Sophos UTM Reviews

We have been rolling out the Sophos UTM platform to our clients over the past two years. About 80% of our managed clients have been moved to Sophos UTM. We have been migrating them mostly from SonicWall and Cisco ASA.

We do not use Sophos UTM in AWS. However, we have deployed a few Sophos XGs in an Azure environment.

The UTM product has definitely improved the way our organization functions. We have set a standard across clients and engineers. Everyone is trained on the product and knows how to manage the devices. UTM is probably the most complete all-in-one firewall that I have used to date. Having the UTM Manager has probably made the most impact, with over 150 firewalls in our portal, management and monitoring have never been easier.

The most valuable to features are: Web Application Firewall, Sophos UTM Manager, IDS/IPS, Remote Access, and RED.

1. WAF: This is excellent for hardening web servers. The firewall will reverse proxy your web servers, eliminating the need to open ports. Instead the firewall will run an instance of Apache and proxy all traffic to and from the real web servers. (This is also handy when you have a single public IP.)
2. SUM: The Sophos UTM Manager is a must have for any MSP. The SUM is a centralized portal for quick access to all the firewalls you manage. This also keeps track of who logs into the firewall by AD account. It is great for keeping track of a help desk, and who is making changes.
3. IDS/IPS: General Intrusion Prevention and detection. It works very well.
4. Remote Access: VPN access is always a need, and the UTM includes this free with all their license models. A very nice feature that I use a lot is the HTML5 portal. The portal allows you to have web-based access to resources behind the firewall. The best use for this would be when a client does not have any servers on-site. You can set up the HTML5 portal with SSH/Telnet to manage switches on-site, all done through the browser.
5. RED: REDs simplify the setup for multi-location clients. A license is not required for a RED, and only one UTM is needed. REDs are great for mobile sites, as they can be tossed in a bag and can run off 4G/LTE. Configuration is effortless, and they create a direct tunnel back to the main office, getting you up and online in no time.

This product could use some improvement with web filtering. It takes a lot of time and effort to set up and maintain.

I have never come across any major stability issues. I have seen some bugs on newer firmware releases which have only affected units configured in HA. Sophos is usually quick to fix these bugs.

You should never come across a scalability issue if you follow Sophos’ sizing guidelines. Finding this information can actually be difficult. Also, Sophos does not make it clear what they mean by “users” when you are sizing a firewall, which then leads to undersized implementations.

I am going to flat out say technical support is terrible. I will admit that it has gotten better over the past year. Previously, hold times would be 45 minutes at minimum. After the long hold times, you would receive an extremely under qualified engineer. The knowledge of engineers has definitely increased over the year and the time on hold has gone way down. 

Being a Platinum level customer, I am not happy with the support.

SonicWall used to be our primary choice of firewall. I am just an engineer and I do not have control over which products we use. We started using Sophos Antivirus, then they eventually sold us on firewalls, encryption, mobile control, and a lot more of their products. The synchronized security model is really what was sold flexible to the product.

Initial configuration was super simple. I am a network engineer, so simple to me may not be simple to someone who does not understand routing and switching. When we were told we were switching to Sophos UTM, I downloaded a trial of the virtual firewall and was able to get it up and running in about an hour with no prior training. After actually going to the training courses provided by Sophos, configuration became even easier.

I am not in sales and cannot comment on this. I design and implement network configurations. 

I would recommend to follow Sophos’ sizing guidelines for choosing which license and model to use. Sophos has their own way of going about this and supplies partners with all the information required. If you follow their documentation and guidelines, there should be zero questions about licensing and sizing. 

Sophos also offers free training when selling their products from within the partner portal.

As a networking engineer, all new products in this category interest me. I find myself testing a lot of different products personally. Here at Flexible Systems, I did not try any other products prior to switching to Sophos. Since we are an MSP, we have had plenty of exposure to many brands of firewalls (Cisco ASA, SonicWall, WatchGuard, Fortinet, ADTRAN, and Edgewater). I personally would choose the Sophos UTM over any other product, including the Sophos XG platform.

