Sophos UTM Reviews

I deploy Sophos UTM FullGuard for each of my clients. It is a complete bundle of security subscriptions that include web filtering, dual inline antivirus, etc.

The packet filtering's great. You get out what you put into it. It works great as long as you know your security and configure everything adequately. If you just pop one in and it's not configured, then it's basically wide open. It kind of depends on the admin skill, but it's an excellent product.

UTM has sand-storming, got dual inline virus scanning, filtering, DNAT, translations, etc. You can implement Google Safe Search for schools and stuff.

Email spam filtering only works if you have an on-prem Exchange server. It doesn't interface with Office 365 like the XG model. That would be one feature that they could improve. They're not going to do it because they're trying to push us all to XG.

I have almost 30 years of experience in IT, and I've been deploying Sophos UTM and its predecessor for the last 14 years. Originally, the product was called Astaro ASG, which is short for "Astaro security gateway." Sophos bought Astaro in 2010 or 2011, and it became Sophos UTM.

I've been using this stuff forever, and I've only had to replace a couple. That was due to lightning strikes, power surges, and other things that are out of our control. It's a highly stable platform with very few hardware issues. As long as you set it up right. I have my solution scripted so I receive backups and nightly config files in the email. Each night, I look at the executive report to monitor the solution. As long as the administrator takes the time to set it up correctly, I think it's a highly stable product.

The Sophos UTM and XG lines are highly scalable. It's the same OS and security across all modules. The scalability is based on the size of the hardware.  If you have a small network, then you go with an SG 115 or something. If you have a network of up to around 50 people, then you bump that up to a 210. If you have a couple of hundred people, you bump it up to a 310. To scale up, you increase the hardware for higher throughput and such.

The initial setup is pretty easy for anyone with a security background. Sophos has a wizard that holds your hand through the initial setup to get you up and running, but an administrator needs to get in and fine-tune the solution after the fact. 

The deployment time depends on the size and scope of the client. I've put a bunch of them in small networks of fewer than 10 machines. Those don't take more than a couple of hours. I've also done larger companies with 120-150 people and multiple departments. I like to lock everything down, so I know it's secure, and I create exemptions for things that don't work. It just depends on how many applications, end users, departments, etc. For a big customer, it's a one or two-day process.

I started in corporate networking for large enterprise clients, but I've been running my own business for the last 13 years. A good rule of thumb is about 200 endpoints per technician. That's doing everything, including desktop support and security, etc. For security administration,  one person who knows what they're doing can set it up and administrate it fine.

Now, I have a team of a couple of people underneath me because I have a lot of companies all over the place. It takes more than one person to keep everybody going. If I were the full-time IT guy for a company of 200 people, I could deploy it, manage it, and do it all by myself.

I run a managed service provider, and I put everybody on UTM appliances. Those licenses are all renewed annually, and I have to manage their networks. I get a great return on investment.  With the XG line, you can get into the Sophos Flex program, where I only get billed monthly for it. We charge the customer monthly for their security subscriptions, so we get a return every single month.

I keep my prices reasonable. Lots of people charge twice what they pay, and they get a lot more money in their pocket, but I just don't like gouging people.

Sophos is actually fairly expensive. When it was Astaro, it was the most expensive solution in the same tier as Cisco PX and Barracuda's line with multiple different blades to do different things. Astaro was the first solution to have unified threat management all in one blade. You don't need to get full-blown security at the top price. You can get the network security subscription or the web security subscription, etc.

On a scale of one to five, I'd probably give it about a four for affordability because it's pretty expensive. It's good stuff. I've always been a firm believer that you get what you pay for.

I rate Sophos UTM nine out of 10. I think Sophos UTM is pretty close to perfect.  I wish they weren't discontinuing the UTM line. They're forcing all of us partners to switch to XG. XG has a lot of AI integrated into it, so it's probably more secure, and there are more features. At the same time, it's a lot harder to work on, and I don't care for the UI. I like the way that the UTM is laid out.

