Sophos UTM Reviews

• Firewall
• NAT
• Intrusion prevention
• Site-to-Site VPN
• Web filter
• Anti-virus

Before using the Sophos appliance, we consistently struggled with users clicking on things they shouldn't be. This led to virus/malware infections that seemed to propagate through the network at an alarming speed. Since we incorporated the appliance into our network, we don't have to worry as much since it does in-line virus checking, and if a computer does get infected the Sophos appliance lets us know via it's Advanced Threat Protection so we can get a much faster response time.

I wish the internet failover worked better. As it stands right now, when we have an internet failure on WAN1, it takes several minutes before our WAN2 connection picks up the traffic, with many things not working until I manually fail over to the other WAN.

I've used it for seven years.

Initially, we had issues configuring the web filter and getting the right policies applied to the right users. After several calls to Sophos, they were able to assist us in getting to where we wanted to be. Other than that, deployment was easy as long as you pay attention to what you are doing and have the setup guide handy for any questions you have.

The appliance has been very stable, only being rebooted to apply patches for security vulnerabilities, which fortunately is not very often.

The UTM 220 has served our purposes very well, it has allowed us to scale up on the computing side as well as the server side with no issues at all.

Their customer service is fantastic.

I have never had an issue go unanswered when I've had to involve Sophos technical support. Above all, it's their technical expertise that truly sets them apart from other vendors we have tried.

We did originally try to use PFSense. The software was hard to use, and the level of technical expertise was not good. Ultimately, after several demos of both products, we decided that Astaro (at the time we purchased our original device) was the right vendor to work with. Since that time, Sophos purchased Astaro and it would appear that they kept a lot of the same people working on these devices because the transition was smooth, and the level of knowledge never faltered.

The initial setup was very straightforward. I will say that you do need to have a certain level of knowledge to set up the more advanced functions. Configuring the network was the easiest part, and the firewall was very straightforward once you figured out exactly what rules you needed to put in place. NAT was a bit confusing to start with, but once you went through the process it was easy. Intrusion prevention was easy to set up, flip the switch to the on position and decide what rules you want to apply. Web filtering took a few calls to Sophos to set up properly, as we were trying to set up filtering policies based on Active Directory groups, and were not successful in the initial configuration, but we did finally get this implemented.

I implemented the product in-house. The one bit of advice that I can give is to organize yourself prior to deployment. Determine what services you want to utilize in your environment, and focus your learning to those parts of the guide, this will make your deployment much easier.

Our return on investment is the fact that we are protecting the business' data, lowering administrative costs, and are better able to manage every bit of our network security.

The licensing model is very straightforward, it's a bit pricey, but for what you get, it's well worth it.

The IPS and endpoint protection function.

A standard Firewall of an access router, monitoring up to OSI level 4, is unacceptable anymore these days. The endpoint protection solution is integrated, thus running along with the notification function.

All the necessary functions being incorporated into one solution with notifications configured, I know I am secure against threats from the internet. (Up to the limits of the solution in the constantly evolving and dangerous Internet).

• A cleaning up function to remove unused references.
• A dashboard to show that the various parts of the solution really do their tasks and not only have been activated or configured (e.g., From the live log of the IPS function it is difficult to understand if the solution (snort) is running or experiences a problem and has stopped working.
• The possibility to add the sandbox (and possible future) function, paid for, to the free Home version.

I've used this solution for three years.

Some with the IPS function (snort).

In my case, when restarting the system (because of an update), I doubt that snort starts correctly and do a manual restart of the IPS function (see my answer for 'Room for Improvement').

No, I use the solution in a VMware environment with Intel Network interface cards.

As a free home user, I have not used the support services up until now.

Once, I did upload an Office document that appeared to give a false positive, but never got a notification. I understand this because of the priorities that have to be given, but I would have liked to receive a (even small) reaction.

I did take a look at other open source solutions, but found the Sophos UTM, being the best professional free for Home UTM solutions, full blown, and updated daily, to be the best solution.

The setup wizard provided me with just enough insight into the basics of the solution -- to be able to start using the solution fully after some self-study and exploration of the various knowledge bases and forums.

I looked at some open source variants but being able to use the best professional (free for the home version) product with regular updates -- convinced me to use the Sophos UTM solution at Home.

The instability and best effort service of a community of the open source solution did not give the right trust to depend on in the battle against the negative sides of the worldwide internet

Start simple and step-by-step, and start using the product fully.

RED remote Ethernet Device layer 2 site-to-site tunnel.

RED is a layer 2 tunnel based on SSL protocol that you can establish tunnel, with or without static public IP form provider and this is a feature you will not see among another vendor.

