Sophos UTM Reviews

We primarily use the solution for perimeter security in order to protect content. We also use it for the XG firewall.

The content filtering is the solution's most valuable aspect.

The initial setup is pretty easy.

The solution is pretty easy to manage.

There needs to be some improvement in the IPsec VPN. There is implementation only support. I have version one. I'd be most interested in having IP version two from the protocol.

I've been using the solution for about five years or so at this point.

The stability of the product is quite good. We haven't had any issues with bugs or glitches. It doesn't crash or freeze on us. We trust its reliability.

We don't really have scalability in mind right now. I need proof of all that. It's a single device that we have.

We don't plan on increasing usage with this device. In fact, we're considering a switch to Sophos XG.

We've never directly worked with Sophos' technical support. We've always dealt with the Sophos partners.

We also don't really have any experience with online community support or documentation.

I previously worked with Microsoft BMG. At the time we switched, Sophos was the better option. We needed a solution that was easy to manage and Sophos fit the bill in that sense. Microsoft didn't really offer any support. Sophos also was integrated with a directory and a single sign-on.

We're actually looking at switching to Sophos XG in the near future. The main difference between the two lines of Sophos products is the level of support provided. XG offers more of what we need. We may also eventually move to a Huawei firewall.

The initial implementation is not complex. We found it to be very straightforward. It was easy.

The deployment took approximately one week. It didn't take too long.

We had two people on staff that handle deployment and maintenance.

We had a consultant help us manage the implementation. hey were very good and quite knowledgable. We were satisfied with the assistance they provided to our team.

We pay for the service on a yearly basis. The last time we paid was in June, for a year. At the time, it was about $20,000.

There are no costs above a standard licensing fee.

We're just customers. We don't have a business relationship with Sophos.

I can't remember the exact version of the solution I am currently using, however, I believe it to be around version 9.

It's a good product, and I would recommend it, however, I would advise other potential users to instead maybe consider Sophos XG.

Overall, I would rate the solution at an eight out of ten.

SMB firewall.

Protected it against malware and allowed us to serve our servers safely.

Application layer filtering.

Setup: Getting an exchange server to work behind Sophos is incredibly difficult with rules invoked that are simple numbers (e.g. 9054).

Currently, we are using the product on-premise. However, in the future, we would like to deploy an AWS instance too.

This product helped us a lot in having a greater visibility into the network traffic coming inside and passing away from the company. The Sophos’s unique RED devices helped us a lot to build up extremely, easy Layer 2 VPN connections.

• Email and web proxy: for filtering unwanted emails and spam, and for web content and malicious url filtering
• SSL VPN and two-factor authentication: for secure remote access
• Layer 7 app control: for blocking P2P (ex. BitTorrent) and media streaming content 
• WAF/reverse proxy: for securely publishing web applications and protecting Exchange services 
• WAN load balancing: for multiple Internet connection management

• Certificate management (ex. Let’s Encrypt support)
• VPN: IKEv2 Support

We have not encountered any issues with stability.

The Sophos UTM solution is very scalable. You can build a hardware cluster with up to 10 nodes. 

Technical issues addressed to support team have been solved quickly.

Before we were using Cisco solutions, we switched because of the lack of UTM features.

The initial configuration is straightforward thanks to the web GUI. In 30 minutes, you can have a running firewall with UTM protection enabled.

The pricing for Sophos UTM is quite acceptable compared to other UTM vendors. If you would like to run an active-passive HA system, you only need to buy an additional hardware without subscription. At other vendors, you need subscription for both devices.

In the case of a software/virtual appliance subscription, you pay by protecting user/IP addresses. You can do this to as much hardware resources as you like.

We evaluated SonicWall, WatchGuard, and Stormshield (Netasq) solutions.

We highly recommend this solution for SMBs for its reasonable pricing and wide range of network services.

