Sophos UTM Reviews

We have quite a lot of web service hosting, either websites or hosting APIs. We use Sophos as a two-factor authentication process. So, if they are outside or working in a remote office, they will need to use the Sophos VPN, which is gotten from the Sophos UTM, then ideally they will be developers. However, they can also be BI guys, DevOps people, etc. 

Sophos UTM allows you to compartmentalize different sections or different people, having those people connect to different services.

We use it for primarily for two-factor authentication, for VPN to allow employees security access the servers and to ensure people do not access things they should not have access to.

• It has allowed us to have one solution for our AWS needs.
• It allows our developers to be able to securely log into servers to deploy and manage software.
• It has allowed us to design a bespoke cloud space for our clients, while still having an excellent level of protection.

• The combination of server protection
• Seamless incorporation with AWS
• Its VPN feature

You (currently) need to buy the Sophos software per availability, zone, and per VPC. It should offer an account-based solution.

When you buy a Sophos license, you have to buy a license for each location. We have clients in the US. We have clients in Ireland. We have clients in the UK. With GD-PI coming, the clients' data needs to stay in-house, so when you buy the Sophos license, it only works for the UK. Then, you have to buy another in the USA and another one in Ireland, then you have to have a VPN tunnel between all of them to have them talk to each other because Sophos blocks them talking to each other.

So, ideally, a multi-VPC or a multi-talented Sophos would be great because it would take away the fact that you need to build a tunnel and you have one management console for all your different locations. Instead of having three different locations with three different IP addresses and having to add users to probably two out of three, sometimes all three, having just one centralized location would be good.

No, we did not. Backups were done daily, and its Linux backend gave us no issues.

Adding new servers was seamless. Adding new users and allowing for VPN access was also fantastic.

For the AWS version, it was atrocious. None really. For the bespoke cloud space that we designed though, they were very good.

To further clarify, there is absolutely no support when using AWS. If you buy the on-premise Sophos solution, you get support and you get all the stuff. Whereas if you are using the AWS version, you do not. So, you kind of have to research. There's something simple really which affects Sophos quite a bit during setup. 

No, we didn't. It was our first choice and it was definitely a good one.

For a user who hasn't done it before, it may be a bit complex but with a general understanding of networks, it was fine.

However, when you build everything up using the AWS version (setup), it actually does not work until you write it on the Sophos UTM and in the networking, you have to change the source destination check. You have to do that at the end of it, but there is nowhere in the documentation or anything where it tells you that. It was just somebody happened to find that out. It is a pretty straightforward setup, but it should be some sort of documentation that takes you step-by-step to help set it up for your VPC. There really is not that much difference setting it up in different VPCs, but there is not enough information out there. It is a very good solution that a lot of people would be using more of except you are doing different things, and you have to try and figure it out yourself. 

The support, there is none; AWS themselves, they support it the best, because they have some knowledge of it, but they do not fully support it because it is not their product. It is a third-party product.

Licensing is a bit complicated, as it is based on products -- so define your requirements and find what best suits you, as you do not need the whole suite of software they provide.

For AWS, it is pretty straightforward. You buy it, then you have all your licenses that you need, approximately 60 or 70, or it might even be unlimited. However, that is for one margin to expand to different margins. If you have an on-premise AWS, or one of our clients wanted on-premise AWS Assistant, the problem is to build the Sophos UTM on it. We get the software, then the licensing was not explained well because when you buy the licenses, you buy five (or 50) licenses, that is for the first module. So if you expand to second module, you have to buy more licenses of that. 

Again, it is one of those things where it is not well explained. Unless you are in the United States, or you have to use Sophos, you can't contact Sophos directly. You have to use a third-party company, and they all have different ways of how they explain their licensing. So, we have clients that want the database on-premise, and we went to get the Sophos licensing system and stuff like that. It was just they were doing it a different way to who we had in Ireland, so the conformity is a bit iffy. 

It is one of those things where it is not very well explained, so it is a lot of grunt work, a lot research has to be done before you progress, and there are the pitfalls that you encounter. There are quite a few of them. Once you get it working, it is a fantastic product. It is just getting it that is the issue. 

