Sophos UTM Reviews

We have quite a lot of web service hosting, either websites or hosting APIs. We use Sophos as a two-factor authentication process. So, if they are outside or working in a remote office, they will need to use the Sophos VPN, which is gotten from the Sophos UTM, then ideally they will be developers. However, they can also be BI guys, DevOps people, etc. 

Sophos UTM allows you to compartmentalize different sections or different people, having those people connect to different services.

We use it for primarily for two-factor authentication, for VPN to allow employees security access the servers and to ensure people do not access things they should not have access to.

• It has allowed us to have one solution for our AWS needs.
• It allows our developers to be able to securely log into servers to deploy and manage software.
• It has allowed us to design a bespoke cloud space for our clients, while still having an excellent level of protection.

• The combination of server protection
• Seamless incorporation with AWS
• Its VPN feature

You (currently) need to buy the Sophos software per availability, zone, and per VPC. It should offer an account-based solution.

When you buy a Sophos license, you have to buy a license for each location. We have clients in the US. We have clients in Ireland. We have clients in the UK. With GD-PI coming, the clients' data needs to stay in-house, so when you buy the Sophos license, it only works for the UK. Then, you have to buy another in the USA and another one in Ireland, then you have to have a VPN tunnel between all of them to have them talk to each other because Sophos blocks them talking to each other.

So, ideally, a multi-VPC or a multi-talented Sophos would be great because it would take away the fact that you need to build a tunnel and you have one management console for all your different locations. Instead of having three different locations with three different IP addresses and having to add users to probably two out of three, sometimes all three, having just one centralized location would be good.

No, we did not. Backups were done daily, and its Linux backend gave us no issues.

Adding new servers was seamless. Adding new users and allowing for VPN access was also fantastic.

For the AWS version, it was atrocious. None really. For the bespoke cloud space that we designed though, they were very good.

To further clarify, there is absolutely no support when using AWS. If you buy the on-premise Sophos solution, you get support and you get all the stuff. Whereas if you are using the AWS version, you do not. So, you kind of have to research. There's something simple really which affects Sophos quite a bit during setup. 

No, we didn't. It was our first choice and it was definitely a good one.

For a user who hasn't done it before, it may be a bit complex but with a general understanding of networks, it was fine.

However, when you build everything up using the AWS version (setup), it actually does not work until you write it on the Sophos UTM and in the networking, you have to change the source destination check. You have to do that at the end of it, but there is nowhere in the documentation or anything where it tells you that. It was just somebody happened to find that out. It is a pretty straightforward setup, but it should be some sort of documentation that takes you step-by-step to help set it up for your VPC. There really is not that much difference setting it up in different VPCs, but there is not enough information out there. It is a very good solution that a lot of people would be using more of except you are doing different things, and you have to try and figure it out yourself. 

The support, there is none; AWS themselves, they support it the best, because they have some knowledge of it, but they do not fully support it because it is not their product. It is a third-party product.

Licensing is a bit complicated, as it is based on products -- so define your requirements and find what best suits you, as you do not need the whole suite of software they provide.

For AWS, it is pretty straightforward. You buy it, then you have all your licenses that you need, approximately 60 or 70, or it might even be unlimited. However, that is for one margin to expand to different margins. If you have an on-premise AWS, or one of our clients wanted on-premise AWS Assistant, the problem is to build the Sophos UTM on it. We get the software, then the licensing was not explained well because when you buy the licenses, you buy five (or 50) licenses, that is for the first module. So if you expand to second module, you have to buy more licenses of that. 

Again, it is one of those things where it is not well explained. Unless you are in the United States, or you have to use Sophos, you can't contact Sophos directly. You have to use a third-party company, and they all have different ways of how they explain their licensing. So, we have clients that want the database on-premise, and we went to get the Sophos licensing system and stuff like that. It was just they were doing it a different way to who we had in Ireland, so the conformity is a bit iffy. 

