We performed a comparison between Palo Alto Networks and Sophos XG based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Palo Alto Networks comes out on top in this comparison. It is robust, performs well, and has good support. Sophos XG does, however, do better in the Pricing and Ease of Deployment categories.
"The interface is very good."
"It's a firewall that secures our internal network. I have been using it since 2013, and I find that most of the features are advanced, and very user friendly."
"We use a lot of function on the IPS and it works well for us."
"The pricing is great and very reasonable."
"The performance is good."
"The security on offer is very good."
"The virtual firewall feature is the most valuable. We have around 1,500 firewalls. We did not buy individual hardware, and the virtual firewalls made sense because we don't have to keep on buying the hardware. FortiGate is easier to use as compared to Checkpoint devices. It is user friendly and has a good UI. You don't need much expertise to work on this firewall. You don't need to worry much about DCLA, commands, and things like that."
"The most valuable feature of Fortinet FortiGate is load balancing. It can provide central management and VPNA. Additionally, it has enhanced our security environment."
"Their Prisma log collection is pretty great. Our product collects the logs, and it definitely makes the configuration of log collection easier."
"The graphical interface is easy to troubleshoot because it has a drill-down sequence. It is easy to monitor traffic."
"The best features of this solution are URL filtering and traffic visibility."
"URL filtering and WildFire features are most valuable. It is very user-friendly. It is a very solid product, and it definitely works."
"The packet level inspection is the most valuable feature. The traffic restriction features allow us to restrict the sub-features of any platform."
"They have a good system operator in the firewalls and it provides many tools that they can use to protect their networks."
"It is pretty important to have embedded machine learning in the core of the firewall to provide inline, real-time attack prevention, because all these different attacks and threats are constantly evolving. So, you want to have something beyond just hard pass rules. You want it to learn as it is going along. Its machine learning seems pretty good. It seems like it is catching quite a few things."
"The Unified Threat Management (UTM) module, which consists of the basic firewall and IPS services, is what the majority of our customers use in Palo Alto Firewall."
"I recommend the solution due to its ease of use and pricing."
"If you want to install antivirus and firewalling on endpoints, then Sophos is the best option."
"A valuable feature involves the solution's manageability."
"The installation is easy. There is a wizard that can be used for a single connection making it simple and if you have multiple connections you can configure it manually."
"I've tried out Sophos XG a little. It has a good interface that's very user-friendly, but I haven't used all of its functions because I'm only configuring and running the system."
"In my experience, the solution was easy to use, has lots of features, and is easy to configure."
"It's a complete firewall solution that has everything."
"It gives me a very good, stable connection in all tunnels."
"There are some cloud-based features that could be much more flexible than they currently are."
"Lacks sufficient security options."
"The solution could be more secure and stable."
"The support system could be improved."
"You do need some IT knowledge in order to effectively work with the solution."
"Scalability for Fortinet FortiGate needs to be improved. SD-WAN security for this solution also needs some improvement."
"The feedback that I have received is that the performance could be better, and the user experience is not as good compared to a previous solution we used. It could be more user-friendly. Of course, it still works fine for our operations."
"The biggest "gotcha" is that if the client purchases what they call the UTM shared bundle, which has unified threat management on both, it's not as easy to manage if you have more than one firewall."
"The only downside of Palo Alto Networks NG Firewalls, in my opinion, is the relatively higher price compared to Cisco FortiGate. This is especially noticeable when deploying basic configurations and considering the cost of licenses."
"Lacks mobility between on-prem and cloud based."
"Palo Alto can do a little bit better when it comes to the User-ID part. I've been facing problems related to double authentication. You have a computer user, but you also have a VPN user, and when you do a single sign-on to another page, these logs can sometimes generate a problem notification. It doesn't happen a lot, but in some networks, it could be a problem. It would be very helpful to have the ability to restrict the connections that you can have in your VPN. For example, if you have the credentials, you can connect with the same user account from different computers or devices. If you have the domain information, you can connect from different devices. That's a problem that they need to address and resolve. They should ensure that at any moment, only one person is connected through a specific user account."
