We performed a comparison between Netgate pfSense and Sophos UTM based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We've found the solution to be pretty stable."
"The application control features, such as Facebook blocking and Spotify blocking, are the most valuable."
"The payment function for applications is good."
"The wireless control is helpful."
"The solution is stable."
"It is a one box solution, which covers most of the edge device’s requirements."
"It's a firewall that secures our internal network. I have been using it since 2013, and I find that most of the features are advanced, and very user friendly."
"The solution is stable."
"The built-in open VPN and the VPN Client Export are the solution's most valuable aspects."
"The performance and functionality are good."
"Sophos Intercept X is scalable. Currently, we have almost 30 people using it in our company."
"At our peak time, we have reached more than 5,000 concurrent connections."
"pfSense allows us to spread the hours of connection and do the filtering on the pfSense site."
"It is effective. We have not had any problems."
"I have found the firewall portion for the blocking most valuable."
"It's a good solution for end-users. It's pretty easy to work with."
"The initial setup is pretty straightforward."
"We use Sophos UTM as our main firewall with all its features included. Mainly, it controls all of our network perimeter security: firewall, IDS/IPS, and web application firewall (including VoIP)."
"Sophos UTM has improved the porting section. It has improved security by seeing the gaps. For example, when you discover that an entry has been using a certain application, with Sophos UTM acting as a Layer 7 firewall, you can block the application, not the port."
"Good basic firewall functions with advanced firewall scanning."
"Sophos integrates seamlessly, and we don't even feel it is running in the background."
"It is a very good product. The threat monitoring process is the most valuable feature."
"Advanced protection (Sophos Sandstorm) - Protects against crypto viruses in real-time."
"Sophos UTM has a good user interface and granular security controls."
"Fortinet FortiGate could improve by adding enhancements to FortiMail, FortiSOAR, and FortiDeceptor."
"I think the only issue that needs improvement is the interface."
"One area for improvement is the performance on the bandwidth demands for smaller devices, as well as better web filtering."
"The routing capability on the FortiGate devices has room for improvement."
"They can do more tests before they release new versions because I would like to be more assured. We had some experiences where they release something new and great, but some of the old features are disabled or they don't work well, which impacts the product satisfaction. The manufacturer should be able to prove that everything works or not only that it might work. This is applicable to most of the other services, software, and hardware companies. They all should work on this. We cannot trust every new release, such as a beta release, on the first day. We wait for some comments on the forums and from other companies that we know. We always wait a few weeks before we use the updated version. They should also extend the VPN client application, especially for Linux versions. Currently, it has an application for Linux devices, but it doesn't work the way we want to connect to the VPN. They use only the old connection, not the new one. They have VPN client applications for Windows and Mac, but they can add more useful features to better manage the devices and monitor the current health of each device. Such features would be helpful for our company."
"Lacks training for new features."
"Fortinet FortiGate could improve if it had a cloud-managed solution."
"Cisco Meraki products are rising very quickly in the cloud and the connected era. Meraki products offer much better ROI, upgradability, and manageability."
"There are several levels of firewall configuration such as beginner, advanced, and expert configurations. At each level, it becomes more complex and more tricky to set up the firewall. For example, if you want to install the firewall on your computer system, it would be a lot easier if it just tells you that this is the internet NIC and this is the Wi-Fi NIC."
"We would like to see ready-made profiles to cover most users' needs."
"I have been using WireGuard VPN because it is a lot faster and more secure than an open VPN. However, in the latest version of pfSense, they have removed this feature, which is one of the main features that I need. They should include this feature."
"If you want to take advantage of all of the solution's options, you need to have a bit of a technical background. It's not for a layperson."
"The solution could use better reporting. They need to offer more of it in general. Right now, the graphics aren't the best. If you need to provide a report to a manager, for example, it doesn't look great. They need to make it easier to understand and give users the ability to customize them."
"It was difficult to configure our web printer through the solution. This process could be easier. Additionally, integration with SD-WAN solution."
"My only observation is about the quality of the IPSec logs, which are difficult to interpret and are poor in filters."
"ClamAV AntiVirus can cause some crashes. That service should be improved."
