Sophos Firewall Reviews

This solution is implemented for medium and large enterprises to protect their network from attacks and to filter the web traffic through web protection and application protection modules.

This solution includes Email protection, IPS, Antivirus gateway, ATP, Reporting, VPN, Sophos Wireless controller, load balancer, WAF, and traffic shaping.

1. It's protecting our networks from threats.
2. Block URLs and web applications based on business needs.
3. Not expensive when compared to other vendors, with a great added value.
4. Impressive synchronized security with its endpoint solution.

All of the features are amazing, especially Sandstorm, which prevents bad traffic or downloaded files from reaching our customers' and partners' networks.

Network security is in need of improvement.

We use the solution for application control and web filtering. We also use it as a VPN point, and we use it on other occasions for tracing and reporting about usage and high application rates.

We are able to trace any user and pinpoint any vulnerability or any malicious software. We are able to synchronize between the local and active directories so we can catch users easily through their login names and IDs.

The reporting on the solution is excellent.

There needs to be a way that we can distinguish between educational institutions on Youtube and other Youtube videos. You can do this on Fortinet. Basically, they can block all other Youtube videos besides those that are from educational institutions. With Sophos, you either allow for all Youtube videos or none at all. They need to allow for more specification on different websites.

They only have one single location for training videos. They must offer them elsewhere as well. When the site goes down, everything stops, and you can't access the videos when you need them, so they need to diversify that. It's limiting.  

The stability of the solution is excellent.

The scalability is good. We could only handle around 5,000 users but even when we reached 3,000 users, Sophos only consumed around 24% and 40% of Prime usage. 

The solution's technical support is not the best. When I take a step to open a case with Sophos support I can't understand them at all; I can't understand their accent. I always appreciate if they can communicate with me through e-mail instead, which makes it much easier. 

Many cases take a long time to be resolved. Some cases they seem to ignore or don't reply to for a long time so I have to remind them that the case is still open before they will respond. 

The initial setup was straightforward. The implementation took about a day. There were only two people needed for deployment.

We had a consultant assist with the setup. They were very good.

We use the on-premises deployment model.

I would rate the solution nine out of ten. It's a very good firewall. It helps a lot with protection, and every organization needs a firewall to ensure they are protected.

We use the solution mainly as a firewall.

The solution improves security.

It's easy to use, but it's harder to configure when you want detailed settings. They need to make it easier to access advanced features.

The solution seems pretty stable. We've had no issues so far.

We haven't had to scale anything so far, so I'm unsure about the scalability of the solution.

I've never had to deal directly with technical support.

We did not previously use a different solution.

Implementation is straightforward. The only thing that was difficult was that we had some special cases and we had to dig in a lot to find the information for accessing very specific features. Deployment took about a week, however, we did about 6 months of research beforehand. You can deploy the solution with maybe one or two people, but we used five. We only need one person for ongoing maintenance.

We handled the implementation ourselves.

We don't have any costs above the licensing of the solution itself.

We are using the on-premises deployment model.

The solution is easy to implement, however, if you do decide on this solution, I would make sure that you have someone that has experience with this kind of solution or to hire someone to implement the solution properly. It will make everything much easier in the long run.

I would rate the solution 9.5 out of ten.

Our primary use case of this program is for antivirus and security purposes.  

What I like about this program is that it is easy to use and easy to manage.

Sometimes we experience difficulties with our server and that is usually due to a bug. Somehow bugs seem to find their way through Sophos' security. The issue is usually resolved when we contact technical support. In the next version, I would like to see an improvement in this. The developers should test everything after any update to ensure that bugs don't come though with the update.

I've used FortiGate before and I would say that Sophos is just as stable, both being around 70% as stable as other products on the market.

The scalability is good. We have 300 to 400 antivirus end users, and our company has around 1,000 users. We do have plans to increase usage because we are growing our projects around the world to countries like the US, Germany, Pakistan, India, UAE (Dubai) and Egypt.

The technical support is okay. Whenever we call them with an issue, they come to us and resolve the issue. Sometimes they take time, but I still think it's good. I will rate the technical support eight out of ten.

We only use Sophos because it can integrate with other product like FortiGate and we can easily connect the two programs. This makes the program scalable and easy to use. Many other products on the market are not compatible with each other and that is why we chose Sophos. 

The initial setup was rather complex but we had no issues with the deployment.

We bought a license for three years and we will renew it but I think the price is too high. If it could be less expensive, more end-users or partners will be able to afford it.

It is a good product and I will definitely recommend it. I rate this product a seven out of ten. In the next version I would like to see an advanced level and not only a basic level. Nowadays it is a very useful feature to be able to upgrade.

The endpoint protection plan is the most valuable feature of the solution. 

The filtering is very easy to do. You can segment and create profiles for usage very easily.

The UTM itself needs improvement. When you're navigating it seems like it takes forever to load anything. The hardware is okay. It's just the software that could be more responsive. 

We do updates periodically, but the solution is very stable. We haven't had to go back to the site to reconfigure it or anything like that.

At the moment, we haven't had a reason to contact technical support.

The initial setup is very straightforward.

We implemented the solution ourselves.

We tend to go for the bundle because it's pricing is competitive. If a unit comes out and they bundle the hardware with the software, it seems to work for us. I've seen that with future upgrades coming up, that features like this will be taken away. The option to get a combo with hardware means the software portion is mostly free, and then you pay upfront for the three-year license for everything.

However, with the changes, I don't think that's going to be available anymore. It might sway our clients away from Sophos. Maybe there's something that can be worked out. Other than that, we've been happy with the price. It's competitive if you compare it to the competition, from a price point of view.

We use a variety of deployment models, including public cloud, private cloud, and on-premises.

For what we are using the solution for, its practically perfect. We don't need other features added. The solution offers exactly what we need.

I would rate the solution seven out of ten.

We use this solution for connecting site-to-site and client-to-site VPN for two protocols, IPsec and SSL VPN. We use encrypted tunnels to achieve fully secure connectivity between sites and clients.

It gives me a very good, stable connection in all tunnels.

Of course, it improves my organization to achieve fully secure connectivity between sites and clients.

It has a good web filtering database and a good application control database in addition to intrusion prevention. Together, these give me confidence in our security.

All of the features in this solution are good. The most valuable is the IPsec VPN tunneling and SSL VPN tunneling, both site-to-site and client-to-site.

The log viewer is extremely helpful for analyzing all incoming and outgoing traffic.

I would like to have remote access to clients using a static IP for a certain period of time. This would allow me to log in to any client, remotely, with a known and fixed IP address.

This is the first solution that we implemented.

It's a suitable price and license.

We did not evaluate other options before choosing this solution.

Our primary use case for this solution is to act as the main broadband device in our data center. The XG 210 model is being used for a hospitality solution.

The main improvement for us is with our email. The email options and email security features are good. 

We have found that the simplicity of the XG 210 is its most valuable feature. There are a lot of options available for the default firewall rules, such as email and web, that are used to secure the network.

I like all of the options, but the most important thing is that it is easy to understand how to configure everything, compared to other firewalls.

We are having a lot of issues with conflicts and user sessions, and Sophos has suggested that we change the device to the XG 400.

Aside from these issues with scalability, the email security features are good, but there are not many options. We would like to know why an email is being blocked, and how we can allow delivery. It does not keep emails in the queue for delivery. It can only log whether it is delivered or not delivered. If I need more details then I have to log in using SSH to get that information.

When an email comes in from the outside it is detected. When we check the log it only tells us that it is not delivered. We would like to create an exception, but there are not many options available for this. For example, a domain space is not allowed. Only the user name can be used to do that. We need a domain-based exception for email.

Next, the XG 210 is easy to configure, but when we are looking for more details then we can only get this information through SSH. It is quite difficult. If we can get all of those details then it would help us to understand, so this needs to be improved.

There are a lot of options and it gets confusing sometimes. If they can give limited options, with more information, then it would be good for the large sites.

The product is stable, but by stable, I mean that we still have issues. The issues are more technical, which is why they suggest that we change the device to fix the problems.

Our main data center has more than seventy servers that host a web server and internal applications. This is where we use the XG 400.

We have installed the XG 210 model at a smaller data center. We have between three and four hundred users at the most. However, because we have more than three hundred sessions, the vendor has suggested that we change to the XG 400. We do not yet know if this will fix our problem.

At our remote sites, we use the XG 135 model, and we do not have many issues.

I am not sure why Sophos suggested using the XG 210 model after doing a site check, but we are facing issues and they suggested that we replace the model.

When I call, I have to wait for at least one to two hours to reach them. Sometimes they will pick up the call immediately, but most of the time they will not. I usually have to wait one hour before they pick up the phone.

When a ticket is created we have to wait three days before getting a reply from them. When they create a ticket for a critical issue, the response is delayed. This is a new device, and we expect support from Sophos. At least the partner should support the product, but the partners are always looking for money. Even if they deploy the device, for example, the XG 450, then they only offer support for one day. After that, there is no support.

We have been using the Sophos XG 135 model at our remote sites and it works.

This year we deployed the XG 210 model at our data center, but prior to this we used Barracuda. We switched because Barracuda is too expensive. The options are very limited because you have to pay for each additional option. Each one represents a different service, like ADP (Active DDoS Prevention) or firewall. In contrast, Sophos is only a single payment, so we switched even though we lost some options that we liked.

The initial setup is very easy.

Our deployment took only two to three days. The problem is that we had a lot of issues, especially with the email. The SMTP did not work, so I could not continue with the deployment. It took between fifteen and twenty days to resolve this. I do not know what they did to fix it, but we were delayed between twenty-five days and a month.

We had contacted the Sophos partner for help, but they were not able to fix our issue. After the problem was resolved I re-initiated the deployment. Only one staff member is required to maintain the solution.

Even when you purchase the product from Sophos, they ask for a separate contract for support which is on an hourly basis.

For licensing the XG 210, we paid approximately $3000 for three years. There are no additional fees on top of this.

Other than the Barracuda and the Sophos models, I did not evaluate other solutions.

Because of the problems that we are having, I cannot recommend this solution to anyone at this time.

I would rate this solution five out of ten.

It's being used as a UTM, no firewalling. So it acts as a bridge. It doesn't provide the IP services, it doesn't provide DNS, it doesn't provide DHCP services, and it doesn't operate as a router or a point of mapping. It's only being used for filtering: Web and application filtering, as well as antivirus. I usually disable the anti-spam on all those units, because I have a gateway anti-spam server in place.

The web and application filters, as well as the quality of service. It has a very friendly interface like the Cyberoam iNG units, it has customizable policies, it has proper templates that you can even modify, and you can customize the rules, down to each single user.

It gives flexibility in the rules and the filters that you apply, based on, for example, the level of usage and the managerial level, etc. It's highly customizable.

The dashboard is customizable as well. It gives you the feature of including what you need to see as soon as you open the dashboard and to remove the non-necessary stuff, which varies from one organization to the next and from one IT manager to the next. And it has a wide variety of reports as well, template and customizable reports.

The major problem that I am facing, and I know that others are facing as well, is with the HTTPS classic, in general, or any classic that works on Secure Socket Layers. Let's say I set up a rule to block users from accessing YouTube or Facebook. The rule will only block the HTTP traffic, which is non-secure traffic. But most websites right now, most of the reputable web services providers, for extra security for their own web servers and for the user's security, provide a connection over Secure Socket Layer.

The problem comes when you are trying to block, or allow, similar traffic that uses HTTPS. You have to create a certificate and import it into the users' web browsers, whatever they are using. Now, this is not a problem when you're dealing with users stationed and fixed in a specific site or location. They are using desktops, they will never take the desktops and go home with them, nor will they ever take the desktops and travel to another country, or another site with it. The problem occurs when you're dealing with roaming users who use laptops and have to move between different sites that have different types of policies applied to them. You have to import all sorts of certificates from each site into their browser. Doing so will most probably conflict with something else that is totally irrelevant and cause a problem.

