Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Sophos SG Series UTM: Product overview

Expert Ed Tittel looks at the Sophos SG Series of unified threat management appliances, which bundle various kinds of network infrastructure protection into a single device.

While many people associate Sophos with antivirus software, the company also offers a bevy of UTM and next-gen firewall appliances, wireless access points and Web and email gateways.

The Sophos SG Series unified threat management (UTM) products are so good, in fact, that Gartner categorizes Sophos as a leader in the UTM market, at much the same level as WatchGuard, and trailing only behind UTM heavy-hitters Fortinet, Check Point and Dell.

Product specs and performance

The Sophos SG Series offers over 10 UTM models, covering small, midsize and large environments.

  • At the entry-level range are four models -- the SG 105W, SG 115W, SG 125 and SG 135 -- which are ideal for small offices, retail locations and the like. Only the "W" models include 802.11b/g/n 2.4 GHz wireless ports.
  • Midrange models include the SG 210, SG 230, SG 310, SG 330, SG 430 and SG 450, aimed at branch offices and similar environments.
  • At the high end of the series line are two models: the SG 550 and SG 650. These scalable appliances are suitable for midsize and distributed environments.

The following table lists the number and type of interfaces, firewall and VPN throughput rates, and number of users for each Sophos SG Series model.


Product features

Every Sophos SG Series UTM appliance has a high-speed hard disk or SSD to speed up access to reports and logs, and to store quarantined spam data. In larger environments, customers can create a dynamic cluster of appliances -- maximum of 10 -- without the need for load balancers.

In addition, every appliance supports the same security modules:

  • Network protection -- firewall, intrusion protection, other;
  • Email protection -- antispam, data loss protection;
  • Web protection -- filtering;
  • Web server protection -- Web app firewall, reverse proxy, antivirus;
  • Wireless protection -- wireless controller; and
  • An optional endpoint protection module that covers Windows desktops and laptops.

Sophos provides its Sophos UTM Manager for managing appliances for free -- no licensing or subscription is required.

Each unit has built-in reporting functionality, which displays usage trends, daily summaries and log reports. Customers who need more detailed reports to meet compliance requirements can purchase Sophos iView, a separate appliance.

Pricing and licensing

The SG 105 appliance lists for $440.00; at the high end, the SG 650 lists for $18,995.

Customers must license each protection module they want to use. Modules are licensed individually or in a package, either FullGuard or TotalProtect. FullGuard and TotalProtect licenses cover all protection modules -- with the exception of endpoint protection, which is optional. TotalProtect also includes a Sophos support plan and the SG series appliance.

Individual license costs for protection modules vary by appliance. For example, a one-year Email Protection license for the SG 105 is $62, but jumps to $7,600 for the SG 650. A Network Protection license costs $42 for the SG 105 and $5,262 for the SG 650.

Prepackaged licenses offer a better deal. For example, a one-year FullGuard license for the SG 105 costs just under $200; the TotalProtect license is $638 -- SG appliance, all protection modules and 24/7 support.

A one-year FullGuard license for the SG 650 is about $23,600, and the TotalProtect license is $42,608.


Sophos offers a free online knowledge base, documentation and community forums, as well as webinars and classroom training for a fee.

Sophos Standard support, which is included with Email, Network, Web, Wireless and Web Application Security licenses, includes phone support during normal business hours and 24-hour bring-in hardware replacement -- customer must ship the defective unit to Sophos at their own expense.

Premium support can be purchased separately, is part of the TotalGuard package and includes 24/7 support, software updates and 24-hour upfront hardware replacement --customer ships defective unit to Sophos; Sophos pays shipping costs.

Next Steps

Part one of this series examines the basics of unified threat management

Part two of this series looks at the enterprise benefits of UTM products

Part three of this series outlines the purchasing criteria for UTM products

Part four of this series compares the best UTM products on the market

This was last published in January 2016

Dig Deeper on IPv6 security and network protocols security