It is one of those things where it is not very well explained, so it is a lot of grunt work, a lot research has to be done before you progress, and there are the pitfalls that you encounter. There are quite a few of them. Once you get it working, it is a fantastic product. It is just getting it that is the issue. 

We looked at a few, but I can't remember right now.

Great product which works without issues or downtime.

• Firewall
• NAT
• Intrusion prevention
• Site-to-Site VPN
• Web filter
• Anti-virus

Before using the Sophos appliance, we consistently struggled with users clicking on things they shouldn't be. This led to virus/malware infections that seemed to propagate through the network at an alarming speed. Since we incorporated the appliance into our network, we don't have to worry as much since it does in-line virus checking, and if a computer does get infected the Sophos appliance lets us know via it's Advanced Threat Protection so we can get a much faster response time.

I wish the internet failover worked better. As it stands right now, when we have an internet failure on WAN1, it takes several minutes before our WAN2 connection picks up the traffic, with many things not working until I manually fail over to the other WAN.

I've used it for seven years.

Initially, we had issues configuring the web filter and getting the right policies applied to the right users. After several calls to Sophos, they were able to assist us in getting to where we wanted to be. Other than that, deployment was easy as long as you pay attention to what you are doing and have the setup guide handy for any questions you have.

The appliance has been very stable, only being rebooted to apply patches for security vulnerabilities, which fortunately is not very often.

The UTM 220 has served our purposes very well, it has allowed us to scale up on the computing side as well as the server side with no issues at all.

Their customer service is fantastic.

I have never had an issue go unanswered when I've had to involve Sophos technical support. Above all, it's their technical expertise that truly sets them apart from other vendors we have tried.

We did originally try to use PFSense. The software was hard to use, and the level of technical expertise was not good. Ultimately, after several demos of both products, we decided that Astaro (at the time we purchased our original device) was the right vendor to work with. Since that time, Sophos purchased Astaro and it would appear that they kept a lot of the same people working on these devices because the transition was smooth, and the level of knowledge never faltered.

The initial setup was very straightforward. I will say that you do need to have a certain level of knowledge to set up the more advanced functions. Configuring the network was the easiest part, and the firewall was very straightforward once you figured out exactly what rules you needed to put in place. NAT was a bit confusing to start with, but once you went through the process it was easy. Intrusion prevention was easy to set up, flip the switch to the on position and decide what rules you want to apply. Web filtering took a few calls to Sophos to set up properly, as we were trying to set up filtering policies based on Active Directory groups, and were not successful in the initial configuration, but we did finally get this implemented.

I implemented the product in-house. The one bit of advice that I can give is to organize yourself prior to deployment. Determine what services you want to utilize in your environment, and focus your learning to those parts of the guide, this will make your deployment much easier.

Our return on investment is the fact that we are protecting the business' data, lowering administrative costs, and are better able to manage every bit of our network security.

The licensing model is very straightforward, it's a bit pricey, but for what you get, it's well worth it.

I use this solution for my severs.

At some point in time, it seemed to be ravaging organizations around us and we couldn't definitely outrightly isolate ourselves from it. While we were attacked, I want to believe that it was solely because there was that in addition to the fact that there are triggers. 

We also know very well that Sophos is proactive in monitoring and protecting against malware and brute-force attacks.

It's one of the things that it is quite good for.

The most valuable feature is ransomware protection. It is known for ransomware protection.

In terms of additional features, I'm still getting to understand more about how it works.

I'm still exploring the features and I haven't used them in totality. 

I think that additional metrics features are needed to be able to monitor other areas or to monitor as much as you can, at a fine-grain resolution. This would be good. Somewhat similar to what Darktrace can do. 

Proactively understand and using AI intelligence to monitor and see activities that are away from the norm and then proactively see how they can either isolate the quarantine system and inject it back into the system upon validation.

They could explore most of the products in Symantec's and Fresh Services and run from the same file to see what additional feature one is offering.

I would also like it if they could work on the price because it is expensive.

I have been using Sophos UTM for approximately three years.

I understand that it's had a couple of releases too frequently but I want to believe that it's relatively stable. 

