Sophos UTM Reviews

Every single Virtual Private Cloud (VPC) has Sophos in front of it. I also use it for Outbound Gateways in my WorkSpaces environment.

Our company trusts Sophos without even seeing it, as it provides us comfortability while allowing for flexibility.

Its scaling capability.

Sophos has a single pane of glass which allows me to manage all my VPCs from a single instance, managing all my firewall from one place, which is huge for me. When you have multiple VPCs and multiple accounts, it becomes too cumbersome to use a product that you have to look at individually. With Sophos, I can look at one place and see everything: my logs, filters, firewall rules, etc.

I would like them to move from the Classic Load Balancer to the Network Load Balancer. This would make it easier to do certain things with Amazon. They are able to do some enhancements with Network Load Balancer that they are unable to do with Classic Load Balancer.

I have never had a stability issue with Sophos. It self-heals.

I have not run into a scalability issue since it is scalable past my license.

I have had great technical support. The only issues that I have experienced with technical support are when I get a Tier 1 support person who knows about the on-premise product, not the AWS side of the product.

The implementation and configuration through AWS is easy. They have cloud configuration templates, which are easy to deploy.

We originally purchased the solution through the AWS Marketplace. I started my proof of concept doing pay-as-you-go, then moved to a VAR for a 'Bring Your Own Licence' (BYOL) licensing model. The BYOL license still requires you to accept the terms of the AWS Marketplace to deploy.

It is easy to purchase through the AWS Marketplace. In addition, if you have a budget for the AWS Marketplace, then your purchases will appear on your regular Amazon bill, which makes things even easier.

I went and looked at Check Point eight years ago, because back then, I loved Check Point. They also weren't many solutions like this back then. AWS Marketplace did not even exist eight years ago!

After comparing Check Point and Sophos pricing, I questioned whether the decimal for Sophos was in the wrong spot. Sophos's competitors were so much higher in price. 

Originally, cost sold me because Check Point and Sophos had the same features. Now, Sophos has surpassed Check Point's features.

If you haven't tried it, do so.

Amazon has their products (e.g., Amazon GuardDuty). However, when you are working in a multiple VPC environment along with digital enhancements and features, some of those enhancements and features are not always available with Amazon, but are with Sophos.

It is used to protect the servers. It is a very transparent solution. 

Sophos integrates seamlessly and we don't even feel it is running in the background. 

I found just one instance of a virus on somebody's email, and Sophos cut it off immediately. Then the admin said, "Oh, this is a virus. That's a new one." They found out that I hadn't updated some virus information.

The virus updates will always depend on new viruses that are discovered. Maybe they can send a notification or a reminder for update time. 

We have been using Sophos UTM for two years. 

It is absolutely stable. 

We have over 200 users in my company. We are planning on increasing the usage. We never faced any issue with scalability. 

We have local support and go through our company's tech support. 

The initial setup is straightforward. It was implemented within five minutes. 

The central admin team deployed the solution. There were around three to four members of the team. 

It is easy to install and transparent solution. I would recommend using the solution. I would rate it a ten out of ten. 

We use Sophos UTM for firewall management and for some of the other modules it provides, such as email and firewall proxies.

The most valuable feature of Sophos UTM is the efficiency and mail filtering module.

Sophos UTM could improve the way the configuration has to be done. I have to do the configuration through the command line interface but if it could be done through the graphical user interface it would be much better.

I have been using Sophos UTM for approximately three years.

Sophos UTM is a highly stable solution. It has high availability.

We have approximately more than 1,000 employees in my company using the solution.

I have used Fortinet previously and I found it to be easier to deploy and maintain than Sophos UTM

The initial setup of Sophos UTM is straightforward. Additionally, the configuration is simple. When we first did the deployment it took approximately two days.

The configuration of this solution is easier than some of the competitors. In some of the other solutions, when there is synchronization between two firewalls there are times you need to break all the configurations and start from the beginning.

When we did the first installation of the solution we used a third party to assist. However, we now do the full implementation of the solution using our team.

The price of the license for Sophos UTM is approximately $5,500. The solution is less expensive than competitors.

The maintenance of the solution is easy, the documentation is very rich in content, and the report information is good. 

I rate Sophos UTM an eight out of ten.

Most of our clients use Sophos UTM as a perimeter firewall for branch offices. Additionally, we use the Sophos XG, RED firewall for extending the network, and the Sophos Intercept X to complement the firewalls.

The most valuable features of Sophos UTM are the ease of use, it is very user-friendly. You can understand what they implement in the new firmware, and it's easy to manage the firewalls.

When I implement a solution, I have to teach the customers how to use it and when I have used other solutions, such as Check Point, it was difficult.

Sophos UTM has good integration with wireless and endpoint solutions

In Sophos UTM there is always a problem with the routing tables. If you want to see the routing table, you have to use the UI. You can't do it via a web browser. The routing table is better in Fortinet.

