We performed a comparison between Netgate pfSense and Sophos UTM based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We use a southern institution that's audited for IT security and the reporting that automatically comes off the unit makes it much easier to meet compliance standards and makes it easier as far as the amount of time that has to be spent to compile that information. If you get your reporting set up correctly when you initially set it up, you just select the one you want and hit print. The auditing trail on it is the best feature."
"Fortinet FortiGate's ease of management is the most valuable feature."
"The most valuable feature of Fortinet FortiGate is URL filtering."
"The secure web gateway module and the application control module are valuable. HA operations are very easy."
"The UTM feature is quite good. FortiAP is easy to deploy because both Fortigate and FortiAP are under the same brand. Otherwise, you need to do more work on the configuration."
"Fortinet FortiGate's most valuable features are ease of use, flexibility, and most of the configuration we can be done using the GUI. When we compare Fortinet FortiGate with other solutions the firewall policy are very easy to understand."
"The most valuable features of Fortinet FortiGate are the ease of use and there are several operating systems that can include the hardware capacities. In the newer releases, the resources were more useful because they were included in the operating system."
"The CLI is robust and powerful, enabling rapid, consistent changes via SSH."
"The solution is fairly scalable when it comes to integrating with other applications and data sets."
"This solution has helped our organization by protecting our network from attacks."
"Its scalability is a strong point."
"The "OpenVPN Client Export" package is really helpful in exporting the VPN client software on most popular devices: iOS/Android, Windows, Mac, Linux, and a handful of SIP handsets."
"The tools' most valuable feature is load balancing."
"I have found the most valuable features to be antivirus and malware protection."
"pfSense allows us to spread the hours of connection and do the filtering on the pfSense site."
"pfSense is a nice product, and I find that there's a lot of information out there. There are some good tutorials on YouTube and other websites with helpful information."
"Monitoring and reporting are areas that need improvement."
"It gives us the ability to manage our firewalls from the cloud and deploy a unified configuration onto them. Other competitors like Meraki have that ability, but they fail to optimize it in the way that Sophos has."
"It allows me to easily connect with more than forty-five remote sites and more than fifty remote users between IPsec and SSL VPN, applying the web filter and application filter to ensure a secure connection."
"The packet filtering's great. You get out what you put into it. It works great as long as you know your security and configure everything adequately. If you just pop one in and it's not configured, then it's basically wide open. It kind of depends on the admin skill, but it's an excellent product."
"The scalability is good."
"The solution is stable."
"It is easy to manage."
"The implementation with the AWS environment was good."
"The solution could have licensing fees reduced in the future."
"It does not have key authentication for admin access."
"The performance could be a bit better. Right now, I find it to be lacking. Having good performance is very important for our work."
"The central management for the FortiGate Fortinet Firewall needs improvement. They have the manager to do the essential management for both SD-WAN and for the security policy. They should also improve the SD-WAN function."
"The cloud features can be improved."
"Fortinet FortiGate can improve the integration with Active Directory. Additionally, I would like to have a Cloud Controller, such as they do in the Cisco Meraki solution."
"The solution is very expensive."
"I don't like that anything more than very basic reporting is not included."
"I'd like to find something in pfSense that is more specific to URL filtering. We have customers who would like to filter their web traffic. They would like to be able to say to their employees, "You can surf the web, but you cannot get access to Facebook or other social media," or "You can surf the web, but you're not allowed to gamble or watch porn on the web." My technicians say that doing this kind of stuff with pfSense nowadays is not easy. They can implement some filters using IP addresses but not by using the names of the domains and categories. So, we are not able to exclude some categories from the allowed traffic, such as porn, gambling, etc. To do that, we have to use another product and another web filter that uses DNS. I know that there are some third-party products that could work with pfSense, but I'd like the native pfSense solution to do that."
"In an upcoming release, the reporting could be more user-friendly. For example, the reporting in graphs and charts for the host can be cumbersome."
"ClamAV AntiVirus can cause some crashes. That service should be improved."
"They could improve their commercial stance and be more agile when it comes to the commercial pricing of enterprise deals."
"Ease of use is a problem for a user who is unfamiliar with this product because, in the interface, everything has to be set manually."
