We just raised a $30M Series A: Read our story

Compare Palo Alto Networks VM-Series vs. Sophos UTM

Cancel
You must select at least 2 products to compare!
Featured Review
Find out what your peers are saying about Palo Alto Networks VM-Series vs. Sophos UTM and other solutions. Updated: March 2020.
552,305 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
"The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF. This allows all devices on the network to communicate.""When it comes to the integration among Cisco tools, we find it easy. It's a very practical integration with other components as well.""The customer service/technical support is very good with this solution.""We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government.""The dashboard is the most important thing. It provides good visibility and makes management easy. Firepower also provides us with good application visibility and control.""Provides good integrations and reporting.""The most valuable feature is stability.""The most important features are the intrusion prevention engine and the application visibility and control. The Snort feature in Firepower is also valuable."

More Cisco Firepower NGFW Firewall Pros »

"Palo Alto Networks VM-Series is very easy to use.""The most valuable feature is the Posture Assessment.""In Palo Alto the most important feature is the App-ID.""The Palo Alto VM-Series is nice because I can move the firewalls easily.""The most valuable feature is that you can control your traffic flowing out and coming it, allowing you to apply malware and threat protection, as well as vulnerability checks.""The most valuable features are the User ID, URL filtering, and application filtering.""The most valuable aspects of this solution are that it's simple and stable. It has better security aspects compared to other similar solutions.""The most valuable feature is that you can launch it in a very short time. You don't have to wait for the hardware to arrive and get it staged and installed. From that perspective, it is easy to launch. It is also scalable."

More Palo Alto Networks VM-Series Pros »

"The cost of the solution is very reasonable.""Efficient and effective - it's easy to separate rules.""Technical support is very responsive.""It is a very good product. The threat monitoring process is the most valuable feature.""It is easy to manage.""Sophos is a unified solution. We have anti-virus protection, firewall rules, knotting, and DACC all in one box.""I would recommend UTM over XG because it's easier to manage.""Monitoring and reporting are areas that need improvement."

More Sophos UTM Pros »

Cons
"The product line does not address the SMB market as it is supposed to do. Cisco already has an on-premises sandbox solution.""FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively.""The performance should be improved.""On the VPN side, Firepower could be better. It needs more monitoring on VPNs. Right now, it's not that good. You can set up a VPN in Firepower, but you can't monitor it.""There is limited data storage on the appliance itself. So, you need to ship it out elsewhere in order for you to store it. The only point of consideration is around that area, basically limited storage on the machine and appliance. Consider logging it elsewhere or pushing it out to a SIEM to get better controls and manipulation over the data to generate additional metrics and visibility.""I would like it to have faster deployment times. A typical deployment could take two to three minutes. Sometimes, it depends on the situation. It is better than it was in the past, but it could always use improvement.""The initial setup can be a bit complex for those unfamiliar with the solution.""Deploying configurations takes longer than it should."

More Cisco Firepower NGFW Firewall Cons »

"The solution needs to have more easily searchable details or documentation about it online, so it's easier to Google if you have queries.""The command-line interface is something that some people struggle with and I think that they should have an option to go straight to the GUI.""The product needs improvement in their Secure Access Service Edge.""The one issue that I didn't like is that the SNMP integration with interfaces didn't record the interface counters.""They made only a halfhearted attempt to put in DLP (Data Loss Prevention).""The user interface could use some improvement.""In the next release, I would like to see better integration between the endpoints and the firewalls.""In the next release, I would like for them to develop an anti-malware functionality in which it checks for malicious files like Cisco has."

More Palo Alto Networks VM-Series Cons »

"Monitoring and reporting are areas that need improvement.""The solution needs to do better at covering mobile devices, although they may have an integrated solution for that purpose.""The initial setup may be difficult for those not familiar with the product.""The integration capabilities could be better.""There needs to be some improvement in the IPsec VPN. There is implementation only support. I have version one. I'd be most interested in having IP version two from the protocol.""The solution is not scalable.""It's stable, but the reaction time of the GUI is terrible.""The classification segregation of applications lacks sufficient definition."

More Sophos UTM Cons »

Pricing and Cost Advice
"This product requires licenses for advanced features including Snort, IPS, and malware detection.""Cisco is not for a small mom-and-pop shop because of the cost, but if you're in a regulated industry where a breach could cost you a million dollars, it's a bargain.""Cisco pricing is premium. However, they gave us a 50 to 60 percent discount.""The price is comparable.""There are additional implementation and validation costs.""I like the Smart Licensing, because it is more dynamic and easier to keep track of where you are at. If we have a high availability firewall pair and they are deployed in active/standby rather than active/active, I would expect that we would only pay for one set of licenses because you are using only one firewall at any one time. The other is there just for resiliency. The licensing, from a Firepower perspective, still requires you to have two licenses, even if the firewalls are in active/standby, which means that you pay for the two licenses, even though you might only be using one firewall any one time. This is probably not the best way to do it and doesn't represent the best value for money. This could be looked at to see if it could be done in a fairer way.""The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case.""For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."

