Sophos UTM Reviews

We primarily use the solution for firewalls. 

The firewall in general is very good. It is comparable to other firewalls. 

Since any environment needs a firewall, it's been helpful in its ability to be highly granular in its configurations. 

Sophos is a security-focused company, which I like. I like that all Sophos products can essentially talk to each other. For example, if a computer has the Sophos antivirus, and it detects something, it actually talks to the Sophos firewall and says, "Hey, I think something is going wrong on this computer." Then, the firewall goes, "You know what? I'm going to shut it down for a while. I'm going to close off all incoming and outgoing connections from that unit until an IT admin comes in and tells me to release it."

It's very scalable.

The solution is stable. 

The initial setup is pretty straightforward. 

I don't really have any notes for improvements. I don't need additional features. 

I've been using the solution for three or more years. 

The solution's stability is excellent, and it is reliable. There are no bugs or glitches, and it doesn't crash or freeze. 

The solution is very scalable and easily expands. 

I'm also familiar with Meraki. Sophos, however, has the ability to talk to other Sophos products. 

Meraki would be all isolated, meaning you have a different antivirus. It'll try to block and scan and do its thing, however, the firewall will always allow the connection to go through. Nothing is stopping it from isolating it. From a Sophos perspective, every single thing talks to each other, whether it's Sophos Central, Sophos email security, Sophos antivirus, or Sophos firewall.

They all talk to each other and look at how attackers come in because attackers don't just, poof, appear on a computer. There's a route it needs to take and different layers of protection it has to go through. If all of your layers, your roads, and everything is all Sophos, they all jive, and that's great.

The ease of setup is dependent on the level of technical expertise. If you are a qualified tech, all firewalls should be pretty simple to deploy, depending on the environment. It's simple enough to implement in general. 

We have witnessed a positive ROI while using the solution. 

Price-wise, you get the bang for your buck. You get a huge value set. Ask for HA, high availability, since a lot of Sophos resellers sell two firewalls, the second one being free. Then, you only pay for one license. If your first firewall fails, the license migrates to the second one.

We are using a variety of different versions of the solution right now. 

It's really, really cool to look into Sophos. I highly recommend it. From an infrastructure, stability, and security perspective in terms of configuring in a granular way, Sophos does it all. It's a really good product and something to look into. 

It's also a lot cheaper than Meraki. It does way more than Meraki. Dollar to dollar, Sophos will likely beat Meraki. For example, with Meraki, you're going to be paying two or three times more for nothing spectacular, nothing different. You just get a portal. It's okay. With Sophos, you do have to know what you're doing, however, any network admin should be able to figure it out. It's not like an ancient hieroglyphic language. It's quite straightforward.

I'd rate it nine out of ten. 

Sophos UTM is a complete firewall we use to protect from internet threats and check traffic from our network to the internet. It's a firewall covering all layers of protection.

Sophos has some plugins that run on the cloud, but it's transparent to the end-user. For example, there is something to identify threats on an email system called SenseStorm, which is connected to the Sophos Cloud and identifies new threats then spreads the same pattern to all Sophos installations in real-time. I can say that almost 100 percent of our customer companies who have a file solution use Sophos.

The three most important features for us are web protection, web server protection, and network protection.

Sophos UTM sometimes falls short in high-availability environments. They used to launch firmware that didn't work very well in a high-availability environment. 

I've been using Sophos UTM for the last five years, but we started using Astaro Security Gateway, the predecessor to Sophos UTM, in 2002.

Sophos UTM is a strong solution. I give it a 10 out of 10 for stability.

Sophos UTM is scalable.

The initial setup is somewhat tricky. You need to understand networking concepts well, and the company must have good policies for internet access. However, it's not that complicated. I would say it's an intermediate difficulty, but I also have a lot of experience with this solution. It might be challenging for a new technician. We do all the deployment in-house, and it takes about three business days. Our team consists of two technicians and me, the manager. 

Sophos UTM isn't cheap. It's in the middle, so not the cheapest, but not the most expensive. It's average. If you buy the full suite, you don't need to pay for add-ons, but if you buy some partial products, you have to pay to deploy more features.

