UTM & Next-Gen Firewall

The Ultimate Security Package

Essential next-gen firewall protection for your network, web, email, applications, and users.

UTM & Next-Gen Firewall
Features
Compare Models Add-ons How to Buy FREE Trial

We Keep it Simple

Sophos UTM's simple, intuitive user interface (UI) is designed for YOU. It lets you quickly protect your network and users. And it makes day-to-day management tasks easy.

Select a feature on the Dashboard to learn more about it

Simple management

Sophos UTM is easy to use, thanks to the configurable real-time dashboard, flexible modular licensing, and intuitive reusable network object definitions.

Network protection

Easily configure firewall rules that cover multiple destinations, sources and services. Plus country blocking and intrusion prevention (IPS).

Web protection

Check out the web protection deployment options, policy settings, filter action wizard, policy test tool, and convenient built-in web reports.

App control

Easily control web applications proactively or in real-time using the popular flow-monitor where you can block, shape, or throttle web application traffic on the fly.

Advanced Threat Protection

ATP features include multi-layered protection, selective sandboxing, and the ability to identify infected hosts on your network.

Connecting remote offices

Easily deploy and configure our unique RED devices to securely connect remote offices to your primary network security appliance.

Try Online Demo Browse Videos

Lightning Speed

We've engineered Sophos UTM to deliver outstanding performance. We built our UTM using Intel multi-core technology, solid-state drives, and accelerated in-memory content scanning. Potent, powerful ... fast

Sophos
(SG 210)
Fortinet
(FortiGate 100D)
Dell
SonicWALL
(NSA 2600)
WatchGuard
(XTM525)

All-in-One Protection

We offer the latest next-gen firewall protection you need plus features you can't get anywhere else - including mobile, web, endpoint email encryption and DLP. No extra hardware. No extra cost. Simply choose what you want to deploy.
- Select one to learn more-
  • Network Protection

    All the protection you need to stop sophisticated attacks and advanced threats while providing secure network access to those you trust.

    Features

    • Network Firewall
    • Intrusion Prevention System
    • Advanced Threat Protection
    • Secure VPN Access
    • Site-to-Site VPN
    • Self Service User Portal
  • Network Protection

    Network Firewall

    No one makes firewall rules easier to define and manage than Sophos. Easily define reusable objects that can be updated across the system and all the rules that use them. Shape or manage bandwidth by application or service group with QoS and even block traffic from unwanted countries or regions.

  • Network Protection

    Intrusion Prevention System

    Fully performance optimized IPS and flood prevention (DoS) provides essential protection from external attacks. Streamline by selecting just the IPS rules you need to protect your infrastructure, customize the signature aging, and even create custom rules.

  • Network Protection

    Advanced Threat Protection

    Combines multiple technologies like IPS, Web, App control and selective sandbox analysis to provide a layered defense against APTs, command and control traffic and targeted attacks. It’s as simple as flipping a switch and can quickly identify infected hosts on your network before they become a problem.

  • Network Protection

    Secure VPN Access

    Select from a comprehensive range of VPN technologies for secure access including IPSec, SSL, PPTP, L2TP, Cisco VPN (iOS), OpenVPN (iOS and Android) or our unique clientless HTML5 VPN via the user self-help portal which supports RDP, HTTP, HTTPS, SSH, Telnet, and VNC.

  • Network Protection

    Site-to-Site VPN

    With our optional plug-and-protect RED device add-ons, setting up site-to-site VPN connections couldn’t be easier. It’s truly affordable and amazingly simple. We also support standard SSL and IPsec VPN options as well as an Amazon VPC connector.

  • Network Protection

    Self-Service User Portal

    Our secure self-service user portal helps users help themselves, reducing the workload on your help desk. It provides personalized services like quarantine management, email sender whitelist controls, VPN client access, and allows designated admins to manage hotspot vouchers as well. And it supports our simple two-factor authentication to prevent unauthorized access.

