Sophos UTM Reviews

The Sophos UTM planform has allowed us to improve or implement the following security practices:

• Details Web filtering and user access Control
• SaaS QoS
• Network segmentation with firewall and IPS
• WiFi protection
• Web Application Proxy everywhere, inside and out
• WAN expansion with SSL VPN and IPsec VPN over the Internet
• Two Factor Authentication requirement for PCI compliance
• Reduced the need for expensive MPLS deployments

The UTM/SG platform starts off with the basic functionality of being a good Firewall, adding the additional modules opens up the products set and allows for full web filtering and application control, reverse proxy, APT detection, IPS, VPNs, User portal etc.

The licensing model works very nicely to allow you to get the right protection at the right price point for the right deployment size.

In the increasingly cloud focused word the Sophos UTM’s ability to deliver Safe web access, Web Filter and Cloud Application control has gone from being a nice to have to being a must have for any size company or organization. The rich access logs it records allows you to get real insight into what your users and devices are accessing on the cloud. Native reporting is basic, but can easily be improved by adding Fastvue Sophos Reporter.

At Enterprise level the SUM (UTM Manager) needs to be updated to reflect all of the capabilities

At the Reporting level for user internet browsing the On-box Reporting is very basic and even adding the Sophos iView only give you limited improvement. Having said that, Fastvue’s Sophos Reporter provides all of this and more and integrates seamlessly with the UTM platform to unlock all of the log data’s value.

The SG platform does however not scale to a large enterprise deployment. You can deploy at scale but this is where the platform shows its age and limitations. For Large and Enterprise the better option is to go with the Sophos XG Platform.

Major firmware release can sometimes be buggy initially but are soon pathed and stabilized. My advice would be to sit tight for 9.x release for about a week before implementing 9.x.yyy releases often fix bug without introducing stability issues.

The platform scales-out in a great way, if your deployment is basic and you do not exceed the capabilities of the current SUM. Several companies run large UTM connected networks with hundreds of site across multiple countries.

The platform scales up admirably in the format of the large tin deployments such as the SG550 or SG650 models. They are ably to handles massive throughput rates on the firewall modules but the Proxy and WAF modules cap out at a 10 000+ users or devices depending on the traffic, of course.

For anyone with Proxy and firewall experience the setup is pretty straight forward with a wizard that will get you up and running in no time. The UTM / SG is also available in Hardware Software / Hyper-V/ AWS / ESXi / Oracle Virtual Box so you can set up a test or lab environment on almost anything to get started.

The licensing options with virtual are great and scaling up and down is typically not an issue if you reseller is involved. Sometimes buying the hardware makes more sense than going virtual. The hardware is great and unlike the virtual licensing is unrestricted by user numbers. There are huge numbers of OS models that range from very small to very large. You will likely find a good fit for your deployment.

A great benefit is that you can migrate your Sophos SG license to a Sophos XG license in the future. You can safely Deploy on SG and later migrate over to the newer XG platform when you are ready. It offers a great feature set at a good price point.

Various other platforms were evaluated before choosing the Sophos SG including CheckPoint – UTM1, FortiGate, and Sophos XG (Beta – at the time). All have their own areas where they shine and should be short listed candidate for anyone looking to implement a UTM.

Sophos is a great security partner for any organization. Investing in their suite of products gives you a good cohesive strategy for security. Adding Fastvue Sophos Reporter allows you to get better visibility into how well your UTM is protecting your environment as well as adding the ability to add real time alerts. It really adds additional features to the product without increasing the cost much and a relatively short ROI is often realized.

Sophos UTM offers considerable protection and employs a very well-structured pricing scheme.

It's a good choice for businesses that need a basic security solution with a good price-performance ratio. However, it's not a good choice for businesses that need a complex security solution. That's why I'm also considering Fortinet, which can provide a more comprehensive security solution.

I like the simplicity of Sophos UTM and the web filtering features.

