Most Helpful Review
Researched Sophos UTM but chose Cisco Adaptive Security Appliance (ASA) Firewall: It is a strong solution.
Researched Sophos UTM but chose Sophos Cyberoam UTM: Good application filtering, anti-spam, and IPS features
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
Unfortunately in Cisco, only the hardware was good.
The traffic inspection and the Firepower engine are the most valuable features. It gives you full details, application details, traffic monitoring, and the threats. It gives you all the containers the user is using, especially at the application level. The solution also provides application visibility and control.
If we look at the Cisco ASA without Firepower, then one of the most valuable features is the URL filtering.
It's easy to integrate ASA with other Cisco security products. When you understand the technology, it's not a big deal. It's very simple.
The benefits we see from the ASA are connected to teleworking as well as, of course, having the basic functionality of a firewall in place and the prevention of attacks.
On the network side, where you create your rules for allowing traffic — what can come inside and what can go out — that works perfectly, if you know what you want to achieve. It protects you.
If you have a solution that is creating a script and you need to deploy many implementations, you can create a script in the device and it will be the same for all. After that, you just have to do the fine tuning.
They provide DDoS protection and multi-factor authentication. That is a good option as it enables work-from-home functionality.
The interface is user-friendly.
The product, itself, doesn't seem to have any bugs or glitches.
Having a firewall solution with a data quota is very important when the bandwidth is limited, which really distinguishes it from other products.
The most valuable feature is the IPSec forwarding.
I'm more inclined towards the conventional firewall. So for me, I'm more geared towards the standard firewall type functionalities as well as the web application firewall because that seems to work fine.
The most valuable feature of this product is the threat protection.
It is a VPN that serves all your needs as an application firewall.
We find all of the features valuable because together they fit the needs of our customers.
It allows me to easily connect with more than forty-five remote sites and more than fifty remote users between IPsec and SSL VPN, applying the web filter and application filter to ensure a secure connection.
Configuration troubleshooting is eased by the use of the color-coded, live firewall log.
The features that I've known to be most valuable are both the web security features as well as the web firewall capabilities. As a partner of Sophos firewall, we have some clients and they are using Sophos firewall UTM and we are using it as well.
Sophos UTM has improved the porting section. It has improved security by seeing the gaps. For example, when you discover that an entry has been using a certain application, with Sophos UTM acting as a Layer 7 firewall, you can block the application, not the port.
The most valuable feature is the IPS. It also protects us from malware.
UTM 9 brings along IPSec as well as iPhone and iPad support. This seems small but it’s useful.
The isolation of infected machines is a big feature. Also, the ability to detect external sources that change files on a file server is really big.
In NGFW, Cisco should be aligned with the new technology and inspection intelligence because Cisco is far behind in this pipeline.
Security generally requires integration with many devices, and the management side of that process could be enhanced somewhat. It would help if there was a clear view of the integrations and what the easiest way to do them is.
One area where the ASA could be improved is that it doesn't have AMP. When you get an ASA with the Firepower model, ASA with FTD, then you have advanced malware protection.
If I want to activate IPS features on it, I have to buy another license. If I want Cisco AnyConnect, I have to buy another license. That's where we have challenges.
Cisco missed the mark with all the configuration steps. They are a pain and, when doing them, it looks as if we're using a very old technology — yet the technology itself is not old, it's very good. But the front-end configuration is very tough.
Cisco provides us with application visibility and control, although it's not a complete solution compared to other vendors. Cisco needs to work on the application behavior side of things, in particular when it comes to the behavior of SSL traffic.
It is expensive.
We were also not too thrilled when Cisco announced that in the upcoming new-gen ASA, iOS was not going to be supported, or if you install them, they will not be able to be managed through the Sourcefire. However, it seems like Cisco is moving away from the ASA iOS to the Sourcefire FireSIGHT firmware for the ASA. We haven't had a chance to test it out.
We have had some issues with technical support, which is an area that needs improvement.
Cyberoam UTM needs to have more certifications with third-parties, such as NSS Labs.
When it comes to web filtering and application filtering, it does not contain enough signatures to determine all of the sites that need to be blocked.
The VPN needs to be improved.
I would say there's room for improvement in terms of the GUI. Because it is better than some of the other standard firewalls. They have the drag and drop features.
The reporting should be improved as well as the backup.
Its scalability is not that great.
We would like to have unique viewable IDs for rules and in the packet filter logfile, for easier debugging of old log files.
I would like to see the SD-WAN feature improved.
Support for IKEv2 is needed in this solution.
The only time we face a problem or issues is when we place a ticket. We have found that response is very slow.
With Sophos UTM, there is a general rule in the firewall when the country blocking can block some countries from accessing your data. In the current version, you still need to add it by putting in the IP range. This feature would be helpful for administrators and it gives them the advantage to block stuff in less time.
The solution could be improved by adding cloud soundboxing.
We didn’t find any issues but I know there have been some in the last few years.
It does have built-in policies, which enable you to disable USB devices, etc. It would be nice if they had more policies because there are not that many of them.
Pricing and Cost Advice
Always consider what you might need to reduce your wasted time and invest it in other solutions.
There is room for improvement in the pricing when compared to the market. Although, when you compare the benefits of support from Cisco, you can adjust the value and it becomes comparable, because you usually need very good support. So you gain value there with this device.
