Sophos UTM Review

Has a solid state hard drive and can boot in less than sixty seconds


What is our primary use case?

We are partners with Palo Alto and several IT certificate vendors, like Sophos. We deploy Sophos UTM for customers.

Internally we use Sophos, but we deploy solutions including both Sophos and Palo Alto Networks to our customers. We are an IT integration company. Our services include the deployment of security appliances.

Our environment includes Sophos UTM for internal use, which means it is protecting the network. It is protecting our environment.

We publish our services like the help desk, mail server, and other servers. Sophos UTM offers us protection for publishing and the VPN.

How has it helped my organization?

When we started with Sophos UTM, we were using Microsoft Threat Management Gateway (TMG) which formed part of the firewall. It's not anymore there, it has been discontinued. 

Sophos UTM is an SSD appliance. It has a solid state hard drive and can boot in less than sixty seconds. It is an appliance that has more stability than software solutions. It all depends on which hardware you have installed.

Sophos UTM has improved the porting section. It has improved security by seeing the gaps. For example, when you discover that an entry has been using a certain application, with Sophos UTM acting as a Layer 7 firewall, you can block the application, not the port.

In the application firewall, you can block the next update for Bitcoin or for Facebook. It has settings to block a port or wifi or just block the application and firewall. Sophos UTM will be able to detect the application type and filter network users.

Sophos UTM did help us a lot on the throughput of the internet because at that time we were using ADSL. Now it is fiber, which means we are able to manage the throughput of the firewall by also putting the quality of service first. 

For example, we are able to configure 2MB for YouTube or 5MB are guaranteed for the service which is published. In the past, with TMG you had to buy third-party tools that also did not have the same functionality.

Currently, Sophos UTM and XG are helping our customers. The features available in the UTM and XG are a combination of all the firewalls in the market which means all the features.

The IT Admin or IT Security in any organization would like to have Sophos UTM because it is full of all the features you think about for enterprise. 

Sophos UTM normally will deploy a batch or an upgrade and add more features, every six to eight months based on the RMD.

What is most valuable?

To be quite honest, from my personal experience all the features of Sophos UTM are useful, which includes publishing templates and the ease of publishing any servicing needs. 

From the VPN side, all the VPN protocols are available so you can choose from SSVPN to PPTP to other versions of VPN, and it's easy to deploy within minutes.

The firewall includes very good logging where you can see what's hacking your network. The IDS and IPS settings are based on your reliance and also alerts you if there is an attack. 

We're happy with Sophos and we also have an XG version being used for other services, because we are a company that provides services. We have two versions, we have the XG and the latest one. 

The Sophos UTM which is the previous version but still being in production is our main firewall for the company.

We happy with all the features, we have no negative comments on any of the features except that the XG has more ability to block based on countries.

On the previous model, the blocking of countries we had a problem with, i.e. if you use the NAT feature, you can't block countries. You have to enter the IP network. 

With the XG version, you can just select when you publish via NAT not via WAF. You can select the countries. 

That is the only difference between XG and the UTM which we did not really like, but other than that its all cool.

What needs improvement?

There is definitely room for improvement with Sophos UTM. For the SG version of Sophos UTM, they can add blocking of countries in the NAT section, not only in the firewall section. 

When you are mapping, they should also add the ability to block countries in that section. That's not available right now. It's only available in the firewall if you want to block incoming traffic.

With Sophos UTM, there is a general rule in the firewall when the country blocking can block some countries from accessing your data. In the current version, you still need to add it by putting in the IP range. 

This feature would be helpful for administrators and it gives them the advantage to block stuff in less time. 

The web filter needs additional enhancement but that's the point of the XG upgrade. If they're going to continue with the production of the XG, then they will not add the same features to the basic version of Sophos UTM.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

With the ability of the hardware, we haven't experienced any problems with Sophos UTM so far. Neither have our customers. 

At the beginning of the XG version, three years back, they had hardware issues. After that Sophos deployed division two, three, and four as hardware appliances.

Sophos fixed the hardware issue for the lower models, i.e. the 525, the XG 125, and the XG 85. All of the larger Sophos UTM models were fine.

Now, all are stable, all are fine. We haven't seen any crash. One of our customers had a DDoS attack. Since he had the proper rules, we did not record any incident. 

Sophos UTM blocked the DDoS. Although it is not a dedicated anti-DDoS solution, Sophos UTM has the features. 

Sophos UTM is stable. I haven't seen any claims or issue tickets from our customers regarding stability.

What do I think about the scalability of the solution?

Sophos UTM has different aspects. If you have an HA distribution, high availability, you can scale up.

When you go and purchase Sophos UTM, you have to plan and say what the environment is. This planning has to be done before buying. If you buy a small appliance and after two years, you are 50 or 70 employees there are upgrade options. 

It should be between you and Sophos. They can give you a free appliance if you subscribe for three years on subscription, for example.

If you have an existing subscription and you want to have HA, this means another device has to be set as redundant. The only downside is that it has to be the same version and the same model. 

In my company, we have around 35 loyal customers. These customers have purchased and are redeeming Sophos UTM with us. Altogether, we are 55 employees. Most of them are at the office. Concurrently around 35 others are on site at other clients. We have around 35 servers. 

We have the published Sophos UTM on the main server, help desk, share point, etc. We've got around nine published services, plus 10 VPNs running concurrently for our support engineers to connect and work on our internal infrastructure for the allotment servers. 

We have 50 Sophos UTM installations at least that are actively browsing, downloading, and being protected by the web filter and other features there.

It depends on the organization, but for us we only require one person to manage this solution, even working remotely at home.