The application control is really bad. It needs a lot of enhancements. The traffic shaping and bandwidth control, and application control need a lot of work.

In future releases, Sophos can enhance its quality of service. 

I have been using this solution for 11 years. 

There are two aspects to consider: software stability and hardware stability. The software is a bit stable, but the hardware needs a lot of improvement. So the software can be rated nine out of ten, but the hardware is only seven out of ten.

The software solution is not very scalable. So, it can be improved. 

We have about 50 customers right now using this solution. 

The initial setup is easy. It took half an hour to deploy. 

It is a complex security solution for firewalls. So there are a lot of implementation concerns. It's not like a wireless solution or something like that. So there's no direct answer for this one, especially for security solutions.

For the deployment, maintenance, and management, you need two security engineers. You need security engineers, not just regular engineers.

The ROI is extremely high.

The cost of the license depends on the size of the firewall appliance. There is a huge variety of pricing models.  

Sophos UTM has very reasonable pricing. 

Overall, I would rate the solution an eight out of ten. 

It's a good firewall solution for small and medium businesses, but it's not the best choice for businesses with complex security requirements. 

I would recommend that businesses carefully consider their requirements before choosing Sophos UTM. If you need advanced application control, you should look for a different firewall solution.

I use this solution for my severs.

At some point in time, it seemed to be ravaging organizations around us and we couldn't definitely outrightly isolate ourselves from it. While we were attacked, I want to believe that it was solely because there was that in addition to the fact that there are triggers. 

We also know very well that Sophos is proactive in monitoring and protecting against malware and brute-force attacks.

It's one of the things that it is quite good for.

The most valuable feature is ransomware protection. It is known for ransomware protection.

In terms of additional features, I'm still getting to understand more about how it works.

I'm still exploring the features and I haven't used them in totality. 

I think that additional metrics features are needed to be able to monitor other areas or to monitor as much as you can, at a fine-grain resolution. This would be good. Somewhat similar to what Darktrace can do. 

Proactively understand and using AI intelligence to monitor and see activities that are away from the norm and then proactively see how they can either isolate the quarantine system and inject it back into the system upon validation.

They could explore most of the products in Symantec's and Fresh Services and run from the same file to see what additional feature one is offering.

I would also like it if they could work on the price because it is expensive.

I have been using Sophos UTM for approximately three years.

I understand that it's had a couple of releases too frequently but I want to believe that it's relatively stable. 

I still believe that in terms of stability, Symantec is better, so this can be improved.

Sophos UTM is quite scalable.

I haven't had any reason to contact support directly because I have MacBytes, which happens to be a local vendor that we have been using. It's been pretty good. 

They are very good at supporting us technically when the need arises.  

I am currently using Symantec for my own workstations and I use Sophos for my server Endpoint protection.

The initial setup is relatively straightforward.

The prices can be better, they could make it a lot cheaper.

You are on the right track with Sophos UTM, but you should keep up with the trends as they become available.

I would rate Sophos UTM a nine out of ten.

A client wanted to trial Sophos UTM 9 before deploying it into a production environment because, historically, Sophos has not had the best of reputations in AWS. The client had used Sophos in other environments, hence they wanted to stick to what they know.

The solution allows the client to use cross-region AWS VPCs to connect remote dev offices.

Classic defence in depth, with layered features. 

• SPI (stateful packet inspection)
• IPS
• WAF 
• VPN capability with built-in load balancer

Nothing out of the ordinary these days, but the fact Sophos has such a big name and good support was a big plus for the client who already had a relationship with Sophos support. Also, auto-scaling of UTM workers using EC2 is a nice and handy feature.

UTM 9 brings along IPSec as well as iPhone and iPad support. This seems small but it’s useful. 
Finally, Cold Standby CloudFormation script to one node, with persistent info in S3, is a convenient feature.

We procured this solution via the AWS Marketplace because of BYOL (bring your own licence). That was the driving force behind the choice. In addition, they had test and production environments in AWS already so it was easy to get a sign-off.