You get out of it what you put into it. That's true of any security appliance, whether Sophos, Barracuda, WatchGuard, Juniper Systems, etc. If you want to secure your networks, this is a great device, but you have to put some time into it. You need to understand your customer's environment. I like to lock it down and create exemptions for things that they need. That way I don't have to waste my time cleaning up viruses, ransomware, and all these threats that happen all the time.

Sophos UTM is a virtual appliance used for network security.

Sophos SG UTM had all the basic functionality that you needed. It is user-friendly and easy to manage for any integrator.

There were a lot of features and functionality in Sophos SG UTM but nothing was state of the art in terms of technology. You did not get the latest functions. It was very monolithic as it was based on an old Linux PuTTY system.

Everything has changed in the newer version of the solution from the SG to the XG. It was a completely new reborn version. You are not able to migrate from SG to XG using scripts. it is very difficult because of the differences. There was not a simple migration path from one to the other.

In the Sophos SG UTM version, you cannot have any other functions. Sophos will tell you "It's a closed version. We will not have any more functions." However, in the new version, you have a lot of new functions, and every two or three months you have new features. For example, you can use Sophos Central to synchronize both strategy policies and even security, if you are equipped with Sophos antivirus on workstation and server. If your antivirus on the workstation finds a threat, your firewall will have the information of the station, what issue it had, and what other stations it communicated with.

Sophos has to enable the Intercept X or an EDR function on the firewall because for the moment, the firewall is only equipped with sandboxing or something similar. Which, is quite good but there should be something easier for the user. For example, the logs at the moment are not as simple as they are in other solutions, such as Fortinet, it is very important to have a logging tool, log reporting, or a reporting engine. We need to see logs and find information within. However, 10 years ago, we do did not care about the logs but things have changed. We need them to analyze, to have a view of some of the layers but we do not have this. They could improve by providing better log functionality and features.

I have been using this solution for approximately five years.

For the whole life of Sophos SG UTM, it has been highly stable.

On the newer XG version, we have had a lot of small bugs on the very first version. We were having lots of small bugs on different functions and it had been a mess for a lot of integrators to make it work and to keep confidence in the XG. The XG had a lot of functions and all functions could have a lot of bugs. Even if everything is under control on one or several functions, there were some functions that had many, such as the VPN. However, in version 18 the stability was a lot better. 

You rely on the stability of a firewall and if you have some bottlenecking from the communication from or to the internet. It is very difficult to be confident in Sophos and we lost some confidence in Sophos in the very earlier version.

Overall, we had more problems with the XG than with the SG version.

I have used other Sophos solutions, such as Sophos XG UTM.

The installation of Sophos SG UTM is very easy. There are detailed manuals that can help with the installation if you run into difficulties. There is some basic transferring training you can take that is not complicated.

It is very complicated to migrate everything you put in SG to another version. You need to redefine many aspects manually on the XG because you are not able to extract the configuration from a confidential file to import it into the XG. They are very different and will not work in the same way. It is very confusing for a new customer.

If customers want to buy the XG because it is the new version and they want to migrate through a Sophos or integrator, it will take a lot of days for engineers from SG to XG to implement because it is not the same solution anymore. It is very much similar to if you were migrating from SG to a Fortinet or to a Palo Alto firewall. You have to recreate the configurations manually on your side, with no migration paths. It is a very important point. We do not have migration paths from one to another.

The solution is very low cost compared to competitors. You have a good firewall, a lot of functions for less than the price of some omni firewall competitors.

I have evaluated other solutions, such as Sophos XGS.

There are two versions of the Sophos UTM. The old one is the SG, and the newer ones are the XG and XGS UTM, the next-generation firewalls.

Sophos UTM was a rebranded solution that was bought from the Astaro company. It was one of the first UTM and was a very stable solution. Everything was inside a small box, you could start to enable or disable some functions, such as TCP, HTTP proxy, or firewalling. It allowed you to manage everything you wanted in this Unified Threat Management solution. It was a very nice multi-functioning security tool. If you adapted to the way of working with the UTM you could do everything with it. 

It was a nice solution. Sophos still allows the use of the SG UTM. For example, if you want to buy an XG Firewall, which is their new next-generation firewall, you still can purchase the older SG UTM. Sophos is able to still deliver this solution.

