Sophos UTM Reviews

We primarily use this solution for:

• VLAN separated network
• Proxy / SSL-Interception
• VPN (IPsec and SSL)
• Reverse Proxy / Webserver Security
• Email Security / Mail gateway
• HA (Hot-Standby)
• IPS / ATP

This is a very good security solution for SMB, so this solution is a good fit for many of our customers.

We find all of the features valuable because together they fit the needs of our customers.

We would be happy with fewer new features over the same time, but with more stable updates!

We would like to have unique viewable IDs for rules and in the packet filter logfile, for easier debugging of old log files.

Sophos UTM shouldn't die.

We use this solution for IPsec & site-to-site SSL VPN.

My environment involves connecting all of our branches with the head office through one Sophos XG 210 device. This is done using IPsec and SSL VPN, after which we apply a web filter, as well as an application filter to ensure that we are getting a secure connection.

It allows me to easily connect with more than forty-five remote sites and more than fifty remote users between IPsec and SSL VPN, applying the web filter and application filter to ensure a secure connection.

This solution also gives me varieties of VPN policies for good data encryption.

The most valuable features of this solution are:

• High Availability between IPsec site tunnels provides a valid continuous connection and ensures we have no downtime affecting our business.
• Log Viewer allows me to monitor all incoming and outgoing traffic, as well as view and block vulnerabilities.

I would like to see the SD-WAN feature improved. I want to manage many lines and load-balance them, getting high availability by making SLA tests according to:

1. Check interval.
2. Failures before inactive.
3. Restore link after.
4. SD-WAN Rules to control bandwidth, download and upload stream.

I switched to Sophos as it is more reliable.

This solution is less expensive than FortiGate. 

We did not evaluate other solutions prior to choosing this one.

I use this solution in both the home and office, and I am also a reseller of the product. It is used for Unified Threat Management for SMB to Mid-Size companies. It provides VPN solutions for our clients, and it has the absolute best UI in the industry.

This solution makes remote support of clients extremely easy and flexible. Modifications can be made in minutes. New definitions of network objects, users, groups, etc. can be made from anywhere in the UI.

The most valuable feature is the user interface, which is flexible, powerful, and easy to understand. Configuration troubleshooting is eased by the use of the color-coded, live firewall log. Live logs for most features are also available.

Support for IKEv2 is needed in this solution. But, the handwriting is on the wall that Sophos will probably stop development in favor of their XG Firewall. No timeframe on that yet though.

We have been using this solution since it was the Astaro Security Gateway (/products/sophos-utm-reviews ).

We use this solution for communication endpoint, encryption, and network security. We are focused on providing security software to the small to mid-market enterprises; the essence of our delivery is internet security.

The features that I've known to be the most valuable are both the web security features as well as the web firewall capabilities. As a partner of Sophos firewall, we have some clients that are using Sophos firewall UTM and we use it as well.

One additional feature that should be included in the next release is
synchronized security, which would enable all the security to work together as a system. Another suggestion is to add advanced threat protection (ATP) to defend against sophisticated Malware. Seeing these additional improvements would be a great thing going forward.  

The product is stable. It's a product that our clients are able to use and enjoy. We haven't had many complaints about the product at all. Internally we haven't experienced any problems. 

The scalability is also fine. Currently, we have 20 employees using the product to date and only one employee needed to maintain the product. At the moment we don't have any plans to increase usage in the company. Not now, next year maybe.

We train our employee's on technical support. I don't need any outside technical support.

The only time we faced a problem or issue is when we place a ticket. We have found that the response is very slow. That seems to be our biggest problem.

We previously used Cyberoam but Sophos acquired Cyberoam. That's why we migrated to Sophos.

The initial setup was done with our engineers, they also set up that server firewall. The setup was straightforward.

The deployment took one month. We're a support base reseller. Our in-house team took care of it. We don't use anyone from the outside, we can deploy the product on our own.

Everything involving pricing and licensing is maintained by our Bangladesh Sophos country managers. The pricing is okay and the licensing is also included in the price.

Sophos UTM is a good product for security purposes and maybe if Sophos provided another company option to implement their products then I would say that Sophos UTM is great.

On a scale of one to ten with 10 being the best, I would give this solution a nine out of 10. 

SMB firewall.

Protected it against malware and allowed us to serve our servers safely.

Application layer filtering.

Setup: Getting an exchange server to work behind Sophos is incredibly difficult with rules invoked that are simple numbers (e.g. 9054).

• Network border protection for clients and internal company
• It is used for small to medium-sized businesses and networks.

Sophos SG has provided us with the tools to protect our networks, detect malicious activity, and customize security to our clients' needs.

• Sophos UTM Manager (SUM): It allows us to manage over 50 Sophos UTM devices from a central management console. 
• Creating rules, exceptions, and managing most features from SUM, and pushing to all or a section of devices as needed.

• SUM cannot manage app control
• Improve app control system as a whole
• Extend support for SG until XG has improved significantly.

Our primary use case of this solution is IDS and IPS. We also use it for application availability. 

The most valuable feature is the IPS. It also protects us from malware. 

The solution could be improved by adding cloud soundboxing.

The stability is OK. 

The scalability is not something I have experience with because our organization is pretty lean.

I have not used technical support. 

It was easy to set up and quite straightforward.

When considering a new solution, I always make sure that there is good technical support. Also, the pricing is an important aspect.

A client wanted to trial Sophos UTM 9 before deploying it into a production environment because, historically, Sophos has not had the best of reputations in AWS. The client had used Sophos in other environments, hence they wanted to stick to what they know.

The solution allows the client to use cross-region AWS VPCs to connect remote dev offices.

Classic defence in depth, with layered features. 

• SPI (stateful packet inspection)
• IPS
• WAF 
• VPN capability with built-in load balancer

Nothing out of the ordinary these days, but the fact Sophos has such a big name and good support was a big plus for the client who already had a relationship with Sophos support. Also, auto-scaling of UTM workers using EC2 is a nice and handy feature.

UTM 9 brings along IPSec as well as iPhone and iPad support. This seems small but it’s useful. 
Finally, Cold Standby CloudFormation script to one node, with persistent info in S3, is a convenient feature.

We procured this solution via the AWS Marketplace because of BYOL (bring your own licence). That was the driving force behind the choice. In addition, they had test and production environments in AWS already so it was easy to get a sign-off.

We didn’t find any issues but I know there have been some in the last few years. I can’t comment about Sophos on AWS previously but they seem fine now. There were no problems for our client so all I can comment on is the experience they had. I think it’s taken a little while for Sophos to get experience in solving problems with their product in the AWS environment, but they do seem to go the extra mile.

This solution rates an eight out of ten, based on our experience. Support was good. You will always find problems with installations so it does hinge on support.