I have done hundreds of setups of this solution.

Sophos is number two on the market, and from my experience, even if there are some drawbacks, they have workaround solutions in the product. Every day, Sophos makes developments in the firmware that are free if you have a valid license.

I've used this solution for five years.

No.

No, correct sizing will fit.

Fast response time. Easy management, good support.

Pricing is competitive.

Reverse proxy, SSL VPN, web & email protection

For me, those features were most valuable from a security point of view;

• Reverse proxy is very important for shielding application frameworks.

• For VPN, we all knew that PPTP was broken and is not secure anymore. For Ipsec, you need to have opened ports, and if you are in a hotel who only has ports 80 and 443 opened, you can’t do anything.

SSLVPN is one of the solutions. Yes, you can use DirectAccess, but there are some limitations, too.

For DirectAccess, you need to have all those computers joined in one domain.

• Web & email protection is a nice feature because you have all of those controls in one dashboard. This is of course for small and maybe some mid-size companies. For larger and enterprise, it’s another story.

Less and faster administration, full control of traffic, and a lot of futures included in the base price.

The goal for small companies is to have one administration dashboard -- from where you can manage antivirus for computers, firewalls, IDS, IPS, mobile phones, tablets, etc.

Sophos UTM is on the right path to getting there.

Sophos UTM 135 = two years.
Sophos UTM 115 = one year.

No problems with stability.

No problems with scalability.

The technical support is really good and the representatives are very responsive.

Cisco (didn’t achieve expectations), Microsoft TMG (end of life).

The setup is straightforward, but I suggest hiring an expert for integration. This is your first line of defense, and there is no room for mistakes.

Sophos UTM’s are not the cheapest but they are not the most expensive. Create a checklist of what you need, and go through it with a sales representative. They will advise the right license for your company and I’m sure you can get some discount.

Cisco, CheckPoint UTM-1

Create a checklist with your requirements, test the solution, and if it passes everything, implement it.

The Sophos UTM planform has allowed us to improve or implement the following security practices:

• Details Web filtering and user access Control
• SaaS QoS
• Network segmentation with firewall and IPS
• WiFi protection
• Web Application Proxy everywhere, inside and out
• WAN expansion with SSL VPN and IPsec VPN over the Internet
• Two Factor Authentication requirement for PCI compliance
• Reduced the need for expensive MPLS deployments

The UTM/SG platform starts off with the basic functionality of being a good Firewall, adding the additional modules opens up the products set and allows for full web filtering and application control, reverse proxy, APT detection, IPS, VPNs, User portal etc.

The licensing model works very nicely to allow you to get the right protection at the right price point for the right deployment size.

In the increasingly cloud focused word the Sophos UTM’s ability to deliver Safe web access, Web Filter and Cloud Application control has gone from being a nice to have to being a must have for any size company or organization. The rich access logs it records allows you to get real insight into what your users and devices are accessing on the cloud. Native reporting is basic, but can easily be improved by adding Fastvue Sophos Reporter.

At Enterprise level the SUM (UTM Manager) needs to be updated to reflect all of the capabilities

At the Reporting level for user internet browsing the On-box Reporting is very basic and even adding the Sophos iView only give you limited improvement. Having said that, Fastvue’s Sophos Reporter provides all of this and more and integrates seamlessly with the UTM platform to unlock all of the log data’s value.

The SG platform does however not scale to a large enterprise deployment. You can deploy at scale but this is where the platform shows its age and limitations. For Large and Enterprise the better option is to go with the Sophos XG Platform.

Major firmware release can sometimes be buggy initially but are soon pathed and stabilized. My advice would be to sit tight for 9.x release for about a week before implementing 9.x.yyy releases often fix bug without introducing stability issues.

The platform scales-out in a great way, if your deployment is basic and you do not exceed the capabilities of the current SUM. Several companies run large UTM connected networks with hundreds of site across multiple countries.

The platform scales up admirably in the format of the large tin deployments such as the SG550 or SG650 models. They are ably to handles massive throughput rates on the firewall modules but the Proxy and WAF modules cap out at a 10 000+ users or devices depending on the traffic, of course.

For anyone with Proxy and firewall experience the setup is pretty straight forward with a wizard that will get you up and running in no time. The UTM / SG is also available in Hardware Software / Hyper-V/ AWS / ESXi / Oracle Virtual Box so you can set up a test or lab environment on almost anything to get started.

The licensing options with virtual are great and scaling up and down is typically not an issue if you reseller is involved. Sometimes buying the hardware makes more sense than going virtual. The hardware is great and unlike the virtual licensing is unrestricted by user numbers. There are huge numbers of OS models that range from very small to very large. You will likely find a good fit for your deployment.

