We just raised a $30M Series A: Read our story

Sophos UTM Competitors and Alternatives

Get our free report covering Fortinet, Netgate, Sophos, and other competitors of Sophos UTM. Updated: November 2021.
555,139 professionals have used our research since 2012.

Read reviews of Sophos UTM competitors and alternatives

Shashidhara B N
Director - Technology Solutions & Services at Connectivity IT Services Private Limited
Real User
Top 10
This best in class Next-Gen firewall is elegant in its ease-of-use and architecture

Pros and Cons

  • "Juniper is one of the most powerful network security solutions while remaining simple to use, set up, and scale."
  • "It could have features that other products support like blade options and stand-alone endpoint security."

What is our primary use case?

For different customers, we use the product in different ways. In some cases, it is going to be an on-premises solution. In some cases, it is going to be a cloud-integrated solution. That is one of the best things about Juniper. We can use a single box and have the same unified policy structure if it is off the cloud or it is on-premises.  

Our primary use case is basically to use it like you would any other firewall. I do not call this a firewall anymore because it has functionality beyond what we traditionally think of as a firewall. Those days are gone where a firewall does just one thing. Today most of the firewall products are station firewalls. You have various options in each firewall station. In terms of comparison, you can compare Juniper with Cisco, with Fortinet, with Palo Alto and other leading products. It depends on what exactly you are planning to have it do.  

What is most valuable?

The most valuable feature for me over-all is that Juniper is simplified and can still do everything that is necessary to be effective. 

On the SRX box, it has what I call a one model concept for security. I work especially with hybrid environments. With an SRX we have a single management dashboard. We can manage the internal framework easily with the centralized management component. You can work with the threat prevention, you can work with the integration, you can work with traffic management. Another good part about SRX is that you have opportunities for automation. Another thing that is very good is that all the operating systems for all Juniper boxes are the same. You do not work on different operating systems using different boxes. 

It does user validation automatically and has automated threat detection and defense. It does threat analytics, which is integrated. So as a single box, it does not just address security, it does not just handle switching, it does not just work as a firewall. It addresses everything.  

What needs improvement?

I have not given a lot of thought as to what needs to be improved because so much of technology and capabilities are expanding.  

Probably Juniper could come up with their own dedicated endpoint security. Today they have an integration with Sophos. If you really look at what SRX has as far as antivirus capability, it is really only the integration with Sophos. Sophos is good, I am not saying Sophos is a bad solution. But Juniper having their own antivirus solution may be a batter idea to make it a stand-alone product.  

If you look at Check Point. They have a lot of experience in the area of security which is integrated with their product. In comparison, Juniper could start developing its own strong capabilities with antivirus and have its own security which may even surpass relying on Sophos. Sophos could improve more but it is definitely a wonderful architecture.  

For how long have I used the solution?

I have around 22 years of experience with various similar products. My experience for the last 10 years has been on Juniper. I have worked on Cisco, on Foundry, and on Xstream. And you can make comparisons with products like Fortinet and Palo Alto next-generation firewalls.  

What do I think about the stability of the solution?

I would rate stability on a scale of one to ten. If ten is best, I would rate a nine-point-five. I would not rate anything a ten in this industry in any case because nothing is perfect and there is always room for improvement. It is very robust. Because the product is robust and very agile that carries over well into the potential for reliability.  

What do I think about the scalability of the solution?

When it comes to scalability, basically Juniper is modular. The SRX architecture is very important. Say I am a small-time customer with 50 people in my company and I deploy on the SRX 300 Series. If my business grows exponentially and I now have 500 people in the company. My traffic has boosted significantly — say about ten times what it was. I do not have to really worry. Within one hour, I can just switch and get a new SRX box in place. Let's say I go with the 500 Series or the 4000 Series. This is my new capacity.

The change over is so simple, because the architecture is common. Whether you talk about SRX 300 or you talk about the service provider architecture, it is the same thing except for the capability to expand and handle the volume. That is very important from a technical perspective, which normally you only need one tech person to deploy.  

For mid-sized companies or even large-sized companies, you have a lot of clients from SRX 300 to SRX 5000 Series and the product line covers all the options. This is from a very basic server-level SRX box to the Next-Generation Firewall and advanced threat mitigation.  

But one thing that scalability should really take into account is that Juniper is an enterprise product. If you are really only talking about using the Sophos UTM or only want to use the product like a firewall, then you should consider a UTM box. If you then want to add an SD-WAN as an additional part of the architecture, the UTM is not the right choice. You just take an SRX box and you have SD-WAN on that. You can have a firewall on that. You can have a UTM on that. You can integrate with the cloud. You can integrate with Linux infrastructure. You can have network security.  