We looked at a few, but I can't remember right now.

Great product which works without issues or downtime.

• Providing the firewall to my small business office. We run it on a fanless PC and a supporting 50Mb/s VDSL connection.
• Supports 10 devices and has 40 rules.
• Using UTM and IPS extensively.

• Using the Home version to help Sophos develop the XG. I have not used the earlier UTM, which colleagues have recommended.
• The UTM features are reasonably strong and the patterns are updated on a regular basis
• Supports all the traditional firewall components

Not applicable.

• The lack of import/export functions for network and service options drives me mad.
• No route to NULL
• No Dshield.org integration

No.

Not applicable. 

Not applicable.

Originally Cisco 871 IOS IP Advanced Security, then Juniper SSG20, which was getting old and service contracts were too expensive.

Slow because of GUI and lack of .csv style object import.

In-house

Not applicable.

If you can afford it, go for a small Check Point, as it is easier to manage.

Linux ipchains and modern equivalents.

Takes awhile to build a comprehensive rule set because of the relatively slow Web GUI.

If you build, backup, restore and reconfig between the boxes.

• Firewall
• NAT
• Intrusion prevention
• Site-to-Site VPN
• Web filter
• Anti-virus

Before using the Sophos appliance, we consistently struggled with users clicking on things they shouldn't be. This led to virus/malware infections that seemed to propagate through the network at an alarming speed. Since we incorporated the appliance into our network, we don't have to worry as much since it does in-line virus checking, and if a computer does get infected the Sophos appliance lets us know via it's Advanced Threat Protection so we can get a much faster response time.

I wish the internet failover worked better. As it stands right now, when we have an internet failure on WAN1, it takes several minutes before our WAN2 connection picks up the traffic, with many things not working until I manually fail over to the other WAN.

I've used it for seven years.

Initially, we had issues configuring the web filter and getting the right policies applied to the right users. After several calls to Sophos, they were able to assist us in getting to where we wanted to be. Other than that, deployment was easy as long as you pay attention to what you are doing and have the setup guide handy for any questions you have.

The appliance has been very stable, only being rebooted to apply patches for security vulnerabilities, which fortunately is not very often.

The UTM 220 has served our purposes very well, it has allowed us to scale up on the computing side as well as the server side with no issues at all.

Their customer service is fantastic.

I have never had an issue go unanswered when I've had to involve Sophos technical support. Above all, it's their technical expertise that truly sets them apart from other vendors we have tried.

We did originally try to use PFSense. The software was hard to use, and the level of technical expertise was not good. Ultimately, after several demos of both products, we decided that Astaro (at the time we purchased our original device) was the right vendor to work with. Since that time, Sophos purchased Astaro and it would appear that they kept a lot of the same people working on these devices because the transition was smooth, and the level of knowledge never faltered.

The initial setup was very straightforward. I will say that you do need to have a certain level of knowledge to set up the more advanced functions. Configuring the network was the easiest part, and the firewall was very straightforward once you figured out exactly what rules you needed to put in place. NAT was a bit confusing to start with, but once you went through the process it was easy. Intrusion prevention was easy to set up, flip the switch to the on position and decide what rules you want to apply. Web filtering took a few calls to Sophos to set up properly, as we were trying to set up filtering policies based on Active Directory groups, and were not successful in the initial configuration, but we did finally get this implemented.

I implemented the product in-house. The one bit of advice that I can give is to organize yourself prior to deployment. Determine what services you want to utilize in your environment, and focus your learning to those parts of the guide, this will make your deployment much easier.

Our return on investment is the fact that we are protecting the business' data, lowering administrative costs, and are better able to manage every bit of our network security.

The licensing model is very straightforward, it's a bit pricey, but for what you get, it's well worth it.

The IPS and endpoint protection function.

A standard Firewall of an access router, monitoring up to OSI level 4, is unacceptable anymore these days. The endpoint protection solution is integrated, thus running along with the notification function.

