Email spam filtering only works if you have an on-prem Exchange server. It doesn't interface with Office 365 like the XG model. That would be one feature that they could improve. They're not going to do it because they're trying to push us all to XG.

Initially, there were problems of wireless access points not getting detected and lease lines were getting disconnected after one hour. Sophos replaced the appliance, but the issue was not resolved . The matter got escalated to their international support and the issue was identified as a bug where long distance fiber connections are used over single mode fiber. The patch was shipped by Sophos with a promise to fix the issue in the next release.

Now, the appliance is working fine. The issue of wireless access points was due to some compatibility issues with the D-Link switch. I provided the Cisco 2900 series switches to connect to the wireless access points by creating a separate wireless LAN port on the firewall.

Last year, Sophos had some major internal management changes that negatively impacted their support. 

I would like to see better reporting and better alerting.

They could use more SSL VPN support.

We'd like the setup to be even easier, if possible. 

I don't have any notes for improvements at this time.

I'd like to see some filter features added in the next release. 

There can be a delay when it comes to reaching out to technical support. 

The reporting system needs to allow for customizations because many reports do not include details that we expect. 

It would be beneficial to have a security fabric feature like FortiGate that integrates with UTM devices and reports to expose issues. 

The technical support team’s response time could be improved.

Sophos UTM needs to streamline the VPN configuration. It also needs to fix the concerns related to the solution's Port Address Translation (PAT) rule.

In the future, I want Sophos UTM to provide users with sandboxing features.

The scalability of the product is an area with certain shortcomings where improvements are required. Sophos should give some flexibility to users, especially when you run low on things like memory and storage.

The support team's turnaround time is an area of concern where improvements are required.

In Sophos UTM, there is room for improvement in certain areas. For instance, I believe that its feature known as Synchronized Security could be enhanced. The solution's technical support for India needs to be improved.

I will need to think about the additional features the solution needs to include in its next release.

Sophos UTM is sensitive when it comes to setting up the SSL VPN, with the certificate.

The bandwidth speeds are limited, although this could be because they're doing web filtering. They need to have the time to filter all of the traffic.

The logs are not clear, which means that you need an additional piece of software in order to read them clearly. This is the main issue with Sophos UTM. Essentially, you need to spend time looking through the logs and if you want quicker access then you need to have third-party software.

At the very least, keep existing. I will continue to use Sophos. If Sophos maintains its current ease of management, I believe I will continue to use it.

I would like them to keep the features as they are.

The GUI can be improved. It is not as good as Trend Micro, but I still like it.

The GUI could be more user-friendly.

Now, they offer a SaaS product in comparison to XDR and, TRM, which stands for automatic analysis of virus behavior or deadline. Currently, for example, when there is a threat, we analyze it ourselves, but now they offer automatic analysis because Sophos' XDR is based on cloud PCS.

I would like them to include automatic analysis for virus behavior and also cloud PCS.

I didn't like it much. It suits only small businesses. It isn't scalable and reliable. There is a very critical issue with the power supply.

It is a fine product, however, I need more endpoint protection.

They should release a license for more than 50 IPs. As of now I have had some discussion about with management, and we need to do some planning and around that to see if we can change things.

The pricing is too high. There are other options that are less expensive, such as Bitdefender. In fact, Bitdefender is very good, aside from lacking a firewall such as this. Beyond that, it's a very good product with central management on-premises. 

It would be nice if it had basic features, such as DLP (Data Loss Prevention).

The UTMs are end-of-life so the web interface is not top-notch and needs more speed. There is still support for the UTMs so they are the best we have right now. 

The solution needs better captive portals and they could have faster UIs. 

An improvement to the transparent proxy would help. A user should be able to open a webpage and be redirected to the captive portal like with WIFI or XGs. From there, the user should be able to log in with a username and password to gain internet access. Many clients migrate to XG due to this missing feature. 

I found just one instance of a virus on somebody's email, and Sophos cut it off immediately. Then the admin said, "Oh, this is a virus. That's a new one." They found out that I hadn't updated some virus information.