• Firewall
• NAT
• Intrusion prevention
• Site-to-Site VPN
• Web filter
• Anti-virus

Before using the Sophos appliance, we consistently struggled with users clicking on things they shouldn't be. This led to virus/malware infections that seemed to propagate through the network at an alarming speed. Since we incorporated the appliance into our network, we don't have to worry as much since it does in-line virus checking, and if a computer does get infected the Sophos appliance lets us know via it's Advanced Threat Protection so we can get a much faster response time.

I wish the internet failover worked better. As it stands right now, when we have an internet failure on WAN1, it takes several minutes before our WAN2 connection picks up the traffic, with many things not working until I manually fail over to the other WAN.

I've used it for seven years.

Initially, we had issues configuring the web filter and getting the right policies applied to the right users. After several calls to Sophos, they were able to assist us in getting to where we wanted to be. Other than that, deployment was easy as long as you pay attention to what you are doing and have the setup guide handy for any questions you have.

The appliance has been very stable, only being rebooted to apply patches for security vulnerabilities, which fortunately is not very often.

The UTM 220 has served our purposes very well, it has allowed us to scale up on the computing side as well as the server side with no issues at all.

Their customer service is fantastic.

I have never had an issue go unanswered when I've had to involve Sophos technical support. Above all, it's their technical expertise that truly sets them apart from other vendors we have tried.

We did originally try to use PFSense. The software was hard to use, and the level of technical expertise was not good. Ultimately, after several demos of both products, we decided that Astaro (at the time we purchased our original device) was the right vendor to work with. Since that time, Sophos purchased Astaro and it would appear that they kept a lot of the same people working on these devices because the transition was smooth, and the level of knowledge never faltered.

The initial setup was very straightforward. I will say that you do need to have a certain level of knowledge to set up the more advanced functions. Configuring the network was the easiest part, and the firewall was very straightforward once you figured out exactly what rules you needed to put in place. NAT was a bit confusing to start with, but once you went through the process it was easy. Intrusion prevention was easy to set up, flip the switch to the on position and decide what rules you want to apply. Web filtering took a few calls to Sophos to set up properly, as we were trying to set up filtering policies based on Active Directory groups, and were not successful in the initial configuration, but we did finally get this implemented.

I implemented the product in-house. The one bit of advice that I can give is to organize yourself prior to deployment. Determine what services you want to utilize in your environment, and focus your learning to those parts of the guide, this will make your deployment much easier.

Our return on investment is the fact that we are protecting the business' data, lowering administrative costs, and are better able to manage every bit of our network security.

The licensing model is very straightforward, it's a bit pricey, but for what you get, it's well worth it.

All the features are valuable.

• Web protection: Allows me to control unnecessary web traffic into the company network.
• Email protection: Protects the company from spam and malicious emails.
• RED and VPN: Provides an easy and secure way to connect branch offices so I can easily control them.
• WAF and DMZ: Provides an easy and very secure way to publish your internal servers. Enables you to have more than one WAN and to use them for load balancing and controlling the traffic through them.

Before implementing Sophos UTM, we had a lot of problems with:

• Malicious URLs
• Spam
• Unnecessary internet traffic
• difficulties in connecting and controlling branch offices

After implementing Sophos UTM, the percentage of infected computers because of bad URLs was been reduce by 90%. A lot of spam emails were blocked. Additionally, I created a whitelist for company emails and a blacklist for unnecessary emails.

Branch offices have the same protection like the main office and communication between offices is very easy. We created rules for one-way communication for some branch offices and two-way communication for another office. You have got a lot of abilities for different configurations between offices.

But after migrating to Sophos XG and the new XG OS, things got easier, more secure, and more interesting. Specifically, we had the ability to generate different reports for different protection types, different end users, or different services.

With the new XG OS, I have better control of my network and I can easily detect malicious and unnecessary traffic.

We used UTM for four years, and XG for one year.

At the beginning, there were stability issues, due to a poorly configured switch. I had problems with HA, but after that, there were no stability issues.