A great benefit is that you can migrate your Sophos SG license to a Sophos XG license in the future. You can safely Deploy on SG and later migrate over to the newer XG platform when you are ready. It offers a great feature set at a good price point.

Various other platforms were evaluated before choosing the Sophos SG including CheckPoint – UTM1, FortiGate, and Sophos XG (Beta – at the time). All have their own areas where they shine and should be short listed candidate for anyone looking to implement a UTM.

Sophos is a great security partner for any organization. Investing in their suite of products gives you a good cohesive strategy for security. Adding Fastvue Sophos Reporter allows you to get better visibility into how well your UTM is protecting your environment as well as adding the ability to add real time alerts. It really adds additional features to the product without increasing the cost much and a relatively short ROI is often realized.

The most valuable features are:

• Ease of configuration of the firewall rules and routing.

• The email alert on event triggers.

• Internal storage for logging, as you do not have to get another server to store the logs.

The ability to disconnect the VPN connection needs to improve. Currently, in order to disconnect an existing VPN connection of a device, the admin needs to change the password of the user.

I have used this solution for two and a half years.

We encountered stability issues more on the Web Filtering feature where certain valid websites are blocked or the video cannot be played and it requires extra exceptional configuration.

There were no scalability issues.

I would rate the technical support a 8/10.

Previously, we were using WatchGuard UTM. The pricing and ease of use of the configuration were the reasons as to why we moved over to this solution.

Setup is straightforward.

From time to time, there is a promotion and it is more cost effective to get the 3 years subscription licensing upfront.

We looked at Fortinet.

All the features are valuable.

• Web protection: Allows me to control unnecessary web traffic into the company network.
• Email protection: Protects the company from spam and malicious emails.
• RED and VPN: Provides an easy and secure way to connect branch offices so I can easily control them.
• WAF and DMZ: Provides an easy and very secure way to publish your internal servers. Enables you to have more than one WAN and to use them for load balancing and controlling the traffic through them.

Before implementing Sophos UTM, we had a lot of problems with:

• Malicious URLs
• Spam
• Unnecessary internet traffic
• difficulties in connecting and controlling branch offices

After implementing Sophos UTM, the percentage of infected computers because of bad URLs was been reduce by 90%. A lot of spam emails were blocked. Additionally, I created a whitelist for company emails and a blacklist for unnecessary emails.

Branch offices have the same protection like the main office and communication between offices is very easy. We created rules for one-way communication for some branch offices and two-way communication for another office. You have got a lot of abilities for different configurations between offices.

But after migrating to Sophos XG and the new XG OS, things got easier, more secure, and more interesting. Specifically, we had the ability to generate different reports for different protection types, different end users, or different services.

With the new XG OS, I have better control of my network and I can easily detect malicious and unnecessary traffic.

We used UTM for four years, and XG for one year.

At the beginning, there were stability issues, due to a poorly configured switch. I had problems with HA, but after that, there were no stability issues.

I only contacted technical support five or six times. They were very professional. I will rate them as excellent.

We did not use a different solution before this one.

The initial setup, at the beginning, was very complex. After some time, everything got clear. I did the migration of UTM to the new OS XG by myself and I didn't need help from technical support.

Think twice when you are choosing your Sophos UTM/XG. I made a mistake the first time because I needed more powerful hardware for my network. I did not choose very well. The price and the license are definitely elements for which you must think twice. I had excellent cooperation with the Sophos sales team and my mistake was quickly resolved.

We evaluated SonicWall, Palo Alto, and Untangle.

I love all Sophos products, but the combination of Sophos XG, Sophos RED, and Sophos advanced endpoint protection with intercept X is something that all IT professionals and security officers will love and want to have.

All the features are similar; we are real, hardcore users of the Sophos UTMs.

This product is for beginners and for hardcore professionals; beginners can get their feet wet and professionals can easily look into the product.

Certificate Management should be improved.

I have used this solution since 2014, i.e. for around three years.

We have over 30 Sophos UTMs running. There are some that are not stable, because of the bridges used or ISP used (Cisco vPCs/Dell MLAGs etc.).

The Sophos UTM Internal DB sometimes has problems which affect its scalability.

Technical support is very good, but only to the distributor. Support is poor if the distributor escalates to the vendor or we complain directly to the vendor.

It was not a change; in general, we have used many firewall vendors, but no one is as good as Sophos UTM.

The initial setup is easy.

Unfortunately, the pricing is very expensive, but for licensing, there are some "cheap" options for some scenarios.

If you'd like to look into a system which is very robust and hardcore, then select Sophos UTM.