We performed a comparison between Netgate pfSense and Sophos UTM based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Fortinet FortiGate has many valuable features, such as IDS, and intrusion detection. It has security features that are in part with the technologies that are available in the market."
"Fortinet FortiGate is stable. It's used across all the countries, this is the way most multinationals run their system."
"The SD-WAN feature is the most valuable. This feature evolved from link load balancing. It has helped us in terms of our uptime and privatizing applications whenever we experience an outage. The SD-WAN feature has been a plus for us. Two-factor authentication has allowed us to add more users in terms of remote working. We have two-factor authentication for remote workers to authenticate them before they get on the network."
"The solution can scale well."
"It is a one box solution, which covers most of the edge device’s requirements."
"We use a southern institution that's audited for IT security and the reporting that automatically comes off the unit makes it much easier to meet compliance standards and makes it easier as far as the amount of time that has to be spent to compile that information. If you get your reporting set up correctly when you initially set it up, you just select the one you want and hit print. The auditing trail on it is the best feature."
"It's a user-friendly firewall. Most of the tasks are very simple. It's simple to configure and troubleshoot this firewall."
"The GUI is good."
"The most valuable features of pfSense are the reports, monitoring, filtration, and blocking incoming and outgoing traffic."
"There is good documentation with a fantastic community and enterprise support."
"Good basic firewall features."
"I'm the expert when it comes to Linux systems, however, with the pfSense, due to the web interface, the rest of the staff can actually make changes to it as required without me worrying about whether they've opened up ports incorrectly or not. The ease of use for non-expert staff is very good."
"It is effective. We have not had any problems."
"For everyday tasks, we just get alerts. It's anything that's suspicious, including from our Netgate. So, it's part of how we maintain cybersecurity in our school. This is working alongside our endpoint security solution."
"The flexibility of adding new kinds of services without spending any money can't be beaten."
"My technicians find the pfSense's web interface very useful. It is very easy to use. pfSense is very reliable and stable. We like the OpenVPN clients that can be deployed using pfSense very much."
"Sophos UTM's best feature is SIM in the cloud, which combines the gateway solution and endpoint solution to send telemetry data to the cloud and provides full contact visibility regarding security."
"The stability, overall, is excellent. I haven't had a problem in the last two years."
"Sophos UTM's most valuable features are profiling and its simple configuration."
"The initial setup is easy."
"It has helped by identifying threats within the company. If there are computers or servers that are compromised, then we are able to identify them right away in the system."
"If a computer does get infected the Sophos appliance lets us know via it's Advanced Threat Protection so we can get a much faster response time."
"It allows our developers to be able to securely log into servers to deploy and manage software."
"Brings greater visibility into the network traffic coming inside and passing away from the company."
"Some of the software stability could improve."
"There are a lot of bugs I have found in the solution and it is difficult to upgrade. These areas need improvement."
"Pricing for it is a bit high. It could be cheaper."
"One of the problems I was having was with user mapping, and it is an issue for which I have escalated tickets with Fortinet support."
"We had some issues in the beginning while setting it up, but after doing the firmware update, it is working fine."
"Reporting is limited to providing an external appliance for improving the reporting capabilities of the FortiAnalyzer. It does not offer a central management and is also sold separably as an appliance."
"The solution could be more secure and stable."
"The reports are very basic."
"pfSense has some limitations in detecting site sessions. We want to control internet usage based on sites and their content, and pfSense doesn't perform this function."
"User interface is a little clumsy."
"The product must provide integration with other solutions."
"In terms of areas of improvement, the interface seemed like it had a lot. The GUI interface that I had gotten into was rather elaborate. I don't know if they could zero in on some markets and potentially for small, medium businesses specifically, give them a stripped-down version of the GUI for pfSense."
"The main problem with pfSense is that it lacks adequate ransomware protection."
"It's just not listed as FIPS compliant for where we're at now in government, which is an issue."
"Perhaps the documentation is not clear and because it is supported in the community there is no basic documentation."