I rate Sophos UTM a seven out of ten.

Mostly when we see that the client has no security product, we offer both of the products: firewall and endpoint security. We offer endpoint security solutions: EDR and XDR.

Most of the time, we offer Sophos UTM and firewall products, but when we see that the customer has a firewall already deployed, we pitch endpoint security. If they're already using a different product, we cross-sell a product. For example, if someone has an environment with just endpoint security and doesn't have XDR or EDR, we'll suggest upgrading to XDR or we'll upsell XDR.

The overall visibility of the console is what I find most valuable, plus it's very user-friendly. It can be integrated with other solutions such as SOAR, SIEM, etc., even when you have an existing firewall. I really like that the console can be integrated. You'll see everything on the same window, and the single window feature of the machine is so good. These are the features I really like.

I have no suggestions for improvement for Sophos UTM. It's been a decade and it has been a very good product throughout the Pakistan market.

Pricing could be improved. After-sales service is much better. Once you have a sales team and a technical team for any product, it definitely becomes very easy to pitch or get the revenues out of that product. Flexibility in pricing matters a lot.

This is the fourth year we've been implementing this solution.

Sophos UTM is stable which is why I like it.

I find Sophos UTM scalable and it is one of the reasons I like it.

For Sophos support: the distributor is responsible for providing maintenance, support, and after-sales service. Most of the time, we try to have an agreement between the customer and affiliates which is binding for two or three years.

The support team here is from the distributor. The first layer of support is really fine when compared to the support provided by other products, e.g. McAfee or Kaspersky. This means it doesn't go to the principal for resolution because the distributor or the partner experts try to fix it on their own before logging in to further complaints. We are good with this kind of solution for our customers, and we prefer those distributors who have their support team.

This is why I really like Softech, although everyone does this, Sophos relies on the Softech technical team. They fix the issues most of the time, so it's very rare for us to go to the principal solution. This is the first line of support we have here in Pakistan.

The principal response time is so quick. It took them only two or three hours maximum. I had the experience of addressing an issue to the principal and they were able to answer me in two or three hours maximum. They have a good TA team.

Although Sophos UTM is a good product, other products have more flexibility with their pricing. It is a very fine product, but when someone wants more relaxed pricing or more leverage in pricing, Sophos is more rigid.

For example, Kaspersky is successful in Fintechs because of its services, plus they offer flexible pricing to their end users. It's a comparative advantage here in Pakistan because Pakistan is a very price-conscious market. This is the reason why every time we pitch, we have to pitch more than one product here in Pakistan. They spend their money on SIEM and other kinds of security firewall, but for endpoint solutions, they say any low-budget product could easily be implemented. Most of the customers here in Pakistan like it this way.

We also implemented Kaspersky and McAfee.

We are a partner for all these products. We market these products to the end customers or the end users. We are both selling and implementing these products. We're partners with Sophos. There's a distributor in Pakistan called Softech Microsystems, and we have a silver-level partnership with them.

We've been working with Sophos since 2019.

In the financial market, however, Kaspersky is being used more than Sophos because of its credibility, integration, and extra features offered by Kaspersky. We always try to recommend Sophos as it's what we want, but sometimes, because we also carry a Kaspersky partnership, when a customer demands for Kaspersky, we have to let the customer test it and we have to give them a quote for Kaspersky. We also carry another product, e.g. McAfee, aside from Kaspersky and Sophos. Sophos UTM is a product I want to go further. I try to pitch Sophos UTM rather than Kaspersky or McAfee.

I'm giving this solution a nine out of ten.

Whenever we go for the public tenders, because there's no price flexibility, most of the time I find other products win. Although we have completed our POCs and all that, convincing customers to go with our product, but when it goes to the tenders: in the tenders they mention specification rather than mentioning a particular product, so we'll have to qualify. We qualify technically, but when it comes to the commercial opening or the financial opening, we fail.

We have deployed Sophos UTM on cloud and on-premises. The cloud provider is Azure.

There are about 200 people who are using this solution in my organization.

