OPNsense vs Sophos XG comparison

OPNsense and Sophos are both solutions in the Firewalls category. OPNsense is ranked #3 with an average rating of 8.3, while Sophos is ranked #4 with an average rating of 8.3. OPNsense holds a 14.5% mindshare in Firewalls, compared to Sophos’s 11.5% mindshare. Additionally, 97% of OPNsense users are willing to recommend the solution, compared to 92% of Sophos users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Jan 5, 2025

Sophos XG and OPNsense are both prominent competitors in the firewall and network security space. Sophos XG seems to have an advantage due to its advanced synchronized security features, centralized management, and flexibility in pricing and deployment options.

Features: Sophos XG stands out with features like Sophos RED for easy deployment, category-based URL filtering, and synchronized security through dual anti-malware engines. Its intuitive Control Center offers centralized management and detailed reporting capabilities. OPNsense provides robust firewall capabilities with URL-level filtering, strong content filtering, and excellent IDS/IPS compatibility. Its dynamic dashboard allows for customizable insights into network traffic and security events.

Room for Improvement: Users of Sophos XG have noted that its technical support and reporting capabilities need enhancement. The cost structure for additional features and VPN setup could be more user-friendly. Meanwhile, OPNsense users have highlighted the need for improved translations, user portal configurations, and enhanced monitoring capabilities. Both systems could benefit from performance, usability, and support agility improvements.

Ease of Deployment and Customer Service: Sophos XG offers various deployment options with robust hardware and cloud solutions, but users mention that initial setups can be cumbersome, and support is not as responsive as competitors. OPNsense, being open-source, requires more technical expertise but provides a straightforward setup process with a strong community support network, making it suitable for tech-savvy environments.

Pricing and ROI: Sophos XG offers competitive pricing with flexible licensing, though some users find additional feature costs high. The ROI is justified through security enhancements and operational efficiencies. OPNsense, as an open-source platform, comes without licensing fees, providing significant cost advantages for smaller organizations by reducing software expenses while maintaining strong functionality.

To learn more, read our detailed OPNsense vs. Sophos XG Report (Updated: January 2025).

Buyer's Guide

OPNsense vs. Sophos XG

January 2025

Download the complete report

Helped 831,158 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Fortinet FortiGate

Mindshare comparison

As of January 2025, in the Firewalls category, the mindshare of Fortinet FortiGate is 20.3%, up from 17.4% compared to the previous year. The mindshare of OPNsense is 14.5%, down from 18.1% compared to the previous year. The mindshare of Sophos XG is 11.5%, up from 9.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Firewalls

Featured Reviews

EhabAli

Sr. Cybersecurity Solutions Architect at BMB

Efficient, user-friendly, and affordable

In the past, NSS Labs was utilized to test files and verify the numbers and datasheets. It would be beneficial to have an organization or testing lab that can verify the numbers in our datasheets since changes are frequently made, which can be inconvenient for review. For instance, when comparing different competitors such as Forcepoint, Palo Alto, and Check Point, the throughput or numbers in the datasheet may be lower than the actual numbers. Conversely, Fortinet typically reports very high numbers, but they cannot be replicated in the real world. Therefore, it would be advantageous for them to partner with a neutral testing organization such as NSS Labs to validate these numbers, thus providing more credibility and comfort to everyone regarding the accuracy of the datasheets. For the migration, everyone has a firewall in use and I am selling Fortinet. Typically, I am replacing another firewall. Previously, there was a tool available to convert configurations from one firewall, such as Palo Alto, to Fortinet, but this tool is no longer free. If it could be made free again, it would be very beneficial. This tool shows a lot of promise and is very good. Making it free would help many companies deliver their products in a more efficient and integrated way. It would also be more valuable to include the tool with the firewall package or license instead of having to pay extra for it. Paying extra puts more pressure on small companies to deliver the firewall and complete the configuration, especially if they have hundreds or thousands of policies. It's very painful to move through these policies line by line. The stability has room for improvement. When it comes to Secure SD-WAN, everything is fine. They are going the right way. SD-WAN is very promising. They can provide the SD-WAN solution separately, but they will not take this approach because even the smallest firewall can support the features, so there is no need to have a separate service or appliance. They are following the right steps, and there is nothing to be improved. Feature-wise, I'm really satisfied with the new release, and the features they have added. For now, it's fine.