I only contacted technical support five or six times. They were very professional. I will rate them as excellent.

We did not use a different solution before this one.

The initial setup, at the beginning, was very complex. After some time, everything got clear. I did the migration of UTM to the new OS XG by myself and I didn't need help from technical support.

Think twice when you are choosing your Sophos UTM/XG. I made a mistake the first time because I needed more powerful hardware for my network. I did not choose very well. The price and the license are definitely elements for which you must think twice. I had excellent cooperation with the Sophos sales team and my mistake was quickly resolved.

We evaluated SonicWall, Palo Alto, and Untangle.

I love all Sophos products, but the combination of Sophos XG, Sophos RED, and Sophos advanced endpoint protection with intercept X is something that all IT professionals and security officers will love and want to have.

Firewall and Web Protection

Advanced Threat Protection is a good "dashboard" feature to see if there is any network issues

Its a key point of keeping your network secure which once setup requires minimal ongoing monitoring. Also this unit can act as the whole security suite so everything in your network is protected.

Its identification of users without the need of setting up Proxies or Identity software could be better, that is probably the trickiest section to setup.

2 years

No issues other than ensuring what has been configured matches the requirement of the company/client.

The only stability issue we have encountered was an update caused the unit to over process things. Everything kept running but it did slow down Internet access because of this.

I have only done basic High Availability setup which is very good but not Scalable solutions. However, as long as you follow the sizing guides and get the right UTM for the company there has been no issues.

Excellent

Not outstanding but I have noticed significant improvements over the last 12 months

We used to use SonicWall. I still think its a good product though its web filtering and SMTP filtering were no where near as good as Sophos UTM. The reason we switched was the partner relationship between Dell and the IT Solutions company soured.

You can setup the unit in simple mode and get 90% of what you want done. That is very straightforward

You can also setup each component manually. This requires understanding of the unit but even that is not difficult.

Probably the only difficult part of the Sophos UTM is the WebControl as this can be setup many ways. Ensuring you have mapped out a solution that is adaptable to the company is probably the most complex part.

As we are a supplier, we bounce off ideas with their sales engineers. They are excellent.

Unsure as I don't deal in the money side of things but I think the clients get excellent returns as their security is totally covered if they include EndPoint protection.

Most companies I have dealt with handing them a unit find they don't have to do much ongoing work on the unit. Once its working, its working and adjustments to rules and policies are easy.

No, we had a good relationship with Sophos and after comparing it to our previous solution (SonicWall) we were convinced it was a good product.

If you are a IT Consultant shop, become a partner and do the training.

If you are the IT of a company, you can either get a IT Service company to set the unit up for you or if you are confident with firewalls you can purchase premium support to get assistance for troubleshooting purposes.

We use Sophos UTM to secure Internet connection inside our company and to provide secure remote access to the in-office network.

I like the web filtering options and the link to Sophos antivirus (Close all connections from-to infected PC).

I would like some features that are available in other brands. For example, I sometimes a person is using too much bandwidth, and it isn't easy to find this information in Sophos. Also, we have to switch connections manually when we are using a VPN and lose the MPLS connection. It isn't automatic. 

I have used Sophos UTM for five years.

I rate Sophos support seven out of 10. 

Neutral

Sophos UTM is a little pricey, but it's reasonable if I compare it to Fortinet. 

I rate Sophos UTM eight out of 10. 

I mainly use Sophos UTM to provide network security.

Sophos UTM's best feature is synchronized security.

Sophos UTM's internet security could be better.

I've been using Sophos UTM for three years.

I would rate Sophos UTM's stability eight out of ten.

Sophos UTM is easy to scale.

Sophos's technical support is very good and easy to connect to.

The initial setup was simple.

Sophos UTM is moderately priced, but it could be improved.

I evaluated Fortinet, but Sophos UTM is easier to manage and more efficiently priced.

I would rate Sophos UTM eight out of ten.