All the necessary functions being incorporated into one solution with notifications configured, I know I am secure against threats from the internet. (Up to the limits of the solution in the constantly evolving and dangerous Internet).

• A cleaning up function to remove unused references.
• A dashboard to show that the various parts of the solution really do their tasks and not only have been activated or configured (e.g., From the live log of the IPS function it is difficult to understand if the solution (snort) is running or experiences a problem and has stopped working.
• The possibility to add the sandbox (and possible future) function, paid for, to the free Home version.

I've used this solution for three years.

Some with the IPS function (snort).

In my case, when restarting the system (because of an update), I doubt that snort starts correctly and do a manual restart of the IPS function (see my answer for 'Room for Improvement').

No, I use the solution in a VMware environment with Intel Network interface cards.

As a free home user, I have not used the support services up until now.

Once, I did upload an Office document that appeared to give a false positive, but never got a notification. I understand this because of the priorities that have to be given, but I would have liked to receive a (even small) reaction.

I did take a look at other open source solutions, but found the Sophos UTM, being the best professional free for Home UTM solutions, full blown, and updated daily, to be the best solution.

The setup wizard provided me with just enough insight into the basics of the solution -- to be able to start using the solution fully after some self-study and exploration of the various knowledge bases and forums.

I looked at some open source variants but being able to use the best professional (free for the home version) product with regular updates -- convinced me to use the Sophos UTM solution at Home.

The instability and best effort service of a community of the open source solution did not give the right trust to depend on in the battle against the negative sides of the worldwide internet

Start simple and step-by-step, and start using the product fully.

RED remote Ethernet Device layer 2 site-to-site tunnel.

RED is a layer 2 tunnel based on SSL protocol that you can establish tunnel, with or without static public IP form provider and this is a feature you will not see among another vendor.

I have done hundreds of setups of this solution.

Sophos is number two on the market, and from my experience, even if there are some drawbacks, they have workaround solutions in the product. Every day, Sophos makes developments in the firmware that are free if you have a valid license.

I've used this solution for five years.

No.

No, correct sizing will fit.

Fast response time. Easy management, good support.

Pricing is competitive.

Reverse proxy, SSL VPN, web & email protection

For me, those features were most valuable from a security point of view;

• Reverse proxy is very important for shielding application frameworks.

• For VPN, we all knew that PPTP was broken and is not secure anymore. For Ipsec, you need to have opened ports, and if you are in a hotel who only has ports 80 and 443 opened, you can’t do anything.

SSLVPN is one of the solutions. Yes, you can use DirectAccess, but there are some limitations, too.

For DirectAccess, you need to have all those computers joined in one domain.

• Web & email protection is a nice feature because you have all of those controls in one dashboard. This is of course for small and maybe some mid-size companies. For larger and enterprise, it’s another story.

Less and faster administration, full control of traffic, and a lot of futures included in the base price.

The goal for small companies is to have one administration dashboard -- from where you can manage antivirus for computers, firewalls, IDS, IPS, mobile phones, tablets, etc.

Sophos UTM is on the right path to getting there.

Sophos UTM 135 = two years.
Sophos UTM 115 = one year.

No problems with stability.

No problems with scalability.

The technical support is really good and the representatives are very responsive.

Cisco (didn’t achieve expectations), Microsoft TMG (end of life).

The setup is straightforward, but I suggest hiring an expert for integration. This is your first line of defense, and there is no room for mistakes.

Sophos UTM’s are not the cheapest but they are not the most expensive. Create a checklist of what you need, and go through it with a sales representative. They will advise the right license for your company and I’m sure you can get some discount.

Cisco, CheckPoint UTM-1

Create a checklist with your requirements, test the solution, and if it passes everything, implement it.