"We are at the moment looking to use it as a proxy service so that we can limit what websites people go and view and that sort of thing. That's an area I've struggled with a little bit at the moment and it could be a bit easier to set up."
"Support for IKEv2 is needed in this solution."
"Initially, there were issues with the wireless network as wireless access points were disappearing from the dashboard after some time."
"The application control is really bad. It needs a lot of enhancements. The traffic shaping and bandwidth control, and application control need a lot of work."
"It's stable, but the reaction time of the GUI is terrible."
"We would like to have unique viewable IDs for rules and in the packet filter logfile, for easier debugging of old log files."
"The interface configuration could be improved."
"The initial setup may be difficult for those not familiar with the product."
"VPN needs IKEv2, but it’s in the roadmap. Also, all new, cool features will only come to the new Sophos XG Firewall."
Netgate pfSense is ranked 1st in Firewalls with 128 reviews while Sophos UTM is ranked 1st in Unified Threat Management (UTM) with 110 reviews. Netgate pfSense is rated 8.6, while Sophos UTM is rated 8.4. The top reviewer of Netgate pfSense writes "User-friendly, easy to manage the firewall, rule-wise and interface-wise". On the other hand, the top reviewer of Sophos UTM writes "It's a highly stable platform with very few hardware issues". Netgate pfSense is most compared with OPNsense, Sophos XG, KerioControl, Cisco Secure Firewall and WatchGuard Firebox, whereas Sophos UTM is most compared with Sophos XG, OPNsense, Palo Alto Networks NG Firewalls, Cisco Secure Firewall and Untangle NG Firewall. See our Netgate pfSense vs. Sophos UTM report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
pfSense is opensource and has been the last 10 years in the top 10 best
firewall solutions in the world, it is free, stable, scalable, and easy to
administer ... and above all very safe, since it is one of the few systems
that could have been violated. It's free.
In fact, Karl, the 50-IP free version is for home use only, and not even then if it also protects business assets. You did a great job of explaining the difference, so I won't comment further.
To the original poster, it's cheaper to hire a Sophos consultant to create your original configuration. It costs twice as much to get a configuration "repaired" that wasn't correctly designed. A Sophos Solution Partner that has a Sophos Certified Architect with plenty of experience and good referrals is probably your best bet.
With Sophos is easy to configure and you have the support from the frabicant, with pfSense you have to learn from the community and learning curve is a little hard, last occasion with pfSense it don't have support for vpn dynamic, with Sophos they have RED equipment that is an extension from the core, only you need the serial number from the remote equipment and you have the vpn , both are great equipment and software, depend of the budget, pfSense is free and they have support if you pay the license very cheap
pfSense is just a basic firewall with VPN and Captive Portal functionality but does its job great. Only needs minimum resources to function. Price is right (FREE)
Sophos UTM is much more, hence the UTM. It does firewall, advance threat protection, VPN, Secure web gateway, email protection (AV, Spam, Encryption, and DLP), endpoint protection, Mobile Device control, Web Application Firewall, User Portal, built in reporting, and central management. It does require more resources but you get a lot more out of it. Two options depending on the size of your office, commercial version or the Free version that you can build on your own hardware. The free version is restricted to 50 IP addresses. (www.sophos.com)
I have used both and both have their place but using Sophos in my environment just because it offers a lot more functionality, nice dashboard, reports, and easy to use through the GUI.
One other big difference is that pfSense is FreeBSD based while Sophos UTM is linux based. It is also worth having a lool on cacheguard which is a proxy oriented product and also Linux based.
I´m afraid I am not able to help in this matter. We´ve decided to for FortiGate as services, based on our relationship with our IT security provider and the FortiGate reviews available on the net.
We used to use pfSence for one particular open network but let the full control on de FortiGate. During the investigation and analysis period we thought of Sophos but felt more comfortable going for FortiGate pretty much based on price and our relationship with our IT security provider. Hence my experience wouldn´t help in this case.
My best advice would is to refer to the article available on:
www.itcentralstation.com