"I would like this solution to support ICAP. Also, they no longer support on-premises management, and are forcing clients to use centralized management via the cloud, which I don't agree with."
"The interface configuration could be improved."
"The scalability of the product is an area with certain shortcomings where improvements are required."
"It needs a better user interface. The one they have is not so good."
"I am going to flat out say technical support is terrible. Being a Platinum level customer, I am not happy with the support."
"The initial setup was straightforward. The full deployment takes approximately two days which could be simplified to reduce the time. The major part of the process is the configuration and the policy setup."
"In short, the UI and UX are the areas of improvement in Sophos UTM and similar solutions compared to Palo Alto."
"Sophos UTM could be simplified, and they can improve on the many other features, like SD-WAN and load balancing. Sophos UTM is missing a few features that their competitors have. For example, if you have multiple branches you would like to connect, the load balancing features aren't available on multilink. If we create a VPM for multiple LAN links, we cannot load balance the traffic."
Netgate pfSense is ranked 1st in Firewalls with 128 reviews while Sophos UTM is ranked 1st in Unified Threat Management (UTM) with 110 reviews. Netgate pfSense is rated 8.6, while Sophos UTM is rated 8.4. The top reviewer of Netgate pfSense writes "User-friendly, easy to manage the firewall, rule-wise and interface-wise". On the other hand, the top reviewer of Sophos UTM writes "It's a highly stable platform with very few hardware issues". Netgate pfSense is most compared with OPNsense, Sophos XG, KerioControl, Cisco Secure Firewall and WatchGuard Firebox, whereas Sophos UTM is most compared with Sophos XG, OPNsense, Palo Alto Networks NG Firewalls, Cisco Secure Firewall and Untangle NG Firewall. See our Netgate pfSense vs. Sophos UTM report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
pfSense is opensource and has been the last 10 years in the top 10 best
firewall solutions in the world, it is free, stable, scalable, and easy to
administer ... and above all very safe, since it is one of the few systems
that could have been violated. It's free.
In fact, Karl, the 50-IP free version is for home use only, and not even then if it also protects business assets. You did a great job of explaining the difference, so I won't comment further.
To the original poster, it's cheaper to hire a Sophos consultant to create your original configuration. It costs twice as much to get a configuration "repaired" that wasn't correctly designed. A Sophos Solution Partner that has a Sophos Certified Architect with plenty of experience and good referrals is probably your best bet.
With Sophos is easy to configure and you have the support from the frabicant, with pfSense you have to learn from the community and learning curve is a little hard, last occasion with pfSense it don't have support for vpn dynamic, with Sophos they have RED equipment that is an extension from the core, only you need the serial number from the remote equipment and you have the vpn , both are great equipment and software, depend of the budget, pfSense is free and they have support if you pay the license very cheap
pfSense is just a basic firewall with VPN and Captive Portal functionality but does its job great. Only needs minimum resources to function. Price is right (FREE)
Sophos UTM is much more, hence the UTM. It does firewall, advance threat protection, VPN, Secure web gateway, email protection (AV, Spam, Encryption, and DLP), endpoint protection, Mobile Device control, Web Application Firewall, User Portal, built in reporting, and central management. It does require more resources but you get a lot more out of it. Two options depending on the size of your office, commercial version or the Free version that you can build on your own hardware. The free version is restricted to 50 IP addresses. (www.sophos.com)
I have used both and both have their place but using Sophos in my environment just because it offers a lot more functionality, nice dashboard, reports, and easy to use through the GUI.
One other big difference is that pfSense is FreeBSD based while Sophos UTM is linux based. It is also worth having a lool on cacheguard which is a proxy oriented product and also Linux based.
I´m afraid I am not able to help in this matter. We´ve decided to for FortiGate as services, based on our relationship with our IT security provider and the FortiGate reviews available on the net.
We used to use pfSence for one particular open network but let the full control on de FortiGate. During the investigation and analysis period we thought of Sophos but felt more comfortable going for FortiGate pretty much based on price and our relationship with our IT security provider. Hence my experience wouldn´t help in this case.
My best advice would is to refer to the article available on:
www.itcentralstation.com