View RSS Feed


[Review] Sophos Web Appliance

Rate this Entry
, 1st July 2011 at 12:23 PM (13309 Views)
We are moving away from our LEA supplied broadband solution so the next step is to replace our ageing cachepilot. Having used the cachepilot for over 5 years now I can safely say its holding us back on creating a fast reliable internet service.

Name:  stock_proxy.png
Views: 2496
Size:  26.2 KB

We looked at a number of different options for school wide filtering proxy including:

Equiinet Cache pilot
I've used the latest firmware version and I find it incredibly slow to scan and respond to webpages. It uses some smoothwall technology to scan live pages which is good but the hardware didn't seem to be able to keep up. The user interface is dire, it looks like it was designed by a linux geek. Just as an example it takes over 7 clicks to block a single page.

I tested the smoothwall box after recommendations from this forum but I have to say I was disappointed. The hardware was old using a very power draining CPU, and the box was huge and unattractive. The initial price was high (although they were prepared to knock a few grand off when asked). the demo boxes were also shipped from Germany which was disappointing. I found the user interface unnecessarily complicated to do simple tasks but I did find it powerful.

Sophos web appliance WS1100
First impressions of the box were excellent. Its small, beautifully designed and reasonably quiet to run. The interface is second to none, they have a rule that everything should be done within 3 clicks, all the common functions can be done in 2 clicks which makes it even faster to use. The wizard setup interface is one of the best I have ever seen and setting up active directory took one line of input to point it to our domain controller. I love the main dashboard page which shows the total bandwidth being consumed live. There are also traffic pattern graphs for the day to show the peaks and troughs. Basically the main dashboard gives a wealth of information on the schools internet connection.


I never tested Bloxx but the high quoted price put me off before I had a chance. Would be interested to know if anyone else uses them?

So there you have it, I don't think I've been so pleased with a piece of hardware in a long time. It worked out of the box, was easy to setup, the price was as good as any other quote I got and it even looks really good in my server cabinet I swapped over the proxy today for staff and I can already see the logs filling up with websites visited. I have also had 2 comments from staff about the internet being fast today. Best of all we now have active directory based group policies so our teachers can use iplayer during lessons but the students can't during school time. We have also setup time limits so the boarders can have a more relaxed policy from 8-10pm each night.

Very very pleased with this an good to know its a UK company as well. This is how all filtering software should be!

Updated 4th July 2011 at 05:40 PM by zag



  1. john's Avatar
    Interesting your comments on Smoothwall, the 1U rack mount appliance isn't that huge, infact its the same size as a Sophos WS1100 which is also a 1U rack appliance.

    I don't find my UTM using much electricity at all either, attractiveness is a personal thing but it certainly isn't ugly with its Blue LCD display and simple design its clean and effective in my view.

    What is wrong with the German shipment, replacement kit arrives on-time and on-schedule and it works what more do you need?

    I am sure that @tom_newton would be very pleased to hear from your and take your feedback on the product, what you don't like about it and the UTM appliance as I am a big fan of the UTM and the product they produce and its been a great asset to us and our entire LA now they are moving onto it, and its a UK designed and supported product, and I know that using it is keeping a good number of people in the UK in jobs
  2. tom_newton's Avatar
    Too right I would be interested in feedback. We are constantly improving based on it - it just takes a while sometimes Not a massive fan of "2 clicks" type rules, I'd rather have 4 obvious clicks than 2 arcane ones (see: Vi vs Emacs!). We've a way to go... but getting there. Wonder if you saw G2 or G3 interface. The fact you point to our wrong website, and a short review sounds like you spent minimum time on the box. Price wise - we try to be competitive, thats all we can hope for.
    We ship from Germany or California depending on where you are - these are both out of house fulfilment partners (as probably most companies do for appliances). Germany is a good base for shipments as we can cover most of europe, north africa, some of asia very quickly. They're also a really good bunch and do a great job on RMA etc. for us.
    Also... I don't think our hardware is old... the UTM1000 is based on a fairly new core2quad - we'll probably move to a sandybridge platform next year, but to keep costs sane, you have to stick to a platform for a while. If you're owndering why not xeon - heat & power. We find the c2q performs very well for its power draw. And please tell me how to get that CPU, 6 NICs and 2 Western Dig RE4s into a smaller chassis?
    Updated 3rd July 2011 at 02:40 PM by tom_newton
  3. zag's Avatar
    To be honest it was a close run thing between smoothwall and Sophos. I liked smoothwalls power and support but the Sophos box was easy to use and did the job just as well. I am a great believer in power through simplicity.

    Both companies were willing to match on price so that wasn't a huge issue.

    The Sophos kit is 1u yes but its very light and half depth and looks great (yes I'm that vain).

    I was using the G2 interface on smoothwall but there didn't seem to be a clear schedule of when G3 would be available when I was looking(some time ago).

    The shipping country wasn't a huge problem but I thought I would mention it as the Sophos box came from the UK.

    The hardware thing is understandable but when buying a brand new server that could last 5 years then I want the latest core i5000 whatever

    Neither companies offered a Virtualized Hyper-V solution which was very frustrating. I understand there are good technical reasons for this though.

    Also annoying there is no SSD option
  4. john's Avatar
    How small is this Sophos box? My Smoothwall UTM isn't that big, its probably 50cm deep if that so this Sophos box sounds like its a mini-itx box or something like that?!
  5. tom_newton's Avatar
    Thanks zag. Most appliance vendors likely base their offering on a linux kernel somewhere way down beneath the shiny tin. This makes hyper-v support quite hard. We're certainly "better than we were" on hyper-v, but I would still generally caution against its use outside of a test environment for Smoothie.

    As for SSD... our support manager is keen - but they still have price and reliability issues which we would not dare pass on to our customers for the benefits offered!

    PS. We have since changed the look of the front panel of our UTM... so hopefully it would pass your high standards now
  6. zag's Avatar
    A week after use and this hardware just gets better and better.

    It automatically emails me when someone requests a website unblocked from the denied page. Then it can aggregate the results and I can unblock the most requested with 1 click.
    It is blazingly fast, had loads of comments on how "good the internet" is now
    The reporting features are outstanding.
    It can even email me when someone types in a search word that is banned
    The summary page is excellent showing how much bandwidth is being used now or over a time period.
  7. RTFM's Avatar
    Sophos are the last people i would have gone with considering their anti virus solution
  8. zag's Avatar
    Yes I heard bad things about their anti virus being bloated and hard to uninstall/upgrade

    But this box is superb, I'm still surprised everyday at how good it is.

    Today I setup a ra sites open. It literally took abonew policy for our boarding boys after 4pm with some extut 5 clicks to do. Very impressed.
  9. zag's Avatar
    2 years on and there is some less than good feedback about their support.

    Be warned


Total Trackbacks 0
Trackback URL: