Sophos UTM Reviews

Reverse proxy, SSL VPN, web & email protection

For me, those features were most valuable from a security point of view;

• Reverse proxy is very important for shielding application frameworks.

• For VPN, we all knew that PPTP was broken and is not secure anymore. For Ipsec, you need to have opened ports, and if you are in a hotel who only has ports 80 and 443 opened, you can’t do anything.

SSLVPN is one of the solutions. Yes, you can use DirectAccess, but there are some limitations, too.

For DirectAccess, you need to have all those computers joined in one domain.

• Web & email protection is a nice feature because you have all of those controls in one dashboard. This is of course for small and maybe some mid-size companies. For larger and enterprise, it’s another story.

Less and faster administration, full control of traffic, and a lot of futures included in the base price.

The goal for small companies is to have one administration dashboard -- from where you can manage antivirus for computers, firewalls, IDS, IPS, mobile phones, tablets, etc.

Sophos UTM is on the right path to getting there.

Sophos UTM 135 = two years.
Sophos UTM 115 = one year.

No problems with stability.

No problems with scalability.

The technical support is really good and the representatives are very responsive.

Cisco (didn’t achieve expectations), Microsoft TMG (end of life).

The setup is straightforward, but I suggest hiring an expert for integration. This is your first line of defense, and there is no room for mistakes.

Sophos UTM’s are not the cheapest but they are not the most expensive. Create a checklist of what you need, and go through it with a sales representative. They will advise the right license for your company and I’m sure you can get some discount.

Cisco, CheckPoint UTM-1

Create a checklist with your requirements, test the solution, and if it passes everything, implement it.

The Sophos UTM planform has allowed us to improve or implement the following security practices:

• Details Web filtering and user access Control
• SaaS QoS
• Network segmentation with firewall and IPS
• WiFi protection
• Web Application Proxy everywhere, inside and out
• WAN expansion with SSL VPN and IPsec VPN over the Internet
• Two Factor Authentication requirement for PCI compliance
• Reduced the need for expensive MPLS deployments

The UTM/SG platform starts off with the basic functionality of being a good Firewall, adding the additional modules opens up the products set and allows for full web filtering and application control, reverse proxy, APT detection, IPS, VPNs, User portal etc.

The licensing model works very nicely to allow you to get the right protection at the right price point for the right deployment size.

In the increasingly cloud focused word the Sophos UTM’s ability to deliver Safe web access, Web Filter and Cloud Application control has gone from being a nice to have to being a must have for any size company or organization. The rich access logs it records allows you to get real insight into what your users and devices are accessing on the cloud. Native reporting is basic, but can easily be improved by adding Fastvue Sophos Reporter.

At Enterprise level the SUM (UTM Manager) needs to be updated to reflect all of the capabilities

At the Reporting level for user internet browsing the On-box Reporting is very basic and even adding the Sophos iView only give you limited improvement. Having said that, Fastvue’s Sophos Reporter provides all of this and more and integrates seamlessly with the UTM platform to unlock all of the log data’s value.

The SG platform does however not scale to a large enterprise deployment. You can deploy at scale but this is where the platform shows its age and limitations. For Large and Enterprise the better option is to go with the Sophos XG Platform.

Major firmware release can sometimes be buggy initially but are soon pathed and stabilized. My advice would be to sit tight for 9.x release for about a week before implementing 9.x.yyy releases often fix bug without introducing stability issues.

The platform scales-out in a great way, if your deployment is basic and you do not exceed the capabilities of the current SUM. Several companies run large UTM connected networks with hundreds of site across multiple countries.

The platform scales up admirably in the format of the large tin deployments such as the SG550 or SG650 models. They are ably to handles massive throughput rates on the firewall modules but the Proxy and WAF modules cap out at a 10 000+ users or devices depending on the traffic, of course.

For anyone with Proxy and firewall experience the setup is pretty straight forward with a wizard that will get you up and running in no time. The UTM / SG is also available in Hardware Software / Hyper-V/ AWS / ESXi / Oracle Virtual Box so you can set up a test or lab environment on almost anything to get started.

The licensing options with virtual are great and scaling up and down is typically not an issue if you reseller is involved. Sometimes buying the hardware makes more sense than going virtual. The hardware is great and unlike the virtual licensing is unrestricted by user numbers. There are huge numbers of OS models that range from very small to very large. You will likely find a good fit for your deployment.

A great benefit is that you can migrate your Sophos SG license to a Sophos XG license in the future. You can safely Deploy on SG and later migrate over to the newer XG platform when you are ready. It offers a great feature set at a good price point.

Various other platforms were evaluated before choosing the Sophos SG including CheckPoint – UTM1, FortiGate, and Sophos XG (Beta – at the time). All have their own areas where they shine and should be short listed candidate for anyone looking to implement a UTM.

Sophos is a great security partner for any organization. Investing in their suite of products gives you a good cohesive strategy for security. Adding Fastvue Sophos Reporter allows you to get better visibility into how well your UTM is protecting your environment as well as adding the ability to add real time alerts. It really adds additional features to the product without increasing the cost much and a relatively short ROI is often realized.

The most valuable features are:

• Ease of configuration of the firewall rules and routing.

• The email alert on event triggers.

• Internal storage for logging, as you do not have to get another server to store the logs.

The ability to disconnect the VPN connection needs to improve. Currently, in order to disconnect an existing VPN connection of a device, the admin needs to change the password of the user.

I have used this solution for two and a half years.

We encountered stability issues more on the Web Filtering feature where certain valid websites are blocked or the video cannot be played and it requires extra exceptional configuration.

There were no scalability issues.

I would rate the technical support a 8/10.

Previously, we were using WatchGuard UTM. The pricing and ease of use of the configuration were the reasons as to why we moved over to this solution.

Setup is straightforward.

From time to time, there is a promotion and it is more cost effective to get the 3 years subscription licensing upfront.

We looked at Fortinet.

All the features are valuable.

• Web protection: Allows me to control unnecessary web traffic into the company network.
• Email protection: Protects the company from spam and malicious emails.
• RED and VPN: Provides an easy and secure way to connect branch offices so I can easily control them.
• WAF and DMZ: Provides an easy and very secure way to publish your internal servers. Enables you to have more than one WAN and to use them for load balancing and controlling the traffic through them.

Before implementing Sophos UTM, we had a lot of problems with:

• Malicious URLs
• Spam
• Unnecessary internet traffic
• difficulties in connecting and controlling branch offices

After implementing Sophos UTM, the percentage of infected computers because of bad URLs was been reduce by 90%. A lot of spam emails were blocked. Additionally, I created a whitelist for company emails and a blacklist for unnecessary emails.

Branch offices have the same protection like the main office and communication between offices is very easy. We created rules for one-way communication for some branch offices and two-way communication for another office. You have got a lot of abilities for different configurations between offices.

But after migrating to Sophos XG and the new XG OS, things got easier, more secure, and more interesting. Specifically, we had the ability to generate different reports for different protection types, different end users, or different services.

With the new XG OS, I have better control of my network and I can easily detect malicious and unnecessary traffic.

We used UTM for four years, and XG for one year.

At the beginning, there were stability issues, due to a poorly configured switch. I had problems with HA, but after that, there were no stability issues.

I only contacted technical support five or six times. They were very professional. I will rate them as excellent.

We did not use a different solution before this one.

The initial setup, at the beginning, was very complex. After some time, everything got clear. I did the migration of UTM to the new OS XG by myself and I didn't need help from technical support.

Think twice when you are choosing your Sophos UTM/XG. I made a mistake the first time because I needed more powerful hardware for my network. I did not choose very well. The price and the license are definitely elements for which you must think twice. I had excellent cooperation with the Sophos sales team and my mistake was quickly resolved.

We evaluated SonicWall, Palo Alto, and Untangle.

I love all Sophos products, but the combination of Sophos XG, Sophos RED, and Sophos advanced endpoint protection with intercept X is something that all IT professionals and security officers will love and want to have.

All the features are similar; we are real, hardcore users of the Sophos UTMs.

This product is for beginners and for hardcore professionals; beginners can get their feet wet and professionals can easily look into the product.

Certificate Management should be improved.

I have used this solution since 2014, i.e. for around three years.

We have over 30 Sophos UTMs running. There are some that are not stable, because of the bridges used or ISP used (Cisco vPCs/Dell MLAGs etc.).

The Sophos UTM Internal DB sometimes has problems which affect its scalability.

Technical support is very good, but only to the distributor. Support is poor if the distributor escalates to the vendor or we complain directly to the vendor.

It was not a change; in general, we have used many firewall vendors, but no one is as good as Sophos UTM.

The initial setup is easy.

Unfortunately, the pricing is very expensive, but for licensing, there are some "cheap" options for some scenarios.

If you'd like to look into a system which is very robust and hardcore, then select Sophos UTM.

Great security and logging. Easy GUI.

It really needs to update IPSec to enable IKEv2.

Two years.

No.

No.

No.

Customer service is great and responds really fast.

Technical support might be a bit better and there are not enough easily accessible guides.

Previously used the OpenSource pfSense which works great, but Sophos adds the little extra that is needed in security.

Straightforward.

In-house.

I evaluated pfSense, and still go with pfSense where IPSec to AzurePack services are needed because Sophos does not support IKEv2.

At first I did not like Sophos UTM but after second setup and config I liked it a lot and now recommend it to all my customers. It has great security features, and together with Sophos Endpoint Protection it works perfectly.

• Firewall
• Intrusion Prevention
• Web Filtering
• SMTP Proxy
• Red (VPN Appliance Box for remote sites)

The product has provided us with unified threat management as well as comprehensive list of reports.

Their new product range which is the new SG Series UTMs, especially the wireless versions, should at least include two radios for 2.4 Ghz and 5 Ghz bands. Currently we can only run one or the other, but not both.

I've used it for around 18 months.

No at this stage.

Only thing we have noticed as of late was that their firmware updates break something else that was working in a previous version. Only noticing this on some customers though not all customers.

They're great.

I’ve used other products like NetboxBlue, SonicWALL in my previous roles. We chose the Sophos UTM because of pricing, rich feature set and the fact that it can be either a Virtual App or Hardware Appliance.

The initial setup was very straightforward. It was done through a wizard and there not much needed doing while setting up the UTM.

We are a reseller so we use the same product that we sell to our customers. That’s how much we love the product.

• SSL VPN
• HTML5 VPN portal
• Application control
• Reverse proxy
• Web filtering

We used several vendor products before UTM, and now it is all in one box - firewall, proxy, and VPN. Sophos is much easier to manage and configure.

Every product has room for improvement.

I have used it for three years actively with several projects utilizing UTM.

No issues encountered.

No issues encountered.

No issues encountered.

We don't have direct contact with Sophos support so I can’t rate the level of customer service and technical support properly.

I did. Sophos UTM is far more easier to configure and it is very intuitive with configuration.

Setup is easy and straightforward. It is a browser based tool, so you can access it from every location, and with different operating systems.

We did it in-house.

I have some technical advice, but generally, always prepare steps to implement Sophos UTM and test your implementation before using it in production environment.

The Zeroeth Rule:

Start with a hostname that is an FQDN resolvable in public DNS to your public IP. If you didn't do that, start over with a factory reset; it will save you hours of frustration.

1. Whenever something seems strange, always check the Intrusion Prevention, Application Control and Firewall logs
2. In general, a packet arriving at an interface is handled only by one of the following, in order, DNATs first, then VPNs and proxies and, finally, manual routes and manual Firewall rules, which are considered only if the automatic Routes and rules coming before hadn't already handled the traffic
3. Never create a Host/Network definition bound to a specific interface. Always leave all definitions with 'Interface
4. When creating DNATs for traffic arriving from the internet, in "Going to:" always use the "(Address)" object created by WebAdmin when the interface or the Additional Address was defined. Using a regular Host object will cause the DNAT to fail as the packets won't qualify for the traffic selector.
5. In NAT rules, it is a good habit to leave a field blank when not making a change. In the case of a service with a single destination port, this makes no difference. In the case of a service with multiple ports, or a Group, repeating the service makes the NAT rule ineffective.
6. There are only four reasons to sync users from AD to the ASG/UTM:
   • The user should be able to log on to a Remote Access VPN that uses certificates to authenticate the user
   • Email Protection is enabled and the user should receive Quarantine Reports and be able to manage personal black/whitelists and/or use Email Encryption/Signing
   • You want to do Reporting by Department for Web Protection (and I consider it a bug to require this when doing AD-SSO)
   • You want to use the Authentication Agent to populate "username (User Network)" objects
   • There's no other reason to sync users to WebAdmin - certainly not with AD-SSO