Read full review

Eddy Ramirez

IT Security Director at a financial services firm with 1,001-5,000 employees

Good interface and firewall capabilities and overall easy to use

The security has improved as we can isolate the network. We can do attrition prevention via a tool that comes with the solution. We can have a VPN solution in place for those that work from home, outside the network, in a secure manner. We also like that it offers good authentication. It offers radius-based authentication, which has been useful for the company. The main platform is under the Open VPN firewall. The solution has high availability. When we have different ISPs, we can actually load balance those links or actually put some priority or even classify the traffic that might go into one ISP or another.

Read full review

SherifFouad

ICT Manager at a mining and metals company with 1,001-5,000 employees

Gives us customizable policies, modifiable templates, and customized rules for single users

The major problem that I am facing, and I know that others are facing as well, is with the HTTPS classic, in general, or any classic that works on Secure Socket Layers. Let's say I set up a rule to block users from accessing YouTube or Facebook. The rule will only block the HTTP traffic, which is non-secure traffic. But most websites right now, most of the reputable web services providers, for extra security for their own web servers and for the user's security, provide a connection over Secure Socket Layer. The problem comes when you are trying to block, or allow, similar traffic that uses HTTPS. You have to create a certificate and import it into the users' web browsers, whatever they are using. Now, this is not a problem when you're dealing with users stationed and fixed in a specific site or location. They are using desktops, they will never take the desktops and go home with them, nor will they ever take the desktops and travel to another country, or another site with it. The problem occurs when you're dealing with roaming users who use laptops and have to move between different sites that have different types of policies applied to them. You have to import all sorts of certificates from each site into their browser. Doing so will most probably conflict with something else that is totally irrelevant and cause a problem. A way around this is if you are using authentication with Active Directory. But most of the time, especially if you're operating in a remote site with a very slow internet connection, if it's available in the first place, authentication with Active Directory is impossible. So it needs an easier way to apply HTTPS filters, without importing certificates into users' browsers and without the need for using an Active Directory. There must be a way around it. There are workarounds. But with applied workarounds, it will work out once, it won't work out properly 10 other times. That is my only request. Also, since Sophos took over Cyberoam, the online technical library and support library have become super messy. To get a piece of information is becoming a nightmare. They need to reorganize the online technical support and technical library. The easiest way to overcome this is to look at how the Cyberoam online technical library was structured and to build the Sophos technical library the same way. It is messy, totally unorganized, time-wasting. Instead of getting what you want in five minutes it takes half an hour.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Whenever I need something, Fortinet improves and updates the software for me."

"The network security and cloud security are most valuable."

"The next-gen features, the unified threat management capabilities are something that just about everybody is interested in at this point."

"Consolidated our network environment at all locations, but mainly at our datacenter."

"The web filtering feature and the intrusion protection system are the most valuable. It is a resilient appliance. I never had an issue with it in terms of any security breaches."

"The initial setup is straightforward."

"Fortigate represents a really scalable way of delivering perimeter network security, some level of layer 7 security, WAF, and also a way to create a meshed ADVPN solution."

"The interface is very user-friendly and I like it very much."

More Fortinet FortiGate pros

"We have been operating here in our lab for several months, and everything appears to be extremely stable."

"It has firewall and VPN capabilities, which are very valuable features."

"I find the solution to be user-friendly. It has a lot of reports and easy settings."

"The tool's integration is more like a button press."

"OPNsense is easy to use and open source."

"The most valuable features in OPNsense are reporting and visibility."

"It's open source."

"One of the most valuable features is the network checking. Additionally, the firewall and web filtering functionalities are highly useful."

More OPNsense pros

"We currently have multiple clients, and many users are working remotely. We need antivirus protection to guard against malware introduced from public networks. One of the most beneficial features of Sophos XG is its integration with Sophos Central. If any file is detected as malicious on any endpoint or firewall, Sophos Central immediately identifies the threat and publishes the information across all endpoints and firewalls. If a single system gets infected, the threat is communicated and addressed across the entire network, including all sites and remote users."

"Price-wise the solution offers acceptable rates. You can find cheaper solutions on the market but when you go cheaper you have fewer features. Today, based on iQuate market the price is very reasonable and affordable, and it's good if you get a good discount. Discounts can be offered by the vendor. If it's a competitive upgrade which means the customer is upgrading from another vendor, Sophos provides extra discount so they can win the deal. In general, it is a good price."

"Great interface and in-built help is very intuitive."

"The installation is easy. There is a wizard that can be used for a single connection making it simple and if you have multiple connections you can configure it manually."

"The interface is very user-friendly and it's easy to manage."

"The tool's most valuable feature is threat protection and DLP features. So far, basic DLP features like content protection and blocking. Furthermore, for remote users, features such as back filtering and application control are available, allowing for command and control from our side. It is very easy to understand policy applications."

"IPS works smoothly."

"The stability of Sophos XG is good, it has good performance."

More Sophos XG pros

Cons

"Fortinet should focus on enhancing the capabilities of FortiGate by consolidating its various products, such as FortiGate Cloud, FortiManager, and FortiAnalyzer."

"The security of Fortinet FortiGate could improve."

"The solution needs to improve its integration with cybersecurity."

"There are mainly two areas of improvement in Fortinet FortiGate— the licensing cost and the timing of upgrading licenses for boxes."

"Vulnerability scanning could be improved."

"It should come integrated or have its own type of network monitor tool in a module. There should just be one package, and you are good to go."

"The documentation available for Fortinet FortiGate should be improved"

"There's always something new that can be added or fixed."

More Fortinet FortiGate cons

"We did not like the fact that you have to configure everything with the graphic user interface. We have used other firewalls, such as FortiGate, that you can configure via code. OPNsense is not easy to integrate. When you are deploying via GitHub or another source repository, this is not possible. That's one thing we didn't like much."

"The scalability needs improvement."

"There are issues with stability and reliability."

"There are some add-ons that need enhancements to make management easier for users, especially the reporting features. Some reports don't show the level of detail I'm looking for, and I've had trouble installing certain add-ons, especially for Internet bandwidth shaping within my company."

"There should be more technical documentation."

"While they do have paid options that actually gives better features, for most of the clients, if they tend to take a paid option will instead opt for Fortinet."

"The only thing that I would like to see improved is the Insight or the NetFlow analysis part. It would be good to have the possibility to dig down on the Insight platform. Right now, we can easily do only a few analyses. If this page becomes more powerful, it surely will be a well-adopted platform."

"OPNsense showed me some problems when using it in different environments. The problem is integration with a virtual server."

More OPNsense cons

"I'd like the dashboard to be improved. It could be a bit more customizable."

"I'm just a sole proprietor for IT support, and from my perspective, there could be better ways to educate a proprietor, such as myself, on how to set it up, and program it, and manage it. They do tend to have support, but a lot of times, it is for larger networks. I need something that is simpler and more rudimentary as to how to go about setting up and configuring the firewall, setting up the rules, and that type of thing. So, if there is a missing component there, that would be it."

"While it is a secure solution, I believe it could be improved."

"Areas for improvement would be the access points and the on-premise version, which is very bad."

"In the next release, I would like to see improvements made to the policy and simplify the policy-making, as the complexity of it makes it really tough."

"I'd like to see better reporting. While the logs are great, the reports are not."

"Network security is in need of improvement."

"They should include fiber ports on smaller product models and the tools should be improved for scalability."

More Sophos XG cons

Pricing and Cost Advice

"The price of FortiGate is comparable to that of most other firewall solutions and is more affordable than Cisco."

"The licensing scheme of Fortinet is better than Cisco. It is more logical."

"No comment."

"The price of the license and warranty can be better because it is very expensive."

