Sophos XG Reviews

We use and implement Sophos XG for our customers for border security, just to make sure that nobody gets in and that everybody who tries to get out will have some kind of filter or protection.

I can say that it has not exactly improved how our the organization functions, but on the security side it makes everything much more secure, especially for the users. They can't surf the web without some kind of protection for safety and control, and we are alerted if somebody is trying to access some strange websites or trying to access something the company does not allow.

The features that I have found most valuable are first the Web Filter and the Web Application Firewall SD-Wan on Version 18. Additionally, RED Tunnels allows a Sophos vital to speak to another Sophos vital in headquarters.

The main problem with Sophos XG today is that it doesn't have a feature where you actually know the quality of an international link, which would allow us to we know if the link is operational or not. We need more information. It's losing packets on the network. It's high latency. So, we need more information to know if the link is really bad or really good, and today, we only know if it's working and this just isn't enough.

I have been using Sophos XG for about six, seven years.

Sophos XG is really robust because of all the implementations you currently have active. We don't have problems on the hardware or a bug on the software or anything like that. It's really, really rare. Most of the problems are from requests for our customers asking to make a particular website available for some parts of the company and things like this. Just some little configurations on the web filter.

We actually do studies to already know before implementation which firewall will be able to handle all the operations. It is really rare to need to change the firewall or to miss a configuration and put in equipment that can't handle the network. We have never had a case where we had to replace a hardware because it couldn't handle the network. It has always been easy to make a survey to get the right equipment for the right amount of people, and every time we need to make a new implementation we have the study making scalability easy, because each hardware is for a specific customer.

If I were to rate support from zero to 10, I would say about six or seven. The Portuguese Support is really bad. It's really not good. Every time you have an issue that's a little bit more complex, it's better to speak to the Global Support than the Latin American Support.

Today the initial setup is simple since we have been using it for a long time and have implemented it for several customers. So now it is really easy for us.

We are the resellers.

My advice to anyone considering Sophos XG is that it has a good cost-benefit. Let's just put it that it does the job right.

On a scale of one to ten, I would say Sophos XG is a nine.

We provide Sophos XG to customers. We work at deploying this solution from scratch to the customer, from unboxing, racking, or stacking, and doing licensing and upgrades for the box. Then we establish the process and security profiles that the customer requires. 

This solution is deployed on-prem. 

Some of the most valuable features are filtering and application control. The DDoS detection also shows traffic jamming and traffic shaping. 

This solution could be improved with more effective bandwidth. I found that when I enable DDoS detection for our clients, bandwidth is reduced. If DDoS detection is disabled, the bandwidth will be high, but it isn't secure. We recommend that customers enable DDoS detection, but if they need high bandwidth, we recommend Palo Alto and FortiGate instead of Sophos. 

I have been using Sophos XG for about six months. 

This solution is not as stable as other products. In terms of stability, our number one recommendation is Palo Alto, number two is FortiGate, and number three is Sophos. 

Sophos is scalable, but not enough. 

Sophos technical support is effective. 

The installation takes two days. It is easy to deploy, and not as complicated as Palo Alto or FortiGate. We make it in our company labs and, for deployment and maintenance, we recommend one or two people. 

We provide and implement this solution for customers. 

The licensing for Sophos XG is based on the number of users, so I get the module from the sizing of the customer. 

We also recommend that customers use FortiGate and Palo Alto, since these solutions are more stable and have more effective bandwidth. 

I rate Sophos XG a seven out of ten. I would recommend it to others, based on their needs, but the stability could be better. 

We have five to seven customers who are using Sophos XG. 

The firewall is used to maintain security. Basically, it's used to make sure that our clients' corporate network is secure. We want to make sure that their email is scanned, protected, and so on.

In terms of the functionality, I think it's pretty straightforward. It's easy to pick up. It's also user-friendly.

Support could be improved.

I have been selling Sophos XG for two years. It is deployed on-premise. 

When it comes to scalability, of course we can upgrade. A lot of firewalls don't allow upgrades. An upgrade would mean changing the box. For our customers, a lot of the functions of the firewall don't reduce. We just need to make sure they enable the security, and then make sure it's giving the protection to the client.

For scalability when it comes to the server, I can add the RAM, the hard disc, and the CPU to boost up the performance. 

The principal tech support is not very present in Malaysia. We are relying on the distributor. Most of the technical things we can handle on our own, like when it comes to setup. When it comes to the issues related to product hardware or software bugs, we will reach out to them. But the response is from the distributor.

The support could be a bit better.

Installation for each version, like Fortinet and Next Generation Firewall, is simple. Based on how familiar we are with the client, it can take a day or two.

We only need one or two people for deployment.

For every firewall, you will need to pay the license for the following year. If they don't pay for the license renewal, they basically won't get the support from Sophos.

They do have their own integration, so I don't really have much to comment about Sophos because we basically just maintain the Sophos Firewall that we supply. We don't do a lot of fancy design work.

We are currently still evaluating the solution.