The virus updates will always depend on new viruses that are discovered. Maybe they can send a notification or a reminder for update time. 

An area for improvement in Sophos UTM is load balancing because my company cannot use it currently. If Sophos could release a new configuration for the load balancing feature to work for my company, that would be great. My team has requested this through the Sophos portal.

Another issue with Sophos UTM is that I cannot monitor YouTube or WhatsApp. I need to block videos and images, but I cannot do that over Sophos UTM.

Sophos UTM could improve the way the configuration has to be done. I have to do the configuration through the command line interface but if it could be done through the graphical user interface it would be much better.

It does have built-in policies which enable you to disable USB devices, etc. It would be nice if they had more policies because there are not that many of them.

The reporting could improve by providing information on where, or from which device attacks are coming from. We are already given the country where the attack is coming from but more information would be beneficial.

The support could be better.

They need to improve their email protection. Their email protection is horrible. They have an email protection license that is paid for. However, they need to improve on email protection capabilities.

They need to have proper reporting. What they offer no is weird. I need to get another application to give me a clear diagram of my network. This should instead come directly from Sophos. 

The integration capabilities could be better.

Sophos' new generation firewall is missing the link that provides antivirus for each computer. It would be helpful if they could add that element. The technical support used to be excellent but recently they don't seem to be able to solve our problems. 

Sophos UTM could be simplified, and they can improve on the many other features, like SD-WAN and load balancing. Sophos UTM is missing a few features that their competitors have. For example, if you have multiple branches you would like to connect, the load balancing features aren't available on multilink. If we create a VPM for multiple LAN links, we cannot load balance the traffic.

We don't need any extra features. We only use it for the servers and the workstations. We'd like to see them offer their services on mobile devices like tablets. I'm not sure if that's an option or not.

There is definitely room for improvement with Sophos UTM. For the SG version of Sophos UTM, they can add blocking of countries in the NAT section, not only in the firewall section. 

When you are mapping, they should also add the ability to block countries in that section. That's not available right now. It's only available in the firewall if you want to block incoming traffic.

With Sophos UTM, there is a general rule in the firewall when the country blocking can block some countries from accessing your data. In the current version, you still need to add it by putting in the IP range. 

This feature would be helpful for administrators and it gives them the advantage to block stuff in less time. 

The web filter needs additional enhancement but that's the point of the XG upgrade. If they're going to continue with the production of the XG, then they will not add the same features to the basic version of Sophos UTM.

The application server needs to be improved because currently, the classification segregation of applications needs to be more defined. Also, we used to be able to open the firewall using LAN IPS but that's no longer possible and needs to be solved. I'd like to see an improvement in central categorizing. These days with all the applications and threats, getting everything filtered down needs to be a finer, more granular process. There are times when you find that a website seems to be legit, but there is a code running behind it that can act as a proxy or some kind of a bot. The sites are always logged on, but at times we have to open for a few clients or a few sites and in that time they're open to attack.

The unit offers great failover and load balancing features that can be complex to understand, some streamlining of the process would help. More predefined port rules would help the novice user/technician as well.

I would like them to move from the Classic Load Balancer to the Network Load Balancer. This would make it easier to do certain things with Amazon. They are able to do some enhancements with Network Load Balancer that they are unable to do with Classic Load Balancer.

In Sophos UTM there is always a problem with the routing tables. If you want to see the routing table, you have to use the UI. You can't do it via a web browser. The routing table is better in Fortinet.

I can't recall dealing with any missing features.

Lately, I've dealt more with Fortinet, and haven't focused too much on Sophos.

The initial setup may be difficult for those not familiar with the product.

At Enterprise level the SUM (UTM Manager) needs to be updated to reflect all of the capabilities

At the Reporting level for user internet browsing the On-box Reporting is very basic and even adding the Sophos iView only give you limited improvement. Having said that, Fastvue’s Sophos Reporter provides all of this and more and integrates seamlessly with the UTM platform to unlock all of the log data’s value.

The SG platform does however not scale to a large enterprise deployment. You can deploy at scale but this is where the platform shows its age and limitations. For Large and Enterprise the better option is to go with the Sophos XG Platform.