  • Wireless Protection

    Set up, manage and secure wireless networks in just minutes with the UTM’s built-in wireless controller that works with our full range of wireless access points.

    Features

    • Plug & Play Deployment
    • Multiple WiFi Zones
    • Reliable High-Speed Wireless
    • Mobile NAC
    • Guest WiFi Hotspots
    • Secure Encryption
  • Wireless Protection

    Plug & Play Deployment

    You can set up multiple Sophos Wireless Access Points (APs) within minutes. They require no local configuration and will simply find the UTM, retrieve their IP address via DHCP, import the necessary configuration, and automatically appear in the UTM where you can activate them. Automatic periodic channel scanning ensures your access points are always operating at peak performance.

  • Wireless Protection

    Multiple WiFi Zones

    Sophos Access Points are ideal for creating multiple separate wireless zones. Configure a wireless network to provide employees access to internal network resources. On the same access point, you can offer wireless guests Internet access. Do it all without compromising the integrity of the internal network.

  • Wireless Protection

    Reliable High-Speed Wireless

    Our range of access points support nearly any deployment model you need with support for the latest 802.11ac Wi-Fi standard. Mix and match multiple access points to ensure full coverage and take advantage of bridge and repeater functionality in our dual-band dual-radio AP 50 to extend coverage to hard-to-wire areas of your facility.

  • Wireless Protection

    Mobile NAC

    Sophos UTM and Sophos Mobile Control (SMC) work better together to enable easy device configuration and Network Access Control (NAC) for non-compliant devices. The UTM automatically pushes select Wi-Fi and VPN settings to SMC while SMC provides device compliance status to the UTM which can use that information to deny network access to non-compliant devices.

  • Wireless Protection

    Guest WiFi Hotspots

    Full-featured guest hotspots for visitors or BYOD devices enable you to control access to company resources with bandwidth limits and inappropriate content filtering. Support for mobile device registration with SMS vouchers and a full range of customization options allow you to control the user experience and promote your company brand.

  • Wireless Protection

    Secure Encryption

    Sophos UTM supports the latest strong encryption and authentication standards such as WPA-2 Enterprise and IEEE 802.1X (RADIUS authentication). Use your existing backend authentication, such as Active Directory, to allow quick and easy access for your users.

  • Web Protection

    Comprehensive protection from the latest web threats and powerful policy tools ensures your users are secure and productive online.

    Features

    • Web Malware Protection
    • URL Filtering Policies
    • SafeSearch, YouTube, and Google Apps
    • HTTPS Scanning
    • Layer-7 Application Control
    • Web in Endpoint
  • Web Protection

    Web Malware Protection

    You get advanced web threat protection with our high-performance malware engine that inspects all web traffic and downloads in real-time. Our dual-engine scan option employs unique techniques such as JavaScript emulation to catch the latest threats. SophosLabs provides Live updates to our threat intelligence continuously through the cloud.

  • Web Protection

    URL Filtering Policies

    Select from over 35 million sites in 96 categories to create safe web policies to minimize legal concerns around inappropriate content and maximize productivity. Set policies to block, warn or allow sites for individuals or groups, by quota time or time of day with limitless customization options all made intuitively simple.

  • Web Protection

    SafeSearch, YouTube, and Google Apps

    We’ve got some features purpose-built for education environments like Safe Search for Google, Yahoo, and Bing, along with YouTube for schools support and anonymizing proxy blocking. We also offer the option to enforce allowed domains for Google Apps as part of any web policy.

  • Web Protection

    HTTPS Scanning

    Get the ultimate in flexibility when it comes to scanning encrypted web traffic with options to scan all HTTPS traffic for maximum security, selectively scan HTTPS traffic for a great balance between security and privacy, or choose to only enforce policy (without decryption). And what’s more, HTTPS scanning works the same in explicit proxy mode or transparent mode.

  • Web Protection

    Layer-7 Application Control

    Control application traffic on your network to effectively manage resource utilization and productivity. Our deep layer-7 inspection can identify over 1300 applications like Facebook, Youtube, IM clients, and much more. You can easily block, allow, or shape network traffic proactively, in real-time using our dynamic flow monitor, or based on reporting trends.

