We just raised a $30M Series A: Read our story

Sophos Cyberoam UTM OverviewUNIXBusinessApplication

Sophos Cyberoam UTM is #5 ranked solution in top Unified Threat Management (UTM) tools. IT Central Station users give Sophos Cyberoam UTM an average rating of 8 out of 10. Sophos Cyberoam UTM is most commonly compared to Fortinet FortiGate:Sophos Cyberoam UTM vs Fortinet FortiGate. The top industry researching this solution are professionals from a comms service provider, accounting for 29% of all views.
What is Sophos Cyberoam UTM?
Cyberoam Unified Threat Management hardware appliances offer comprehensive security to organizations, ranging from large enterprises to small and branch offices. Multiple security features integrated over a single, Layer 8 Identity-based platform make security simple, yet highly effective.
Sophos Cyberoam UTM Buyer's Guide

Download the Sophos Cyberoam UTM Buyer's Guide including reviews and more. Updated: November 2021

Sophos Cyberoam UTM Customers
Gulf Corporation for Technology, Maridive & Oil Services, Fidelity Bank, Petra University, Capital FM Kenya, Safari Park Hotel and Casino, Mayfair Casino, Pacific International Lines, Mozambique Ministry of Education, University of Namibia, Royal Hospital for Neuro-disability, University of Hawai, New Delhi Municipal Council
Sophos Cyberoam UTM Video

Pricing Advice

What users are saying about Sophos Cyberoam UTM pricing:
  • "This is a cost-effective solution compared to other vendors, such as Cisco."
  • "We pay for licensing the solution. It's my understanding that it is not overly expensive. It may be somewhere around $2,000 for a license."
  • "The licensing is on an annual basis and is very reasonably priced."
  • "There are no costs in addition to the standard licensing fees."

Sophos Cyberoam UTM Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Sadir Omer
Assistant Engineer - Network Solutions at Sri Lanka Telecom Services
Real User
Top 20
Useful data quota features, but scalability is an issue and the signature database could be enhanced

Pros and Cons

  • "Having a firewall solution with a data quota is very important when the bandwidth is limited, which really distinguishes it from other products."
  • "When it comes to web filtering and application filtering, it does not contain enough signatures to determine all of the sites that need to be blocked."

What is our primary use case?

We are a solution provider and Sophos Cyberoam UTM is the main product that we sell. We also use it as part of our own network security solution as well.

The primary use cases are setting data quotas on a per-user level, web filtering, and granting or denying access to resources. In Sri Lanka, the data is always limited, which is one of the biggest problems that we have.

How has it helped my organization?

In some companies, productivity is not as good because people are using sites like Facebook and YouTube. This can consume a lot of data without the organization being aware of it, and Cyberoam is really good in these kinds of cases.

What is most valuable?

Having a firewall solution with a data quota is very important when the bandwidth is limited, which really distinguishes it from other products. When it comes to small and medium-sized organizations, one of their main concerns is that their data quota is not exceeded. It is quite an advantage for the administrators.

There is training material available on the website for the administrators to learn how to set it up and use it. This is very helpful and can be done easily with a one or two day course.

What needs improvement?

When it comes to web filtering and application filtering, it does not contain enough signatures to determine all of the sites that need to be blocked. This is something that higher-end firewalls are better at.

For how long have I used the solution?

I have been working with Cyberoam for the past four years. My company has been using it for at least five or six.

What do I think about the stability of the solution?

Prior to the acquisition of Cyberoam by Sophos, the product was not very stable. Currently, it is really stable and we are happy with it.

What do I think about the scalability of the solution?

One of our clients has 200 employees and they are all relying on protection from Sophos Cyberoam UTM. Nonetheless, it is all on-premises and it does not work through the cloud, so I don't consider it to be a highly scalable product. I would say that it is better for a company with a single branch, rather than for one with multiple branches or with branches connected to a head office.

How are customer service and technical support?

Although we have people who are knowledgable about the product, if there is a level of configuration that we are not used to then we contact our distributor for help.

