Sophos UTM Reviews

We use it as an internet firewall, and as our web application firewall.

I don't believe it has improved our organization; I don't actually like the product because of the features it is missing.

I would like this solution to support ICAP. Also, they no longer support on-premises management, and are forcing clients to use centralized management via the cloud, which I don't agree with.

We have been using this solution for seven years.

We don't find this to be fully stable; we have had to restart the firewall on a few occasions.

The customer support is not very good. They are quite slow, and there are delays in response to an issue being raised.

Negative

The initial setup was easy.

The implementation was carried out in-house, and the deployment took around eight hours to complete.

There was an up-front charge of around $70,000, to purchase the hub and license.  Beyond the initial cost, licenses are charged for annually, but they are good value for the service we receive.

I would only recommend this product to small businesses. I would rate this solution as a seven out of ten.

Sophos UTM is a complete firewall we use to protect from internet threats and check traffic from our network to the internet. It's a firewall covering all layers of protection.

Sophos has some plugins that run on the cloud, but it's transparent to the end-user. For example, there is something to identify threats on an email system called SenseStorm, which is connected to the Sophos Cloud and identifies new threats then spreads the same pattern to all Sophos installations in real-time. I can say that almost 100 percent of our customer companies who have a file solution use Sophos.

The three most important features for us are web protection, web server protection, and network protection.

Sophos UTM sometimes falls short in high-availability environments. They used to launch firmware that didn't work very well in a high-availability environment. 

I've been using Sophos UTM for the last five years, but we started using Astaro Security Gateway, the predecessor to Sophos UTM, in 2002.

Sophos UTM is a strong solution. I give it a 10 out of 10 for stability.

Sophos UTM is scalable.

The initial setup is somewhat tricky. You need to understand networking concepts well, and the company must have good policies for internet access. However, it's not that complicated. I would say it's an intermediate difficulty, but I also have a lot of experience with this solution. It might be challenging for a new technician. We do all the deployment in-house, and it takes about three business days. Our team consists of two technicians and me, the manager. 

Sophos UTM isn't cheap. It's in the middle, so not the cheapest, but not the most expensive. It's average. If you buy the full suite, you don't need to pay for add-ons, but if you buy some partial products, you have to pay to deploy more features.

I rate Sophos UTM 10 out of 10. It's the most reliable solution in the firewall market. Considering the price and quality of the product, Sophos UTM is the best solution.

Our primary use cases include: 

• Remote SSL connection
• Web-filtering
• Web server protection
• WAF application.
• Firewall rules

We have securely deploy systems accesible only behind encrypted ssl vpn and all user can access without the risk of data exposure.

The most valuable feature is the price. I've been requesting prices all over these years between different solutions like Fortinet, Palo Alto, and Check Point and Sophos has been the cheapest and the best of all of them that I have tried. I have been working with Fortinet, it's a fact that the sophos price is surprisingly better.

I have also worked with Check Point and it's not far enough from what Sophos can do. In terms of quality and functionality, Sophos is very useful and better than the competition.

Sophos should improve its ability to check something like bandwidth consumption for users or something more real-time.

real time trafic graph most show specific info from user, ip and bandwith, in my personal opinion i have seen better traffic graphs in open source firewalls.

I have been using Sophos UTM for six years.

It's very stable. In all the time I have been using it, I haven't seen it fail or gets stuck.

Scalability is not a complex issue and is something you can do within 20 minutes. I've been managing three UTMs, one with 50 users, another one with around 150, and the biggest one has 3,000 users.

i used PFSense, the capabilities of UTM sophos y very much higher and powerfull.

The initial setup was straightforward. It depends on the rules, but a basic setup can take up to seven to 15 minutes max.

Based on cost compare with other vendor who bill per license and OTP users, the ROI have been set as far as 6 moths.

SOphos is the best alternative in features, specifications and lower price.

yes i did, Fortinet, Checkpoint, Palo Alto, Meraki.

It's a good solution, I would say to go for it. 

I would rate Sophos UTM a nine out of ten.

We use it for antivirus.

It meets our compliance needs in an elastic computer environment.

It meets our compliance needs for antivirus.

The printed provisioning is the primary thing that needs improvement.

It is a little too CPU resource intensive, so we would like to see improvements there.

We are running about a couple hundred EC2 instances. Overall, the AWS Marketplace product should be a better fit, but it is a little pricier.

When we need technical support, we just engage the vendor, then figure out what our requirements are from there.

The integration and configuration of this product on our AWS environment is a little clunky right now.

The product is a standalone in terms of integration.

Going forward, we need to look at the provisioning pieces and the resource utilization.

The AWS version is easier to provision than the on-premise version.

We use this solution ourselves and we also deploy to our clients. It is a capable, general-purpose firewall with VPN tunneling built in, and a lot of web features if you're hosting a website. We are resellers of Sophos and I'm a partner in our company. 

We haven't changed our procedures as a result of using this product but maybe the flip side is the case. We haven't had to change our procedure because we have this great tool that keeps the bad guys away.

I would say the email for sure and the basic firewall functions are great features. It also has advanced firewall scanning. If you receive a file, you can have it scanned through Sophos. It's a really complete product.

Sophos has a very small crew of people who continue to work on enhancing the UTM. At some point, they had actually stopped enhancing it and the word on the street was that they weren't going to enhance it any more because everybody was going to go over to XG, but they found that 50% of their users were still on the UTM and that was five years after they'd come out with the XG line. They decided they were going to rebuild some core parts of XG, and that would take a while. It's been six years and they're still not there. The updates come out agonizingly slowly. They just trickle out and when there's a problem with an update it takes a while to sort out. It's still a viable product but the more they improve XG, the less you have a need to stick with SG.

