Sophos Cyberoam UTM Reviews

I use it for security, web management, content management, VPN, and site-to-site VPN. I use many features of the firewalls, like intrusion prevention system, antivirus, anti-spam, etc. I use almost every aspect of the firewalls.

It has performed perfectly fine, so far.

The benefits are the firewall.

The performance and security are the best features.

The security options are great. We never had an attack, which is pretty good. We use it from a standard location, and they are connected to each other. 

I am not sure there will be a another release of Cyberoam because it will be Sophos going forward. What could be included going forward though? I would like to see a better content management pack and also the website searching should be better.

We have never had to restart a firewall. The firewalls have all worked perfectly fine.

Scalability is good, if you get good models. I have never had a problem with scalability.

The technical support from Turkey is very good. I would rate them a 10 out of 10.

Cyberoam still supports their old product. Though, the NG theories are not supported anymore.

We started with Cyberoam. We did not switch from anything else.

Before it was Linux machines, but for the service, we switched over to Cyberoam for performance purposes. 

The initial setup was done before my time.

After I started at the company, I have continue doing set ups with my assistants. Sometimes, we get external help. Mostly, we do the setup that we want, because previously it was straightforward and easy to use.

Prices are very high.

There were quite a number of vendors in our original shortlist. We chose Cyberoam because it was the leading firewall brand in the world. It still is. We chose it because of its worldwide usage and wide knowledge base on the Internet, and also the positive reviews of its users.

Now, we are trying to evaluate the different brands because Cyberoam was acquired by Sophos, and we are not sure how Cyberoam will evolve in the next few years. Usually in five years, the acquiring company completely acquires their technology and adapts their technology into their own brand and keep on with their brand. So, it seems like Sophos will keep on providing the firewall solution instead of Cyberoam and the Cyberoam brand will eventually disappear.

This is why we are trying to find a proactive solution to get the most support, upgrades, product improvements, etc. This is why we are evaluating whether to migrate over to Sophos or Fortigate, and I have been having a hard time choosing whether to replace all of my Cyberoam products with Sophos or move them over to FortiGate.

I am rating it a 10 out of 10 because it has never failed us.

Talk to people who are actually using it. Actual experience always differs from the product advertisement.

Most important criteria when selecting a vendor: 

• Market share
• Ease of use
• Best practices
• Comments of different users from different companies of the product.

Before I purchase anything, I go onto web and do thorough research about:

• What the product can offer.
• What are the challenges.
• What are the properties of that product that makes our IT people's lives easier.
• What happens if something goes wrong.
• How fast I can get support.
• What are its internet support options?

Sometimes, if a product is used widely, you do not even have to call anyone in support. The answers are all over the Internet. For example, if you are using a Microsoft product, you don't even have to call Microsoft, because the Internet is growing with Microsoft articles about how to do and what to do when there are issues. If you are using a very limited operating system, like a Mac operating system, Mac OS. It's not very common, so you need to get professional help.

UTM is a full content management. Content blocking, URL blocking, etc. We also use it to manage video and streaming media for the subscriber. So it's for internet usage, basically.

Before, I was using TMG, and it was very difficult, back in 2010. A lot of things, like HTTP filtering and HTTPS filtering, were a problem for me at the time. If someone asked me to block YouTube for example, I was able to do so in TMG but when it came to HTTPS, I was having some problems. So this is one issue we have resolved.

The second issue, before the firewall, was we only published our required port on the internet.

Third, email filtering. Before, because we were using Go Daddy services, just normal services for email, we had everything coming in. Now, we also filter emails. 

For me, the most important thing is content management and, obviously, the firewall because we have some servers.

We have different levels of users. Some users, we are just giving them email access. For some users, working sites only. For some users, we are giving them intermediate access so they can access, on the government side, some knowledge bases. For some users, we are giving full access.

So there are two major features for me. One is content management and the second thing is servers, publishing.

They have some issues with email filtering. Sometimes, I have found emails that have passed through the firewall, so I contacted Cyberoam. They said, "Okay, we are going to update the signature in the next update you, you will not get it like this again."

It's stable.

Yes, it can handle growth.

I have called them many times. On a scale of one to five, I would rate them four.

I rate them four because lot of times they don't resolve issues. They are just saying, "Okay send the signature, we will update it." Most of the time they are not giving me the solutions. After three or four conversations, they come to understand it is not available and they say they will update it.

