OPNsense vs Sophos XG comparison

OPNsense and Sophos are both solutions in the Firewalls category. OPNsense is ranked #3 with an average rating of 8.3, while Sophos is ranked #4 with an average rating of 8.3. OPNsense holds a 12.3% mindshare in Firewalls, compared to Sophos’s 11.5% mindshare. Additionally, 97% of OPNsense users are willing to recommend the solution, compared to 92% of Sophos users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Apr 6, 2025

Sophos XG and OPNsense are both significant players in the network security category. Sophos XG appears to have the advantage due to its extensive features and centralized management capabilities.

Features: Sophos XG offers features like web and application filtering, wireless integration, and email protection, complemented by comprehensive reporting and centralized cloud management for flexibility and ease of use. OPNsense is equipped with robust reporting and visibility tools and excels in basic firewall functionalities.

Room for Improvement: Sophos XG could improve its VPN functionality, email security, and support services. Additional integration with DNS filtering and enhanced application control are also desired. OPNsense faces challenges with compatibility in certain environments and VPN issues and could benefit from better documentation and support for new features.

Ease of Deployment and Customer Service: Sophos XG provides versatile deployment options across hybrid, on-premises, and public cloud environments, although customer service experiences vary with reports of delays in support. In contrast, OPNsense, being open-source, thrives on community support and is mainly deployed on-premises. Professional support may vary in effectiveness.

Pricing and ROI: Sophos XG is a competitively priced market leader with flexible licensing options, perceived as offering good value for money due to reduced labor and management costs, resulting in a positive ROI. OPNsense, as an open-source solution, is cost-effective with additional expenses required only for hardware. There is potential for increased investment in equipment and training to maximize its benefits.

To learn more, read our detailed OPNsense vs. Sophos XG Report (Updated: April 2025).

Buyer's Guide

OPNsense vs. Sophos XG

April 2025

Download the complete report

Helped 847,772 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Fortinet FortiGate

Mindshare comparison

As of April 2025, in the Firewalls category, the mindshare of Fortinet FortiGate is 21.1%, up from 17.7% compared to the previous year. The mindshare of OPNsense is 12.3%, down from 17.6% compared to the previous year. The mindshare of Sophos XG is 11.5%, up from 9.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Firewalls

Featured Reviews

EhabAli

Sr. Cybersecurity Solutions Architect at BMB

Efficient, user-friendly, and affordable

In the past, NSS Labs was utilized to test files and verify the numbers and datasheets. It would be beneficial to have an organization or testing lab that can verify the numbers in our datasheets since changes are frequently made, which can be inconvenient for review. For instance, when comparing different competitors such as Forcepoint, Palo Alto, and Check Point, the throughput or numbers in the datasheet may be lower than the actual numbers. Conversely, Fortinet typically reports very high numbers, but they cannot be replicated in the real world. Therefore, it would be advantageous for them to partner with a neutral testing organization such as NSS Labs to validate these numbers, thus providing more credibility and comfort to everyone regarding the accuracy of the datasheets. For the migration, everyone has a firewall in use and I am selling Fortinet. Typically, I am replacing another firewall. Previously, there was a tool available to convert configurations from one firewall, such as Palo Alto, to Fortinet, but this tool is no longer free. If it could be made free again, it would be very beneficial. This tool shows a lot of promise and is very good. Making it free would help many companies deliver their products in a more efficient and integrated way. It would also be more valuable to include the tool with the firewall package or license instead of having to pay extra for it. Paying extra puts more pressure on small companies to deliver the firewall and complete the configuration, especially if they have hundreds or thousands of policies. It's very painful to move through these policies line by line. The stability has room for improvement. When it comes to Secure SD-WAN, everything is fine. They are going the right way. SD-WAN is very promising. They can provide the SD-WAN solution separately, but they will not take this approach because even the smallest firewall can support the features, so there is no need to have a separate service or appliance. They are following the right steps, and there is nothing to be improved. Feature-wise, I'm really satisfied with the new release, and the features they have added. For now, it's fine.