I rate Sophos UTM 10 out of 10. It's the most reliable solution in the firewall market. Considering the price and quality of the product, Sophos UTM is the best solution.

We use this solution for communication endpoint, encryption, and network security. We are focused on providing security software to the small to mid-market enterprises; the essence of our delivery is internet security.

The features that I've known to be the most valuable are both the web security features as well as the web firewall capabilities. As a partner of Sophos firewall, we have some clients that are using Sophos firewall UTM and we use it as well.

One additional feature that should be included in the next release is
synchronized security, which would enable all the security to work together as a system. Another suggestion is to add advanced threat protection (ATP) to defend against sophisticated Malware. Seeing these additional improvements would be a great thing going forward.  

The product is stable. It's a product that our clients are able to use and enjoy. We haven't had many complaints about the product at all. Internally we haven't experienced any problems. 

The scalability is also fine. Currently, we have 20 employees using the product to date and only one employee needed to maintain the product. At the moment we don't have any plans to increase usage in the company. Not now, next year maybe.

We train our employee's on technical support. I don't need any outside technical support.

The only time we faced a problem or issue is when we place a ticket. We have found that the response is very slow. That seems to be our biggest problem.

We previously used Cyberoam but Sophos acquired Cyberoam. That's why we migrated to Sophos.

The initial setup was done with our engineers, they also set up that server firewall. The setup was straightforward.

The deployment took one month. We're a support base reseller. Our in-house team took care of it. We don't use anyone from the outside, we can deploy the product on our own.

Everything involving pricing and licensing is maintained by our Bangladesh Sophos country managers. The pricing is okay and the licensing is also included in the price.

Sophos UTM is a good product for security purposes and maybe if Sophos provided another company option to implement their products then I would say that Sophos UTM is great.

On a scale of one to ten with 10 being the best, I would give this solution a nine out of 10. 

As we are a solution provider and not product oriented, we give the best solution for our customers, with a good price. We are the number one company in the region, BTC, and operate in Egypt, Iraq, Jordan, Lebanon, and Saudi Arabia.

As both a firewall and UTM it's perfect.

No issues encountered.

For me, the customer satisfaction, and awareness, is the most important thing. I usually train all my clients on their chosen system.

10/10.

As we are a service provider, we offer various other products to our customer:

• Astaro ASG
• Avaya/Netscreen
• Fortinet
• HP Switches & WiFi
• Juniper SSG
• Juniper SRX 210 & 240
• Juniper WXC
• Sophos next generation SG, including RED, SG, and WiFi
• Telindus Crocus E1Q

For me, the installation and setup is simple. I work hard to do the simulation for the customer, and discuss all the requirements before implementation with the client.

In one project I implemented Sophos for was a bank. I had to involve the Sophos team as the client was asking for WAF in transparent mode with HTTPS inspection. They were 10/10.

Prior to Sophos, it was mainly Juniper and Fortinet.

Give us 10 minutes of your time, and we will show you the differences. When I do presentations, I give potential clients demo access to the solution(s) I am presenting.

Our Sophos UTM provides a secure VPN solution. It allows us to have a VPN solution that limits access to certain sensitive areas in our environment.

It has made our organization more secure, because we are using a VPN. We are not accessing services directly. It allows us to segregate some of the traffic for individuals which may be more of a developer role rather than an operational role needing access to developer resources, but not necessarily production operational resources.

Previously, it was all intermixed, and access was kept under control by other means. This makes it easier and more streamlined.

1. The VPN side of it.
2. The ease of configuration of the VPN.
3. Some of the end user self-serviceability of it without having to have a whole lot of touch from our operational group

The UI on it could stand a little improvement. In some areas, it is a little slow and clunky. It is sometimes not easy to find something. However, once you get used to it, it is pretty normal to use.

We haven't had an issue with it yet. 

Any given day, we have easily ten to 15 users on it constantly, plus some other ancillary services which go across the VPN to access resources in our environment.

It works for what we have, as we only need a couple of them. Scalability-wise, we don't need a whole lot. 