  • Web Protection

    Web in Endpoint

    If you’re using Sophos endpoint to protect your desktops and laptops, you can extend your UTM web protection and policy enforcement to your endpoints so they are fully protected online when they leave the network. Policy updates are pushed to your endpoints automatically and activity data is sent back to the UTM periodically.

  • Endpoint Protection

    Extend protection to your Windows desktops and laptops with anti-virus, device, and web control all managed from your UTM.

    How it Works

    Features

    • Single console management
    • Easy Deployment
    • Anti-Virus and Malware Protection
    • Device Control
    • Web in Endpoint
  • Endpoint Protection

    Single console management

    With Sophos you can deploy and manage enterprise-class desktop anti-virus right from within your UTM. You get instant visibility of the security status for all Windows computers from the same console where you manage your network protection. You also have access to detailed logs of all events like denied access, and policy tampering.

  • Endpoint Protection

    Easy Deployment

    Preconfigured installation packages detect and remove your existing antivirus and deploy our self-updating agent. Endpoints automatically register in the UTM. You can also deploy protection via USB stick, email, Active Directory GPO and standard software deployment tools.

  • Endpoint Protection

    Anti-Virus and Malware Protection

    Get the latest protection from modern malware like cryptolockers, Trojans, rootkits, and potentially unwanted applications (PUAs). We stop new threats immediately using a built-in host intrusion prevention systems (HIPS) and Live Anti-Virus real-time lookups to SophosLabs’ reputation database.

  • Endpoint Protection

    Device Control

    Enables you to control use of removable storage devices, optical media drives and wireless networking protocols like Wi-Fi, Bluetooth and infrared. Granular controls with device types regularly updated from SophosLabs allows you to limit USB storage to specific users or groups or only allow certain types of encrypted devices.

  • Endpoint Protection

    Web in Endpoint

    URL policy enforcement, malicious site detection and web malware protection are built right into the Sophos Endpoint so users are fully protected online when they leave the network. Policy updates are pushed to your endpoints automatically and activity data is sent back to the UTM periodically so you can mange their web security and productivity no matter where they happen to be.

  • Email Protection

    Full SMTP and POP message protection from spam, phishing and data loss with our unique all-in-one protection that combines policy-based email encryption with DLP and anti-spam.

    Features

    • SPX Email Encryption
    • Standards-based Encryption
    • Data Loss Prevention
    • Live Anti-Spam
    • Self-Serve Quarantine
    • Outlook Add-in
  • Email Protection

    SPX Email Encryption

    Our patent-pending SPX Encryption is unique to Sophos and makes it easy to send encrypted emails to anyone – even those without any kind of trust infrastructure. The password based solution doesn’t require any added software or certificates and the recipient can read and file their SPX messages in their preferred email client application just like their regular mail.

  • Email Protection

    Standards-based Encryption

    In addition to our unique and easy push-based SPX Encryption, we also support standards-based encryption solutions as well including TLS, OpenPGP, and S/MIME certificate based encryption.

  • Email Protection

    Data Loss Prevention

    We make DLP easy but effective by providing hundreds of pre-defined sensitive data types you can easily add to your policy checklist of data you wish to protect. The UTM automatically enforces your DLP policy and encrypts, blocks and/or notifies you in the event any message leaves the organization with this type of data.

  • Email Protection

    Live Anti-Spam

    Provides protection from the latest identify theft, banking scams, phishing and other scams by intercepting all email, blocking known bad senders, spam, malware and viruses but also taking advantage of SophosLabs Live cloud-lookups to query suspicious looking message content to determine if it’s part of a new or emerging unwanted email campaign.

  • Email Protection

    Self-Serve Quarantine

    You can give employees direct control over their spam quarantine, saving you time and effort. Employees can manage their own spam whitelist, review, release and delete spam, and find out what happened to messages that were deleted because of a virus or blacklisted. The user portal supports 15 different local languages.