Which solution did I use previously and why did I switch?

I have also worked with similar products from Cisco and I find them quite difficult to set up compared to this. Cisco also has training available, but I think that you will need two weeks or a month to learn how to set it up and maintain it.

How was the initial setup?

The initial setup is between easy and intermediate. For a basic configuration, it is straightforward. I would say that compared to a Cisco product, it is easier.

What about the implementation team?

We have engineers who are qualified and we deploy Cyberoam for our clients.

For companies with approximately 200 employees, having two or three system administrators is enough to maintain it.

What's my experience with pricing, setup cost, and licensing?

This is a cost-effective solution compared to other vendors, such as Cisco.

Which other solutions did I evaluate?

Our customers look at many options but they normally choose Cyberoam because of the data quota, as well as the competitive pricing. After you buy the device, you can get subscriptions for different features. Companies normally buy it for one year or three years at a time.

There are also basic features that are available without purchasing a license. An example is that web filtering is not available without a license, but the data quota management is. That comes with the appliance itself.

What other advice do I have?

When we transitioned from Cyberoam to Sophos Cyberoam UTM, we were able to back up the rules and then upload them into the new solutions. It was easy to do and within a few hours, it was set up.

If your company does not have a network administrator then this is a good option because the training makes it very easy to use. For larger, enterprise-level organizations, people will look for different solutions.

If I were rating this product only for the Sri Lankan market then I would score it an eight out of ten. However, the majority of other countries do not have the issue of bandwidth limitations, and without the quota being important, I cannot rate it as high.

I would rate this solution a six out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
DR
Head of IT at a tech services company with 1-10 employees
Real User
Reliable, easy to set up, and excellent for remote access with the VPN

Pros and Cons

  • "The solution is excellent for web and application filtering and remote access with the VPN."
  • "Sometimes, during part of the configuration, if you don't have a lot of technical knowledge, then you may struggle a bit to configure it."

What is our primary use case?

It's a UTM device, unified threat management, and we use it for web and application filtering and of course to scan the traffic that comes from the internet to the LAN. Due to the pandemic issues and people working from home, a lot of these devices were configured for the SSL VPN.

What is most valuable?

The endpoint protection part of the product can all be centrally managed from the cloud as well. Even the firewall, as an MSP, can be configured and then managed from the cloud.

The solution is excellent for web and application filtering and remote access with the VPN.

The initial setup is pretty easy.

The solution is stable and reliable. 

What needs improvement?

Sometimes, during part of the configuration, if you don't have a lot of technical knowledge, then you may struggle a bit to configure it - especially for the exit through the internal server. When you are doing the business application publishing and if you don't know much of the port forwarding or how the business application configuration is done, then you may struggle a bit.

The pricing could always be better. It would make it a win-win for everyone.

For how long have I used the solution?

I'm currently configuring one right now. I've been using the solution for a while.

What do I think about the stability of the solution?

The solution is very stable and reliable. There are no bugs or glitches. It doesn't crash or freeze. 

What do I think about the scalability of the solution?

There are modular firewalls. The entry-level devices do not have the slot for adding more network ports or things like that. Therefore, it depends on the organization as to what level of configuration they want. If it's a small organization, then the entry-level product, something like XG86 or XG115 et cetera, all those are sufficient. However, if it's an organization that requires adding more ports or more cards to their plans, then starting with an appliance version XG125 is ideal as it has the optional modular port whereby you can add additional cards.

How are customer service and technical support?

Technical support is okay. I had issues with the technical support in that they did not respond on time. However, we have to deal with the different time zones.

How was the initial setup?

The solution is pretty straightforward. Within 10 minutes, it was put in production on the network.

What about the implementation team?

In-house certified team implementation

What's my experience with pricing, setup cost, and licensing?

Licensing is on a yearly basis. They also offer a month-to-month extension if required. After 12 months, if your license expires and you want to exchange it for one month or two months, then that is possible as well.