Read full review

Eddy Ramirez

IT Security Director at a financial services firm with 1,001-5,000 employees

Good interface and firewall capabilities and overall easy to use

The security has improved as we can isolate the network. We can do attrition prevention via a tool that comes with the solution. We can have a VPN solution in place for those that work from home, outside the network, in a secure manner. We also like that it offers good authentication. It offers radius-based authentication, which has been useful for the company. The main platform is under the Open VPN firewall. The solution has high availability. When we have different ISPs, we can actually load balance those links or actually put some priority or even classify the traffic that might go into one ISP or another.

Read full review

SherifFouad

ICT Manager at a mining and metals company with 1,001-5,000 employees

Gives us customizable policies, modifiable templates, and customized rules for single users

The major problem that I am facing, and I know that others are facing as well, is with the HTTPS classic, in general, or any classic that works on Secure Socket Layers. Let's say I set up a rule to block users from accessing YouTube or Facebook. The rule will only block the HTTP traffic, which is non-secure traffic. But most websites right now, most of the reputable web services providers, for extra security for their own web servers and for the user's security, provide a connection over Secure Socket Layer. The problem comes when you are trying to block, or allow, similar traffic that uses HTTPS. You have to create a certificate and import it into the users' web browsers, whatever they are using. Now, this is not a problem when you're dealing with users stationed and fixed in a specific site or location. They are using desktops, they will never take the desktops and go home with them, nor will they ever take the desktops and travel to another country, or another site with it. The problem occurs when you're dealing with roaming users who use laptops and have to move between different sites that have different types of policies applied to them. You have to import all sorts of certificates from each site into their browser. Doing so will most probably conflict with something else that is totally irrelevant and cause a problem. A way around this is if you are using authentication with Active Directory. But most of the time, especially if you're operating in a remote site with a very slow internet connection, if it's available in the first place, authentication with Active Directory is impossible. So it needs an easier way to apply HTTPS filters, without importing certificates into users' browsers and without the need for using an Active Directory. There must be a way around it. There are workarounds. But with applied workarounds, it will work out once, it won't work out properly 10 other times. That is my only request. Also, since Sophos took over Cyberoam, the online technical library and support library have become super messy. To get a piece of information is becoming a nightmare. They need to reorganize the online technical support and technical library. The easiest way to overcome this is to look at how the Cyberoam online technical library was structured and to build the Sophos technical library the same way. It is messy, totally unorganized, time-wasting. Instead of getting what you want in five minutes it takes half an hour.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"We use the FortiGate Sandbox to detect zero-day vulnerabilities, such as anomalies or malware, that are unknown and have not yet been discovered."

"Fortinet FortiGate's most valuable features are ease of use, flexibility, and most of the configuration we can be done using the GUI. When we compare Fortinet FortiGate with other solutions the firewall policy are very easy to understand."

"I like Fortinet's cloud management. It allows me to manage all my devices in different branches for three cloud accounts. Even though I use on-prem devices, I can manage everything on the cloud."

"The CLI and GUI do a good job of putting a lot at your fingertips."

"The scalability of Fortinet FortiGate is good."

"The virtual firewall feature is the most valuable. We have around 1,500 firewalls. We did not buy individual hardware, and the virtual firewalls made sense because we don't have to keep on buying the hardware. FortiGate is easier to use as compared to Checkpoint devices. It is user friendly and has a good UI. You don't need much expertise to work on this firewall. You don't need to worry much about DCLA, commands, and things like that."

"I'm pretty happy with its reliability. It is also very scalable."

"Our project needs to link two sides through the internet. One of these was in Cairo and the other in another city. We used FortiGate as the integrating solution between the two locations, i.e. the Fortinet 30E & 100E."

More Fortinet FortiGate pros

"The feature I find most valuable, is that the program helped me to realize all the requested functionality that was needed."

