"The most valuable feature is the Intrusion Prevention System."
"Firepower has reduced our firewall operational costs by about 25 percent."
"The implementation is pretty straightforward."
"The Adversity Malware Protection (AMP) feature is the most valuable. It is also very easy to use. Every technical user can operate this solution without any difficulty. The dashboard of Cisco Firepower has every tool that a security operator needs. You can find every resource that you need to operate through this dashboard."
"The dashboard is the most important thing. It provides good visibility and makes management easy. Firepower also provides us with good application visibility and control."
"The content filtering is good."
"The solution offers very easy configurations."
"Its Snort 3 IPS has better flexibility as far as being able to write rules. This gives me better granularity."
"It has a good web cache. I used to use a DHCP server and DNS server. For my company, I use pfSense as a load balancing application."
"I mostly like all of it. Whatever we use is valuable."
"The interface is straightforward and easy to use."
"The initial setup was simple and fast."
"I like the connectivity to the open VPN. It's very smooth."
"The built-in open VPN and the VPN Client Export are the solution's most valuable aspects."
"It is very easy to use. The interface is quite understandable. There is a good community, and I can take over at any time I want. If there is anything wrong with it, I could just reinstall the whole thing and start all over again, and I'll be up again in less than a few minutes"
"I am happy with the EPLS, the radius, and I am happy with the captive portal."
"Technical support is very responsive."
"The three most important features for us are web protection, web server protection, and network protection."
"The initial setup is pretty easy."
"The intrusion prevention is great, and I like dual virus scanning on the network layer because we scan it through Avira and Sophos. Web filtering is also a fantastic option for clients who want to really lock down internet access."
"It is easy to manage."
"Has great security features and does a good job of protecting the network."
"This is a very stable product."
"The most valuable feature is the price. I've been requesting prices all over these years between different solutions like Fortinet, Palo Alto, and Check Point and Sophos has been the cheapest and the best of all of them that I have tried. I have been working with Fortinet, it's a fact that the price is surprisingly better."
"We only have an issue with time sync with Cisco ASA and NTP. If the time is out of sync, it will be a disaster for the failover."
"I would like it to have faster deployment times. A typical deployment could take two to three minutes. Sometimes, it depends on the situation. It is better than it was in the past, but it could always use improvement."
"A major area of improvement would be to have more functionality in public clouds, especially in terms of simplifying it. The high availability doesn't work right now because of the limitations in the cloud."
"They need a VTI. I know it's going to be available in the next software version, which is the 6.7 version. However, the problem with that is that the 6.7 is going to deprecate all the older IKEv1 deployment tunnels. Therefore, the problem is that we have a lot of customers which are using older encryptions. If I do that, update it, it's not going to work for me."
"FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively."
"The initial setup could be simplified, as it can be complex for new users."
"When you make any changes, irrespective of whether they are big or small, Firepower takes too much time. It is very time-consuming. Even for small changes, you have to wait for 60 seconds or maybe more, which is not good. Similarly, when you have many IPS rules and policies, it slows down, and there is an impact on its performance."
"Licensing is complex, and I'd like it to be simplified. This is an area for improvement."
"It could use a little bit of improvement in the reporting."
"It needs to be more secure."
"They can improve the dynamic of the input of IPs from outside."
"The solution could improve by having centralized management and API support online."
"pfSense has some limitations in detecting site sessions. We want to control internet usage based on sites and their content, and pfSense doesn't perform this function."
"Lacks instructional videos."
"Web interface could be enhanced and more user friendly."
"The main problem with pfSense is that we have to use proxy solutions."
"Sophos should improve its ability to check something like bandwidth consumption for users or something more real-time."
"The integration capabilities could be better."
"The classification segregation of applications lacks sufficient definition."
"They could use more SSL VPN support."
"The logs are not clear, which means that you need an additional piece of software in order to read them clearly."
"I would like this solution to support ICAP. Also, they no longer support on-premises management, and are forcing clients to use centralized management via the cloud, which I don't agree with."
"I would like to see Sophos UTM add support for all the new threat-detection technologies and the ability to respond to novel security threats that come along every day."
"Sophos customer support could use some improvement."
More Cisco Firepower NGFW Firewall Pricing and Cost Advice →
pfSense is ranked 2nd in Firewalls with 58 reviews while Sophos UTM is ranked 1st in Unified Threat Management (UTM) with 35 reviews. pfSense is rated 8.6, while Sophos UTM is rated 8.4. The top reviewer of pfSense writes "Feature-rich, well documented, and there is good support available online". On the other hand, the top reviewer of Sophos UTM writes "Great web and email filtering with reasonable pricing". pfSense is most compared with OPNsense, Fortinet FortiGate, Sophos XG, Untangle NG Firewall and Zyxel Unified Security Gateway, whereas Sophos UTM is most compared with Fortinet FortiGate, Untangle NG Firewall, Sophos XG, OPNsense and Palo Alto Networks NG Firewalls. See our Sophos UTM vs. pfSense report.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
pfSense is opensource and has been the last 10 years in the top 10 best
firewall solutions in the world, it is free, stable, scalable, and easy to
administer ... and above all very safe, since it is one of the few systems
that could have been violated. It's free.
In fact, Karl, the 50-IP free version is for home use only, and not even then if it also protects business assets. You did a great job of explaining the difference, so I won't comment further.
To the original poster, it's cheaper to hire a Sophos consultant to create your original configuration. It costs twice as much to get a configuration "repaired" that wasn't correctly designed. A Sophos Solution Partner that has a Sophos Certified Architect with plenty of experience and good referrals is probably your best bet.
With Sophos is easy to configure and you have the support from the frabicant, with pfSense you have to learn from the community and learning curve is a little hard, last occasion with pfSense it don't have support for vpn dynamic, with Sophos they have RED equipment that is an extension from the core, only you need the serial number from the remote equipment and you have the vpn , both are great equipment and software, depend of the budget, pfSense is free and they have support if you pay the license very cheap
pfSense is just a basic firewall with VPN and Captive Portal functionality but does its job great. Only needs minimum resources to function. Price is right (FREE)
Sophos UTM is much more, hence the UTM. It does firewall, advance threat protection, VPN, Secure web gateway, email protection (AV, Spam, Encryption, and DLP), endpoint protection, Mobile Device control, Web Application Firewall, User Portal, built in reporting, and central management. It does require more resources but you get a lot more out of it. Two options depending on the size of your office, commercial version or the Free version that you can build on your own hardware. The free version is restricted to 50 IP addresses. (https://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx)
I have used both and both have their place but using Sophos in my environment just because it offers a lot more functionality, nice dashboard, reports, and easy to use through the GUI.
One other big difference is that pfSense is FreeBSD based while Sophos UTM is linux based. It is also worth having a lool on cacheguard which is a proxy oriented product and also Linux based.
I´m afraid I am not able to help in this matter. We´ve decided to for FortiGate as services, based on our relationship with our IT security provider and the FortiGate reviews available on the net.
We used to use pfSence for one particular open network but let the full control on de FortiGate. During the investigation and analysis period we thought of Sophos but felt more comfortable going for FortiGate pretty much based on price and our relationship with our IT security provider. Hence my experience wouldn´t help in this case.
My best advice would is to refer to the article available on:
https://www.itcentralstation.com/products/comparisons/pfsense_vs_sophos-utm