The pricing on the partner portals is okay. The challenge comes as there's sort of a monopoly for the distributor in Tanzania. There is just one distributor and that is where the challenge comes. Sometimes the distributor is out of stock or they set up their own freight charges. Sometimes they're out of stock and the stock takes maybe four to six weeks and is then delayed. Basically, the challenge comes up when the distributor is out of stock.

Which other solutions did I evaluate?

Before choosing this option, we looked at Cisco ASA, Fortinet, and Juniper.

What other advice do I have?

We're a gold partner. We configure it for our clients on-premises. 

Cyberoam was actually taken over by Sophos about three years ago.

The latest versions were announced just about a few weeks ago, if not more. It was the XGS Firewall. So what I'm configuring right now is a Sophos XG firewall.

It's just a firewall. Basically, it's the hardware. Either you have the hardware or you can have it as a virtual machine.

I'd recommend the solution to other users.

I'd rate the product at a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Learn what your peers think about Sophos Cyberoam UTM. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
552,305 professionals have used our research since 2012.
GC
Science Technician at a government with 201-500 employees
Real User
Top 5Leaderboard
Easy installation with good load balancers but needs better documentation

Pros and Cons

  • "The solution has good load balancers."
  • "There needs to be more documentation that users can access to help them understand the solution or troubleshoot as necessary."

What is our primary use case?

We primarily use the solution for its firewall capabilities. We use it to make a firewall for the network and the two main computers as well as our web pages. 

What is most valuable?

The solution works really well overall.

It's quite easy to configure everything, which is a great selling point for us. You can easily adjust the users and load balances, for example. We can make our own rules and input as many as we like. 

The firewall is very good. It provides a nice amount of security.

The solution has good load balancers.

We've found the solution to be very stable.

So far, we've found the scalability to be acceptable.

The installation process is pretty easy.

What needs improvement?

A user needs to do some training on the solution in order to take full advantage of the product.

There needs to be more documentation that users can access to help them understand the solution or troubleshoot as necessary. Right now, this is lacking quite a bit.

Beyond that, there aren't really any missing features that I can recall. I can't speak to what I would like to see in a future release.

What do I think about the stability of the solution?

The stability of the solution is quite good. There are no bugs or glitches. It doesn't crash or freeze. It's reliable and offers us a good performance. 

What do I think about the scalability of the solution?

The product is quite scalable. If a company needs to scale it up, it can do so. It's not a problem.

We have at least 500 users on the product currently.

How are customer service and technical support?

I don't have any experience with technical support. I have never used them and therefore can't speak to how responsive or knowledgeable they might be.

Which solution did I use previously and why did I switch?

We used to use Kerio Control. I actually liked using it, however, we only had it for about eight or nine months before moving off of it. That said, I didn't have the skills to manage the solution properly.

How was the initial setup?

We have found the initial installation process to be straightforward and easy. It's not overly complex or difficult. A company should be able to manage it rather easily.

If you connect it then you can adjust the web page and the IP and you can make a batch configuration. Then you can simply connect to the tower. It's not hard.

The deployment maybe took three or so hours. It wasn't a long amount of time. That includes handling all of the configurations as well.

We have five members that make up a technical team that can handle deployment and maintenance. Two are administrators. One is a security admin and the other is a network admin. Those are the two that mostly manage everything and have the rights to do so.

What about the implementation team?

At the time, we used a consultant to assist us in the process. They were quite knowledgeable and helped a lot.

What's my experience with pricing, setup cost, and licensing?

We pay for licensing the solution. It's my understanding that it is not overly expensive. It may be somewhere around $2,000 for a license. 

What other advice do I have?

I'm not sure of which version of the solution we're using.

I'd recommend the solution.