"The solution is good for a basic firewall for a small business or for home use."

"It's more secure and more reliable."

"The IDS and IPS features are valuable. From the usability perspective, there is a lot of good documentation. As IT professionals, we found it very easy to configure the firewall. It was easy to configure and use."

"It has firewall and VPN capabilities, which are very valuable features."

"I mostly rely on the solution's network intrusion detection and prevention system, along with other systems, CMs, and log management."

"OPNsense is easy to scale when running on the hardware."

"The DNS-level filtering is impressive for thwarting time scanners."

More OPNsense pros

"In my experience, the solution was easy to use, has lots of features, and is easy to configure."

"I like the firewall, inbound, and outbound modules the most. The VPN feature also works well. It is very easy to configure rules in Sophos XG. We have got local service here in Zimbabwe from Sophos, which is something that I like a lot. We have got good local support, and they come on-site when we have any challenges. Sophos provides a lot of good training all around Zimbabwe. They are quite dominant here, similar to other solutions like Fortinet or WatchGuard."

"I particularly like the visibility it provides into network traffic, allowing us to identify and address issues efficiently."

"All of the features are amazing, especially Sandstorm, which prevents bad traffic or downloaded files from reaching our customers' and partners' networks."

"They really work scalability into the solution at the outset."

"The VPN is easy and has good logging, monitoring and notifications."

"The initial setup was straightforward."

"I like the tunneling part which we are using for the VOIP. We have various other sites where we connect via tunneling. The tunneling part is very fast and easy to implement."

More Sophos XG pros

Cons

"There were quite a few problems with the stability of the system."

"FortiGate should have a better way of detecting and managing the system memory because otherwise if the memory is too low, a system restart is required."

"Performance and technical support are the main issues with this solution."

"The improvement is related to logs. Instead of the CLI, we should be able to have more insights into the logs of the firewall in the GUI."

"NGN, reporting and controls."

"The solution lacks multi-language support."

"Its price could be better."

"A couple of things I've seen that need improvement, especially in terms of a hard coding. The driver-level active moment really is out-of-the-box and we have to have contact the customer support and sometimes it is difficult to resolve."

More Fortinet FortiGate cons

"OPNsense struggles to handle large volumes of voice traffic, indicating scalability issues in that specific use case."

"There should be more technical documentation."

"OPNsense showed me some problems when using it in different environments. The problem is integration with a virtual server."

"The IPS solution could be more reliable."

"There are a few weaknesses. For example, there is a lack of some features that I have in certain commercial products."

"In terms of improvement, the performance could be enhanced."

"The interface isn't so friendly user. But we have some technicians here who are quite confident with this tool. OPNSense could maybe add sets of rules so it's simpler to manage different groups with particular needs."

"The user interface could be improved, and the DNS section should be more intuitive."

More OPNsense cons

"The solution is tied to the US dollar. You need to pay whatever the equivalent is in your own currency, and, if the exchange is bad, it can really add to the cost."

"Lacking network access control, user profiling and analytics dashboards."

"On reports, they sometimes give a summary, but it lists different users as unknown. There are times that I really want to know which user or which IP is causing a problem."

"The VPN has been a persistent problem for us. It's not straightforward to configure."

"Recently, I've had a problem with updating things."

"The VPN is in need of improvement."

"I used to work with Fortinet, and sometimes I see that the SD-WAN feature could be better because it's much easier in Fortinet."

"The solution could offer a bit more integration with other systems, with other platforms - just to be able to extend the capability and to interface with other kinds of platforms or systems that I can find on the market as it gives the possibility to improve the level of integration."

More Sophos XG cons

Pricing and Cost Advice

"It has a competitive price."

"I think that the pricing is fair."

"Licensing for Fortinet FortiGate is on a yearly basis. Pricing for it is a bit high. It could be cheaper."

"Its price is normal. If I compare it with other vendors, such as Palo Alto, it's normal. Palo Alto is expensive."