"The price of FortiGate support is too expensive."

"The pricing of the solution is very competitive."

"It scales well if you know what to buy from a physical box standpoint. They seem to offer something for every level."

"The main reason we chose Fortinet FortiGate was that the price was better than the competition."

More Fortinet FortiGate pricing and cost advice

"Its pricing is unbeatable in comparison to other firewalls. You can have a small instance that could be €80 a month with the hardware underneath. Azure Firewall and FortiGate are out of the question at this price. If you are on a public cloud, you need the underlying infrastructure. Other than that, there is no additional cost. If you have it on-prem, you have to buy the server or the appliance. The hardware cost is replaced with the infrastructure cost in the cloud. You also have costs for the public IPs and underlying VMs, but that's not related to OPNsense. It would be the same for a FortiGate deployment on Azure. You need a FortiGate license, and you need the underlying infrastructure that scales up depending on your needs."

"We are not paying any licensing fees. OPNsense is completely free for us."

"OPNsense is an open-source solution and it is free to use."

"The solution is not expensive."

"OPNsense is open source software so at this time it is free for us to use."

"It's not expensive."

"It is open source and free."

"It costs about $1000."

More OPNsense pricing and cost advice

"I paid approximately 57,000 Rupees ($750 USD) for three years."

"The price is fair."

"For our company, the price was reasonable."

"There is a license required to use this solution and my customers pay for it annually."

"Because we're in education, Sophos gives us a very competitive price for it."

"The price of the Sophos XG is very good. There are not any licensing costs, it is a one-time purchase price."

"Sophos XG is not expensive for a firewall, especially when you compare it with Check Point."

"The price of the solution is reasonable when comparing it to other solutions."

More Sophos XG pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Firewalls solutions are best for your needs.

See recommendations

831,158 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Educational Organization

22%

Computer Software Company

14%

Comms Service Provider

Manufacturing Company

Computer Software Company

16%

Comms Service Provider

11%

Government

Educational Organization

Computer Software Company

17%

Comms Service Provider

Manufacturing Company

Financial Services Firm

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?

When you compare these firewalls you can identify them with different features, advantages, practices and usage a...

See all answers

What is the biggest difference between Sophos XG and FortiGate?

From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...

See all answers

What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?

As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...

See all answers

What is the difference between PfSense and OPNsense?

Two of the most common and well recognized firewalls, PfSense and OPNsense both support site-to-site IPsec VPN and cl...

See all answers

What do you like most about OPNsense?

What I like the most about OPNsense is that it offers an easy-to-use dashboard for device management and control.

See all answers

What is your experience regarding pricing and costs for OPNsense?

I consider the pricing of OPNsense to be high when compared with other market products. However, as a free firewall p...

See all answers

Which is better - Palo Alto Networks NG Firewalls or Sophos XG?

Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat si...

See all answers

What are the main differences in features between Sophos XG and FortiGate 80F?

Hi Arvind P , The Sophos XG firewall has a number of models right from XG86 to XG135w under the 1U Desktop Form Fact...

See all answers

What Is The Biggest Difference Between Sophos UTM and Sophos XG?

The Sophos UTM is a UTM and Sophos XG is the NGFW. First, you must know about the difference between a UTM and NGFW. ...