The application control is really bad. It needs a lot of enhancements. The traffic shaping and bandwidth control, and application control need a lot of work.

In future releases, Sophos can enhance its quality of service. 

I'm still exploring the features and I haven't used them in totality. 

I think that additional metrics features are needed to be able to monitor other areas or to monitor as much as you can, at a fine-grain resolution. This would be good. Somewhat similar to what Darktrace can do. 

Proactively understand and using AI intelligence to monitor and see activities that are away from the norm and then proactively see how they can either isolate the quarantine system and inject it back into the system upon validation.

They could explore most of the products in Symantec's and Fresh Services and run from the same file to see what additional feature one is offering.

I would also like it if they could work on the price because it is expensive.

This product could use some improvement with web filtering. It takes a lot of time and effort to set up and maintain.

Palo Alto has a different market because of their dashboard, overall looks, and other features. They are costly, but their services are quite good. And they offer a different platform compared to their competitors. Their device operates differently from others. While Palo Alto and Sophos have similar features, they operate on different platforms, providing a superior user experience compared to existing devices. In short, the UI and UX are the areas of improvement in Sophos UTM and similar solutions compared to Palo Alto.

I would like this solution to support ICAP. Also, they no longer support on-premises management, and are forcing clients to use centralized management via the cloud, which I don't agree with.

There were a lot of features and functionality in Sophos SG UTM but nothing was state of the art in terms of technology. You did not get the latest functions. It was very monolithic as it was based on an old Linux PuTTY system.

Everything has changed in the newer version of the solution from the SG to the XG. It was a completely new reborn version. You are not able to migrate from SG to XG using scripts. it is very difficult because of the differences. There was not a simple migration path from one to the other.

In the Sophos SG UTM version, you cannot have any other functions. Sophos will tell you "It's a closed version. We will not have any more functions." However, in the new version, you have a lot of new functions, and every two or three months you have new features. For example, you can use Sophos Central to synchronize both strategy policies and even security, if you are equipped with Sophos antivirus on workstation and server. If your antivirus on the workstation finds a threat, your firewall will have the information of the station, what issue it had, and what other stations it communicated with.

Sophos has to enable the Intercept X or an EDR function on the firewall because for the moment, the firewall is only equipped with sandboxing or something similar. Which, is quite good but there should be something easier for the user. For example, the logs at the moment are not as simple as they are in other solutions, such as Fortinet, it is very important to have a logging tool, log reporting, or a reporting engine. We need to see logs and find information within. However, 10 years ago, we do did not care about the logs but things have changed. We need them to analyze, to have a view of some of the layers but we do not have this. They could improve by providing better log functionality and features.

The ease of use could be a bit better. It's something they could work on.

The ease of configuration could be improved. It's not as simple as it could be just yet. However, it's kind of the nature of it.

They're kind of difficult to get set up sometimes.

Some of the detail in the web filter and the email filtering could be better outlined in the reporting. It is not as good as the two separate standalone solutions we used previously. However, it does also gives us a lot of other stuff that those two solutions didn't. It's a trade-off.

I would like some features that are available in other brands. For example, I sometimes a person is using too much bandwidth, and it isn't easy to find this information in Sophos. Also, we have to switch connections manually when we are using a VPN and lose the MPLS connection. It isn't automatic. 

Sophos UTM could improve if there was no limitation on users.

I don't really have any notes for improvements. I don't need additional features. 

The VPN could be better. We need a better VPN client for the customers.

We'd like better logging. 

Sophos UTM sometimes falls short in high-availability environments. They used to launch firmware that didn't work very well in a high-availability environment. 

One additional feature that should be included in the next release is
synchronized security, which would enable all the security to work together as a system. Another suggestion is to add advanced threat protection (ATP) to defend against sophisticated Malware. Seeing these additional improvements would be a great thing going forward.  

The UI on it could stand a little improvement. In some areas, it is a little slow and clunky. It is sometimes not easy to find something. However, once you get used to it, it is pretty normal to use.

You (currently) need to buy the Sophos software per availability, zone, and per VPC. It should offer an account-based solution.