From Cyberoam and the early builds of Sophos SG, they have developed higher integration between Sophos UTM and the computers' endpoint antiviruses. We can isolate the infected machine from the network, but an IT technician or cybersecurity professional can remove it from the machine and disinfect it. 

It has the capability of blocking HTTPS traffic, but you need the Sophos Central Intercept X subscription for that. It gives us the ability to manage our firewalls from the cloud and deploy a unified configuration onto them. Other competitors like Meraki have that ability, but they fail to optimize it in the way that Sophos has.

Last year, Sophos had some major internal management changes that negatively impacted their support. 

I would like to see better reporting and better alerting.

I would rate the stability as nine out of ten.

The scalability is the same as support and the initial setup. The scalability depends on the person who is doing the initial design. If I choose a device that will serve 10 users and my users jump to 50, then I definitely have a big problem. If I choose a firewall that has 30 GBs of throughput, and all of a sudden I jump to 50 GBs throughput, it's my problem because I didn't do the initial design properly. It's not a problem with the device.

If you do a proper design, assume growth, and buy a model or brand that can digest that growth, then it's scalable. Sophos can handle more requests and requirements than what is in the data sheet.

I would rate the scalability as nine out of ten.

I would rate technical support as three out of five.

The level of support might be acceptable for a smaller company. My organization works in mining and drilling, and we operate in 18 countries and five continents. We needed a better response time, especially in regards to cyber security.

I've used multiple other solutions. At one point in time, we were going to replace all of our Sophos units with Meraki, but I canned that completely because they're incomparable. I also compared the Sophos firewall with other virtual firewalls, but that's a bit unfair because that's an on-premises device and the others are virtual. I've used Microsoft Azure Firewall and Sophos Azure Firewall, but I canceled Microsoft Azure Firewall.

We compared Sophos with Cisco Meraki, and we chose Sophos. On the virtual side as a UTM, I compared Sophos XG for Azure with the Microsoft firewall for Azure. Sophos won on the cost side, which I consider to be a minor cost. 

In terms of benefits, features, and ease of configuration, Sophos won.

Compared to other solutions, initial setup is very simple, but it depends on the configuration design that you want. That's where the complexity is.

First, you get the firewall or the router, connect it to the LAN pool, do the initial setup, and then setup the LAN, WAN, and the basic tools. It's the same for FortiGate, IBM ISS, Cisco, Meraki, IronPort, and Websense. Across all those products, the setup is very easy. If there's any problem with initial setup, It has more to do with the lack of experience from the technician setting it up than the complexity of the hardware. 

The only interaction we do with Sophos units is when we are adding new users, removing users, and for other administration tasks. There are two people involved with maintenance, upgrading the firewalls, and testing new scenarios.

My whole team does administration. Comparing Cyberoam to Sophos, the overhead of troubleshooting performance issues is at a minimum. The only time I need to replace a firewall is when it gets burnt out because of a power problem, which is usually something major and doesn't have to do with the product itself.

I would rate the pricing as 2.5 out of 5.

The problem with the Sophos is not the cost of the hardware but the cost of the modules, packages, and the subscription.

I would rate this solution as eight out of ten.

The features that we're currently using are mainly just for the endpoint protection, which is for the service and the workstations. We basically use it for the servers, the main servers, and then from there for the client, which is basically the laptops and the PCs.

The fact that it's not heavy on the machines has really helped. It's basically lightweight. One advantage is that we, having a cloud solution, do not require a physical machine that we have to administer on our network.

The fact that it's on the cloud means we don't have to administer it on our network or deal with a physical machine, which saves us money.

The solution has many great features.

From the console, we can start different scannings on different machines. We enjoy the centralized reporting part of it. 

The initial setup is simple.

We enjoy its general stability.

The solution can scale.

So far, the solution has been problem-free.

We don't need any extra features. We only use it for the servers and the workstations. We'd like to see them offer their services on mobile devices like tablets. I'm not sure if that's an option or not.

I've been using the solution for over a year now.

It's been very stable. In fact, we haven't had any complaints or any issues with it. There are no bugs or glitches. It doesn't crash or freeze. The performance is great.

The scalability is quite good.

Right now, we have 40 users.

We will definitely scale in the future. As we get new employees, we just request additional licenses.