Today when we talk about Check Point, we talk about Next-Generation Firewalls. That includes the Palo Alto Next-Generation Firewall and Cisco Next-Generation. But no one talks about what the definition of Next-Gen is. The only difference about Next-Generation is that it has a staple firewall, by definition.  

If you are a small company and you only have five in your office, obviously you want a secure network. To do this you will buy a simple firewall. When you think of the most simple firewall, people buy a router. Then people buy a switch. Then people buy a firewall. Three devices. I would say, do not buy anything. Just buy one SRX box, which does all the three.  

Now I can also expand the same SRX 300 with a branch location. Let's say, I'm a bank customer. I have branches. Simple, I can now have the simplest of SRX 300 at all my branches or SRX 500. I just connect to my main SRX, let's say a 1500 Series with an SD-WAN topology. The project is done. Simple. I secure my network. I handle my routing. I handle my security. And I have an option for just enabling the license to get the latest threat mitigation.  

For comparison, let's take a very big enterprise network. Maybe I was the head of Informatica at APAC. I am in a situation where I have 6000 R&D developers in the organization. We monitor our total performance. Latency on the firewall should be as low as possible. This is especially critical with the current environment where people work from home. Everyone who is working from home now because of COVID has all their data still in the office and people come onto the network to get connected from home to the office.  

Imagine the load on my firewall in that situation. All the people from inside my organization are sitting outside of the office now accessing the data in the internal network through the firewall. Imagine all the data tracking is coming from all over like an external traffic base. You need to have the proper solution to handle the change in traffic and scalability is the most important factor in this case for successfully running a demanding environment.  

How are customer service and technical support?

Juniper support is very good. But more than the technical support, their documentation is awesome. You can just Google a solution right now by stating your problem. You get into the juniper.net and there is wonderful documentation. As a technical person, I have never seen any technical documentation that is as good. I would say it is awesome. Any person who has an interest to learn, who has the interest to scale his capability with the product, just has to go to the Juniper site and they will get all the information on every one of their products. I think that it is written well enough for a non-technical person to become technical.  

They have different levels of training available. They make it very easy and available for anybody to explore the solution. There are knowledgeable people available in the technical community. It is a very good solution overall.  

How was the initial setup?

I consider the setup for the product to be very easy. A basic technical person can do it. But, a person would need to know the capability of a robust box like SRX to make full use of the capabilities and the right choice of the product.  

You install the box, configure the hostname, a password, and set your IP address. By default, Juniper handles the basic configurations automatically. The control frame architecture is very nice. The whole platform architecture is very good. When you work with that box, you just divide the box into two layers: the top layer and the bottom layer. The top layer is exclusively made for the SRX box. The bottom layer is nothing but throughput where the packets get in and get out. We call it a packet forwarding engine, PFE.  

Initiating the routing packets actually go in the mapping connection between the top and the bottom, which is managed as with Oracle in an internal zone. The box is already secured when an attack happens. Nothing is 100% in the world. So, there is the possibility of an attack but at least the control center protects your network.  

The entire installation is just a couple of hours. It depends on the Oracle sizing. Let's say that you want to work on the agility of SRX, something you really need to understand is where you are deploying this product. It is different if you are comparing an SRX box or the cloud. When you are using an SRX box will it be deployed for a small enterprise, a mid-size enterprise, and a data center. You can have SRX boxes for a large data center. That is a difference in the agility of Juniper SRX compared to Cisco. For example, when I work with the cloud, I have an SRX virtual firewall, which is a high-performance network security in the virtual cloud. It is especially good for rapid deployments. It hardly takes hours to deploy on the cloud.  

When you have a container with a firewall, it is known as cSRX. Which is again, a highly available container firewall. These are used especially for microservices. When you start with a small enterprise you start with either the SRX 300 series or a 500 series, which is a next-generation firewall. It is comparable to the Cisco ASA. Probably the next good product to compare is Check Point. But the SRX product is easier to manage and deploy when compared to Check Point or Cisco.  

For the mid-size enterprise organization, we have the SRX 1400 Series or you can consider the 4000 Series. It is just an appliance. You just plug it in, switch it on, configure the network IP address, and then start configuring the protocols. You enable the licenses there, malware prevention, and all the other features you want by just adding on to the licenses.  

So it is just a matter of choosing the right appliance and from there it is practically plug-and-play. The challenge is not the initial setup and deployment, it is what you make use of.  

Which other solutions did I evaluate?

The main competitors for Juniper are Palo Alto, Check Point, and Cisco. Juniper has a lot of features that are good for engineering. Things like Fortinet and Cyberoam can not really compete with these others when it comes to these important features. Specifically, when you talk about Juniper SRX you talk about cloud deployment. You talk about malware remediation. You talk about reporting analytics. You talk about quarantining or threat intelligence (Unified Threat Management or UTM). You talk about data throttle, control prevention, email, web analysis, and integrated management. It can even just work as a router or assisting layer. It works best especially in large networks — like when you talk about service providers — where you have huge traffic flow. It is built to have flexibility and ease-of-use.  