See all answers

Comparisons

Netgate pfSense vs Fortinet FortiGate

Compared 13% of the time

Cisco Secure Firewall vs Fortinet FortiGate

Compared 11% of the time

WatchGuard Firebox vs Fortinet FortiGate

Compared 5% of the time

Meraki MX vs Fortinet FortiGate

Compared 5% of the time

Fortinet FortiOS vs Fortinet FortiGate

Compared 2% of the time

More Fortinet FortiGate Competitors

Netgate pfSense vs OPNsense

Compared 54% of the time

IPFire vs OPNsense

Compared 8% of the time

Untangle NG Firewall vs OPNsense

Compared 3% of the time

Sophos XGS vs OPNsense

Compared 3% of the time

Sophos UTM vs OPNsense

Compared 2% of the time

More OPNsense Competitors

Netgate pfSense vs Sophos XG

Compared 11% of the time

Sophos XGS vs Sophos XG

Compared 5% of the time

SonicWall TZ vs Sophos XG

Compared 4% of the time

Meraki MX vs Sophos XG

Compared 3% of the time

Palo Alto Networks NG Firewalls vs Sophos XG

Compared 3% of the time

More Sophos XG Competitors

Product Reports

Buyer's Guide

Fortinet FortiGate

January 2025

Download Fortinet FortiGate product report

Buyer's Guide

OPNsense

January 2025

Download OPNsense product report

Buyer's Guide

Sophos XG

December 2024

Download Sophos XG product report

Also Known As

FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate, Fortinet Firewall

No data available

Learn More

Fortinet

Video not available

OPNsense

Sophos

Overview

Fortinet FortiGate offers comprehensive network security and firewall protection across multiple locations. It effectively manages data traffic and secures environments with features like VPN, intrusion prevention, and UTM controls.

Organizations rely on Fortinet FortiGate for its robust integration with advanced security policies, ensuring significant protection for enterprises, cloud environments, and educational sectors. It facilitates network segmentation, application-level security, and authentication management, securing communication within and between locations such as branches and data centers. Its efficient SD-WAN and UTM features enable streamlined data management and enhanced threat protection capabilities. Users appreciate its centralized management, facilitating seamless operations across diverse environments.

What are the key features of Fortinet FortiGate?

VPN Capabilities: Ensure secure remote access for users and seamless site-to-site connections.
Intrusion Prevention System (IPS): Detect and prevent security threats and vulnerabilities.
Advanced Firewall: Offers robust firewalling with application control and web filtering.
SD-WAN: Optimizes application performance and enhances bandwidth management.
SSL VPN: Provides reliable and secure access for remote workers.

What benefits should users expect from Fortinet FortiGate?

High-performance Security: Delivers effective threat mitigation with high availability.
Centralized Management: Simplifies network operations with cloud-based management tools.
Detailed Analytics: Provides comprehensive insights into network activity and security threats.
Load Balancing: Ensures optimal resource distribution and traffic management.

Fortinet FortiGate is crucial in sectors like education, offering robust networks for secure data flow between campuses and facilitating remote learning. In enterprise environments, it allows efficient management of application traffic and security across multiple branches, while in the cloud, it seamlessly integrates with diverse platforms to enhance security infrastructure.

OPNsense is widely used for firewall functionalities, intrusion detection, VPN and IPSec, content filtering, securing network traffic, and remote access. It protects internal networks and manages servers securely, suitable for small to medium-sized businesses.

OPNsense is a comprehensive firewall solution leveraging open-source technology. It integrates with third-party modules like WireGuard and CrowdSec, enhancing its security capabilities. Offering on-premises and cloud deployment, it features an intuitive graphical interface, advanced reporting, VPN functionality, IDS/IPS features, and high scalability. Users find it ideal for small businesses and home networks due to its stability and ease of use. Frequent updates and an active community support its continuous improvement. However, it needs advancements in VPN selection, scalability, and technical documentation. Enhanced high availability, threat intelligence, and integration with virtualization platforms are required. User feedback suggests improvements in connectivity, alerting, traffic monitoring, and antivirus protection.

What are the key features of OPNsense?

Strong Firewall: Robust firewall capabilities for securing network traffic.
Intrusion Detection and Prevention: Effective IDS/IPS for threat mitigation.
VPN Functionality: Comprehensive VPN support including WireGuard.
Content Filtering: DNS-level filtering for enhanced security.
Advanced Reporting: In-depth traffic analysis and reporting features.
High Scalability: Supports growing network demands.
Integration Capabilities: Works with third-party modules like CrowdSec.
Intuitive GUI: User-friendly graphical interface enhances usability.

What benefits should users look for in OPNsense reviews?

Security: High level of protection for internal networks.
Manageability: Easy management of servers and network traffic.
Cost-Effective: Open-source nature reduces costs.
Reliability: Stable performance suitable for small and medium-sized businesses.
Community Support: Active community and frequent updates.