I've been using this solution for 15 years. 

There are some legacy things that were probably fine back in the day when it was invented in Germany, things like the IPS, the Intrusion Protection engine. It's terrific and it works really well, but it can be a little bit slow. Because of the way that some pieces are built, for example the core for the IPS runs on only core, even if you have a multi-core CPU. 15 years ago that wasn't a big deal because your weak link was going to be your computer. But nowadays, you could have a fast enough computer if they could just let it work with multi-cores. They clearly aren't interested in rewriting large portions of the code because they're going to the XG so all they do is fix it or maybe add a feature that's in the marketplace. Over time, they've been adding more ways to do a VPN tunnel but some things they need haven't been added because it would require a big rewrite and they don't want to go there.

The scalability has worked great for us. Everyone in our company uses it even though some may not know that they're using it. One of our larger clients, with a super computing center and some of the fastest computers in the world, use Sophos, so I would say that it does the job.  

Technical support have been very good. They are very knowledgeable but it can take too long to make contact. They're great once you do get hold of them. They've solved every problem we've had. 

We've tried numerous other solutions. Cisco, and some of the other major ones that were out there, but once we started using this, it was so much better in so many ways, we just dumped all the others.

The initial setup is pretty straightforward. They have a template which takes you through and asks what you want protected. There's still a lot to do after that because there are variations which require more work. For example, if I have clients who need to block certain email addresses, I have to go through and set those up. If I need to allow conversations which require specific ports open in order to get to a particular business or credit card processing, that has to be set up. There is a lot of HIPAA detail in it and it also has credit card compliance things which require a manual set up. The setup requires a knowledge base. 

The solution is 100% free. You can just download the software for up to 50 IP addresses. It is a hundred percent free. Throw it on your own machine. Right, it's a native Linux product, a hardened Linux product and it's free for that sort of user.

The solution has email firewall built in with all sorts of functionality, it is an absolutely excellent firewall, the logging is really good, you get great information about what's going on. It does things like GeoIP tracking and you can make decisions based on where people are coming from. It's just really a complete firewall. I would say if you're just starting right now, get the XG. Not that the UPM isn't outstanding, but it's disappearing. You might as well learn the XG. The product still works really well, although it's getting a bit long in the tooth. The sooner that they come out with the XG that can do everything that the UTM does, the faster the rest of the world will make the jump.

I would rate this solution an eight out of 10. 

We use Sophos UTM to secure Internet connection inside our company and to provide secure remote access to the in-office network.

I like the web filtering options and the link to Sophos antivirus (Close all connections from-to infected PC).

I would like some features that are available in other brands. For example, I sometimes a person is using too much bandwidth, and it isn't easy to find this information in Sophos. Also, we have to switch connections manually when we are using a VPN and lose the MPLS connection. It isn't automatic. 

I have used Sophos UTM for five years.

I rate Sophos support seven out of 10. 

Neutral

Sophos UTM is a little pricey, but it's reasonable if I compare it to Fortinet. 

I rate Sophos UTM eight out of 10. 

We primarily use the solution for firewalls. 

The firewall in general is very good. It is comparable to other firewalls. 

Since any environment needs a firewall, it's been helpful in its ability to be highly granular in its configurations. 

Sophos is a security-focused company, which I like. I like that all Sophos products can essentially talk to each other. For example, if a computer has the Sophos antivirus, and it detects something, it actually talks to the Sophos firewall and says, "Hey, I think something is going wrong on this computer." Then, the firewall goes, "You know what? I'm going to shut it down for a while. I'm going to close off all incoming and outgoing connections from that unit until an IT admin comes in and tells me to release it."

It's very scalable.

The solution is stable. 

The initial setup is pretty straightforward. 

I don't really have any notes for improvements. I don't need additional features. 

I've been using the solution for three or more years. 

The solution's stability is excellent, and it is reliable. There are no bugs or glitches, and it doesn't crash or freeze. 

The solution is very scalable and easily expands. 

I'm also familiar with Meraki. Sophos, however, has the ability to talk to other Sophos products. 

Meraki would be all isolated, meaning you have a different antivirus. It'll try to block and scan and do its thing, however, the firewall will always allow the connection to go through. Nothing is stopping it from isolating it. From a Sophos perspective, every single thing talks to each other, whether it's Sophos Central, Sophos email security, Sophos antivirus, or Sophos firewall.

They all talk to each other and look at how attackers come in because attackers don't just, poof, appear on a computer. There's a route it needs to take and different layers of protection it has to go through. If all of your layers, your roads, and everything is all Sophos, they all jive, and that's great.

The ease of setup is dependent on the level of technical expertise. If you are a qualified tech, all firewalls should be pretty simple to deploy, depending on the environment. It's simple enough to implement in general. 

We have witnessed a positive ROI while using the solution. 

Price-wise, you get the bang for your buck. You get a huge value set. Ask for HA, high availability, since a lot of Sophos resellers sell two firewalls, the second one being free. Then, you only pay for one license. If your first firewall fails, the license migrates to the second one.

We are using a variety of different versions of the solution right now. 

It's really, really cool to look into Sophos. I highly recommend it. From an infrastructure, stability, and security perspective in terms of configuring in a granular way, Sophos does it all. It's a really good product and something to look into. 

It's also a lot cheaper than Meraki. It does way more than Meraki. Dollar to dollar, Sophos will likely beat Meraki. For example, with Meraki, you're going to be paying two or three times more for nothing spectacular, nothing different. You just get a portal. It's okay. With Sophos, you do have to know what you're doing, however, any network admin should be able to figure it out. It's not like an ancient hieroglyphic language. It's quite straightforward.

I'd rate it nine out of ten.