We performed a comparison between Netgate pfSense and Sophos UTM based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Good performance, stability, and virtual domain ability."
"The most valuable features of Fortinet FortiGate are the rules and quality of service."
"The most valuable features of the solution are SD-WAN, filtering testing applications, web filtering, and the new VPN."
"Fortinet offers the latest versions to cater to the needs of enterprises."
"The threat prevention is the solution's most valuable aspect."
"This solution made it very easy to manage our bandwidth."
"The most valuable features of Fortinet FortiGate are the ability to work in proxy mode, which other solutions, such as Palo Alto cannot. There are some features that are better that come at no extra license or subscriptions cost, such as basic SD-WAN. The DLT is useful, other solutions have the same feature too, such as Palo Alto."
"FortiGate's web and URL filtering are unlike any other firewall I've used. The functionality of URL filtering in those solutions is problematic because everything is encrypted, and firewalls can't break that encryption protocol. Fortinet has an SSL proxy, so the encryption is done before the packet ever leaves the FortiGate. The URL filter is definitely one of the most helpful features."
"Creation of certificates and the facility to administer services are valuable features."
"The most valuable features of pfSense are security, user-friendliness, and helpful online management."
"Content protection, content inspection, and the application level firewall."
"A free firewall that is a good network security appliance."
"The firewall sensor is highly effective, and it's easy to deploy. You can deploy pfSense with limited hardware resources. It's not necessary to have an appliance with much RAM to make it work. It's cost-effective and performs well."
"The initial setup was simple and fast."
"The concurrent users are perfect for us."
"Sophos Intercept X is scalable. Currently, we have almost 30 people using it in our company."
"What I like about Sophos UTM is that it improves my company's security. The solution is easy to set up, which I like, and it's very stable."
"The most valuable feature of Sophos UTM is the simple-to-use interface."
"We use Sophos UTM as our main firewall with all its features included. Mainly, it controls all of our network perimeter security: firewall, IDS/IPS, and web application firewall (including VoIP)."
"The stability of Sophos UTM is very good. The solution has been stable since Sophos took over Cyberoam which was the original company providing this solution."
"Sophos UTM is very user-friendly and has good integration with other solutions."
"Brings greater visibility into the network traffic coming inside and passing away from the company."
"It now controls all the security aspects of our web servers with Sophos UTM WAF."
"Sophos SG UTM had all the basic functionality that you needed. It is user-friendly and easy to manage for any integrator."
"The integration with third-party tools may be something that they should work on."
"It does not have key authentication for admin access."
"We sometimes have issues with FortiGate's routing table in the latest firmware update. We had to downgrade the device because our customers complained about bugs."
"In terms of what could be improved, the SD-WAN is quite difficult, because if you install the new box, 15 is okay, but if you change from an old configuration, if there is already configuration and a policy when you change to SD-WAN, you must change the whole policy that you see in the interface."
"The improvement is related to logs. Instead of the CLI, we should be able to have more insights into the logs of the firewall in the GUI."
"As far as wanting more scalability or things in the network diagram, it's going to cost you."
"Fortinet FortiGate should improve the VPN tokens."
"Sometimes you do need to know some CLI commands, so it's a bit harder for technicians or new people that don't know it."
"The technical support needs to be improved."
"I would like to see pfSense integrate WireGuard. Currently, pfSense uses OpenVPN, and there's nothing wrong with it, but WireGuard is a lot leaner and meaner."
"The Netgate forums and community don’t provide extensive discussions and topics related to every pfSense service."
"Their support could be better in terms of the response time."
"We have not had any problems with it, and we also do not have a need for any new features. If anything, its reporting can be better. Sophos has better reporting than pfSense. Sophos has more detailed information. pfSense is not as detailed. It is summarized."
"The main problem with pfSense is that it lacks adequate ransomware protection."
"Also, simplifying the rules for the GeoIP. Making it simpler to understand would be an improvement."
"The solution could be more user-friendly, and the graphical interface needs some work so that someone without an IT background can use the application. I would like the ability to manage the on-premise appliance from the cloud. When I'm not in the office, it would be great to connect to the pfSense server and administer the network remotely."