When you buy a Sophos license, you have to buy a license for each location. We have clients in the US. We have clients in Ireland. We have clients in the UK. With GD-PI coming, the clients' data needs to stay in-house, so when you buy the Sophos license, it only works for the UK. Then, you have to buy another in the USA and another one in Ireland, then you have to have a VPN tunnel between all of them to have them talk to each other because Sophos blocks them talking to each other.

So, ideally, a multi-VPC or a multi-talented Sophos would be great because it would take away the fact that you need to build a tunnel and you have one management console for all your different locations. Instead of having three different locations with three different IP addresses and having to add users to probably two out of three, sometimes all three, having just one centralized location would be good.

I would like to see the SD-WAN feature improved. I want to manage many lines and load-balance them, getting high availability by making SLA tests according to:

1. Check interval.
2. Failures before inactive.
3. Restore link after.
4. SD-WAN Rules to control bandwidth, download and upload stream.

The solution needs to do better at covering mobile devices, although they may have an integrated solution for that purpose. 

I don't really know how it behaves when it comes to web server protection. We have no web servers of our own. I don't know how it behaves if we open our servers to the outside. My sense is that the degree of protection must be higher.

We need to speed up the support.

Sophos UTM is not a highly available and scalable product. Till now, it is a single point of failure.

I would like to see Sophos UTM add support for all the new threat-detection technologies and the ability to respond to novel security threats that come along every day.

I'm in the process of switching every UTM device in all branches to Sophos, so I need visibility into each branch to see the activity. I need alerts for any threat that enters the network. If there is unauthorized access or some specific action that can threaten my network, I want to be notified.

I think the interface configuration could be improved. It's very complex for now. They need to provide more videos and have more documentation. I think that's missing at the moment. By chance, I found something on a video that wasn't in the documentation and it was a lifesaver. I upgraded my hardware from 100 megabytes to 1,000 megabytes and had many problems. I had to start from scratch and get someone to help me with it.

Sophos UTM has many improvements that I would suggest, but the main one is for the Application Control to be managed with users as well, and with timeframes (schedules) for the administrator to allow certain apps outside an specific timeframe, or vice versa.

We had some problems with the configuration. They had provided a CloudFormation template, and we had to go several rounds to make it work. 

Sophos UTM's firewall is a bit weak, and some of its features lack depth compared to other products like F5.

There needs to be some improvement in the IPsec VPN. There is implementation only support. I have version one. I'd be most interested in having IP version two from the protocol.

Setup: Getting an exchange server to work behind Sophos is incredibly difficult with rules invoked that are simple numbers (e.g. 9054).

• Certificate management (ex. Let’s Encrypt support)
• VPN: IKEv2 Support

I wish the internet failover worked better. As it stands right now, when we have an internet failure on WAN1, it takes several minutes before our WAN2 connection picks up the traffic, with many things not working until I manually fail over to the other WAN.

Its identification of users without the need of setting up Proxies or Identity software could be better, that is probably the trickiest section to setup.

Sophos UTM's internet security could be better.

I have no suggestions for improvement for Sophos UTM. It's been a decade and it has been a very good product throughout the Pakistan market.

Pricing could be improved. After-sales service is much better. Once you have a sales team and a technical team for any product, it definitely becomes very easy to pitch or get the revenues out of that product. Flexibility in pricing matters a lot.

I think the behavior with the zones was a little bit tricky to understand at the beginning of this project. It can be hard to manage at first, but overall, we don't have many problems with this solution.

The printed provisioning is the primary thing that needs improvement.

The product could be simplified and made more self-explanatory.

The goal for small companies is to have one administration dashboard -- from where you can manage antivirus for computers, firewalls, IDS, IPS, mobile phones, tablets, etc.

Sophos UTM is on the right path to getting there.

Sophos has a very small crew of people who continue to work on enhancing the UTM. At some point, they had actually stopped enhancing it and the word on the street was that they weren't going to enhance it any more because everybody was going to go over to XG, but they found that 50% of their users were still on the UTM and that was five years after they'd come out with the XG line. They decided they were going to rebuild some core parts of XG, and that would take a while. It's been six years and they're still not there. The updates come out agonizingly slowly. They just trickle out and when there's a problem with an update it takes a while to sort out. It's still a viable product but the more they improve XG, the less you have a need to stick with SG.

