Sophos UTM Room for Improvement

ZaherEL Bsat
Pre-Sales Manager | Infrastructure and Security at National Information Technology Company
There is definitely room for improvement with Sophos UTM. For the SG version of Sophos UTM, they can add blocking of countries in the NAT section, not only in the firewall section. When you are mapping, they should also add the ability to block countries in that section. That's not available right now. It's only available in the firewall if you want to block incoming traffic. With Sophos UTM, there is a general rule in the firewall when the country blocking can block some countries from accessing your data. In the current version, you still need to add it by putting in the IP range. This feature would be helpful for administrators and it gives them the advantage to block stuff in less time. The web filter needs additional enhancement but that's the point of the XG upgrade. If they're going to continue with the production of the XG, then they will not add the same features to the basic version of Sophos UTM. View full review »
Joseph Mallozzi
Project Engineer
This product could use some improvement with web filtering. It takes a lot of time and effort to set up and maintain. View full review »
Ayodele Mumuni
Snr Dev Ops Engineer at a tech services company
You (currently) need to buy the Sophos software per availability, zone, and per VPC. It should offer an account-based solution. When you buy a Sophos license, you have to buy a license for each location. We have clients in the US. We have clients in Ireland. We have clients in the UK. With GD-PI coming, the clients' data needs to stay in-house, so when you buy the Sophos license, it only works for the UK. Then, you have to buy another in the USA and another one in Ireland, then you have to have a VPN tunnel between all of them to have them talk to each other because Sophos blocks them talking to each other. So, ideally, a multi-VPC or a multi-talented Sophos would be great because it would take away the fact that you need to build a tunnel and you have one management console for all your different locations. Instead of having three different locations with three different IP addresses and having to add users to probably two out of three, sometimes all three, having just one centralized location would be good. View full review »
Find out what your peers are saying about Sophos, Fortinet, pfSense and others in Firewalls. Updated: September 2019.
372,124 professionals have used our research since 2012.
Anthony Petecca
Manager IT and Security at Health Street
It does have built-in policies which enable you to disable USB devices, etc. It would be nice if they had more policies because there are not that many of them. View full review »
Juan C. Sanchez Pignalosa
CEO And Founder at Advisor Consulting Group Corp
Sophos UTM has many improvements that I would suggest, but the main one is for the Application Control to be managed with users as well, and with timeframes (schedules) for the administrator to allow certain apps outside an specific timeframe, or vice versa. View full review »
Scott Rouse
Architecture and DevOps at hc1.com
The UI on it could stand a little improvement. In some areas, it is a little slow and clunky. It is sometimes not easy to find something. However, once you get used to it, it is pretty normal to use. View full review »
Frank Scalzo
Director of Cloud Technology at Avalere Health\Inovalon
I would like them to move from the Classic Load Balancer to the Network Load Balancer. This would make it easier to do certain things with Amazon. They are able to do some enhancements with Network Load Balancer that they are unable to do with Classic Load Balancer. View full review »
M.K. Goyal
Asst General Manager(C&IT) at NMDC Iron & Steel Plant
Initially, there were problems of wireless access points not getting detected and lease lines were getting disconnected after one hour. Sophos replaced the appliance, but the issue was not resolved . The matter got escalated to their international support and the issue was identified as a bug where long distance fiber connections are used over single mode fiber. The patch was shipped by Sophos with a promise to fix the issue in the next release. Now, the appliance is working fine. The issue of wireless access points was due to some compatibility issues with the D-Link switch. I provided the Cisco 2900 series switches to connect to the wireless access points by creating a separate wireless LAN port on the firewall. View full review »
Md. Dipu Khan
CEO at NG
One additional feature that should be included in the next release is synchronized security, which would enable all the security to work together as a system. Another suggestion is to add advanced threat protection (ATP) to defend against sophisticated Malware. Seeing these additional improvements would be a great thing going forward. View full review »
John Xavier
CIO at Quartesian
We had some problems with the configuration. They had provided a CloudFormation template, and we had to go several rounds to make it work. View full review »
CTO0a65
CTO at a tech services company with 11-50 employees
* Certificate management (ex. Let’s Encrypt support) * VPN: IKEv2 Support View full review »
Max Pupov
DevOps at a tech services company with 11-50 employees
The product could be simplified and made more self-explanatory. View full review »
Ibrahim El Sayed
Network & Hardware Administrator with 1,001-5,000 employees
I would like to see the SD-WAN feature improved. I want to manage many lines and load-balance them, getting high availability by making SLA tests according to: * Check interval. * Failures before inactive. * Restore link after. * SD-WAN Rules to control bandwidth, download and upload stream. View full review »
GlobalNe150a
Global Network Security Admin at a Consumer Goods with 201-500 employees
The support needs improvement. View full review »
Ian Cowley
Consultant
* The lack of import/export functions for network and service options drives me mad. * No route to NULL * No Dshield.org integration View full review »
Ryan Pealer
Network Administrator at a government with 11-50 employees
The UI can be cumbersome and, sometimes, features are not where you think they should be. View full review »
Martin Lindemann Frederiksen
It Forum Gruppen A/S
VPN needs IKEv2, but it’s in the roadmap. All other new, cool features will only come to the new Sophos XG Firewall. View full review »
Milos Lichtenstein
IT SM & Security Consultant at a tech services company with 1,001-5,000 employees
There is still room for improvement in wireless protection. I don't mean their WiFi device is bad, but there are still things to improve on, such as WiFi roaming. View full review »
Darren Weiner
Solutions Architect at National Renewable Energy Laboratory
The printed provisioning is the primary thing that needs improvement. View full review »
Bob Obrinsky
Owner with 11-50 employees
Support for IKEv2 is needed in this solution. But, the handwriting is on the wall that Sophos will probably stop development in favor of their XG Firewall. No timeframe on that yet though. View full review »
Securityde9c
Security Architect at a financial services firm with 501-1,000 employees
They could reduce the price. View full review »
MichaelCook
Senior Solutions Specialist at centerprise international
The price is an issue to consider for improvement. View full review »
securityspec4553
IT Security Specialist at a tech services company with 11-50 employees
The solution could be improved by adding cloud soundboxing. View full review »
Neeraj Panwar
Cloud Network Administrator at a tech services company with 11-50 employees
During initial configuration, I encountered a few issues. View full review »
Todd285
Unified Communications Specialist at Agentra
The memory and processing were problematic. The interface could be better. View full review »
Joshua Robertson
IT Specialist at a financial services firm with 201-500 employees
* SUM cannot manage app control * Improve app control system as a whole * Extend support for SG until XG has improved significantly. View full review »
it_user588840
CEO with 501-1,000 employees
Reporting: We have had to work manually in many of our reports. View full review »
Edward Cetron
Owner with 11-50 employees
Setup: Getting an exchange server to work behind Sophos is incredibly difficult with rules invoked that are simple numbers (e.g. 9054). View full review »
Find out what your peers are saying about Sophos, Fortinet, pfSense and others in Firewalls. Updated: September 2019.
372,124 professionals have used our research since 2012.
Sign Up with Email