Our experiences with Sophos Web Filter
We purchased the Sophos Web Filter about 8 months ago. We moved to Sophos because we previously had M86 and it was a nightmare. It was so bad we pulled the product out after only 6 months and demanded our money back from M86. From what I've heard they were purchased by another company a while back so I don't know if their product has gotten any better. I highly doubt it considering how bad it was before.
We also used to have Websense (a very old version) and we would have liked to keep it but we couldn't afford it.
I recently came across this raving review on edugeek about the Sophos filter :
[Review] : Sophos Web Appliance
and I feel that people should know the issues we have faced with this product
- Logging is not real time. There is a delay of several minutes before you are able to see traffic in the web gui for troubleshooting. This is also true for Sophos support on the backend when they SSH into the appliance. You sit on the phone with them for several minutes every time you want to test a workstations traffic.
- There is no way to bypass traffic being scanned by this appliance. You can allow any/all categories, but there are several that Sophos does not allow you to "allow" thus you are never actually allowing ALL traffic through the filter.
- There is no way to turn off scanning on files that are downloaded. For files that are larger than about 10MB sophos displays this awful "download" page then makes you sit there while it "scans" the file. Then once its finished you have to download the file AGAIN from the appliance. You are effectively clicking download for the file twice every single time.
- The filter cannot unblock self signed certificates. Sophos' default behavior is to block self signed certs and there is no way to change this. We have had to completely disable HTTPS scanning on the filter.
- Loading configuration pages takes 10+ seconds for every page. Nothing is snappy in this GUI.
- Running reports takes between 30-45 seconds every single time you run a report. Doesn't matter if it's big or small. We have had to reduce our reporting down to only keeping the most recent 3 months because the filter fills up it's hard drive. *Sophos' tech supports solution to this is to just keep increasing the hard drive space for the appliance.
- The block pages cannot be customized to remove the Sophos logo and branding. You can use a custom HTML page but if you do you lose the ability to use variables like username, ip of the machine, category being blocked, etc. If you use the sophos block page the XML cannot be modified to remove the sophos logo and copyright branding. Sophos does not consider security through obscurity a sound best practice.
- Customer support is terrible. We had the filter stop passing traffic 3 days ago which caused our entire district internet to be unavailable. After 3 calls sitting on hold a combined 52 minutes we were finally able to get through to a technician. The technician blamed the fact the appliances hard drive had filled up with reports on it no longer passing traffic. Sophos apparently has no way to prune old logs if the HD becomes full so as to not completely break the appliance.
- When calling support (7 times in the past 2 months) for various issues with the filter I have not once every had them say the problem was actually with the filter. They will blame everything else other than their product. They have blamed our network, our firewall, our internet connection, our Hard Drive space, etc. Everything except their product.
- Because of the inability to ignore self signed certs we had an issue last month with the filter that it stopped allowing Microsoft Windows Activations because of some hiccup with the web filter not liking the way a Microsoft certificate on their activation servers was signed. This caused severe delays in our imaging project for a deployment of 500 laptops. It took Sophos 3 weeks to figure out a solution. Their solution? Add every single MS activation domain to the ignore list. *Screenshot attached
I should point out that Sophos has ZERO plans to address any of the issues above. I have brought every single one of them to their attention and I have been blown off. Just hope anyone who sees this will understand that this product is not all that its cracked up to be.
Screenshot of our ignore list after Sophos took 3 weeks to try and figure out why we couldn't activate windows.