We have used technical support one time for a weird upgrade issue. Their response was good.

It integrated well with AWS. The documentation was a little fuzzy on getting it to work with how the whole public exposure versus private exposure, then routing some of the traffic. However, once you read the documentation carefully, it comes out well. This goes back to the UI issue.

It makes it a lot easier for us to maintain things. Prior to it, things were more difficult. This means less time on us. We can focus on other things. The recovery is more in man-hours for us than anything else.

Purchasing through the AWS Marketplace is pretty straightforward. Because were entirely on AWS and don't have anything anywhere else. It made the most sense for us as a one stop shop.

The pricing is pretty reasonable. I don't think that it is overly expensive.

We looked at a couple other products. However, overall, Sophos UTM seemed to fit the bill. It has allowed us to have a solution that we can maintain and not have to babysit all the time.

It is definitely worth looking at. It is a pretty good product.

It is integrated with our LDAP solution, and that integration is okay. Any LDAP integration can be hit or miss. It doesn't matter what it is, because it's LDAP. Since we use LDAP as a service, it's a little different, but it does work well.

We use it for the AWS version.

We have quite a lot of web service hosting, either websites or hosting APIs. We use Sophos as a two-factor authentication process. So, if they are outside or working in a remote office, they will need to use the Sophos VPN, which is gotten from the Sophos UTM, then ideally they will be developers. However, they can also be BI guys, DevOps people, etc. 

Sophos UTM allows you to compartmentalize different sections or different people, having those people connect to different services.

We use it for primarily for two-factor authentication, for VPN to allow employees security access the servers and to ensure people do not access things they should not have access to.

• It has allowed us to have one solution for our AWS needs.
• It allows our developers to be able to securely log into servers to deploy and manage software.
• It has allowed us to design a bespoke cloud space for our clients, while still having an excellent level of protection.

• The combination of server protection
• Seamless incorporation with AWS
• Its VPN feature

You (currently) need to buy the Sophos software per availability, zone, and per VPC. It should offer an account-based solution.

When you buy a Sophos license, you have to buy a license for each location. We have clients in the US. We have clients in Ireland. We have clients in the UK. With GD-PI coming, the clients' data needs to stay in-house, so when you buy the Sophos license, it only works for the UK. Then, you have to buy another in the USA and another one in Ireland, then you have to have a VPN tunnel between all of them to have them talk to each other because Sophos blocks them talking to each other.

So, ideally, a multi-VPC or a multi-talented Sophos would be great because it would take away the fact that you need to build a tunnel and you have one management console for all your different locations. Instead of having three different locations with three different IP addresses and having to add users to probably two out of three, sometimes all three, having just one centralized location would be good.

No, we did not. Backups were done daily, and its Linux backend gave us no issues.

Adding new servers was seamless. Adding new users and allowing for VPN access was also fantastic.

For the AWS version, it was atrocious. None really. For the bespoke cloud space that we designed though, they were very good.

To further clarify, there is absolutely no support when using AWS. If you buy the on-premise Sophos solution, you get support and you get all the stuff. Whereas if you are using the AWS version, you do not. So, you kind of have to research. There's something simple really which affects Sophos quite a bit during setup. 

No, we didn't. It was our first choice and it was definitely a good one.

For a user who hasn't done it before, it may be a bit complex but with a general understanding of networks, it was fine.

However, when you build everything up using the AWS version (setup), it actually does not work until you write it on the Sophos UTM and in the networking, you have to change the source destination check. You have to do that at the end of it, but there is nowhere in the documentation or anything where it tells you that. It was just somebody happened to find that out. It is a pretty straightforward setup, but it should be some sort of documentation that takes you step-by-step to help set it up for your VPC. There really is not that much difference setting it up in different VPCs, but there is not enough information out there. It is a very good solution that a lot of people would be using more of except you are doing different things, and you have to try and figure it out yourself. 

The support, there is none; AWS themselves, they support it the best, because they have some knowledge of it, but they do not fully support it because it is not their product. It is a third-party product.