I still believe that in terms of stability, Symantec is better, so this can be improved.

Sophos UTM is quite scalable.

I haven't had any reason to contact support directly because I have MacBytes, which happens to be a local vendor that we have been using. It's been pretty good. 

They are very good at supporting us technically when the need arises.  

I am currently using Symantec for my own workstations and I use Sophos for my server Endpoint protection.

The initial setup is relatively straightforward.

The prices can be better, they could make it a lot cheaper.

You are on the right track with Sophos UTM, but you should keep up with the trends as they become available.

I would rate Sophos UTM a nine out of ten.

We use this solution as a firewall, for DCP filtering, applications, and training.

We need to speed up the support.

We have been using this solution for three years.

It's a stable solution.

It is a scalable solution but the only disadvantage is that when we use a proxy, we can bypass Sophos.

We have 50 customers. The maximum number of users in one device is approximately 4,000. It's a large network.

The support is okay, but it takes time to connect to the support team.

It is easy to install.

We only require one engineer to deploy and maintain this solution.

The appliance should be purchased and there is a fee for the license.

There is an option for a yearly licensing fee or for three years.

We recommend this solution. We complete between 20 and 30 installations per month.

I would rate Sophos UTM a nine out of ten.

Our datacenter cloud services such as email, and web services for internal and external use, had to be protected with different systems and the web services where left really unprotected, since we used an standard IPS/IDS to protect ourselves from web attacks (from the outside) which nowadays are really sophisticated. Also, we had to employ many work hours to have a protected, standardized network. With Sophos EndPoint and Sophos UTM, we simplified and also protected our network at the same time, with less work force.

The web filter and the ATP (Advanced Threat Protection) are great and easy to manage, and the integrated WAF (Web Application Firewall) allows the administrator to seamlessly protect HTTP/S services without having to pay thousands of dollars. The just introduced Sandstorm system for protection, is awesome as well.

Sophos UTM has many improvements that I would suggest, but the main one is for the Application Control to be managed with users as well, and with timeframes (schedules) for the administrator to allow certain apps outside an specific timeframe, or vice versa.

No issues encountered.

The scalability is awesome as when you need the network protection systems to grow immediately, you just activate and license the exact same box, and configure it in cluster mode for Active-Active mode in Cluster/High Availability.

This is where Sophos vendor outclasses every other vendor. They have grown so much throughout the last four to five years, but they have grown as well in their capability to attend support cases. We've had some really advanced cases, and we have never been forgotten or left behind.

We used a commercial product, Untangle, with our own brand called Rhino Box. Untangle did not invest in the development of features as we expected, such as the adoption of IPSec VPNs (they had it but very limited), and IPv6. This was what made us do research for our SMB/Enterprise market offering. We tried out Sophos UTM (recently purchased as Astaro UTM) and it was really easy to deploy and came with Sophos Support, which is awesome.

The initial setup is straightforward. Sophos brand is well known in the market for being a unique and powerful tool that is simple to deploy and manage. This is what makes it different from any other vendors. The Sophos UTM, comes with a deployment "Wizard for Dummies" since it show the wizard at the initial setup, and in less than three minutes, you can have your box up and running. Also for Policies deployment, you are clicks away to customize your security settings.

We always deploy by ourselves, so that way we can test how the customer will see the initial implementation. Our main advice, is to read the manual, and follow the wizards that comes with each tool. Also, it is strongly recommended to have a professional firm contracted for the initial setup, and support, as we are, to can design, and help with any kind of implementation issues.

The ROI is in 12-16 months, since with this kind of tool, we deliver the best of breed protection, and increment the focus of the end user, in being productive.

I recommend you get the three year licenses, since Sophos offers three years for the price of two. I would also recommend that you acquire any Sophos Licensing with Professional Services added, that way, you'll have the best experience possible.

They have supported our business venture since 2010, and will do for many years. We have studied closely the different product portfolio, and each one of them, are carefully developed.

The web application firewall and web filtering. We are using the UTM to be the gateway for the private cloud solutions we offer.