We were using TMG, previously. As I mentioned, we were not able to filter email. The second thing was content management. Sometimes we have to block HTTPS. We have to inspect a URL with HTTPS. In TMG, it was problematic because we needed the certificate and other things.

Also, at the time I was publishing servers' URLs. We have some internal services for our users. TMG was handling it, but it was an old tool in 2010. There were no updates. 

I chose Cyberoam, because, at the time we had a problem with the budget. I had a minimal budget and it fit my budget.

If someone knows how firewalls work, they can easily manage it. I don't think it's complex.

I checked Fortinet but it was a little expensive at that time for me. We also looked at Cisco but it was expensive. So at that time the two products we compared, because they were easily available in our area, were Fortinet and Cyberoam. And Cyberoam was cheaper at that time.

For a small business, it's okay. It's easy to set up and it's also cheap.

I rate it eight out of 10. I'm not giving a 10 because many times, I have problems with the email filtering. Emails pass through without any filtering affecting them. When I get back to them and tell them this is the issue, they check everything and say it is not in their database signature and they have to update it. But you know, by that time, my user has already opened it. 

I don't know why they are not updating. Every time, it seems they are waiting for me to inform them that this is the signature issue or this is the signature that came in through that filter.

Primary use is monitoring. Having a reporting console to monitor the usage of bandwidth. That's the prime concern.

Let's talk about connecting the branches to the central headquarters. That has really improved our functioning, because we were really facing trouble with remote locations. What we had before was a decentralized mechanism in our organization, but after having this product we were able to get the remote locations into the same LAN. We were able to control the bandwidth and were able to take virtual access of those machines and give them the support, as and when required.

The best feature is the flexibility the product offers, in terms of remote access. We have bout 35 locations across the kingdom, and connecting those remote locations with the minimal bandwidth was a challenge. A few of my branches are connected via 3G. So that is the most advanced feature I like about Cyberoam, the flexibility the solution offers.

There is a lot or room for improvement, because it is still not a fourth or fifth generation firewall. It lacks security features. I would say security is something that is not that appealing in this product, so that's where they can improve.

There were no issues with stability.

I'm not sure about scalability because the number of users I had was approximately 250 and the headquarters model, which is CR300iNG, supports about 350 users. The threshold was good, so I did not find any major issues with it.

Average, average, average. Their customer service has to be improved a lot, especially the ticketing mechanism they have. First we do have to first raise a ticket, wait for their availability. And the people, I found they don't have much knowledge, so normally a lot of escalations after which the issue gets resolved.

Earlier, I was using Cisco ICER. I switched because it's not a UTM box, and it requested a lot of add-ons, when it comes to flexibility of those devices. For example, if I needed to extend my user limit, every time I need to purchase a slot and increase the firmware. That was not so appealing. That is the reason I switched to the new, next-generation UTM firewall.

It was very user friendly. It was a straightforward integration. We had no issues. In fact, no system integrator deployed it. We did it ourselves.

It is worth the value. 

I did evaluate FortiGate.

The first drawback is that Sophos has acquired Cyberoam. So, if I was a new customer who wanted to choose between Cyberoam and Sophos, I would definitely go for Cyberoam because it has additional features in it. I don't understand the strategy behind it, because the same owner has two different products under one umbrella. It's a bit confusing.

Six out of ten is the best I can rate Cyberoam at this moment. To get it to a 10, it's up to the manufacturer. They need to really upgrade their firmware to match up with the fourth or fifth generation firewalls that other vendors have to offer. My advice would be that the manufacturer needs to focus on security.

Helps us to aggregate/manage bandwidth from two ISPs, as a fail-safe.

Bandwidth Management and aggregation. It is valuable for combining two ISPs. Switching to a secondary/redundant ISP is thus seamless, in the event that the primary ISP goes down. 

The Bandwidth Management is also valuable for limiting heavy downloaders that may impact negatively on the experience of other users.

Needs a mail alert/notification when the device loses any of its connections, during ISP redundancy implementation.

No stability issues.

No scalability issues.

No previous solution.

My network engineers were able to find their way around it in a short time.

It’s value for the money.

Check Point, Fortinet.

I give it an eight out of 10. It’s functionally competitive with higher priced alternative brands.

The product has helped control bandwidth utilization, as well as enhanced connectivity and security to remote locations.

1. URL filtering
2. Content Filtering
3. Remote Access/Site-to-Site VPN features
4. Traffic Shaping/QoS
5. Packet Capture

These features have helped control internet utilization and compliance in the organization.