  • Email Protection

    Outlook Add-in

    Allow users to flag their own messages for SPX Encryption right from within Outlook as they compose them or send spam samples from their inbox directly to SophosLabs with our simple Outlook Add-in.

  • Web Server Protection

    Harden your web servers and Microsoft Enterprise Applications against hacking attempts while providing secure access to external users with reverse proxy authentication.

    Features

    • Web Application Firewall
    • Server Hardening
    • Reverse Proxy Authentication
    • Anti-virus Scanning
    • SSL Offloading
  • Web Server Protection

    Web Application Firewall

    Protects your web servers from tampering and hacking attempts and provides load balancing across a multi-node farm. It secures your web applications against more than 350 attack patterns including SQL injection, cross-site scripting and much more. Also block clients with bad reputation outright.

  • Web Server Protection

    Server Hardening

    Close the door on vulnerabilities in your websites without involving developers. Static URL hardening prevents hackers from manually constructing “deep-links” that lead to unauthorized access. Form hardening ensures malicious scripts and code cannot be entered to exploit your database, and cookie protection makes sure cookies are signed to prevent tampering.

  • Web Server Protection

    Reverse Proxy Authentication

    Our reverse proxy-authentication offloading provides persistent basic or form-based authentication. It adds an extra layer of security to services like Outlook Web Access for Exchange by allowing users to authenticate against our exploit-free reverse proxy. It’s the perfect solution for replacing Microsoft’s discontinued Forefront TMG.

  • Web Server Protection

    Anti-virus Scanning

    Setup scanning of all inbound and outbound files to your servers with our dual antivirus agents to keep infected content off your network and ensure you’re not distributing malicious or infected content.

  • Web Server Protection

    SSL Offloading

    Relieve your web or application servers from the processing burden of encrypting and decrypting traffic sent via SSL with the UTM’s ability to offload SSL. Setup is easy – it’s as simple as uploading your SSL certificate to the UTM WAF.

License our protection modules individually or choose one of our pre-packaged licenses.
Competitive Comparisons View the license options

Logging & Reporting

Our built-in reporting means you'll know exactly what's happening with your users. Fix problems fast and shape your policies, keeping your users secure while boosting network performance. And, you get detailed reports as standard, stored locally with no separate tools required.

  • At-a-glance flow graphs show usage trends and web activity
  • Our daily summary executive report keeps you informed
  • Report anonymization can hide user names where needed
  • Built-in Syslog support and automated log backup options
Watch a Video

Need More Reporting?

Although you can have all your logging and reporting built in to your box, sometimes you may need a little more. For that, you can add Sophos iView.

On-box reports included as standard

Sophos
UTM

1000+

Fortinet
FG 20-90

Few

Dell SonicWALL
TZ Series

Few

WatchGuard
XTM Series

Few

Flexible Deployment

Sophos UTM is unmatched in its deployment flexibility: choose from hardware, software, virtual or cloud with simple options for high-availability, clustering, branch office connectivity, wireless, and centralizaed management and reporting. And unlike our competitors, we don't make you compromise on features or performance when you choose - every feature is available on every model and form-factor.

SG Series

Our SG Series hardware appliances are purpose-built devices with the latest technology to provide the ultimate in performance.

Software & Virtual

Install the UTM image on your own server hardware or your preferred virtual environment including VMware, Citrix, Microsoft Hyper-V and KVM.

Cloud

Sophos UTM is an industry leader and a preferred solution for securing Amazon Web Services network infrastructure.

Industry leader

As a Gartner Magic Quadrant Leader for UTM, Mobile Data Protection and Endpoint, we're at the forefront of the security industry.
Gartner
QUADRANT LEADER
Get the report >
SC MAGAZINE

See details >
SophosLabs
Our global network of threat experts, work around the clock, every single day, detecting, analyzing and blocking new threats.
Vist SophosLabs >

What are you waiting for?

For any additional questions visit our How to Buy page or give one of our Sales Agents a call.