"I would like more reporting and metrics in the solution."
"I would like to see more in terms of reporting tools and the threat analysis capabilities."
"The cost of the device is very high."
"The only problem that I see with the Palo Alto NGFW being an all-in-one appliance is that because of the different features that are being put into a single appliance, the OS tends to be beefier. Over the eight years, we have seen that the number of features or analyses being put into the appliance itself has a tendency to slow down the appliance, especially at the time of bootup. So, any time we are doing maintenance work, the time required for the appliance to boot up and be fully functional again is significantly longer than eight years ago. They could find a way to make this all-in-one appliance faster."
"Palo Alto needs to improve their training. They do not invest in their partners. I have been a partner for seven years, and it is very expensive for me to certify my engineers."
"The installation could be faster and is longer than that of other solutions, lasting more than a month instead of five minutes."
"The support engineers of the product are not very tech-savvy, making it an area where improvements are required."
"One area where Sophos XG could improve is in its patch management system."
"There is an area that is very specific to our setup, where working tools you cannot easily establish a VPN between two internal networks."
"I can't use the product's application control feature, making it a disadvantage of the solution where improvements are required."
"The cloud support needs to be improved."
"The initial set up process can be a little tricky, especially when you are registering with Sophos using your registration number. Setup is not necessarily complex, but it's not trouble-free. You do have connectivity issues at the initial setup with registering the device on the Sophos platform to access the advanced features. It doesn't always go through the first time around. That may be an issue with the quality of our automation. I'm not sure exactly what it is."
"It would be helpful if the solution offered some tutorial videos to help new users learn the system quickly."
More Palo Alto Networks NG Firewalls Pricing and Cost Advice →
Palo Alto Networks NG Firewalls is ranked 6th in Firewalls with 162 reviews while Sophos XG is ranked 7th in Firewalls with 192 reviews. Palo Alto Networks NG Firewalls is rated 8.6, while Sophos XG is rated 8.2. The top reviewer of Palo Alto Networks NG Firewalls writes "We get reports back from WildFire on a minute-by-minute basis". On the other hand, the top reviewer of Sophos XG writes "Easy to use and deploy with an improved pricing structure in place". Palo Alto Networks NG Firewalls is most compared with Check Point NGFW, Azure Firewall, Meraki MX, Netgate pfSense and Cisco Secure Firewall, whereas Sophos XG is most compared with Netgate pfSense, OPNsense, Sophos XGS, SonicWall TZ and WatchGuard Firebox. See our Palo Alto Networks NG Firewalls vs. Sophos XG report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat signatures and updates. I also appreciate that I can just import addresses and URL objects from the external server. Palo Alto has a dedicated management interface, which makes it easy to manage the device and handle the initial configuration. It has fantastic throughput and its connection speed is pretty fair, even when dealing with a high traffic load. With Palo Alto I can configure and manage with REST API integration. And Palo Alto provides deep visibility into your network activity via Application and Command Control.
Although Palo Alto has great things going for it, there are a few things I dislike about it. For example, when the CPU is 100%, the GUI can take a very long time to respond. Booting time is also time-consuming, and committing the configuration takes more time than I would like it to.
Like Palo Alto, Sophos XG is quick and easy to configure. It is compact in size, and therefore does not weigh a lot either. Similar to Palo Alto as well, it can handle heavy traffic and has a solid performance. A good thing about Sophos XG is that it supports IPsec connection with multiple vendor firewalls. However, I am not impressed with the CLI which is not so useful, and I don’t like that there is no option to import bulk address objects.
Conclusion:
Palo Alto Networks NG Firewalls and Sophos XG are both good products. However, Palo Alto has certain features I really like and that’s why I chose it. For me, Palo Alto’s dynamic address group option is a big advantage because it is a huge time saver instead of having to create address groups manually. Another biggie for me was its DNS Sinkhole feature because it is something I rely on a lot and it is very effective in blocking C2 command control traffic.