We didn’t find any issues but I know there have been some in the last few years. I can’t comment about Sophos on AWS previously but they seem fine now. There were no problems for our client so all I can comment on is the experience they had. I think it’s taken a little while for Sophos to get experience in solving problems with their product in the AWS environment, but they do seem to go the extra mile.

This solution rates an eight out of ten, based on our experience. Support was good. You will always find problems with installations so it does hinge on support.

We have been rolling out the Sophos UTM platform to our clients over the past two years. About 80% of our managed clients have been moved to Sophos UTM. We have been migrating them mostly from SonicWall and Cisco ASA.

We do not use Sophos UTM in AWS. However, we have deployed a few Sophos XGs in an Azure environment.

The UTM product has definitely improved the way our organization functions. We have set a standard across clients and engineers. Everyone is trained on the product and knows how to manage the devices. UTM is probably the most complete all-in-one firewall that I have used to date. Having the UTM Manager has probably made the most impact, with over 150 firewalls in our portal, management and monitoring have never been easier.

The most valuable to features are: Web Application Firewall, Sophos UTM Manager, IDS/IPS, Remote Access, and RED.

1. WAF: This is excellent for hardening web servers. The firewall will reverse proxy your web servers, eliminating the need to open ports. Instead the firewall will run an instance of Apache and proxy all traffic to and from the real web servers. (This is also handy when you have a single public IP.)
2. SUM: The Sophos UTM Manager is a must have for any MSP. The SUM is a centralized portal for quick access to all the firewalls you manage. This also keeps track of who logs into the firewall by AD account. It is great for keeping track of a help desk, and who is making changes.
3. IDS/IPS: General Intrusion Prevention and detection. It works very well.
4. Remote Access: VPN access is always a need, and the UTM includes this free with all their license models. A very nice feature that I use a lot is the HTML5 portal. The portal allows you to have web-based access to resources behind the firewall. The best use for this would be when a client does not have any servers on-site. You can set up the HTML5 portal with SSH/Telnet to manage switches on-site, all done through the browser.
5. RED: REDs simplify the setup for multi-location clients. A license is not required for a RED, and only one UTM is needed. REDs are great for mobile sites, as they can be tossed in a bag and can run off 4G/LTE. Configuration is effortless, and they create a direct tunnel back to the main office, getting you up and online in no time.

This product could use some improvement with web filtering. It takes a lot of time and effort to set up and maintain.

I have never come across any major stability issues. I have seen some bugs on newer firmware releases which have only affected units configured in HA. Sophos is usually quick to fix these bugs.

You should never come across a scalability issue if you follow Sophos’ sizing guidelines. Finding this information can actually be difficult. Also, Sophos does not make it clear what they mean by “users” when you are sizing a firewall, which then leads to undersized implementations.

I am going to flat out say technical support is terrible. I will admit that it has gotten better over the past year. Previously, hold times would be 45 minutes at minimum. After the long hold times, you would receive an extremely under qualified engineer. The knowledge of engineers has definitely increased over the year and the time on hold has gone way down. 

Being a Platinum level customer, I am not happy with the support.

SonicWall used to be our primary choice of firewall. I am just an engineer and I do not have control over which products we use. We started using Sophos Antivirus, then they eventually sold us on firewalls, encryption, mobile control, and a lot more of their products. The synchronized security model is really what was sold flexible to the product.

Initial configuration was super simple. I am a network engineer, so simple to me may not be simple to someone who does not understand routing and switching. When we were told we were switching to Sophos UTM, I downloaded a trial of the virtual firewall and was able to get it up and running in about an hour with no prior training. After actually going to the training courses provided by Sophos, configuration became even easier.

I am not in sales and cannot comment on this. I design and implement network configurations. 

I would recommend to follow Sophos’ sizing guidelines for choosing which license and model to use. Sophos has their own way of going about this and supplies partners with all the information required. If you follow their documentation and guidelines, there should be zero questions about licensing and sizing. 