More Cisco Firepower NGFW Firewall Pricing and Cost Advice »

"The price of this solution is very high for some parts of Africa, which makes it a challenge.""Because I work for a university and the URL is for the institution, it's a free license for us.""Palo Alto can be as much as two times the price of competing products that have twice the capabilities.""The VM series is licensed annually.""It is not the cheapest on the market. The total cost for two firewall instances is $75,000. This includes licenses, deployment fees, and support for two years.""The cost of this product varies from customer to customer and the relationship with IBM, including how many offerings from IBM are already being used."

More Palo Alto Networks VM-Series Pricing and Cost Advice »

"The prices can be better, they could make it a lot cheaper.""The solution is very low cost compared to competitors. You have a good firewall, a lot of functions for less than the price of some omni firewall competitors.""It is necessary to pay for a licence to use the solution, but it is not very expensive.""We pay for the service on a yearly basis. The last time we paid was in June, for a year. At the time, it was about $20,000.""Our licensing fees are paid on a monthly basis.""It's reasonably priced.""I think the pricing of Sophos is very fair.""The appliance should be purchased and there is a fee for the license."

More Sophos UTM Pricing and Cost Advice »

report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
552,305 professionals have used our research since 2012.
Questions from the Community
Top Answer:  When you compare these firewalls you can identify them with different features, advantages, practices and… more »
Top Answer:  The Cisco Firepower NGFW Firewall is a very powerful and very complex piece of anti-viral software. When one considers… more »
Top Answer: It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
Top Answer: In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it… more »
Top Answer: Both products are very stable and easily scalable. The setup of Azure Firewall is easy and very user-friendly and the… more »
Top Answer: The initial setup was straightforward.
Top Answer: In my opinion and as a result of years of experience: - Both are great firewalls with excellent performance and a… more »
Top Answer: Sophos UTM is no longer being developed, according to our reseller. All the development effort is going into XG. So XG… more »
Top Answer: With Sophos, we have not had any incidents this year. The security provided has been good. It has proven to be okay for… more »
Comparisons
Also Known As
Cisco Firepower NGFW, Cisco Firepower Next-Generation Firewall, FirePOWER, Cisco NGFWv
Astaro
Learn More
Overview

Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.

The VM-Series is a virtualized form factor of our next-generation firewall that can be deployed in a range of private and public cloud computing environments based on technologies from VMware, Amazon Web Services, Microsoft, Citrix and KVM.

The VM-Series natively analyzes all traffic in a single pass to determine the application identity, the content within, and the user identity. These core elements of your business can then be used as integral components of your security policy, enabling you to improve your security efficacy through a positive control model and reduce your incident response time though complete visibility into applications across all ports.

In both private and public cloud environments, the VM-Series can be deployed as a perimeter gateway, an IPsec VPN termination point, and a segmentation gateway, protecting your workloads with application enablement and threat prevention policies.

The global network of highly skilled researchers and analysts, protecting businesses from known and emerging malware - viruses, rootkits and spyware.
Offer
Learn more about Cisco Firepower NGFW Firewall
Learn more about Palo Alto Networks VM-Series
Learn more about Sophos UTM
Sample Customers
Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield
Warren Rogers Associates
One Housing Group
Top Industries
REVIEWERS
Comms Service Provider22%
Financial Services Firm16%
Manufacturing Company8%
Non Profit8%
VISITORS READING REVIEWS
Comms Service Provider32%
Computer Software Company21%
Government7%
Manufacturing Company4%
REVIEWERS
Financial Services Firm23%
Government15%
Manufacturing Company15%
Healthcare Company8%
VISITORS READING REVIEWS
Computer Software Company30%
Comms Service Provider19%
Financial Services Firm5%
Government5%
REVIEWERS
Financial Services Firm13%
Manufacturing Company13%
Government10%
Insurance Company6%
VISITORS READING REVIEWS
Comms Service Provider38%
Computer Software Company18%
Government7%
Media Company4%
Company Size
REVIEWERS
Small Business43%
Midsize Enterprise28%
Large Enterprise29%
VISITORS READING REVIEWS
Small Business21%
Midsize Enterprise13%
Large Enterprise66%
REVIEWERS
Small Business38%
Midsize Enterprise31%
Large Enterprise31%
REVIEWERS
Small Business60%
Midsize Enterprise23%
Large Enterprise17%
VISITORS READING REVIEWS
Small Business43%
Midsize Enterprise36%
Large Enterprise20%
Find out what your peers are saying about Palo Alto Networks VM-Series vs. Sophos UTM and other solutions. Updated: March 2020.
552,305 professionals have used our research since 2012.

Palo Alto Networks VM-Series is ranked 11th in Firewalls with 16 reviews while Sophos UTM is ranked 2nd in Unified Threat Management (UTM) with 20 reviews. Palo Alto Networks VM-Series is rated 8.6, while Sophos UTM is rated 8.4. The top reviewer of Palo Alto Networks VM-Series writes "An excellent solution for the right situations and businesses". On the other hand, the top reviewer of Sophos UTM writes "Great web and email filtering with reasonable pricing". Palo Alto Networks VM-Series is most compared with Azure Firewall, Fortinet FortiGate, Cisco ASA Firewall, Juniper SRX and CyberArk Privileged Access Manager, whereas Sophos UTM is most compared with Fortinet FortiGate, pfSense, Sophos XG, Untangle NG Firewall and Palo Alto Networks NG Firewalls. See our Palo Alto Networks VM-Series vs. Sophos UTM report.

We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.