I can’t recommend this product more! 

Though, stay away from the wireless models, since you cannot put them in HA. They start to give you some weird issues once you start getting into multiple SSIDs and networks. The number one piece of advice is to read and follow the sizing guide, if you do not, you will undersize the firewall. 

Just to reiterate:

• Configuration could not be made any easier.
• The product is extremely intuitive.
• It does not take much effort or thinking to understand how it works.

My company has rolled out devices as small as the SG 105 and as large as the SG 330. I personally have an SG 210 in my home. I have gone through all the training involved for configuration and implementation. I also use the product at home and have been extremely happy with Sophos UTM overall. 

Regarding the use cases, the solution was deployed for a production client, which was a hardware production company.

The features that I have found most valuable in Sophos UTM are its scalability and feasibility, as well as the quality of its customer service, followed by the ease of maintenance and configuration of the product itself.

Palo Alto has a different market because of their dashboard, overall looks, and other features. They are costly, but their services are quite good. And they offer a different platform compared to their competitors. Their device operates differently from others. While Palo Alto and Sophos have similar features, they operate on different platforms, providing a superior user experience compared to existing devices. In short, the UI and UX are the areas of improvement in Sophos UTM and similar solutions compared to Palo Alto.

I have experience with Sophos UTM for nearly two years. Recently, I deployed two Sophos solutions, one with HA and one on a primary device. The deployment process for one of the companies was done last month.

It is a stable product.

It is a scalable product. So it is easy to scale it up.

The solution's customer service is good. I rate the solution's technical support a nine out of ten.

Positive

The initial setup is quite easy because they have all the information on their website. Customer service is available anytime, especially when you set to start the device's configuration.

Since I was just a part of the initial configuration after deployment, I don't know the steps in the deployment process.

Both the technical and cost aspects are feasible since it is possible to obtain and use the device as a PnP solution. Considering cost and technical aspects, I rate the solution a ten out of ten.

Even if I compare Sophos UTM with other solutions, I don't think any pros or cons stick out since our clients are okay with the solution, and there has been no complaint regarding Sophos UTM.

My advice to others planning to use the solution is that it is quite easy. You can simply refer to the solution's blog or YouTube videos and install the solution. It's also quite easy to configure it. So, if you purchase it by yourself, you can configure it and use it on your particular network.

I love working with Palo Alto. So, I would like to give it a ten out of ten. Also, Palo Alto has a different market. So, I would always give a nine out of ten for other solutions. Overall, I rate the solution a nine out of ten.

We use Sophos to protect the entire network, including the web servers and everything else. 

Sophos UTM has a good user interface and granular security controls.

Sophos UTM could be simplified, and they can improve on the many other features, like SD-WAN and load balancing. Sophos UTM is missing a few features that their competitors have. For example, if you have multiple branches you would like to connect, the load balancing features aren't available on multilink. If we create a VPM for multiple LAN links, we cannot load balance the traffic.

I've been using Sophos UTM for five years.

Sophos UTM is stable.

Sophos UTM is scalable.

Sophos support is good. 

Sophos UTM is easy to set up, and I did it myself.

The price of Sophos UTM is reasonable. 

I rate Sophos UTM eight out of 10.

Sophos UTM is a virtual appliance used for network security.

Sophos SG UTM had all the basic functionality that you needed. It is user-friendly and easy to manage for any integrator.

There were a lot of features and functionality in Sophos SG UTM but nothing was state of the art in terms of technology. You did not get the latest functions. It was very monolithic as it was based on an old Linux PuTTY system.

Everything has changed in the newer version of the solution from the SG to the XG. It was a completely new reborn version. You are not able to migrate from SG to XG using scripts. it is very difficult because of the differences. There was not a simple migration path from one to the other.

In the Sophos SG UTM version, you cannot have any other functions. Sophos will tell you "It's a closed version. We will not have any more functions." However, in the new version, you have a lot of new functions, and every two or three months you have new features. For example, you can use Sophos Central to synchronize both strategy policies and even security, if you are equipped with Sophos antivirus on workstation and server. If your antivirus on the workstation finds a threat, your firewall will have the information of the station, what issue it had, and what other stations it communicated with.