"The only time we face a problem or issues is when we place a ticket. We have found that response is very slow."
"During initial configuration, I encountered a few issues."
"When we call support, we get put on hold for a long time."
"I am going to flat out say technical support is terrible. Being a Platinum level customer, I am not happy with the support."
"There is absolutely no support when using AWS. If you buy the on-premise Sophos solution, you get support."
"We need a better VPN client for the customers."
"Sophos UTM could be simplified, and they can improve on the many other features, like SD-WAN and load balancing. Sophos UTM is missing a few features that their competitors have. For example, if you have multiple branches you would like to connect, the load balancing features aren't available on multilink. If we create a VPM for multiple LAN links, we cannot load balance the traffic."
"The initial setup may be difficult for those not familiar with the product."
Netgate pfSense is ranked 1st in Firewalls with 128 reviews while Sophos UTM is ranked 1st in Unified Threat Management (UTM) with 110 reviews. Netgate pfSense is rated 8.6, while Sophos UTM is rated 8.4. The top reviewer of Netgate pfSense writes "User-friendly, easy to manage the firewall, rule-wise and interface-wise". On the other hand, the top reviewer of Sophos UTM writes "It's a highly stable platform with very few hardware issues". Netgate pfSense is most compared with OPNsense, Sophos XG, KerioControl, Cisco Secure Firewall and WatchGuard Firebox, whereas Sophos UTM is most compared with Sophos XG, OPNsense, Palo Alto Networks NG Firewalls, Cisco Secure Firewall and WatchGuard Firebox. See our Netgate pfSense vs. Sophos UTM report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
pfSense is opensource and has been the last 10 years in the top 10 best
firewall solutions in the world, it is free, stable, scalable, and easy to
administer ... and above all very safe, since it is one of the few systems
that could have been violated. It's free.
In fact, Karl, the 50-IP free version is for home use only, and not even then if it also protects business assets. You did a great job of explaining the difference, so I won't comment further.
To the original poster, it's cheaper to hire a Sophos consultant to create your original configuration. It costs twice as much to get a configuration "repaired" that wasn't correctly designed. A Sophos Solution Partner that has a Sophos Certified Architect with plenty of experience and good referrals is probably your best bet.
With Sophos is easy to configure and you have the support from the frabicant, with pfSense you have to learn from the community and learning curve is a little hard, last occasion with pfSense it don't have support for vpn dynamic, with Sophos they have RED equipment that is an extension from the core, only you need the serial number from the remote equipment and you have the vpn , both are great equipment and software, depend of the budget, pfSense is free and they have support if you pay the license very cheap
pfSense is just a basic firewall with VPN and Captive Portal functionality but does its job great. Only needs minimum resources to function. Price is right (FREE)
Sophos UTM is much more, hence the UTM. It does firewall, advance threat protection, VPN, Secure web gateway, email protection (AV, Spam, Encryption, and DLP), endpoint protection, Mobile Device control, Web Application Firewall, User Portal, built in reporting, and central management. It does require more resources but you get a lot more out of it. Two options depending on the size of your office, commercial version or the Free version that you can build on your own hardware. The free version is restricted to 50 IP addresses. (www.sophos.com)
I have used both and both have their place but using Sophos in my environment just because it offers a lot more functionality, nice dashboard, reports, and easy to use through the GUI.
One other big difference is that pfSense is FreeBSD based while Sophos UTM is linux based. It is also worth having a lool on cacheguard which is a proxy oriented product and also Linux based.
I´m afraid I am not able to help in this matter. We´ve decided to for FortiGate as services, based on our relationship with our IT security provider and the FortiGate reviews available on the net.
We used to use pfSence for one particular open network but let the full control on de FortiGate. During the investigation and analysis period we thought of Sophos but felt more comfortable going for FortiGate pretty much based on price and our relationship with our IT security provider. Hence my experience wouldn´t help in this case.
My best advice would is to refer to the article available on:
www.itcentralstation.com