I've tried out Sophos XG a little. It has a good interface that's very user-friendly, but I haven't used all of its functions because I'm only configuring and running the system.

I've been working with Sophos XG for six months. I am not an end-user. I only provide the solution and implementation.

I think Sophos XG is very stable because the users who have installed it never mention any issues. It's very stable and scalable. 

Sophos XG is a scalable solution. Our clients who use Sophos are not big companies. 

I haven't dealt with Sophos support because I'm just doing the basic implementation for the Sophos. But I Sophos support is very experienced and helpful. Sophos has a team for administration and implementation—a good team to improve the application. 

It depends on the implementation and the deployment of systems. In my small company, I have four people on my technical team. Two of them specialize in firewall and security. They're working on Fortinet. They deal with antivirus and security implementation as well as Veeam Backup. The other two handle the administration implementation, including Active Directory and other administration solutions.

I would prefer if Sophos XG were cheaper. A lower price would benefit me as a system provider for the end customer. The cost of the license and renewal for all the software and devices is somewhat high. 

I rate Sophos XG nine out of 10. I am a Fortinet partner. If a user asks me which solution to buy, I'll tell them Fortinet. But if the customer needs Sophos, I will implement it for him. However, if I had a Sophos partnership, I would recommend it every time.

There are about 100 people using Sophos at our office. We have two ISPs, so we have to have access to our internet providers. We also need security to deploy our network. Also, our home and external users need to be able to log in. So we use Sophos XG to build our deployment. Sophos is more than just a firewall. It analyzes security effects, so it's a firewall for the future. It's more than just a hardware firewall. There are also some paid options, so we do not have to have the main server inside our office here. We use Office 365. And although we use five servers at our location, not everything is in the cloud yet. 

We haven't used it for very long, so I have not analyzed the main features deeply. So far, I'm happy that they have recently added a firewall role, so I feel a little more comfortable with the security. The threat management is good. Also, the graphics and the throughput of our internet access are better than before, so it's the Sophos anti-threat device that we have. 

For the moment, managing the Sophos interface is a little bit challenging. We have an external partner that helps me to comprehend. But it's new. It has to keep up with the market, and I understand that. But that's my personal problem at the moment. High-availability clusters have not been implemented, so we have only one firewall and one device. So should this device go down, there's no more internet access. But so far, we haven't had any problems. 

I've only been using Sophos XG for three months.

Sophos is stable.

Sophos XG is scalable.

I used Sophos tech support for the previous solution because Sophos sold that as well. Now, we only work with the external partners. So for the moment, I haven't had to send questions directly to Sophos. But my past experience with Sophos support was good. It was very professional and easy. We stay with Sophos software because of the technical support.

We had Cyberoam. That brand that doesn't exist anymore, so we had to change.

I contacted the external partner, and the setup was easy. It took about two or three days. Some little pictures were difficult for us to find, but that's normal. We could not make a one-to-one copy of the older one, so we had to search for some little personal configurations here. Now that everything is configured right, we are happy to have it. 

Because Sophos is sold by the brand that we had before that and Cyberoam does not exist anymore, it costs less because we stayed within the older firewalls. The price was also very good. It was not expensive before because of their value at the time. I think it's not cheap but not very expensive, either. It's in the middle. 

Based on what I know from using it so far, I would recommend Sophos. I rate it eight out of 10.

It's primarily for on-premise firewall functionality and functionality of internet lines.

The appeal to our IT team is that this is an easy to deploy, user friendly, and easy to work with solution that includes antivirus software.

I'd like to see a more simplified functionality for our customers. We also had a negative experience with the sales team of Sophos, which offered a three-year renewal to our customer. We'd suggested one year, keeping the customer's cashflow in mind and Covid. The result was that it affected our credibility with the customer. These are some of the irritants in the sales policy.  

I've been using this solution for four years. 

The solution is stable. 

We have deployed it for 100 users to date, so it's quite scalable. We mainly work with small and medium size organizations. 

The implementation is straightforward. It depends on your environment, and the number of users as well as the complex rules you're making. That aside, it is easy to deploy.

I rate the solution eight out of 10. 

We essentially use Sophos XG to protect our customers. Most of our customers use remote VPN connections. They also use the WAF protection for exposed internet WEB servers.

The web application firewall or WAF is very useful. Web application firewalls help keep your servers safe from hackers by scanning activity and identifying probes and attacks.
Using the Web Application Firewall (WAF), also known as reverse proxy, Sophos
UTM lets you protect your webservers from attacks and malicious
behavior like cross-site scripting (XSS), SQL injection, directory
traversal, and other potent attacks against your servers.
You can define external addresses (virtual webservers) which should be
translated into the "real" machines in place of using the DNAT rule(s).
From there, servers can be protected using a variety of patterns and
detection methods.

This function has been completely re-developed in XG, relatively of the UTM-9 version, and it works fine. I protect many internet web servers (IIS) for my customers with this function, due to of a lot of attempted attacks. It's a very useful and relatively simple to implement in Sophos XG.