Licensing is a bit complicated, as it is based on products -- so define your requirements and find what best suits you, as you do not need the whole suite of software they provide.

For AWS, it is pretty straightforward. You buy it, then you have all your licenses that you need, approximately 60 or 70, or it might even be unlimited. However, that is for one margin to expand to different margins. If you have an on-premise AWS, or one of our clients wanted on-premise AWS Assistant, the problem is to build the Sophos UTM on it. We get the software, then the licensing was not explained well because when you buy the licenses, you buy five (or 50) licenses, that is for the first module. So if you expand to second module, you have to buy more licenses of that. 

Again, it is one of those things where it is not well explained. Unless you are in the United States, or you have to use Sophos, you can't contact Sophos directly. You have to use a third-party company, and they all have different ways of how they explain their licensing. So, we have clients that want the database on-premise, and we went to get the Sophos licensing system and stuff like that. It was just they were doing it a different way to who we had in Ireland, so the conformity is a bit iffy. 

It is one of those things where it is not very well explained, so it is a lot of grunt work, a lot research has to be done before you progress, and there are the pitfalls that you encounter. There are quite a few of them. Once you get it working, it is a fantastic product. It is just getting it that is the issue. 

We looked at a few, but I can't remember right now.

Great product which works without issues or downtime.

Sophos UTM provides security for our network here and access through a VPN connection for our remote users. It also offers the flexibility to create different tools for accessibility.

I would like to see Sophos UTM add support for all the new threat-detection technologies and the ability to respond to novel security threats that come along every day.

I'm in the process of switching every UTM device in all branches to Sophos, so I need visibility into each branch to see the activity. I need alerts for any threat that enters the network. If there is unauthorized access or some specific action that can threaten my network, I want to be notified.

We've been using Sophos UTM for the last three years.

Sophos UTM is stable so far. 

I haven't had the need to scale up Sophos UTM so far, but I believe it's scalable.

We have excellent technical support. The company that supports us is highly experienced with Sophos.

We previously had Cyberoam. After Sophos acquired Cyberoam, we purchased new Sophos hardware devices.

Sophos UTM is priced in the middle range. Okay. It's a good value and a far better price than many competing solutions.

I rate Sophos UTM seven out of 10.

We primarily used the solution to replace Cyberoam. For a client recently, we replaced their old SD device with the latest version, XG 210.

At the moment we have deployed the web filtering application as they have their own web servers and their email protection. The web filtering is great. At the moment, we haven't heard any negative feedback from the client.

There is plenty of documentation that can help you check scenarios or different situations that might you have.

The stability is great.

The cost of the solution is very reasonable.

I can't recall dealing with any missing features.

Lately, I've dealt more with Fortinet, and haven't focused too much on Sophos.

The initial setup may be difficult for those not familiar with the product.

If I recall correctly, I've been dealing with the solution for about five or so years. It's been a while at this point. 

The solution is very stable. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

We are actually in the process of discussing scaling with a client. We're working on the business planning aspect right now. We're looking at opportunities on how to protect their network, besides just the webserver and the email servers.

I haven't made any request for technical support previously. That is due to the fact that even the local authorized distributor here in the Philippines is very helpful in deploying and configuring the product. Therefore, we have no need to contact Sophos directly.

There's also lots of documentation to reference. 

Recently, I've used a lot of Fortinet products. 

Although I hadn't done a setup in a while, I quickly recalled the steps taken. If you've handled a setup before, you're likely to find the implementation process rather straightforward. I found I was able to adapt quickly and figure out the necessary configurations.

In terms of licensing, here in the Philippines, we just pay on a yearly basis. The renewal is up for this year in Q3. We are talking now with the distributor where we purchased the hardware for a possible renewal with the client.

Overall, they provide very reasonable pricing.

My company is a reseller of Sophos.

I haven't deployed one of their latest solutions yet. We just had a recent project for a basic firewall, and they were actually 210. That's the last project I had with Sophos.

We are in the process of taking up certification exams for Sophos.

I definitely recommend Sophos. It's one of our top products in the company.

I'd rate the solution at a nine out of ten.