OPNsense is implemented across various industries to secure network infrastructure and ensure reliable connectivity. In fintech, it safeguards sensitive financial data while maintaining compliance. Educational institutions deploy it to protect student information and enable secure remote learning environments. Healthcare organizations use it to secure patient data and comply with HIPAA regulations. By integrating with tools like WireGuard and CrowdSec, businesses enhance their cybersecurity posture and streamline network management, making OPNsense a versatile choice for diverse operational needs.

Sophos XG is a versatile network security solution that offers network protection, firewall management, VPN access, web filtering, and intrusion prevention, providing comprehensive security for businesses from small offices to large enterprises.

Sophos XG stands out for its Synchronized Security, easy setup, and robust templates. It manages VPN access, protects against threats, and handles load balancing and traffic monitoring. The cloud-based management, centralized dashboard, and detailed logging make it user-friendly and reliable. Integration of features like email protection, SD-WAN, and unified threat management ensures a broad spectrum of security needs are covered. However, it could benefit from improvements in network security, user portals, technical support, and more scalable SD-WAN features.

What are the key features of Sophos XG?

Synchronized Security: Orchestrates threat intelligence sharing between endpoints and firewall.
Unlimited SSL VPN Clients: Provides extensive VPN client support for secure remote access.
Cloud-Based Management: Facilitates remote administration with a cloud-hosted platform.
Intrusion Prevention: Detects and blocks potential threats in real-time.
Centralized Dashboard: Offers a comprehensive view of network security status.

What benefits and ROI should users look for in reviews?

Scalability: Easily adapts to growing business needs.
User-Friendliness: Simplified setup and intuitive management.
Effective Threat Protection: Provides robust security against a wide range of threats.
Comprehensive Reporting: Delivers detailed insights and analytics.
Cost-Effectiveness: Competitive in pricing with flexible deployment options.

Sophos XG is implemented across industries such as healthcare, education, and finance to secure sensitive data and ensure regulatory compliance. It aids in endpoint protection, application control, load balancing, and traffic monitoring essential for these industries. Enhancing network security, simplifying VPN setup, and integrating adaptive security features remain focal points for businesses.

Sample Customers

Amazon Web Services, Microsoft, IBM, Cisco, Dell, HP, Oracle, Verizon, AT&T, T-Mobile, Sprint, Vodafone, Orange, BT Group, Telstra, Deutsche Telekom, Comcast, Time Warner Cable, CenturyLink, NTT Communications, Tata Communications, SoftBank, China Mobile, Singtel, Telus, Rogers Communications, Bell Canada, Telkom Indonesia, Telkom South Africa, Telmex, Telia Company, Telkom Kenya

1. Deciso B.V. 2. iXsystems, Inc. 3. EuroBSDCon 4. Netgate 5. Claranet 6. Voleatech 7. Open Systems AG 8. Securebit AG 9. Proxmox Server Solutions GmbH 10. AVM Computersysteme Vertriebs GmbH Additional customers include: T-Systems International GmbH, Deutsche Telekom AG, Vodafone GmbH, 1&1 IONOS SE, OVHcloud, Hetzner Online GmbH, Strato AG, PlusServer GmbH, Host Europe GmbH, United Internet AG, 1&1 Versatel Deutschland GmbH, QSC AG, Bechtle AG, Cancom SE, Computacenter AG & Co. oHG, T-Systems Multimedia Solutions GmbH, Atos SE, Capgemini SE, Accenture plc, IBM Corporation, Hewlett Packard Enterprise Company, Cisco Systems, Inc.

Information Not Available

Buyer's Guide

OPNsense vs. Sophos XG

January 2025

Free Report: OPNsense vs. Sophos XG

Find out what your peers are saying about OPNsense vs. Sophos XG and other solutions. Updated: January 2025.

DOWNLOAD NOW

831,158 professionals have used our research since 2012.

See our OPNsense vs. Sophos XG report.

See our list of best Firewalls vendors.

We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.