A way around this is if you are using authentication with Active Directory. But most of the time, especially if you're operating in a remote site with a very slow internet connection, if it's available in the first place, authentication with Active Directory is impossible. 

So it needs an easier way to apply HTTPS filters, without importing certificates into users' browsers and without the need for using an Active Directory. There must be a way around it. There are workarounds. But with applied workarounds, it will work out once, it won't work out properly 10 other times. That is my only request.

Also, since Sophos took over Cyberoam, the online technical library and support library have become super messy. To get a piece of information is becoming a nightmare. They need to reorganize the online technical support and technical library. The easiest way to overcome this is to look at how the Cyberoam online technical library was structured and to build the Sophos technical library the same way. It is messy, totally unorganized, time-wasting. Instead of getting what you want in five minutes it takes half an hour.

Stability is good. I was so happy with the Cyberoam iNG unit, and I think the Sophos XG series is exactly the same as the Cyberoam iNG unit. It's a very good unit for a smaller or medium business. It's very stable and it takes overload easily, so it can add to the throughput. It has versatility, it will support extra users, it will support extra bandwidth, to a limit, and it keeps on working as a monster. I have barely replaced any of those units through the years.

Scalability is brilliant.

I usually deal with one of the major partners in Egypt. The name is Gateworx. I've been dealing with those guys since my previous company, back to 2002. Even when we're buying devices that will be used in other countries outside of Egypt, we get them from them.

They provide outstanding technical support and they provide outstanding pre-sales services. If I require a device to be delivered to a country outside of Egypt, they contact the partner directly and they set up everything, and I get the hardware delivered. They are outstanding.

This is one of the major reasons we didn't look at another UTM or firewall through the years. These guys were a proper representative of Sophos and Cyberoam.

I've used heaps of them through the years. I've used Fortigate, which is now Fortinet. I've used Websense, they issued something like that years ago. ISS issued something like that years ago.

Sophos UTM, along with Cyberoam UTM, since they are both the same - it's only a different interface and a different hardware look - they provide the best value for the money. You get the best features for the best cost. They are the best, to a certain limit for a certain usage. I never use any of those units as a firewall. What I usually do is, I have an edge firewall responsible for routing, switching, and firewalling. And then I deploy the UTM behind it, only for filtering.

The most important criteria when selecting a vendor include getting the best features that you can get for an equivalent cost, so you're paying for what you're getting. You don't want to be paying for the name or the brand or the reputation of it. Also important are pre-sales services and "1000-percent" technical support services, in the environment and the remote areas we operate in, the warranty services as well.

The setup is straightforward. But what could be a straightforward setup for me might be complex for others. It depends on your level of experience, the training that you got, and the engagements.

They have a setup wizard, and I have had heaps of technicians, over the years to set it up, even initially.

I was looking at either Cyberoam iNG or Sophos XG.

My advice would vary based on your requirements. If you have a dedicated edge firewall, like Cisco ASA, you should get Cyberoam iNG and Sophos XG. They will do the job brilliantly. They will take the load, they will do a fantastic job.

If you are looking at units that will do both jobs - being an edge firewall and a UTM at the same time - with routing features, if you are going with Cyberoam and Sophos XG, I'd always recommend that you buy a higher model than what will meet exactly their requirements. So let's say that I'm looking at features that could be fulfilled with an XG 125 or 115, but I want to use the same unit as a firewall. I'd step up and buy an XG 135. You will always need those extra machine resources when you're providing routing, switching, and firewalling as well. Both of those products provide the best support ever, for the money being paid.

I rate it at eight out of 10. It's not higher because of the HTTPS issue that I told you about. That's my major issue. That's a super-disastrous issue that, unfortunately, cannot be solved easily.

And, sometimes we'll get a specific detailed report, stressing a certain aspect and it's not straightforward. I'll be able to do it, but then I'll have to combine or merge more than one, two, or three reports to get the results that I want. So more specific reports would be good. But then, again, there is a work-around by customizing the reports you want and then getting several reports and comparing them together. It's workable. My only issue is trying to save time, administration time is an issue for us.

But other than that, I'm happy. The product is brilliant, support is brilliant.