"Other solutions provide more scope for growth. For instance, we can have only 10 to 20 employees on VPN, but other solutions can support more users. We also have more capabilities to increase the performance of the solution."
"A malware blocker should be included. I do not know if it is included yet. However, until now, we have not experienced a large malware invasion."
"We have not had any problems with it, and we also do not have a need for any new features. If anything, its reporting can be better. Sophos has better reporting than pfSense. Sophos has more detailed information. pfSense is not as detailed. It is summarized."
"Initially, there were issues with the wireless network as wireless access points were disappearing from the dashboard after some time."
"They could reduce the price."
"Sophos UTM sometimes falls short in high-availability environments. They used to launch firmware that didn't work very well in a high-availability environment."
"Sophos UTM's internet security could be better."
"The interface configuration could be improved."
"When we call support, we get put on hold for a long time."
"The product could be simplified and made more self-explanatory."
"It is a little too CPU resource intensive, so we would like to see improvements there."
Netgate pfSense is ranked 1st in Firewalls with 128 reviews while Sophos UTM is ranked 1st in Unified Threat Management (UTM) with 110 reviews. Netgate pfSense is rated 8.6, while Sophos UTM is rated 8.4. The top reviewer of Netgate pfSense writes "User-friendly, easy to manage the firewall, rule-wise and interface-wise". On the other hand, the top reviewer of Sophos UTM writes "It's a highly stable platform with very few hardware issues". Netgate pfSense is most compared with OPNsense, Sophos XG, KerioControl, Cisco Secure Firewall and WatchGuard Firebox, whereas Sophos UTM is most compared with Sophos XG, OPNsense, Palo Alto Networks NG Firewalls, Cisco Secure Firewall and Untangle NG Firewall. See our Netgate pfSense vs. Sophos UTM report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
pfSense is opensource and has been the last 10 years in the top 10 best
firewall solutions in the world, it is free, stable, scalable, and easy to
administer ... and above all very safe, since it is one of the few systems
that could have been violated. It's free.
In fact, Karl, the 50-IP free version is for home use only, and not even then if it also protects business assets. You did a great job of explaining the difference, so I won't comment further.
To the original poster, it's cheaper to hire a Sophos consultant to create your original configuration. It costs twice as much to get a configuration "repaired" that wasn't correctly designed. A Sophos Solution Partner that has a Sophos Certified Architect with plenty of experience and good referrals is probably your best bet.
With Sophos is easy to configure and you have the support from the frabicant, with pfSense you have to learn from the community and learning curve is a little hard, last occasion with pfSense it don't have support for vpn dynamic, with Sophos they have RED equipment that is an extension from the core, only you need the serial number from the remote equipment and you have the vpn , both are great equipment and software, depend of the budget, pfSense is free and they have support if you pay the license very cheap
pfSense is just a basic firewall with VPN and Captive Portal functionality but does its job great. Only needs minimum resources to function. Price is right (FREE)
Sophos UTM is much more, hence the UTM. It does firewall, advance threat protection, VPN, Secure web gateway, email protection (AV, Spam, Encryption, and DLP), endpoint protection, Mobile Device control, Web Application Firewall, User Portal, built in reporting, and central management. It does require more resources but you get a lot more out of it. Two options depending on the size of your office, commercial version or the Free version that you can build on your own hardware. The free version is restricted to 50 IP addresses. (www.sophos.com)
I have used both and both have their place but using Sophos in my environment just because it offers a lot more functionality, nice dashboard, reports, and easy to use through the GUI.
One other big difference is that pfSense is FreeBSD based while Sophos UTM is linux based. It is also worth having a lool on cacheguard which is a proxy oriented product and also Linux based.
I´m afraid I am not able to help in this matter. We´ve decided to for FortiGate as services, based on our relationship with our IT security provider and the FortiGate reviews available on the net.
We used to use pfSence for one particular open network but let the full control on de FortiGate. During the investigation and analysis period we thought of Sophos but felt more comfortable going for FortiGate pretty much based on price and our relationship with our IT security provider. Hence my experience wouldn´t help in this case.
My best advice would is to refer to the article available on:
www.itcentralstation.com