I have been using Sophos UTM for approximately six years.

The stability of the Sophos UTM is very good, most of our clients do not have to reboot the firewalls. 

The technical support is good. I tell my customers that we always have the support of Sophos and it is good for us. If you create ticket support in Spanish, you have to wait sometime, because they don't have a lot of people who work in Spanish. We have to do it in English. They should have more other language support agents.

I have previously used Sophos Cyberoam, XGS, and XG solutions. Additionally, I have used Check Point solutions.

The implementation of Sophos UTM firewalls is difficult. There are many aspects that are involved and there is maintenance needed. However, the difficulty level is the same as if you were implementing a Fortinet firewall.

We have a three-person implementation team that works in many cities here in Bolivia.

I have evaluated other solutions, such as Cisco.

I would advise others that the Sophos Academy is really good. You can receive certifications from them. It is important to understand the requirements because some people who don't know much are afraid to use firewalls, and that's a problem. It's important to use firewalls and ask questions proactively about them.

I rate Sophos UTM an eight out of ten.

The Sophos UTM planform has allowed us to improve or implement the following security practices:

• Details Web filtering and user access Control
• SaaS QoS
• Network segmentation with firewall and IPS
• WiFi protection
• Web Application Proxy everywhere, inside and out
• WAN expansion with SSL VPN and IPsec VPN over the Internet
• Two Factor Authentication requirement for PCI compliance
• Reduced the need for expensive MPLS deployments

The UTM/SG platform starts off with the basic functionality of being a good Firewall, adding the additional modules opens up the products set and allows for full web filtering and application control, reverse proxy, APT detection, IPS, VPNs, User portal etc.

The licensing model works very nicely to allow you to get the right protection at the right price point for the right deployment size.

In the increasingly cloud focused word the Sophos UTM’s ability to deliver Safe web access, Web Filter and Cloud Application control has gone from being a nice to have to being a must have for any size company or organization. The rich access logs it records allows you to get real insight into what your users and devices are accessing on the cloud. Native reporting is basic, but can easily be improved by adding Fastvue Sophos Reporter.

At Enterprise level the SUM (UTM Manager) needs to be updated to reflect all of the capabilities

At the Reporting level for user internet browsing the On-box Reporting is very basic and even adding the Sophos iView only give you limited improvement. Having said that, Fastvue’s Sophos Reporter provides all of this and more and integrates seamlessly with the UTM platform to unlock all of the log data’s value.

The SG platform does however not scale to a large enterprise deployment. You can deploy at scale but this is where the platform shows its age and limitations. For Large and Enterprise the better option is to go with the Sophos XG Platform.

Major firmware release can sometimes be buggy initially but are soon pathed and stabilized. My advice would be to sit tight for 9.x release for about a week before implementing 9.x.yyy releases often fix bug without introducing stability issues.

The platform scales-out in a great way, if your deployment is basic and you do not exceed the capabilities of the current SUM. Several companies run large UTM connected networks with hundreds of site across multiple countries.

The platform scales up admirably in the format of the large tin deployments such as the SG550 or SG650 models. They are ably to handles massive throughput rates on the firewall modules but the Proxy and WAF modules cap out at a 10 000+ users or devices depending on the traffic, of course.

For anyone with Proxy and firewall experience the setup is pretty straight forward with a wizard that will get you up and running in no time. The UTM / SG is also available in Hardware Software / Hyper-V/ AWS / ESXi / Oracle Virtual Box so you can set up a test or lab environment on almost anything to get started.

The licensing options with virtual are great and scaling up and down is typically not an issue if you reseller is involved. Sometimes buying the hardware makes more sense than going virtual. The hardware is great and unlike the virtual licensing is unrestricted by user numbers. There are huge numbers of OS models that range from very small to very large. You will likely find a good fit for your deployment.

A great benefit is that you can migrate your Sophos SG license to a Sophos XG license in the future. You can safely Deploy on SG and later migrate over to the newer XG platform when you are ready. It offers a great feature set at a good price point.

Various other platforms were evaluated before choosing the Sophos SG including CheckPoint – UTM1, FortiGate, and Sophos XG (Beta – at the time). All have their own areas where they shine and should be short listed candidate for anyone looking to implement a UTM.

Sophos is a great security partner for any organization. Investing in their suite of products gives you a good cohesive strategy for security. Adding Fastvue Sophos Reporter allows you to get better visibility into how well your UTM is protecting your environment as well as adding the ability to add real time alerts. It really adds additional features to the product without increasing the cost much and a relatively short ROI is often realized.

The solution is used mainly for user management and access control. 

It's a little bit easier to use. It's user-friendly, and then there's a lot of documentation for it online, so it's easy to manage without necessarily dealing with a big learning curve. It is easy to understand, basically.