Sophos has to enable the Intercept X or an EDR function on the firewall because for the moment, the firewall is only equipped with sandboxing or something similar. Which, is quite good but there should be something easier for the user. For example, the logs at the moment are not as simple as they are in other solutions, such as Fortinet, it is very important to have a logging tool, log reporting, or a reporting engine. We need to see logs and find information within. However, 10 years ago, we do did not care about the logs but things have changed. We need them to analyze, to have a view of some of the layers but we do not have this. They could improve by providing better log functionality and features.

I have been using this solution for approximately five years.

For the whole life of Sophos SG UTM, it has been highly stable.

On the newer XG version, we have had a lot of small bugs on the very first version. We were having lots of small bugs on different functions and it had been a mess for a lot of integrators to make it work and to keep confidence in the XG. The XG had a lot of functions and all functions could have a lot of bugs. Even if everything is under control on one or several functions, there were some functions that had many, such as the VPN. However, in version 18 the stability was a lot better. 

You rely on the stability of a firewall and if you have some bottlenecking from the communication from or to the internet. It is very difficult to be confident in Sophos and we lost some confidence in Sophos in the very earlier version.

Overall, we had more problems with the XG than with the SG version.

I have used other Sophos solutions, such as Sophos XG UTM.

The installation of Sophos SG UTM is very easy. There are detailed manuals that can help with the installation if you run into difficulties. There is some basic transferring training you can take that is not complicated.

It is very complicated to migrate everything you put in SG to another version. You need to redefine many aspects manually on the XG because you are not able to extract the configuration from a confidential file to import it into the XG. They are very different and will not work in the same way. It is very confusing for a new customer.

If customers want to buy the XG because it is the new version and they want to migrate through a Sophos or integrator, it will take a lot of days for engineers from SG to XG to implement because it is not the same solution anymore. It is very much similar to if you were migrating from SG to a Fortinet or to a Palo Alto firewall. You have to recreate the configurations manually on your side, with no migration paths. It is a very important point. We do not have migration paths from one to another.

The solution is very low cost compared to competitors. You have a good firewall, a lot of functions for less than the price of some omni firewall competitors.

I have evaluated other solutions, such as Sophos XGS.

There are two versions of the Sophos UTM. The old one is the SG, and the newer ones are the XG and XGS UTM, the next-generation firewalls.

Sophos UTM was a rebranded solution that was bought from the Astaro company. It was one of the first UTM and was a very stable solution. Everything was inside a small box, you could start to enable or disable some functions, such as TCP, HTTP proxy, or firewalling. It allowed you to manage everything you wanted in this Unified Threat Management solution. It was a very nice multi-functioning security tool. If you adapted to the way of working with the UTM you could do everything with it. 

It was a nice solution. Sophos still allows the use of the SG UTM. For example, if you want to buy an XG Firewall, which is their new next-generation firewall, you still can purchase the older SG UTM. Sophos is able to still deliver this solution.

I rate Sophos UTM a seven out of ten.

We primarily use the solution for a number of use cases, including the firewall, web filtering, email filtering, and email encryption. UTM does it all. The only thing that we don't use it for is web application and protection. We don't really have any web servers in-house.

The web and email filtering are the two biggest and most valuable aspects of the solution for us.  

The solution overall has just been a good, cost-effective solution for us.

The solution offers a lot of functionality.

The solution scales well.

We've found the technical support to be helpful.

The stability and performance are quite good.

The ease of use could be a bit better. It's something they could work on.

The ease of configuration could be improved. It's not as simple as it could be just yet. However, it's kind of the nature of it.

They're kind of difficult to get set up sometimes.

Some of the detail in the web filter and the email filtering could be better outlined in the reporting. It is not as good as the two separate standalone solutions we used previously. However, it does also gives us a lot of other stuff that those two solutions didn't. It's a trade-off.