Every product has room for improvement.

Would be great if it would be possible to improve IPSEC site-to-site VPN connectivity over slow/unstable internet connections.

HA needs to be improved for the software appliance because if Sophos is deployed in ESXI/Hyper-V then the HA is unstable. Also, the web application firewall only allows the use of ports 80 and 443, and if we could use others ports than that would be a welcome addition.

The sanctions make it difficult for us in Iran to take full advantage of this product, like many others. 

It needs a better user interface. The one they have is not so good. 

• SUM cannot manage app control
• Improve app control system as a whole
• Extend support for SG until XG has improved significantly.

The price is an issue to consider for improvement.

• The lack of import/export functions for network and service options drives me mad.
• No route to NULL
• No Dshield.org integration

• A cleaning up function to remove unused references.
• A dashboard to show that the various parts of the solution really do their tasks and not only have been activated or configured (e.g., From the live log of the IPS function it is difficult to understand if the solution (snort) is running or experiences a problem and has stopped working.
• The possibility to add the sandbox (and possible future) function, paid for, to the free Home version.

The reporting could be a lot better and technical support could be improved.

We are very happy with Sophos. I can't think of any pressing issues that need to be addressed.

There are things missing when it comes to policies.

The web filtering capability should be improved.

Anti-phishing functionality should be improved.

There is still room for improvement in wireless protection. I don't mean their WiFi device is bad, but there are still things to improve on, such as WiFi roaming.

The support needs improvement.

There's an issue that when we deploy UTM on fiber, it automatically upgrades to the latest version without giving an option to stay on the current one.

Sophos should improve its ability to check something like bandwidth consumption for users or something more real-time.

real time trafic graph most show specific info from user, ip and bandwith, in my personal opinion i have seen better traffic graphs in open source firewalls.

The memory and processing were problematic. The interface could be better.

VPN needs IKEv2, but it’s in the roadmap.

All other new, cool features will only come to the new Sophos XG Firewall.

The ability to disconnect the VPN connection needs to improve. Currently, in order to disconnect an existing VPN connection of a device, the admin needs to change the password of the user.

Certificate Management should be improved.

They should have more powerful appliances. The appliances throughput and performance is suffering under high traffic usage. Also, I think they need better appliances for enterprise and high end customers.

It really needs to update IPSec to enable IKEv2.

In the next release, the solution should contain an administration security user to access the interface.

We would be happy with fewer new features over the same time, but with more stable updates!

We would like to have unique viewable IDs for rules and in the packet filter logfile, for easier debugging of old log files.

Sophos UTM shouldn't die.

Support for IKEv2 is needed in this solution. But, the handwriting is on the wall that Sophos will probably stop development in favor of their XG Firewall. No timeframe on that yet though.

The solution could be improved by adding cloud soundboxing.

The five-factor authentication needs improvement. 

It needs central management. 

Monitoring and reporting are areas that need improvement.

The web filtering engine needs to be improved as, sometimes, the service hangs for a while and restarts randomly. Alas, there was an issue with authorizing Lync traffic but it's all good now.

The UI can be cumbersome and, sometimes, features are not where you think they should be.

Sophos is number two on the market, and from my experience, even if there are some drawbacks, they have workaround solutions in the product. Every day, Sophos makes developments in the firmware that are free if you have a valid license.

Their new product range which is the new SG Series UTMs, especially the wireless versions, should at least include two radios for 2.4 Ghz and 5 Ghz bands. Currently we can only run one or the other, but not both.

They could reduce the price.

Sophos is good for endpoint security but Trend Micro is better than Sophos. APEX is better than Sophos because it has a friendly, usable dashboard, and the implementation is very easy.

Sophos should be more user-friendly, have more dashboards, and an easier implementation.

Reporting: We have had to work manually in many of our reports.

During initial configuration, I encountered a few issues.