"Before choosing a piece of equipment you have to take into account the cost-benefit offered by each one. Sometimes it is not worth paying a very cheap price to have a minimum level of security."

"I would say that all things considered, the pricing is pretty good."

"The pricing is fair."

"The value is the capability of having multiple services with one unique license, not having the limitation per user licensing schema, like other vendors."

More Fortinet FortiGate pricing and cost advice

"It is not an expensive product. Basically, I deployed it because it was the fastest solution to satisfy our needs in open source."

"There are no licensing costs for OPNsence."

"As an appliance, it's in the medium price range."

"OPNsense is an open-source solution and it is free to use."

"OPNsense is a well known open-source tool."

"It is a free solution, and when you compare it to alternatives like FortiGate, which is quite powerful but also costly, the value becomes evident."

"We are using the paid version."

"The price of OPNsense is good."

More OPNsense pricing and cost advice

"Sophos XG is not an expensive solution. If you are willing to pay more, then there is the Check Point firewall which is the best out of all the vendors."

"The pricing is flexible. Sophos looks at a country's economy and offers flexible pricing. This is how they have managed to penetrate the market."

"This is a budget-friendly product with reasonable pricing."

"The product is expensive."

"Sophos XG is not expensive for a firewall, especially when you compare it with Check Point."

"I use Sophos Firewall Home Edition, which is available for free."

"We have our license for three years."

"The subscription costs approximately $300 yearly."

More Sophos XG pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Firewalls solutions are best for your needs.

See recommendations

847,772 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Educational Organization

22%

Computer Software Company

14%

Comms Service Provider

Manufacturing Company

Computer Software Company

16%

Comms Service Provider

13%

Government

Educational Organization

Computer Software Company

16%

Comms Service Provider

Manufacturing Company

Financial Services Firm

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?

When you compare these firewalls you can identify them with different features, advantages, practices and usage a...

See all answers

What is the biggest difference between Sophos XG and FortiGate?

From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...

See all answers

What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?

As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...

See all answers

What is the difference between PfSense and OPNsense?

Two of the most common and well recognized firewalls, PfSense and OPNsense both support site-to-site IPsec VPN and cl...

See all answers

What do you like most about OPNsense?

What I like the most about OPNsense is that it offers an easy-to-use dashboard for device management and control.

See all answers

What is your experience regarding pricing and costs for OPNsense?

I consider the pricing of OPNsense to be high when compared with other market products. However, as a free firewall p...

See all answers

Which is better - Palo Alto Networks NG Firewalls or Sophos XG?

Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat si...

See all answers

What are the main differences in features between Sophos XG and FortiGate 80F?

Hi Arvind P , The Sophos XG firewall has a number of models right from XG86 to XG135w under the 1U Desktop Form Fact...

See all answers

What do you like most about Sophos XG?

IPS works smoothly.