I would rate it at least a seven out of ten. It's a pretty good solution and we're mostly happy with it.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
MV
Senior Security Engineer at a tech services company with 11-50 employees
Reseller
Top 20
Has good standard firewall-type functionalities as well as a good web application firewall

Pros and Cons

  • "I'm more inclined towards the conventional firewall. So for me, I'm more geared towards the standard firewall type functionalities as well as the web application firewall because that seems to work fine."
  • "I would say there's room for improvement in terms of the GUI. Because it is better than some of the other standard firewalls. They have the drag and drop features."

What is our primary use case?

The majority of it is on-premise protecting the external to internal and then we utilize the features inside the Cyberoam XG series like their IPS and their web application firewall to do the filtering as well as their proxy server inside the application control.

What is most valuable?

I'm more inclined towards the conventional firewall. So for me, I'm more geared towards the standard firewall type functionalities as well as the web application firewall because that seems to work fine.

What needs improvement?

I would say there's room for improvement in terms of the GUI. Because it is better than some of the other standard firewalls. They have the drag and drop features.

Also, their logging systems need improvement because their logging systems sometimes look a bit complicated if you're not familiar with it.

For how long have I used the solution?

We have been using Sophos since the XG version, so around four to five years. 

What do I think about the stability of the solution?

It's quite stable. When they first started out with the XG series it was a bit buggy but after a few releases, it became quite stable.

What do I think about the scalability of the solution?

The XG series is much better compared to the previous UTM. Because with the XG series you can actually approach the enterprise level. Previously we tried to go for these large enterprises when we talked about the Sophos Firewall. When they moved to Cyberoam XG series Firewall they were much more scalable and they're much more robust compared to earlier ones. 

Most of our clients are enterprise-size. We have one customer that's using almost about 200 units of the XG series firewall. Then we have other customers using it on their larger network, so they cater to about 300 to almost 500 users

How are customer service and technical support?

I don't have any problems with technical support so far because any time I ever contacted technical support it was for a major issue. Other than that I don't have any issues with technical support.

Which solution did I use previously and why did I switch?

I previously worked with Nokia, Checkpoint, and FortiGate. Checkpoint is in the enterprise range, it is very high end. It's not a very cheap product compared because when it comes to pricing Checkpoint is very expensive. If you're comparing Sophos to FortiGate they are more or less similar. FortiGate can do a virtual firewall that Sophos cannot.

How was the initial setup?

The initial setup is straightforward. The deployment is very fast. With an engineer, it can take a few hours. 

What's my experience with pricing, setup cost, and licensing?

Sophos is quite flexible when it comes to pricing.

What other advice do I have?

I would just say keep it simple, don't make it too complex. Keep it simple and then from there scale it up.

I would rate it an eight out of ten. 

To make it a higher score, Sophos should look at the virtual firewall feature because most of the current players like Juniper have the option for a virtual firewall. That way you can actually split up into multiple different firewalls or one physical firewall.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: distributor
SH
Network Administrator at Hass Petroleum
Real User
Good VPN and reporting capabilities with an easy initial setup

Pros and Cons

  • "The VPN is excellent on the solution."
  • "The policy is a bit too vague."

What is our primary use case?

I'm using Cyberoam in close to nine locations.

We are using, for example, IP sets from Kenya to Somalia, a place where we could not get MPLS connectivity. 

We have a secondary server in the Somalia office. I also use it from the Nairobi office to the Dubai office as the MPLS is very expensive and I need to do a backup daily. That is for the IP sec. 

For the VPN, we use it to access our ERP systems remotely from everywhere. Close to a hundred users use it and it has been stable.

What is most valuable?

The VPN is excellent on the solution. 

The reporting aspect of the solution is very good.

The initial setup is straightforward. A company should have any troubles setting it up in their organization.

What needs improvement?

The reports are not very detailed, or, at least, some aspects of it are not that detailed. They need to improve the reporting and to bring in greater detail.

The policy is a bit too vague. The solution needs to be much clearer when they go about making policies.

I'd like to see better documentation in the future.

For how long have I used the solution?

I've been using the solution for the last five years.

What do I think about the stability of the solution?