The Sophos UTM planform has allowed us to improve or implement the following security practices:

• Details Web filtering and user access Control
• SaaS QoS
• Network segmentation with firewall and IPS
• WiFi protection
• Web Application Proxy everywhere, inside and out
• WAN expansion with SSL VPN and IPsec VPN over the Internet
• Two Factor Authentication requirement for PCI compliance
• Reduced the need for expensive MPLS deployments

The UTM/SG platform starts off with the basic functionality of being a good Firewall, adding the additional modules opens up the products set and allows for full web filtering and application control, reverse proxy, APT detection, IPS, VPNs, User portal etc.

The licensing model works very nicely to allow you to get the right protection at the right price point for the right deployment size.

In the increasingly cloud focused word the Sophos UTM’s ability to deliver Safe web access, Web Filter and Cloud Application control has gone from being a nice to have to being a must have for any size company or organization. The rich access logs it records allows you to get real insight into what your users and devices are accessing on the cloud. Native reporting is basic, but can easily be improved by adding Fastvue Sophos Reporter.

At Enterprise level the SUM (UTM Manager) needs to be updated to reflect all of the capabilities

At the Reporting level for user internet browsing the On-box Reporting is very basic and even adding the Sophos iView only give you limited improvement. Having said that, Fastvue’s Sophos Reporter provides all of this and more and integrates seamlessly with the UTM platform to unlock all of the log data’s value.

The SG platform does however not scale to a large enterprise deployment. You can deploy at scale but this is where the platform shows its age and limitations. For Large and Enterprise the better option is to go with the Sophos XG Platform.

Major firmware release can sometimes be buggy initially but are soon pathed and stabilized. My advice would be to sit tight for 9.x release for about a week before implementing 9.x.yyy releases often fix bug without introducing stability issues.

The platform scales-out in a great way, if your deployment is basic and you do not exceed the capabilities of the current SUM. Several companies run large UTM connected networks with hundreds of site across multiple countries.

The platform scales up admirably in the format of the large tin deployments such as the SG550 or SG650 models. They are ably to handles massive throughput rates on the firewall modules but the Proxy and WAF modules cap out at a 10 000+ users or devices depending on the traffic, of course.

For anyone with Proxy and firewall experience the setup is pretty straight forward with a wizard that will get you up and running in no time. The UTM / SG is also available in Hardware Software / Hyper-V/ AWS / ESXi / Oracle Virtual Box so you can set up a test or lab environment on almost anything to get started.

The licensing options with virtual are great and scaling up and down is typically not an issue if you reseller is involved. Sometimes buying the hardware makes more sense than going virtual. The hardware is great and unlike the virtual licensing is unrestricted by user numbers. There are huge numbers of OS models that range from very small to very large. You will likely find a good fit for your deployment.

A great benefit is that you can migrate your Sophos SG license to a Sophos XG license in the future. You can safely Deploy on SG and later migrate over to the newer XG platform when you are ready. It offers a great feature set at a good price point.

Various other platforms were evaluated before choosing the Sophos SG including CheckPoint – UTM1, FortiGate, and Sophos XG (Beta – at the time). All have their own areas where they shine and should be short listed candidate for anyone looking to implement a UTM.

Sophos is a great security partner for any organization. Investing in their suite of products gives you a good cohesive strategy for security. Adding Fastvue Sophos Reporter allows you to get better visibility into how well your UTM is protecting your environment as well as adding the ability to add real time alerts. It really adds additional features to the product without increasing the cost much and a relatively short ROI is often realized.

The most valuable features are:

• Ease of configuration of the firewall rules and routing.

• The email alert on event triggers.

• Internal storage for logging, as you do not have to get another server to store the logs.

The ability to disconnect the VPN connection needs to improve. Currently, in order to disconnect an existing VPN connection of a device, the admin needs to change the password of the user.

I have used this solution for two and a half years.

We encountered stability issues more on the Web Filtering feature where certain valid websites are blocked or the video cannot be played and it requires extra exceptional configuration.

There were no scalability issues.

I would rate the technical support a 8/10.

Previously, we were using WatchGuard UTM. The pricing and ease of use of the configuration were the reasons as to why we moved over to this solution.

Setup is straightforward.

From time to time, there is a promotion and it is more cost effective to get the 3 years subscription licensing upfront.

We looked at Fortinet.