See all answers

Comparisons

Netgate pfSense vs Fortinet FortiGate

Compared 13% of the time

Cisco Secure Firewall vs Fortinet FortiGate

Compared 10% of the time

WatchGuard Firebox vs Fortinet FortiGate

Compared 5% of the time

SonicWall TZ vs Fortinet FortiGate

Compared 5% of the time

Check Point NGFW vs Fortinet FortiGate

Compared 3% of the time

More Fortinet FortiGate Competitors

Netgate pfSense vs OPNsense

Compared 40% of the time

IPFire vs OPNsense

Compared 12% of the time

Untangle NG Firewall vs OPNsense

Compared 4% of the time

Sophos XGS vs OPNsense

Compared 4% of the time

Sophos UTM vs OPNsense

Compared 3% of the time

More OPNsense Competitors

Netgate pfSense vs Sophos XG

Compared 10% of the time

Sophos XGS vs Sophos XG

Compared 5% of the time

SonicWall TZ vs Sophos XG

Compared 5% of the time

Palo Alto Networks NG Firewalls vs Sophos XG

Compared 3% of the time

Meraki MX vs Sophos XG

Compared 3% of the time

More Sophos XG Competitors

Product Reports

Buyer's Guide

Fortinet FortiGate

April 2025

Download Fortinet FortiGate product report

Buyer's Guide

OPNsense

March 2025

Download OPNsense product report

Buyer's Guide

Sophos XG

March 2025

Download Sophos XG product report

Also Known As

FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate, Fortinet Firewall

No data available

Overview

Fortinet FortiGate offers comprehensive network security and firewall protection across multiple locations. It effectively manages data traffic and secures environments with features like VPN, intrusion prevention, and UTM controls.

Organizations rely on Fortinet FortiGate for its robust integration with advanced security policies, ensuring significant protection for enterprises, cloud environments, and educational sectors. It facilitates network segmentation, application-level security, and authentication management, securing communication within and between locations such as branches and data centers. Its efficient SD-WAN and UTM features enable streamlined data management and enhanced threat protection capabilities. Users appreciate its centralized management, facilitating seamless operations across diverse environments.

What are the key features of Fortinet FortiGate?

VPN Capabilities: Ensure secure remote access for users and seamless site-to-site connections.
Intrusion Prevention System (IPS): Detect and prevent security threats and vulnerabilities.
Advanced Firewall: Offers robust firewalling with application control and web filtering.
SD-WAN: Optimizes application performance and enhances bandwidth management.
SSL VPN: Provides reliable and secure access for remote workers.

What benefits should users expect from Fortinet FortiGate?

High-performance Security: Delivers effective threat mitigation with high availability.
Centralized Management: Simplifies network operations with cloud-based management tools.
Detailed Analytics: Provides comprehensive insights into network activity and security threats.
Load Balancing: Ensures optimal resource distribution and traffic management.

Fortinet FortiGate is crucial in sectors like education, offering robust networks for secure data flow between campuses and facilitating remote learning. In enterprise environments, it allows efficient management of application traffic and security across multiple branches, while in the cloud, it seamlessly integrates with diverse platforms to enhance security infrastructure.

Fortinet

OPNsense is widely used for firewall functionalities, intrusion detection, VPN and IPSec, content filtering, securing network traffic, and remote access. It protects internal networks and manages servers securely, suitable for small to medium-sized businesses.

OPNsense is a comprehensive firewall solution leveraging open-source technology. It integrates with third-party modules like WireGuard and CrowdSec, enhancing its security capabilities. Offering on-premises and cloud deployment, it features an intuitive graphical interface, advanced reporting, VPN functionality, IDS/IPS features, and high scalability. Users find it ideal for small businesses and home networks due to its stability and ease of use. Frequent updates and an active community support its continuous improvement. However, it needs advancements in VPN selection, scalability, and technical documentation. Enhanced high availability, threat intelligence, and integration with virtualization platforms are required. User feedback suggests improvements in connectivity, alerting, traffic monitoring, and antivirus protection.

What are the key features of OPNsense?

Strong Firewall: Robust firewall capabilities for securing network traffic.
Intrusion Detection and Prevention: Effective IDS/IPS for threat mitigation.
VPN Functionality: Comprehensive VPN support including WireGuard.
Content Filtering: DNS-level filtering for enhanced security.
Advanced Reporting: In-depth traffic analysis and reporting features.
High Scalability: Supports growing network demands.
Integration Capabilities: Works with third-party modules like CrowdSec.
Intuitive GUI: User-friendly graphical interface enhances usability.

What benefits should users look for in OPNsense reviews?

Security: High level of protection for internal networks.
Manageability: Easy management of servers and network traffic.
Cost-Effective: Open-source nature reduces costs.
Reliability: Stable performance suitable for small and medium-sized businesses.
Community Support: Active community and frequent updates.