I've been using the solution for the last five years at this point.

The stability and performance are good. The solution is reliable. There are no bugs or glitches. It doesn't crash or freeze. It's good.

We've been using the same hardware for five years and it's always had a very good performance. I would say it scales pretty well. We have around 80 users on the solution currently. We've had double that. Actually, until COVID hit, we did have double that, as of a year ago.

We've been very happy with Sophos, despite the fact that most of their support is based out of Europe. When you get them on the phone, they're actually very good. Their support is very good. We've been happy with them, and have no concerns about renewing the maintenance.

We currently use a few Cusco solutions. We had a SurfControl web filter previously - a standalone server for that. We also had an email filtering package, that was on a separate server by itself. We found that the Sophos UTM did both of those things, and it gave us a firewall, and it saved us money. That's largely why we switched. The downside to Sophos is the reporting wasn't as good, however, everything else was better.

There was nothing wrong with the other solutions that we had other than it would cost us twice as much money to get a lot fewer capabilities. We don't really have the manpower to fully utilize those other solutions in great detail, which is why a simple web filter and email filter that was built into the Sophos solution worked for us. Plus, it does a lot more than that. We could run everything through it. We could - and we may do this - move away from using the Cisco solutions altogether, and just use the two Sophos firewalls. Once we get the XG up and running, we can upgrade the UTM to XG also and have the two XG firewalls in our two locations, and use it for the LAN connection between the locations. I don't know that we'll do that, however, it's definitely something that we can do. It's just a lot of additional capability and flexibility. 

While the configuration can sometimes be tricky, it was pretty much straightforward to initially set everything up. It helped that we had paid support through Sophos, so their technicians helped us get it up and running.

The deployment took a couple of weeks in total. It wasn't too big of a deal.

We don't really have any staff dedicated to deployment and maintenance. I tend to handle those aspects myself.

I've watched a few webinars, even on implementation, and it's just that a lot of the stuff is really different. You need to work on it a bit to get the hang of everything.

We had Sophos directly assist us. They were great at helping us implement everything. We physically got it in place, and then got it up and running, and then finished it off with some assistance from Sophos.

We've found the solution to be cost-effective overall.

Normally we do a three-year license with maintenance on a firewall.

Beyond the standard maintenance fee, the solution doesn't require any other licensing costs.

We are a manufacturing company. We're not a technology company. We don't need to have the very latest state-of-the-art technology, however, we want to try to be close to it. For us, Sophos is perfect.

We also plan to use Sophos XG, however, we haven't implemented it yet. We're hoping it might be easier to configure and set up than UTM.

Our antivirus, actually, was the antivirus that was managed by the UTM. Now they've since retired that capability, and they've gone to endpoint security software being managed in the cloud. Sophos Central can manage all of the Sophos security products, including all the firewalls, the endpoint security. Basically, you end up with one web interface for all of your security stuff. That's actually going to be a big feature, especially moving forward with XG, due to the fact that, if XG detects anything fishy going on, you can shut down individual client networks, and not allow any traffic to go through.

 Our Exchange ActiveSync is actually behind a Cisco firewall. We have a Cisco ASA also.

We use the latest version of the solution.

I'd rate the solution at an eight out of ten. We've largely been satisfied with the product.

As a company, you're looking to get the best solution out there. Once you have something in place, and it's worked well for you, and it hasn't cost you any excess money, you don't need to have too much contact with anyone. I rarely contact Sophos. That's a good indication of how good the product is working for us. If I was looking for something new, or if when maintenance comes up, and we've had hardware that's been in operation for a while, maybe we just need something new. Then you look and see if there's something out there that works better for you. That's basically it. We're not looking for anything new. We've actually been very happy with Sophos. I liked the way that there's a lot of good stuff there.

I'm IT head at our company in India and we are customers of Sophos UTM.

The solution has many good features. There was a steep learning curve moving to version 18 but we're now at a point where the solution is more efficient and effective. When talking about VLANs the solution makes it easy to separate rules for everything. The solution is easy to use with simple implementation.  