• Web Filtering using wildcards
• Clarity on the firewall rules
• Granular reporting features

No stability issues.

No scalability issues.

Tech support is good.

Yes, I used other solutions previously. This product provides more technical options to solve critical issues.

The initial setup was straightforward, without any issues.

Contact partners for more information about pricing and licensing.

I evaluated Checkpoint, FortiGate and Cisco Firepower.

The product is stable, and after migrating to the SFOS it is much better.

• Easy to deploy.
• Great IPS
• Managing APs is now easy
• Infected machines cannot connect the ERP until it is clean, so my internal servers are protected. 
• Great reporting tool
• User, app, and protocol all are in control.

It has many features that no other competition has in single box so far, such as:

• Dual AV engine for web and email.
• Optimized three-clicks-to-anywhere navigation.
• New unified policy model enabling all business.
• User and network policies to be managed on a single screen with powerful filtering and search options.
• Policy Templates for common business applications, like Microsoft Exchange, SharePoint, Lync, and many more defined in XML enabling customization and sharing.
• Custom IPS, Web, App, and Traffic Shaping (QoS) settings per user or network policy on a single screen.
• Sophos Security Heartbeat connecting Sophos endpoints with the Firewall to share health status and telemetry to enable instant identification of unhealthy or compromised endpoints
• Policy support for Sophos Security Heartbeat to automatically isolate or limit network access to compromised endpoints
• Application Risk Meter provides and overall risk factor based on the risk level of applications on the network
• FastPath Packet Optimization
• Hotspot support for (custom) vouchers
• Password of the day
• T&C acceptance

Other valuable features include:

• Wireless guest Internet access with walled garden options
• Time-based wireless network access
• Wireless repeating and bridging meshed network mode with supported APs

• Advanced Threat Protection (detect and block network traffic attempting to contact command and control servers using multi-layered DNS, AFC, and firewall).
• Sandstorm Cloud Sandbox Protection
• Patent-pending SPX encryption for one-way message encryption
• Recipient self-registration SPX password management
• Hundreds of on-box reports with custom report options: Dashboards (Traffic, Security, and User Threat Quotient).
• Applications (App Risk, Blocked Apps, Search Engines, Web Servers, and FTP)
• Network and Threats (IPS, ATP, Wireless, and Security Heartbeat)
• VPN
• Email
• Compliance (HIPAA, GLBA, SOX, FISMA, PCI, NERC CIP v3, and CIPA)
• Robust hardware
• Huge RAM
• SSD

On-box sandstorm should be available. As of now, it is from their cloud.

No issues.

No issues.

Customer Service:

Very nice.

Technical Support:

Very good.

Used cyberoam iNG firewall/UTM. 

The new model is Sophos XG and I am upgraded to that, which is a great solution.

The initial setup is very easy.

Very good.

Almost 100%. It saves a lot of man hours and bandwidth. Management loves its reporting.

The price is very competitive and the licensing is easy.

Cyberoam iNG.

• Value for money
• Easy deployment
• Sophos has a great vision, works on information security, products are available like endpoint, mobile mgmt., encryption, WiFi, server protection, email gateway, web gateway, and many more. 
• Sophos Cloud is great.

• Reliability
• Good user interface
• Versatility

Perhaps the SSL VPN.

We use different workarounds and find different solutions for it, depending on the client's needs. We shouldn't have to, we should just be able to use the product as it comes with Cyberoam, rather than having to revert to other products.

It's a stable product.

Tech support is knowledgeable.

You need special training to set it up.

It is more expensive than cheap routers, but it offers a lot of functionality, and that warrants the price.

I would warmly recommend it.

However, the reason I don't give it a 10 out of 10 is because we sometimes find the customer service or the support lacking.

By using this UTM, I can set bandwidth for a particular user. For example, If user A is downloading lots of stuff then I can restrict him through the application Web and Bandwidth Management features.

Web Filtering and Application Filtering saves a lot of my bandwidth and improves the user's productivity.

The Web Filter and Application Filter need improvement.

In the Web Filter, there is a problem to block YouTube by HTTPS, so this needs to improve.

There were no stability issues.

There were no scalability issues.

I would give the technical support a 10/10 rating.

The setup was straightforward and user-friendly.

Compared to the other products, it is good.

We evaluated SonicWall.

Close your eyes and just go for it.