What other advice do I have?

My advice to anyone considering Juniper as a solution would be to first understand that the product needs to be chosen to fit the environment. You want to get the one right box that has the capacity you need. You have everything you need in the model by just updating your license. You do not have to look for a new box when your traffic remains under the upper limits of the capacity. If you are under the limitations of the capacity, the traffic goes straight out, unimpeded.  

On a scale from one to ten where one is the worst and ten is the best, I would rate Juniper SRX as a nine or even a nine-point-five overall. Additional features that could be added to make this solution a ten that other competitors have would technically make it the best product. For example, Check Point offers Blade Architecture. You just keep adding more and more blades. Because of this, Check Point — especially in the area of their security database — they are quite superior to Juniper. o there is room for improvement.  

When you really study on an enterprise level where Check Point stands out or where Juniper stands out, you have got to look into the way each product fits your needs. I mean Check Point is currently easy-to-use, and very good, global product. It also has quite a good rating from the industry over the past few years. Certainly, someone considering a purchase needs to consider options and trends.  

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
SegunIyanda
Software Developer/ IT Analyst at AIICO Capital Limited
Real User
Top 5
Good encryption detection, good administration capabilities, and one of the best on the market overall

Pros and Cons

  • "In terms of administration, it's perfect."
  • "The interface needs to be updated and simplified."

What is our primary use case?

We primarily use the solution for LAN connections.

What is most valuable?

The solution has similar attributes to other competitors. 

The encryption detection is good.

In terms of administration, it's perfect.

What needs improvement?

The encryption detection could be improved. In my opinion, I think Sophos has better encryption detection than this solution.

The security of the solution could be better.

The interface needs to be updated and simplified.

The management could be more in-depth or clear. 

For how long have I used the solution?

I've been using the solution for close to a year now. I've also been working with Fortigate's firewall solution for about two and a half years.

What do I think about the stability of the solution?

We haven't faced any issues with stability since I've been with the company. I haven't witnessed any bugs or glitches. Our organization is satisfied with the level of stability it has provided.

What do I think about the scalability of the solution?

About 50% of our network users are currently on the solution. For the two companies that we have on the solution currently, there's probably 100 users in each company that use the solution.

How are customer service and technical support?

I personally have never been in touch with technical support for Fortigate. I can't speak to any kind of experience. I have heard good reviews from other people, however.

Which solution did I use previously and why did I switch?

I've used Sophos in the past.

There are some technical issues with Sophos, at least on the older version, but with XG they kind-of did an upgrade. The interface of Sophos is great. It makes it easy to manage. In terms of functionality, both Fortigate and Sophos are very good and have almost the same functionality. It does depend on the license you apply for, however.

If you subscribe to Sandstorm in Sophos, you should expect that you get the functionality of Sandstorm. 

They are both quite equal on the market for the most part.

How was the initial setup?

In terms of the initial setup, a vendor did that for us. We just manage it. The solution was already in place before I started at the company. I don't have details in relation to its initial complexity or how long it took.

What about the implementation team?

Our vendor set up the solution for us.

What's my experience with pricing, setup cost, and licensing?

At this time, I'm unsure of what the costs related to the solution are. It's my understanding that support is part of the OEM fee and you do have to pay that yearly. However, it does depend on the arrangements with the OEM.

Which other solutions did I evaluate?

We did look at Barracuda, but we decided against them because it gets a bit too technical. Also, unlike Sophos, for example, you can't pick the license you want and instead have to buy a package that may include things you don't need. Barracuda's interface looks like something designed in the 90s as well, which was a turn-off.

What other advice do I have?

We used to be on the cloud, but we phased it out more than a year ago.

I'd recommend the solution. It's one of the best on the market. It's great for financial services institutions. Security is important because of the type of companies that are typically dealing with it.

I'd advise that users use it within a firewall, to create a double layer of protection or something similar.

I'd rate the solution eight out of ten, especially when comparing it to other solutions.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
KL
CEO at a tech services company with 11-50 employees
Real User
Top 20
Good SIEM and a dynamic VPN with good scalability

Pros and Cons

  • "Their GPS possibilities and the security that it has, especially the SD-WAN functionality, is very good."
  • "If you have another brand of VPN where you have to put an SSL VPN between two devices, Barracuda doesn't support that at a certain point. You can't actually build the VPN between Barracuda and a different device of a different brand."

What is our primary use case?

We primarily use the solution specifically for the security of our environments.