If you need to troubleshoot, everything is basically on Google. 

The solution is stable. 

It's a scalable product.

The support could be better.

They need to improve their email protection. Their email protection is horrible. They have an email protection license that is paid for. However, they need to improve on email protection capabilities.

They need to have proper reporting. What they offer no is weird. I need to get another application to give me a clear diagram of my network. This should instead come directly from Sophos. 

I've been using the solution for two years now. 

The product is stable and reliable. There are no bugs or glitches. It doesn't crash or freeze. 

It is redundant enough. I don't have any issues with it.

The solution scales well. 

We have about 500 people on the product right now. We also have 100 users on the VPN.

It is better to Google rather than use technical support. 

They are slow to respond and then the response doesn't exactly give you what you want.

I understand they can't give you a solution to something that you'd expect them to. They try to give you something. You're going to go to Google and find the information on Google faster and easier anyway. 

We worked with Cisco mainly in the past. When we went to renew with Cisco, we found the pricing to be quite high. We're happy now with Sophos. We have no interest in switching to anything else.

The initial setup is very easy. The interface makes it simple.

I'm not sure how long the deployment took exactly.

We have four people that are able to handle maintenance. 

I was able to set it up myself, however, you do really need to know it or work with someone who does.

The cost could be considered reasonable based on other plans. However, when I was looking at when you renew our licenses, the pricing is a little bit weird. When you renew your license, the licenses are at the cost of buying a new device in your plan. I haven't renewed yet. However, I would need to figure out that aspect. 

I can't recall the exact costs of the product as it's been a while since we originally licensed it. 

Compared to Juniper, the difference is the pricing. It's more affordable than Cisco or Juniper, actually.

I'm a user and a consultant.

I'd advise potential new users that they should let someone that knows how to do it set it up fast. You should work with someone that knows how to do it.

I'd rate it an eight out of ten. 

We implemented the solution into our infrastructure here in the insurance company, to protect the flow between the company and its partner.

The solution is quite stable. 

The scalability has been great.

The initial setup is straightforward.

Technical support is very responsive.

The integration capabilities could be better.

I originally implemented the solution when it was Cyberoam. After that, we migrated to Sophos UTM. I've used the solution since 2011.

The solution is stable and reliable. There are no bugs or glitches. It doesn't crash or freeze. 

The scalability is great. If a company needs to expand it, it can do so. It's not a problem.

We currently have 800 people using the solution.

We do pay for Sophos' support and we find them to be quite helpful and responsive. We're satisfied with the level of assistance we receive. 

We have used other solutions. We have various levels of firewalls. 

The implementation process is straightforward. It's not overly difficult. A company shouldn't have any issues with the process. 

It's a good idea if you are migrating from another solution, to do a review of security policy. That way, you can better optimize for security when you set everything up.

We have a team of six that can handle implementation and maintenance duties. We have two managers. One covers organizational security and the other cover operational security.

We do pay extra for Sophos support services.

The license is easy to acquire and implement. 

I'm currently performing a benchmarking of the other solutions against Sophos.

We're a custoer and an end-user.

When Cyberoam was acquired by Sophos, we migrated to the new hardware and new solution in Sophos.

We've been very happy with its capabilities. We would rate the solution at a nine out of ten.

I'd recommend, if a company sincerely wants to try out Sophos, that they test everything before implementation. It will help them understand what the solution can do and how to implement it into their infrastructure. 

A client wanted to trial Sophos UTM 9 before deploying it into a production environment because, historically, Sophos has not had the best of reputations in AWS. The client had used Sophos in other environments, hence they wanted to stick to what they know.

The solution allows the client to use cross-region AWS VPCs to connect remote dev offices.

Classic defence in depth, with layered features. 

• SPI (stateful packet inspection)
• IPS
• WAF 
• VPN capability with built-in load balancer

Nothing out of the ordinary these days, but the fact Sophos has such a big name and good support was a big plus for the client who already had a relationship with Sophos support. Also, auto-scaling of UTM workers using EC2 is a nice and handy feature.

UTM 9 brings along IPSec as well as iPhone and iPad support. This seems small but it’s useful. 
Finally, Cold Standby CloudFormation script to one node, with persistent info in S3, is a convenient feature.

We procured this solution via the AWS Marketplace because of BYOL (bring your own licence). That was the driving force behind the choice. In addition, they had test and production environments in AWS already so it was easy to get a sign-off.

We didn’t find any issues but I know there have been some in the last few years. I can’t comment about Sophos on AWS previously but they seem fine now. There were no problems for our client so all I can comment on is the experience they had. I think it’s taken a little while for Sophos to get experience in solving problems with their product in the AWS environment, but they do seem to go the extra mile.

This solution rates an eight out of ten, based on our experience. Support was good. You will always find problems with installations so it does hinge on support.