Sophos also offers free training when selling their products from within the partner portal.

As a networking engineer, all new products in this category interest me. I find myself testing a lot of different products personally. Here at Flexible Systems, I did not try any other products prior to switching to Sophos. Since we are an MSP, we have had plenty of exposure to many brands of firewalls (Cisco ASA, SonicWall, WatchGuard, Fortinet, ADTRAN, and Edgewater). I personally would choose the Sophos UTM over any other product, including the Sophos XG platform.

I can’t recommend this product more! 

Though, stay away from the wireless models, since you cannot put them in HA. They start to give you some weird issues once you start getting into multiple SSIDs and networks. The number one piece of advice is to read and follow the sizing guide, if you do not, you will undersize the firewall. 

Just to reiterate:

• Configuration could not be made any easier.
• The product is extremely intuitive.
• It does not take much effort or thinking to understand how it works.

My company has rolled out devices as small as the SG 105 and as large as the SG 330. I personally have an SG 210 in my home. I have gone through all the training involved for configuration and implementation. I also use the product at home and have been extremely happy with Sophos UTM overall. 

Regarding the use cases, the solution was deployed for a production client, which was a hardware production company.

The features that I have found most valuable in Sophos UTM are its scalability and feasibility, as well as the quality of its customer service, followed by the ease of maintenance and configuration of the product itself.

Palo Alto has a different market because of their dashboard, overall looks, and other features. They are costly, but their services are quite good. And they offer a different platform compared to their competitors. Their device operates differently from others. While Palo Alto and Sophos have similar features, they operate on different platforms, providing a superior user experience compared to existing devices. In short, the UI and UX are the areas of improvement in Sophos UTM and similar solutions compared to Palo Alto.

I have experience with Sophos UTM for nearly two years. Recently, I deployed two Sophos solutions, one with HA and one on a primary device. The deployment process for one of the companies was done last month.

It is a stable product.

It is a scalable product. So it is easy to scale it up.

The solution's customer service is good. I rate the solution's technical support a nine out of ten.

Positive

The initial setup is quite easy because they have all the information on their website. Customer service is available anytime, especially when you set to start the device's configuration.

Since I was just a part of the initial configuration after deployment, I don't know the steps in the deployment process.

Both the technical and cost aspects are feasible since it is possible to obtain and use the device as a PnP solution. Considering cost and technical aspects, I rate the solution a ten out of ten.

Even if I compare Sophos UTM with other solutions, I don't think any pros or cons stick out since our clients are okay with the solution, and there has been no complaint regarding Sophos UTM.

My advice to others planning to use the solution is that it is quite easy. You can simply refer to the solution's blog or YouTube videos and install the solution. It's also quite easy to configure it. So, if you purchase it by yourself, you can configure it and use it on your particular network.

I love working with Palo Alto. So, I would like to give it a ten out of ten. Also, Palo Alto has a different market. So, I would always give a nine out of ten for other solutions. Overall, I rate the solution a nine out of ten.

We use it as an internet firewall, and as our web application firewall.

I don't believe it has improved our organization; I don't actually like the product because of the features it is missing.

I would like this solution to support ICAP. Also, they no longer support on-premises management, and are forcing clients to use centralized management via the cloud, which I don't agree with.

We have been using this solution for seven years.

We don't find this to be fully stable; we have had to restart the firewall on a few occasions.

The customer support is not very good. They are quite slow, and there are delays in response to an issue being raised.

Negative

The initial setup was easy.

The implementation was carried out in-house, and the deployment took around eight hours to complete.

There was an up-front charge of around $70,000, to purchase the hub and license.  Beyond the initial cost, licenses are charged for annually, but they are good value for the service we receive.

I would only recommend this product to small businesses. I would rate this solution as a seven out of ten.

Sophos UTM is a virtual appliance used for network security.