When it comes to Cisco, the price of everything is higher. Cisco firewalls are expensive, but we get support from Cisco, and that support is very active.
It's a brilliant firewall, and the fact that it comes with a perpetual license really does go far in terms of helping the organization in not having to deal with those costs on an annual basis. That is a pain point when it comes to services like the ones we have on Fortigate. That's where we really give Cisco firewalls the thumbs up.
Cisco is expensive, but you do get benefits for the price.
In terms of costs, other solutions are more expensive than Cisco. Palo Alto is more expensive than Cisco.
Pricing varies on the model and the features we are using. It could be anywhere from $600 to $1000 to up to $7,000 per year, depending on what model and what feature sets are available to us.
We used Check Point and the two are comparable. Cost was really what put us onto the ASAs... the price tag for Check Point was exorbitantly more than what it is for the ASA solution.
There are no costs in addition to the standard licensing fees.
This is a cost-effective solution compared to other vendors, such as Cisco.
I have no comment about the pricing.
This solution is less expensive than FortiGate.
The biggest issue with Sophos is the pricing. It's definitely more expensive. As I said, we looked at Webroot, which is a big alternative, and Sophos was almost three times the price of Webroot. That's a pretty big difference.
We purchased the appliance with five years onsite support and licenses.
Pricing for the upgrade was very competitive as Sophos wanted to retain existing customers.
Sometimes more is less, meaning if you want more than three features, take the FullGuard licence.
The pricing and licensing are both good and better than Sophos's competitors. This is why we went with the product.
The AWS Marketplace product should be a better fit, but it is a little pricier.
Purchasing through the AWS Marketplace is pretty straightforward. Because were entirely on AWS and don't have anything anywhere else. It made the most sense for us as a one stop shop.
Questions from the Community
Top Answer: Fortinet FGs: Great devices, relatively easy to deploy and maintain. Cheaper than most devices of their kind. If you're looking for a lot of features at a relatively low price point this is the way to… more »
Top Answer: They provide DDoS protection and multi-factor authentication. That is a good option as it enables work-from-home functionality.
Top Answer: In terms of costs, other solutions are more expensive than Cisco. Palo Alto is more expensive than Cisco.
Top Answer: The most valuable feature is the IPSec forwarding.
Top Answer: Sophos is quite flexible when it comes to pricing.
Top Answer: My understanding is that UTM is the software; SG is the hardware. You can buy Sophos UTM running on SG hardware and then later upgrade to the XG running on the same hardware.
Top Answer: I'd agree with Karl's comment above. PfSense is a great product but treat it like a firewall and the big bonus is it's free. It's great at what it does. Sophos UTM on the other hand can be a beast as… more »
Question: What are the biggest differences between Meraki and Sophos? Which one is good for security and SD-WAN?
Top Answer: I presume the topic is UTM appliances (as Meraki and Sophos have many products). Any physical site connected to the Internet needs some kind of a firewall, yes? That firewall should be at the site… more »
Compared 36% of the time.
Compared 13% of the time.
Compared 9% of the time.
Compared 5% of the time.
Compared 4% of the time.
Compared 28% of the time.
Compared 25% of the time.
Compared 7% of the time.
Compared 5% of the time.
Compared 3% of the time.
Compared 30% of the time.
Compared 22% of the time.
Compared 11% of the time.
Compared 6% of the time.
Compared 1% of the time.
Also Known As
|Cisco ASA Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls||Astaro|
Cisco ASA firewalls deliver enterprise-class firewall functionality with highly scalable and flexible VPN capabilities to meet diverse needs, from small/branch offices to high performance data centers and service providers. Available in a wide range of models, Cisco ASA can be deployed as a physical or virtual appliance. Flexible VPN capabilities include support for remote access, site-to-site, and clientless VPN. Also, select appliances support clustering for increased performance, VPN load balancing to optimize available resources, advanced high availability configurations, and more.
Cisco ASAv is the virtualized version of the Cisco ASA firewall. Widely deployed in leading private and public clouds, Cisco ASAv is ideal for remote worker and multi-tenant environments. The solution scales up/down to meet performance requirements and high availability provides resilience. Also, Cisco ASAv can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables greater simplicity, visibility, and efficiency.
|Cyberoam Unified Threat Management hardware appliances offer comprehensive security to organizations, ranging from large enterprises to small and branch offices. Multiple security features integrated over a single, Layer 8 Identity-based platform make security simple, yet highly effective.||The global network of highly skilled researchers and analysts, protecting businesses from known and emerging malware - viruses, rootkits and spyware.|
Learn more about Cisco Adaptive Security Appliance (ASA) Firewall
Learn more about Sophos Cyberoam UTM
Learn more about Sophos UTM
|There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.||Gulf Corporation for Technology, Maridive & Oil Services, Fidelity Bank, Petra University, Capital FM Kenya, Safari Park Hotel and Casino, Mayfair Casino, Pacific International Lines, Mozambique Ministry of Education, University of Namibia, Royal Hospital for Neuro-disability, University of Hawai, New Delhi Municipal Council||One Housing Group|
Financial Services Firm20%
Comms Service Provider9%
Computer Software Company28%
Comms Service Provider22%
Comms Service Provider10%
Computer Software Company26%
Comms Service Provider14%
Comms Service Provider11%
Financial Services Firm11%
Comms Service Provider26%
Computer Software Company24%