Overall, the stability has been excellent. I've only had an issue with one device which had a power surge that destroyed it and I replaced it. So far, so good. I've never had it with latency issues with the memory going down. It has been good. It has served me well.

What do I think about the scalability of the solution?

We have many offices. There may be 300 to 400. So far, it hasn't been an issue.

How are customer service and technical support?

The technical support is good. Our license is the eight to five, not 24/7. Once you raise a ticket through the chat, you open it with another ticket with the account. Anytime when you open a ticket, they're very efficient. I've never had an issue with them. We're quite satisfied with their level of service. 

How was the initial setup?

The initial setup is not complex. It's straightforward. I haven't had an issue with the process at all. It's been easy.

Basically, for most of the machines, we take a backup of it. Once I get a new machine, I install the backup with all my policies and everything set, and I only change the IP. 

Which other solutions did I evaluate?

We are thinking of getting another firewall. I'm currently comparing Cisco Meraki, Fortinet, and Sophos. We're trying to see the cost and comparing them on a few points.

Any past evaluation was a long time ago. Before I joined the organization, the organization evaluated Cisco. Nowadays, Cisco, Meraki, and other options came out, and they might not have as many features. 

What other advice do I have?

We are a customer and end-user.

We are using various versions, including 100iNG, 50iNG, and 25iNG.

I'd rate the solution at an eight out of ten. There's always room for improvement, although mostly we have been happy with it.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Manojkumar Deshmukh
G.M.(Works) at a manufacturing company with 501-1,000 employees
Real User
Top 5
Stable, with good geofencing, but at its end-of-life

Pros and Cons

  • "The performance has been good overall."
  • "The product is at its end-of-life. There is nothing to improve as it will be discontinued."

What is our primary use case?

We primarily use the solution for operating system security.

What is most valuable?

The geofencing and report blocking are the solution's most valuable aspects.

The solution is quite stable. The performance has been good overall.

What needs improvement?

The product is at its end-of-life. There is nothing to improve as it will be discontinued.

With technology such a Sophos, Palo Alto, and Fortinet there has always been a lot of online documentation, which Cyberoam always lacked.

For how long have I used the solution?

We started using the solution in 2016 or 2017. It's been a few years.

What do I think about the stability of the solution?

The solution is quite stable. There are no bugs or glitches. It doesn't crash or freeze. It's quite good overall. We find it reliable.

What do I think about the scalability of the solution?

I haven't worked on scaling the solution, and therefore can't speak from personal experience on how well it would expand or how easy it would be. Our company is not in the process of expanding it out, either.

We have about 100 user on the solution currently.

How are customer service and technical support?

The technical support was always good, however, it was never as good as the technical support offered by Sophos. They could have been more helpful and responsive. They could have been better at sharing information. However, it doesn't matter anymore, as we are moving on to Sophos.

Which solution did I use previously and why did I switch?

We are now moving over to Sophos, as this solution is obsolete.

How was the initial setup?

The initial setup is not complex. It's quite straightforward. A company wouldn't typically have any issues rolling it out.

I cannot recall how long our deployment took, exactly. It's been a few years since the process happened.

What about the implementation team?

We did not require assistance from outside contractors when we did our initial implementation. We handled it in-house. We did not hire consultants or integrators.

What's my experience with pricing, setup cost, and licensing?

The solution wasn't overly expensive. If you are covering your company from security risk, it's often worth the cost. Security solutions aren't something you want to cheap out on.

What other advice do I have?

We're typically using the latest version of the solution. We update our policies every three years and continue to update them. 

The product is obsolete and we have moved over to Sophos.

Generally, I would tend to recommend Sophos XE to users.

Overall, I would rate the solution at a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Darshil Sanghvi
Consultant at a tech services company with 501-1,000 employees
Reseller
Top 5Leaderboard
The reporting tool is one of the best we have tested but it needs integration with the security features

Pros and Cons

  • "We consider the user level and control features of Sophos Cyberoam UTM to be the best."
  • "The VPN is an area that can be improved."

What is our primary use case?