I've never had any issues.

I also use FortiGate.

The implementation process was straightforward. What basically happens is that you just have to pick that certain client from the console and then you just install it on the machines. From there, of course, you handle connectivity after that. It's pretty straightforward.

A full deployment on one machine took less than 20 minutes. The thing is, if you have fast internet, it can even be much less.

Maintenance is very simple. Support is inbuilt from the manufacturer's side. Therefore, internally, if there are any issues on the client machine, you just reinstall it. There isn't much to do really, in terms of maintenance, except maybe the licenses. It's hosted on the cloud and updates are automatic, and are available from the portal.

We did not need a reseller or consultant's assistance. It was all handled internally.

I haven't really explored ROI. I only have worked with it for slightly over a year. Maybe we need to start looking at it. 

That said, so far, we are protected and we haven't been hit so far. We're getting the returns from it in that sense.

Having a cloud option is a real cost saving. 

In terms of licensing, we pay on yearly basis. From there, what happens, in the last month, we request a quotation for renewal, and then from there we just pay through the local reseller. 

We're thinking of maybe dealing with the supplier, the manufacturer, directly, however, right now, we're still using the local supplier for licensing and payments. 

We are on the latest version of the solution.

We are customers.

I would rate the solution at a nine out of ten. We are very happy with it. I would recommend it to others.

I'd advise new users that, if they are going to go with the cloud option, that issues related to maintenance is actually handled within the cloud. The rollout is pretty smooth.

We primarily use the solution for firewalls. 

The firewall in general is very good. It is comparable to other firewalls. 

Since any environment needs a firewall, it's been helpful in its ability to be highly granular in its configurations. 

Sophos is a security-focused company, which I like. I like that all Sophos products can essentially talk to each other. For example, if a computer has the Sophos antivirus, and it detects something, it actually talks to the Sophos firewall and says, "Hey, I think something is going wrong on this computer." Then, the firewall goes, "You know what? I'm going to shut it down for a while. I'm going to close off all incoming and outgoing connections from that unit until an IT admin comes in and tells me to release it."

It's very scalable.

The solution is stable. 

The initial setup is pretty straightforward. 

I don't really have any notes for improvements. I don't need additional features. 

I've been using the solution for three or more years. 

The solution's stability is excellent, and it is reliable. There are no bugs or glitches, and it doesn't crash or freeze. 

The solution is very scalable and easily expands. 

I'm also familiar with Meraki. Sophos, however, has the ability to talk to other Sophos products. 

Meraki would be all isolated, meaning you have a different antivirus. It'll try to block and scan and do its thing, however, the firewall will always allow the connection to go through. Nothing is stopping it from isolating it. From a Sophos perspective, every single thing talks to each other, whether it's Sophos Central, Sophos email security, Sophos antivirus, or Sophos firewall.

They all talk to each other and look at how attackers come in because attackers don't just, poof, appear on a computer. There's a route it needs to take and different layers of protection it has to go through. If all of your layers, your roads, and everything is all Sophos, they all jive, and that's great.

The ease of setup is dependent on the level of technical expertise. If you are a qualified tech, all firewalls should be pretty simple to deploy, depending on the environment. It's simple enough to implement in general. 

We have witnessed a positive ROI while using the solution. 

Price-wise, you get the bang for your buck. You get a huge value set. Ask for HA, high availability, since a lot of Sophos resellers sell two firewalls, the second one being free. Then, you only pay for one license. If your first firewall fails, the license migrates to the second one.

We are using a variety of different versions of the solution right now. 

It's really, really cool to look into Sophos. I highly recommend it. From an infrastructure, stability, and security perspective in terms of configuring in a granular way, Sophos does it all. It's a really good product and something to look into. 

It's also a lot cheaper than Meraki. It does way more than Meraki. Dollar to dollar, Sophos will likely beat Meraki. For example, with Meraki, you're going to be paying two or three times more for nothing spectacular, nothing different. You just get a portal. It's okay. With Sophos, you do have to know what you're doing, however, any network admin should be able to figure it out. It's not like an ancient hieroglyphic language. It's quite straightforward.