Obviously, like all security systems, it is not a "fire and forget" configuration. It is necessary to properly analyze the system to be protected, create an appropriate policy and monitor its behavior once activated.

https://support.sophos.com/sup...

I think Sophos XG can improve some annex features. Like in DHCP, we can't make IP reservations in the range. We must reserve out of the range, which is not good. It will not be the same as the DHCP function in a Windows Server. We can't make an IP reservation in the range of the DHCP in the Sophos.

Better in the next release? I hope...

Sophos can also improve the debugging of the WAF function and provide a better resolution in the log, in the attached WEB log. The initial error doesn't appear. You must tail the console log to find the source pattern, cause of the error.

I have been using Sophos XG for about tree years.

Sophos XG is stable. I don't encounter problems that are typical with broken systems. But bugs in the system exists. Last example, I discovered a bug is in the asymmetric routing implementation. In a specific network configuration, asymmetric routing, with sub-net 25 doesn't work, but mask 24 and mask 26 works!!

But this is just a bug, and Sophos' support is very good to correct quickly, ASAP.

I only had a break function once because of the appliance BIOS. The Sophos support send me a new BIOS very quickly, and the problem was resolved.

I have a lot of issues with Sophos technical support. I still have some pending issues that need to be resolved. It's very odd in the beginning because your first contact is with the sub-part of another sub-part of Sophos based in India or Pakistan. It's very odd to have a quick connection with the second level or third level engineer at Sophos in UK.

I have personal contact with some security managers and the sub-part manager of Sophos support. When they don't resolve a problem quickly, I send an email, or I call my contacts Sophos UK, and it happens! They have good reactivity.

We start with Sophos UTM-9, the old version of Sophos firewalls, and then we switched to the XG.

The initial setup of the last version of Sophos XG is good. The initialization is very simple, but you must prepare it. You need an Sophos customer account , on the web cell, to declare easy a firewall.

It'll ask for an account, and you can create it in the interface, but it's better to prepare it before in the Sophos site, to have the account ready, for the first initialization of the firewall.

The deployment time depends on the system's complexity, the number of ISPs, the number of sub-nets, WAF functions and VPNs. 

It's normally very easy for a little company. A retail company with 20-30 computer-users, and a simple connection to the internet, it'll take about four to six-hours to deploy. If you need to fine-tune it, maybe two hours more. So like eight hours or a day to deploy.

Sophos XG isn't expensive compared to Check Point. Sure, Check Point is the Rolls-Royce of firewalls: It's great, it's fun, technically good tunned, but it's very expensive. 

But the specs and technical side of Sophos XG are close to Check Point, and the price is lower. It's better for our customers. I can do the same complex configurations with Sophos XG that I used to do on Check Point firewalls.

The main difference between Sophos XG and Check Point is keylogging and working with clouds. Both FortiGate and Watchguard doesn't have  in log packet analyzer to do so deeply. 

For me personally, Check Point firewall is the best firewall, because the log console is the power key of the firewalls. But Sophos XG is the main challenger of Check Point, I think. You can open the debugging packet analyzer, like a Wireshark, directly in the WEB log console. This function is a powerful tool and must be discovered, because it's very useful for quick debugging.

If I had to rank them, it's Check Point first, second, Sophos XG, and in third with FortiGate and Watchguard. We chose Sophos XG because it's much cheaper than Check Point.

I think it's very important to choose the right appliance first. Implementing a lot of things like VPN, IPS strong protection and WAF functions will stress more the appliance CPU. It depend also with the number of connections and number of users too.

Sophos XG is a lot of fun because you can change the appliance model without changing the configuration. You can back-up the configuration of the old appliance and import into the new appliance without spending hour for migration. It's powerful, and the new system is quickly operational.

Another key is VPN LAN to LAN in SSL, allowing connections to be set up much faster. Is this the end of the old IPSEC protocol? No, but it is a function which increases the versatility of the Sophos XG firewall.

Last, but not least, the virtual appliance works perfectly, in private or public clouds. Very simple to implement, work perfectly.

On a scale from one to ten, I would give Sophos XG a nine. 

The primary use case of this solution is as the main company firewall.

The most valuable feature of this solution is the flexibility of it, it's pretty versatile.

Also, the firewall aspect in terms of setting up rules. They worked pretty well.

The UI needs improvement because it can be a little weird at times.

I have used Sophos XG in the last twelve months.

This solution is stable. We haven't had any real issues.

I don't know if this solution is scalable. We haven't explored this area yet.

As we grow, we plan to increase usage.

Technical support is good.

Initially, the setup was a bit complex.

It was complex because we were coming off of a different setup. It was just getting used to the software, but it's not too bad.

We require one and a half staff members for the deployment and the maintenance. They seem to do a pretty good job of updating it and keeping it current.

We implemented ourselves. We did not use a vendor or integrator.

We're military contractors, and the cybersecurity compliance aspect of it has been the most helpful.

We know how the networks operate from our end, even though we are relatively green. We don't what we are comparing it to.

We prepaid in advance to get the max discount.

I would rate Sophos XG an eight out of ten.