We use the solution strictly in connection with the files of internal users, such as in a case that they are using the internet and we wish to control their bandwidth or time limit. 

What is most valuable?

We consider the user level and control features of Sophos Cyberoam UTM to be the best. The user part is one its greatest features. The solution even has its own reporting tool, which is one of the best we have tested. Furthermore, the dashboard is user-friendly. 

What needs improvement?

The VPN is an area that can be improved. Often, it will fail to connect or become disconnected. Also, the solution is not in the same lane as sending organizations, which have more security features. The enhanced security model is also lacking time-wise. 

Now that the company has shifted from Cyberoam to Sophos, I would not recommend implementing the security-related features of the solution. I have heard from customers that it falls short of the mark. 

In the next release, I would like to see integration with the security features. I wish to see in the actual device the integration of the security feature with another product.

For how long have I used the solution?

We have been using Sophos Cyberoam UTM for four or five years. 

What do I think about the stability of the solution?

I have not experienced any downtime with the solution.

What do I think about the scalability of the solution?

We did not expand the solution, limiting its use to five-to-ten percent increments in the number of users, no more. 

We have no plans to increase the usage. 

How are customer service and technical support?

The solution's technical support offers the best services available. When one of our customer's devices went down, all he needed to do was call tech support and they mailed him the device without requiring any verification or validation whatsoever. 

How was the initial setup?

The initial setup was very simple to apply and integrate.

What's my experience with pricing, setup cost, and licensing?

The licensing is on an annual basis. It is very reasonably priced.

Which other solutions did I evaluate?

While we did evaluate other solutions prior to going with the product, when it comes to user level controls, I consider Sophos Cyberoam UTM to be the most suitable product.

What other advice do I have?

Our organization has multiple branches and, overall, approximately 200 users are utilizing Sophos Cyberoam UTM devices.

I would rate Sophos Cyberoam UTM as a six out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
MS
Information Technology Network Administrator at a comms service provider with 501-1,000 employees
Real User
Top 20
Good application filtering, anti-spam, and IPS features

Pros and Cons

  • "The interface is user-friendly."
  • "We have had some issues with technical support, which is an area that needs improvement."

What is our primary use case?

We are using Cyberoam UTM as our centralized gateway and it is useful for web filtering, application filtering, anti-spam, and IPS.

What is most valuable?

The most valuable features are the IPS and anti-spam functionality. The application filter is also very good.

The interface is user-friendly.

What needs improvement?

Web filtering capability that allows the blocking of web sites needs to be implemented.

We have had some issues with technical support, which is an area that needs improvement.

Support for cloud security sandboxing would be a helpful addition to this product.

For how long have I used the solution?

I have worked with Sophos Cyberoam UTM for about 10 years.

What do I think about the stability of the solution?

Cyberoam is mostly stable but sometimes there are bugs. During such periods, we have resolved the issues by either rolling back firmware or updating.

Overall, it is a good experience in terms of stability and performance.

What do I think about the scalability of the solution?

We have not had the requirement to scale because it has been more than enough for us. We have about 300 users and have not had any issues in terms of performance.

How are customer service and technical support?

The speed of response from technical support is very good. However, the solution that they gave us was not working afterward. We implemented the solution and did not get the desired result.

Which solution did I use previously and why did I switch?

We did not use another similar product prior to Cyberoam.

How was the initial setup?

It is very easy to implement and configure.

What about the implementation team?

Our in-house team was responsible for the deployment.

What's my experience with pricing, setup cost, and licensing?

There are no costs in addition to the standard licensing fees.

Which other solutions did I evaluate?

This product is going to be at the end of life this year, so we are going to be looking at other devices and other vendors. The best product that we have tested so far is from Fortinet. My second choice would be Sophos UTM.

What other advice do I have?

My advice is that if Cyberoam continues in the future then it is a product I recommend. However, my understanding is that the product will no longer be available next year.

For people who want to migrate from Cyberoam, the best option that we have seen so far is from Fortinet.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.