What is most valuable?

The is SIEM is very valuable for us. 

The dynamic VPN is great.

Their GPS possibilities and the security that it has, especially the SD-WAN functionality, is very good.

What needs improvement?

There is always room for improvement on the solution. 

Their client VPN is not always working that well, so on computers specifically that could be something to change.

It is pretty expensive, but I think all of the solutions are, so it's something that's expected.

There are some bugs that are in the program. Occasionally when there are updates, there's a bug or two that you might find that cause issues. There was a major issue for a while, and I don't know if it's fixed yet with a third-party VPN provider.

If you have another brand of VPN where you have to put an SSL VPN between two devices, Barracuda doesn't support that at a certain point. You can't actually build the VPN between Barracuda and a different device of a different brand.

For how long have I used the solution?

I've been dealing with the solution for five years.

What do I think about the stability of the solution?

The stability of the solution isn't ideal. There are bugs and issues with updates occasionally.

What do I think about the scalability of the solution?

The scalability of the solution is excellent. You can really scale and copy content and update and deploy centrally.

How are customer service and technical support?

We've contacted technical support a lot. They used to have really, really good technical support. Lately, however, it's a bit less impressive than before. I've heard this from my technicians. It used to be a lot better.

How was the initial setup?

The initial setup is straightforward, however, much like every firewall, there's a lot that can go wrong. You need some decent knowledge of the product. It is complex for somebody who is starting with it and has never used it before. However, it's fairly easy to manage via the control center. It's a pretty easy firewall to work with.

What's my experience with pricing, setup cost, and licensing?

The solution costs more than 800 Euros to purchase an F18, which is an entry model, and then another 500 Euros for instant replacement, and 500 Euros for energized updates. The total package would be around 1,900 Euros for a five-year license and all updates for an entry model.

What other advice do I have?

We are a Barracuda partner.

We have firewalls in all of our data centers and have a total of around 200 firewalls.

I would advise others that it's really a good product for SD-WAN, and for security. I would advise them to consider other products as well. Companies should certainly consider it for security features. For us, it's probably more of an SD-WAN product to really set up good connections between sites, but not a really in-depth security product per se. If a company needs more security, they should look at and compare different products that may really focus more on the security aspect. The solution has far fewer features than Sophos, for example, which is more security-driven.

I'd rate the solution eight out of ten because it offers SD-WAN functionality and an easy zero-touch deployment. If you have a lot of sites and you need to connect them to each other, it's a really good product.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
MS
Information Technology Network Administrator at a comms service provider with 501-1,000 employees
Real User
Top 20
Good application filtering, anti-spam, and IPS features

Pros and Cons

  • "The interface is user-friendly."
  • "We have had some issues with technical support, which is an area that needs improvement."

What is our primary use case?

We are using Cyberoam UTM as our centralized gateway and it is useful for web filtering, application filtering, anti-spam, and IPS.

What is most valuable?

The most valuable features are the IPS and anti-spam functionality. The application filter is also very good.

The interface is user-friendly.

What needs improvement?

Web filtering capability that allows the blocking of web sites needs to be implemented.

We have had some issues with technical support, which is an area that needs improvement.

Support for cloud security sandboxing would be a helpful addition to this product.

For how long have I used the solution?

I have worked with Sophos Cyberoam UTM for about 10 years.

What do I think about the stability of the solution?

Cyberoam is mostly stable but sometimes there are bugs. During such periods, we have resolved the issues by either rolling back firmware or updating.

Overall, it is a good experience in terms of stability and performance.

What do I think about the scalability of the solution?

We have not had the requirement to scale because it has been more than enough for us. We have about 300 users and have not had any issues in terms of performance.

How are customer service and technical support?

The speed of response from technical support is very good. However, the solution that they gave us was not working afterward. We implemented the solution and did not get the desired result.

Which solution did I use previously and why did I switch?

We did not use another similar product prior to Cyberoam.

How was the initial setup?

It is very easy to implement and configure.

What about the implementation team?

Our in-house team was responsible for the deployment.

What's my experience with pricing, setup cost, and licensing?

There are no costs in addition to the standard licensing fees.

Which other solutions did I evaluate?

This product is going to be at the end of life this year, so we are going to be looking at other devices and other vendors. The best product that we have tested so far is from Fortinet. My second choice would be Sophos UTM.

What other advice do I have?

My advice is that if Cyberoam continues in the future then it is a product I recommend. However, my understanding is that the product will no longer be available next year.

For people who want to migrate from Cyberoam, the best option that we have seen so far is from Fortinet.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Get our free report covering Fortinet, Netgate, Sophos, and other competitors of Sophos UTM. Updated: November 2021.
555,139 professionals have used our research since 2012.