version of the solution.
We are customers.
I would rate the solution at a nine out of ten. We are very happy with it. I would recommend it to others.
I'd advise new users that, if they are going to go with the cloud option, that issues related to maintenance is actually handled within the cloud. The rollout is pretty smooth.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide
Download our free Sophos UTM Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Product Categories
Unified Threat Management (UTM)Popular Comparisons
Meraki MX
Check Point NGFW
WatchGuard Firebox
Juniper SRX Series Firewall
Untangle NG Firewall
KerioControl
Zyxel Unified Security Gateway
Stormshield Network Security
Huawei NGFW
Check Point CloudGuard Network Security
Sophos Cyberoam UTM
LANCOM R&S Unified Firewalls
Seqrite UTM
Buyer's Guide
Download our free Sophos UTM Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which would you recommend to your boss, Fortinet FortiGate or Sophos UTM?
- What Is The Biggest Difference Between Sophos UTM and Sophos XG?
- What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?
- What Is The Biggest Difference Between Sophos and pfSense?
- Who provides a better antivirus solution: Bitdefender or Sophos?
- What are the biggest differences between Meraki and Sophos? Which one is good for security and SD-WAN?
- What is the biggest difference between Fortinet FortiGate and Sophos UTM?
- When evaluating Unified Threat Management (UTM), what aspect do you think is the most important to look for?
- What UTM solution do you recommend?
- Why is a UTM solution important?