The application server needs to be improved because currently, the classification segregation of applications needs to be more defined. Also, we used to be able to open the firewall using LAN IPS but that's no longer possible and needs to be solved. I'd like to see an improvement in central categorizing. These days with all the applications and threats, getting everything filtered down needs to be a finer, more granular process. There are times when you find that a website seems to be legit, but there is a code running behind it that can act as a proxy or some kind of a bot. The sites are always logged on, but at times we have to open for a few clients or a few sites and in that time they're open to attack.

We've been using this solution for at least six years. 

This solution is absolutely stable. 

The solution is scalable; we jumped from 135 to 230 users without any problems at all. 

Technical support used to be good but it's lagging a bit now. Support staff was better trained and more efficient than they are now. It could be because of Covid but it's a bit of a challenge at the moment. 

We worked with SonicWall many years ago. We then switched to Cyberoam and then we primarily used Cisco Firepower. There were support issues with Cisco and it wasn't easy to find the KB articles and training was lacking. Even the training personnel had problems when we had issues with implementation. The same thing happened when we used Palo Alto with the support being the biggest problem. It was so unstructured and I hope that has changed in the last 12 months. When it comes to firewalls we are happy with two products; Fortinet is our preference but when you take cost into account, we prefer Sophos. 

The initial setup was relatively straightforward. 

The licensing costs for Sophos are reasonable. It's clear to me that there are no full solutions, you can't win it all, and the cost is always an issue. We're on the winning side with Sophos in that respect. We renew our license every three years. 

I rate the solution eight out of 10. 

Sophos UTM offers considerable protection and employs a very well-structured pricing scheme.

It's a good choice for businesses that need a basic security solution with a good price-performance ratio. However, it's not a good choice for businesses that need a complex security solution. That's why I'm also considering Fortinet, which can provide a more comprehensive security solution.

I like the simplicity of Sophos UTM and the web filtering features.

The application control is really bad. It needs a lot of enhancements. The traffic shaping and bandwidth control, and application control need a lot of work.

In future releases, Sophos can enhance its quality of service. 

I have been using this solution for 11 years. 

There are two aspects to consider: software stability and hardware stability. The software is a bit stable, but the hardware needs a lot of improvement. So the software can be rated nine out of ten, but the hardware is only seven out of ten.

The software solution is not very scalable. So, it can be improved. 

We have about 50 customers right now using this solution. 

The initial setup is easy. It took half an hour to deploy. 

It is a complex security solution for firewalls. So there are a lot of implementation concerns. It's not like a wireless solution or something like that. So there's no direct answer for this one, especially for security solutions.

For the deployment, maintenance, and management, you need two security engineers. You need security engineers, not just regular engineers.

The ROI is extremely high.

The cost of the license depends on the size of the firewall appliance. There is a huge variety of pricing models.  

Sophos UTM has very reasonable pricing. 

Overall, I would rate the solution an eight out of ten. 

It's a good firewall solution for small and medium businesses, but it's not the best choice for businesses with complex security requirements. 

I would recommend that businesses carefully consider their requirements before choosing Sophos UTM. If you need advanced application control, you should look for a different firewall solution.

I am an implementor and I provide support for customers' use cases. The solution is used as a load balancer, and for VPN access.

The most valuable feature of Sophos UTM is the simple-to-use interface.

Sophos UTM could improve if there was no limitation on users.

I have been using Sophos UTM for approximately six months.

I rate the stability of Sophos UTM a ten out of ten.

I rate the scalability of Sophos UTM a ten out of ten.

The support from Sophos UTM is good.

I rate the support of Sophos UTM an eight out of ten.

Positive

The implementation of Sophos UTM is simple. The documentation of the solution is satisfactory.

I rate the initial setup of Sophos UTM an eight out of ten.

We use two engineers for the deployment of Sophos UTM.

The price of the solution is high. The price from USD to my currency is expensive.

I rate the price of Sophos UTM a five out of ten.

This is a good solution and they should try it.

I rate Sophos UTM a ten out of ten.