Sophos SG UTM had all the basic functionality that you needed. It is user-friendly and easy to manage for any integrator.

There were a lot of features and functionality in Sophos SG UTM but nothing was state of the art in terms of technology. You did not get the latest functions. It was very monolithic as it was based on an old Linux PuTTY system.

Everything has changed in the newer version of the solution from the SG to the XG. It was a completely new reborn version. You are not able to migrate from SG to XG using scripts. it is very difficult because of the differences. There was not a simple migration path from one to the other.

In the Sophos SG UTM version, you cannot have any other functions. Sophos will tell you "It's a closed version. We will not have any more functions." However, in the new version, you have a lot of new functions, and every two or three months you have new features. For example, you can use Sophos Central to synchronize both strategy policies and even security, if you are equipped with Sophos antivirus on workstation and server. If your antivirus on the workstation finds a threat, your firewall will have the information of the station, what issue it had, and what other stations it communicated with.

Sophos has to enable the Intercept X or an EDR function on the firewall because for the moment, the firewall is only equipped with sandboxing or something similar. Which, is quite good but there should be something easier for the user. For example, the logs at the moment are not as simple as they are in other solutions, such as Fortinet, it is very important to have a logging tool, log reporting, or a reporting engine. We need to see logs and find information within. However, 10 years ago, we do did not care about the logs but things have changed. We need them to analyze, to have a view of some of the layers but we do not have this. They could improve by providing better log functionality and features.

I have been using this solution for approximately five years.

For the whole life of Sophos SG UTM, it has been highly stable.

On the newer XG version, we have had a lot of small bugs on the very first version. We were having lots of small bugs on different functions and it had been a mess for a lot of integrators to make it work and to keep confidence in the XG. The XG had a lot of functions and all functions could have a lot of bugs. Even if everything is under control on one or several functions, there were some functions that had many, such as the VPN. However, in version 18 the stability was a lot better. 

You rely on the stability of a firewall and if you have some bottlenecking from the communication from or to the internet. It is very difficult to be confident in Sophos and we lost some confidence in Sophos in the very earlier version.

Overall, we had more problems with the XG than with the SG version.

I have used other Sophos solutions, such as Sophos XG UTM.

The installation of Sophos SG UTM is very easy. There are detailed manuals that can help with the installation if you run into difficulties. There is some basic transferring training you can take that is not complicated.

It is very complicated to migrate everything you put in SG to another version. You need to redefine many aspects manually on the XG because you are not able to extract the configuration from a confidential file to import it into the XG. They are very different and will not work in the same way. It is very confusing for a new customer.

If customers want to buy the XG because it is the new version and they want to migrate through a Sophos or integrator, it will take a lot of days for engineers from SG to XG to implement because it is not the same solution anymore. It is very much similar to if you were migrating from SG to a Fortinet or to a Palo Alto firewall. You have to recreate the configurations manually on your side, with no migration paths. It is a very important point. We do not have migration paths from one to another.

The solution is very low cost compared to competitors. You have a good firewall, a lot of functions for less than the price of some omni firewall competitors.

I have evaluated other solutions, such as Sophos XGS.

There are two versions of the Sophos UTM. The old one is the SG, and the newer ones are the XG and XGS UTM, the next-generation firewalls.

Sophos UTM was a rebranded solution that was bought from the Astaro company. It was one of the first UTM and was a very stable solution. Everything was inside a small box, you could start to enable or disable some functions, such as TCP, HTTP proxy, or firewalling. It allowed you to manage everything you wanted in this Unified Threat Management solution. It was a very nice multi-functioning security tool. If you adapted to the way of working with the UTM you could do everything with it. 

It was a nice solution. Sophos still allows the use of the SG UTM. For example, if you want to buy an XG Firewall, which is their new next-generation firewall, you still can purchase the older SG UTM. Sophos is able to still deliver this solution.

I rate Sophos UTM a seven out of ten.