How are customer service and technical support?

We don't have much need to speak with the vendor because we are educated and experienced with Sophos UTM. We are an integrator company.

For our customers, in the beginning, we give them training. After a week we do expect to have some calls because they are not yet educated or they're not yet used to it. 

After that, that's it. They already told us if they are ready or not. Sophos' support is better than others because Sophos also can sell endpoint solutions.

If one of our customers has an issue and Sophos did support and send their team for the investigation it could be conflicting.

For example, one of our customers had an endpoint which is an antivirus and they had an issue. We have teams that were actively taking care of the customer based on our relationship with the client and their Sophos UTM device license.

We have no comment on the Sophos UTM support which we have seen at our customer sites because it was only with a government customer. 

The customer told us that the Sophos UTM representative mentioned that they wanted to have the vendor take care of this issue.

Other than that, I have had no negative experiences with Sophos' technical support.

How was the initial setup?

The initial setup of Sophos UTM is straightforward for both versions, the XG & UTM. In addition, they both provide a proper manual.

In the beginning, seven years back, Sophos UTM wasn't straightforward for beginners. You had to be already excellent in security. Now, it is very easy because you install the IP address, you log in, and you do the initial setup by routine. 

These days its much easier than in the past but not everyone that has a firewall is secured. If you do it properly by choosing the right network, the right topology, and the right firewall rules, Sophos UTM will work.

There are orders for most of the rules. For example, if you put a deny rule below an allow rule, you are not going to have the proper result. 

Sophos UTM requires knowledge. It's easy to deploy but also there is a responsibility on the person who is deploying to understand. 

You must have the knowledge of security and networking, to make sure that the solution is working properly. Sophos UTM is very easy compared to other vendors somehow.

In our environment, we have defined previously the VLAN rules on our sheets because we had another firewall. In the beginning, we just copied the current rules and then enhanced them slowly so deployment took place quickly.

After fixing the appliance physically on the rack, it took one hour to be up and running and ready based on the rules. If you are a small environment that would take you less than 20 minutes. 

It all depends on how many rules you have, how many demands, how many users, and public services. For example: if you have five websites, the main server, and a starter business, you might need more time because you would need to define the rules properly. 

It all depends on how complex your environment is. Sophos UTM is easy and straightforward for me and for somebody who is certified on security levels.

What about the implementation team?

We haven't opened a ticket with Sophos for 60 days, but we still have support. All our customers use us as the first level of support, even if they have to chase it. 

Sophos UTM comes with a license. We are very aware and updated on Sophos solutions. We have good experience with it.

Although we sell other solutions, we are looking forward to building, selling, and integrating Sophos XG/UTM versus other vendors because of the ease of use.

We are more focused now. Our entire team is certified in Sophos Enterprise, while other vendors would likely still have just one or two members who are certified.

We feel more comfortable using Sophos equipment and solutions.

What was our ROI?

I can't mention anything on ROI because I'm more focused on the technical part. I'm not needed in the financial part. In our company, we have saved bandwidth and lots of network hardware waste. 

The Sophos UTM solution did help us because we were depending on a software base from Microsoft. Microsoft is a great company but they are not great for our security. Now they have improved. When you go out and buy something, buy it from the specialists.

For example, if you go for virtualization, VMware is a company that only does virtualization. Go for specialized people. Don't go for people who are doing everything at once. 

It's like when you go to a physician or a doctor and you have a problem with certain things. i.e you have a problem with the bones. Go to the doctor that is specialized in the bones, not a general doctor. 

What's my experience with pricing, setup cost, and licensing?

The Sophos UTM license is annual or you have a choice for a two or three-year term.

The Sophos UTM licensing is based on if you have an appliance. There are several layers of subscription you can take:

  • Sophos UTM Full Guard includes everything but a few features.
  • Sophos UTM Full Guard Plus includes all the most used features, i.e Wifi, ITF, ITS, web publishing WAF, etc. 

There is a huge price list. The prices in the MENA area (the Middle East and North Africa) is completely different than North America.

The products are completely different in the MENA area from the United States. Each region has its own scheme of pricing based on the VAT and the tax refund. 

The price might be different for the people who are in the United States and the UK.

After you select the level of subscription, you pay once.

Which other solutions did I evaluate?

We tried and tested Fortigate from Fortinet. We tested several appliances about six years back. Not Palo Alto at that time, only Fortinet. 

We evaluated other open-source Linux software but not appliances. We decided to go with Sophos UTM based on several factors related to the tests we did at that time.

Evaluation is very important so that you can see what are you buying and what you are going to face in the future.

What other advice do I have?

My recommendation is that businesses should go for the XG version, not the SG because the XG version of Sophos offers next-generation firewall support and has more improvements.

Sophos XG is the next generation firewall that is not available on the UTM version. The difference is in the features between the two and how you deploy them. 

Sophos XG version covers what is in the SG version plus additional bonuses: the dashboard, the heartbeat between the firewall and the input, etc. 

I advise first evaluate, know your network, know your needs, and plan for the upcoming two or three years before you purchase. 

Get in touch with the vendors because these days every vendor wants to sell. They are willing to help the customers and willing to show them what they will get. 

Make sure you evaluate properly many platforms. Don't just go with one vendor. Go with two or three vendors. Evaluate and then short-list and choose the best for you.

The rating has to have criteria: 

  • On performance, I would give Sophos UTM a 10 out of 10 rating. 
  • On price, it is a long discussion because you can get a discounted price if you are an integrator. 
  • As a user and a customer, I would give Sophos UTM a 9 out of 10 rating.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email