I'd rate it nine out of ten. 

The solution is used mainly for user management and access control. 

It's a little bit easier to use. It's user-friendly, and then there's a lot of documentation for it online, so it's easy to manage without necessarily dealing with a big learning curve. It is easy to understand, basically.

If you need to troubleshoot, everything is basically on Google. 

The solution is stable. 

It's a scalable product.

The support could be better.

They need to improve their email protection. Their email protection is horrible. They have an email protection license that is paid for. However, they need to improve on email protection capabilities.

They need to have proper reporting. What they offer no is weird. I need to get another application to give me a clear diagram of my network. This should instead come directly from Sophos. 

I've been using the solution for two years now. 

The product is stable and reliable. There are no bugs or glitches. It doesn't crash or freeze. 

It is redundant enough. I don't have any issues with it.

The solution scales well. 

We have about 500 people on the product right now. We also have 100 users on the VPN.

It is better to Google rather than use technical support. 

They are slow to respond and then the response doesn't exactly give you what you want.

I understand they can't give you a solution to something that you'd expect them to. They try to give you something. You're going to go to Google and find the information on Google faster and easier anyway. 

We worked with Cisco mainly in the past. When we went to renew with Cisco, we found the pricing to be quite high. We're happy now with Sophos. We have no interest in switching to anything else.

The initial setup is very easy. The interface makes it simple.

I'm not sure how long the deployment took exactly.

We have four people that are able to handle maintenance. 

I was able to set it up myself, however, you do really need to know it or work with someone who does.

The cost could be considered reasonable based on other plans. However, when I was looking at when you renew our licenses, the pricing is a little bit weird. When you renew your license, the licenses are at the cost of buying a new device in your plan. I haven't renewed yet. However, I would need to figure out that aspect. 

I can't recall the exact costs of the product as it's been a while since we originally licensed it. 

Compared to Juniper, the difference is the pricing. It's more affordable than Cisco or Juniper, actually.

I'm a user and a consultant.

I'd advise potential new users that they should let someone that knows how to do it set it up fast. You should work with someone that knows how to do it.

I'd rate it an eight out of ten. 

Our company is a partner and reseller of the solution. We lease, sell, and license boxes for our clients. Use cases are rather unique and not uniform. 

We provide support for a few SMBs around the country. 

Some customers are heavy users, with involved configurations, and the setup may include high availability configured with two boxes. 

Others use it as just a gateway between their infrastructure and the internet with very simple configurations that don't include web filtering. 

Active directory integration domain is used for some, but not all customers. Common items include DNATs and SSL VPN. Most customers use VPNs, and site-to-site connections (REDs or IPsec).

We also use virtualized UTMs for LABs.

The firewall itself is very strong and provides great security for the internet. Some clients don't use any other special feature but all customers depend on the firewall as a secure gateway.

A lot of thinking went into the user experience because the UTM interface is streamlined, good, and feels like a web application. It does have hiccups here and there but effectively treats everything as an object. You can quickly see where objects are being used or referred to and change them. 

The UTMs are end-of-life so the web interface is not top-notch and needs more speed. There is still support for the UTMs so they are the best we have right now. 

The solution needs better captive portals and they could have faster UIs. 

An improvement to the transparent proxy would help. A user should be able to open a webpage and be redirected to the captive portal like with WIFI or XGs. From there, the user should be able to log in with a username and password to gain internet access. Many clients migrate to XG due to this missing feature. 

I have been actively using the solution for a some time.

The stability is pretty good and better than XG. We don't have any issues directly related to the solution.

Stability is rated a ten out of ten. 

The solution scales pretty well. Even with a heavy load, the solution shows no issues. 

Scalability is rated an eight out of ten. 

Technical support is not stellar. We have some good experiences and some not so good experiences. We do not have a lot of support requests for the solution.

Support is rated a seven out of ten. 

Neutral

The setup is straightforward.

We implement the solution for customers. We have a specialist, an architect, and four analysts who handle implementations and maintenance. 

I recommend you complete the solution's training because it is pretty good. Rely on the documentation and any tech training available.

I rate the solution a nine out of ten.