OPNsense is implemented across various industries to secure network infrastructure and ensure reliable connectivity. In fintech, it safeguards sensitive financial data while maintaining compliance. Educational institutions deploy it to protect student information and enable secure remote learning environments. Healthcare organizations use it to secure patient data and comply with HIPAA regulations. By integrating with tools like WireGuard and CrowdSec, businesses enhance their cybersecurity posture and streamline network management, making OPNsense a versatile choice for diverse operational needs.

OPNsense

Sophos XG is a versatile network security solution that offers network protection, firewall management, VPN access, web filtering, and intrusion prevention, providing comprehensive security for businesses from small offices to large enterprises.

Sophos XG stands out for its Synchronized Security, easy setup, and robust templates. It manages VPN access, protects against threats, and handles load balancing and traffic monitoring. The cloud-based management, centralized dashboard, and detailed logging make it user-friendly and reliable. Integration of features like email protection, SD-WAN, and unified threat management ensures a broad spectrum of security needs are covered. However, it could benefit from improvements in network security, user portals, technical support, and more scalable SD-WAN features.

What are the key features of Sophos XG?

Synchronized Security: Orchestrates threat intelligence sharing between endpoints and firewall.
Unlimited SSL VPN Clients: Provides extensive VPN client support for secure remote access.
Cloud-Based Management: Facilitates remote administration with a cloud-hosted platform.
Intrusion Prevention: Detects and blocks potential threats in real-time.
Centralized Dashboard: Offers a comprehensive view of network security status.

What benefits and ROI should users look for in reviews?

Scalability: Easily adapts to growing business needs.
User-Friendliness: Simplified setup and intuitive management.
Effective Threat Protection: Provides robust security against a wide range of threats.
Comprehensive Reporting: Delivers detailed insights and analytics.
Cost-Effectiveness: Competitive in pricing with flexible deployment options.

Sophos XG is implemented across industries such as healthcare, education, and finance to secure sensitive data and ensure regulatory compliance. It aids in endpoint protection, application control, load balancing, and traffic monitoring essential for these industries. Enhancing network security, simplifying VPN setup, and integrating adaptive security features remain focal points for businesses.

Sophos

Sample Customers

Amazon Web Services, Microsoft, IBM, Cisco, Dell, HP, Oracle, Verizon, AT&T, T-Mobile, Sprint, Vodafone, Orange, BT Group, Telstra, Deutsche Telekom, Comcast, Time Warner Cable, CenturyLink, NTT Communications, Tata Communications, SoftBank, China Mobile, Singtel, Telus, Rogers Communications, Bell Canada, Telkom Indonesia, Telkom South Africa, Telmex, Telia Company, Telkom Kenya

1. Deciso B.V. 2. iXsystems, Inc. 3. EuroBSDCon 4. Netgate 5. Claranet 6. Voleatech 7. Open Systems AG 8. Securebit AG 9. Proxmox Server Solutions GmbH 10. AVM Computersysteme Vertriebs GmbH Additional customers include: T-Systems International GmbH, Deutsche Telekom AG, Vodafone GmbH, 1&1 IONOS SE, OVHcloud, Hetzner Online GmbH, Strato AG, PlusServer GmbH, Host Europe GmbH, United Internet AG, 1&1 Versatel Deutschland GmbH, QSC AG, Bechtle AG, Cancom SE, Computacenter AG & Co. oHG, T-Systems Multimedia Solutions GmbH, Atos SE, Capgemini SE, Accenture plc, IBM Corporation, Hewlett Packard Enterprise Company, Cisco Systems, Inc.

Information Not Available

Buyer's Guide

OPNsense vs. Sophos XG

April 2025

Free Report: OPNsense vs. Sophos XG

Find out what your peers are saying about OPNsense vs. Sophos XG and other solutions. Updated: April 2025.

DOWNLOAD NOW

847,772 professionals have used our research since 2012.

See our OPNsense vs. Sophos XG report.

See our list of best Firewalls vendors.

We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.