In some instances, we are using it in a virtual appliance in a VMware environment.
I will not rely on Sophos to build my infrastructure. For that, I will go to Fortinet or Palo Alto. However, from an end-user management perspective and the granular control and the reporting stuff, I still prefer Sophos.
We are using Sophos as our internet gateway for specific sites that don't have to do with the backend tunneling and the infrastructure and all that stuff.