Easy management of the firewall, with one URL to control the firewall/web filters for our entire cloud.

HA needs to be improved for the software appliance because if Sophos is deployed in ESXI/Hyper-V then the HA is unstable. Also, the web application firewall only allows the use of ports 80 and 443, and if we could use others ports than that would be a welcome addition.

For two years now in our datacenter, and also several deployments at some of our customers.

Setting up the link aggregation group (NIC teaming) gave us some problems with the ethernet VLAN option for WAN, but after a firmware update, the issue was resolved.

If you enable the intrusion prevention option in the firewall any Wordpress deployments on a Plesk server behind the firewall slows down to a crawl, and there is no fix yet. The current workaround is disabling the intrusion prevention option at the moment.

No issues yet.

7/10. Getting a new license for the SG220 sometimes takes a long time, but they will give you a 30 day demo license to compensate for it.

9/10. Any question or issue is solved within minutes after calling technical support.

SonicWALL was our previous product, and we switched to Sophos because of its ease of use.

When you start the initial setup you`re helped with wizards, but if you use the software appliance and make a mistake by selection wrong interfaces in the wizard it can result in the firewall becoming unreachable.nThe hardware appliance is (almost) plug & play.

We implemented it in-house.

It's around six to nine months.

We looked at several open-source firewall options whose names I will not mention, and the reason we did not use them was because of the ease of use, and what our support desk could do.

If you want an easy to manage, and powerful firewall then take look at Sophos UTM.

We primarily use the solution for the firewall and VPN.

The web filtering is great.

The initial setup has been fine. 

You can increase usage if you need to.

The VPN could be better. We need a better VPN client for the customers.

We'd like better logging. 

I've used the solution for six years.

We have about 3,000 users on the product right now. We do have plans to increase usage in the future.

Technical support has been fine. We are satisfied with the level of service we get. 

Neutral

We also use Fortinet and pfSense.

The initial setup is very simple and straightforward. It's not overly difficult or complex to set up. 

The licensing is paid on a yearly basis. You just need to pay the standard licensing fee. There are no extra costs. 

I'd rate the solution a seven out of ten. It's been okay.

We are a partner of the product.

We primarily used the solution to replace Cyberoam. For a client recently, we replaced their old SD device with the latest version, XG 210.

At the moment we have deployed the web filtering application as they have their own web servers and their email protection. The web filtering is great. At the moment, we haven't heard any negative feedback from the client.

There is plenty of documentation that can help you check scenarios or different situations that might you have.

The stability is great.

The cost of the solution is very reasonable.

I can't recall dealing with any missing features.

Lately, I've dealt more with Fortinet, and haven't focused too much on Sophos.

The initial setup may be difficult for those not familiar with the product.

If I recall correctly, I've been dealing with the solution for about five or so years. It's been a while at this point. 

The solution is very stable. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

We are actually in the process of discussing scaling with a client. We're working on the business planning aspect right now. We're looking at opportunities on how to protect their network, besides just the webserver and the email servers.

I haven't made any request for technical support previously. That is due to the fact that even the local authorized distributor here in the Philippines is very helpful in deploying and configuring the product. Therefore, we have no need to contact Sophos directly.

There's also lots of documentation to reference. 

Recently, I've used a lot of Fortinet products. 

Although I hadn't done a setup in a while, I quickly recalled the steps taken. If you've handled a setup before, you're likely to find the implementation process rather straightforward. I found I was able to adapt quickly and figure out the necessary configurations.

In terms of licensing, here in the Philippines, we just pay on a yearly basis. The renewal is up for this year in Q3. We are talking now with the distributor where we purchased the hardware for a possible renewal with the client.

Overall, they provide very reasonable pricing.

My company is a reseller of Sophos.

I haven't deployed one of their latest solutions yet. We just had a recent project for a basic firewall, and they were actually 210. That's the last project I had with Sophos.

We are in the process of taking up certification exams for Sophos.

I definitely recommend Sophos. It's one of our top products in the company.

I'd rate the solution at a nine out of ten.