Try our new research platform with insights from 80,000+ expert users
Lead NOC Engineer at a energy/utilities company with 51-200 employees
Real User
Has an intuitive interface. Easy to look at the logs and troubleshoot issues.

What is most valuable?

For one, its ease of use is the most valuable feature. It's very easy to look at the logs and troubleshoot issues as they arise. Things just make sense and it is a very intuitive interface.

How has it helped my organization?

It is easier to use than Cisco ASA, so it has reduced our SLAs by a considerable margin.

What needs improvement?

The VPN and central management need to be improved, but that's being nit-picky.

The IPsec VPNs are a little on the buggy side and you sometimes have to jump through hoops to get it to work. When I looked at them last, they were still in development for the centralized management of the firewalls, so when I saw it, it was very much in its infancy.

One more thing to add to what they can improve is the firewall policy presentation, they have their own special way of doing it which takes time for some to get used to, especially if you’re used to Cisco ASA.

For how long have I used the solution?

I have used this solution for about a year.

Buyer's Guide
Sophos XG
November 2024
Learn what your peers think about Sophos XG. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.

What do I think about the stability of the solution?

There were no stability issues.

What do I think about the scalability of the solution?

There were no scalability issues, it is very scalable.

How are customer service and support?

I would rate the technical support a 10/10; they are very professional. I know a couple of those guys over there on a first name basis.

Which solution did I use previously and why did I switch?

Previously, we were using another solution. However, we switched as we needed to upgrade our infrastructure.

How was the initial setup?

The setup was pretty straightforward. They had someone come in, walk us through it and train us on the platform.

What other advice do I have?

Get the professional support contract; it is well-worth it and those guys know their product very very well.

It is a very solid product, easy to use and implement.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
MelvynLee - PeerSpot reviewer
MelvynLeeNetwork Cooperations at STEVENSON ASTROSAT LIMITED
Real User

Thanks Sean, a very informative review. I am seriously considering the XG125 but slightly concerned about the VPN aspect as VPNs are used predominantly in our network. Also considering the Fortigate 60E.

reviewer1749918 - PeerSpot reviewer
Gerente de Atendimento na Introduce at a tech services company with 11-50 employees
Real User
Robust and feature-rich solution.
Pros and Cons
  • "The features that I have found most valuable are first the Web Filter and the Web Application Firewall SD-Wan on Version 18. Additionally, RED Tunnels allows a Sophos vital to speak to another Sophos vital in headquarters."
  • "The main problem with Sophos XG today is that it doesn't have a feature where you actually know the quality of an international link, which would allow us to we know if the link is operational or not. We need more information. It's losing packets on the network. It's high latency. So, we need more information to know if the link is really bad or really good, and today, we will only know if it's working and this just isn't enough."

What is our primary use case?

We use and implement Sophos XG for our customers for border security, just to make sure that nobody gets in and that everybody who tries to get out will have some kind of filter or protection.

How has it helped my organization?

I can say that it has not exactly improved how our the organization functions, but on the security side it makes everything much more secure, especially for the users. They can't surf the web without some kind of protection for safety and control, and we are alerted if somebody is trying to access some strange websites or trying to access something the company does not allow.

What is most valuable?

The features that I have found most valuable are first the Web Filter and the Web Application Firewall SD-Wan on Version 18. Additionally, RED Tunnels allows a Sophos vital to speak to another Sophos vital in headquarters.

What needs improvement?

The main problem with Sophos XG today is that it doesn't have a feature where you actually know the quality of an international link, which would allow us to we know if the link is operational or not. We need more information. It's losing packets on the network. It's high latency. So, we need more information to know if the link is really bad or really good, and today, we only know if it's working and this just isn't enough.

For how long have I used the solution?

I have been using Sophos XG for about six, seven years.

What do I think about the stability of the solution?

Sophos XG is really robust because of all the implementations you currently have active. We don't have problems on the hardware or a bug on the software or anything like that. It's really, really rare. Most of the problems are from requests for our customers asking to make a particular website available for some parts of the company and things like this. Just some little configurations on the web filter.

What do I think about the scalability of the solution?

We actually do studies to already know before implementation which firewall will be able to handle all the operations. It is really rare to need to change the firewall or to miss a configuration and put in equipment that can't handle the network. We have never had a case where we had to replace a hardware because it couldn't handle the network. It has always been easy to make a survey to get the right equipment for the right amount of people, and every time we need to make a new implementation we have the study making scalability easy, because each hardware is for a specific customer.

How are customer service and support?

If I were to rate support from zero to 10, I would say about six or seven. The Portuguese Support is really bad. It's really not good. Every time you have an issue that's a little bit more complex, it's better to speak to the Global Support than the Latin American Support.

How was the initial setup?

Today the initial setup is simple since we have been using it for a long time and have implemented it for several customers. So now it is really easy for us.

What about the implementation team?

We are the resellers.

What other advice do I have?

My advice to anyone considering Sophos XG is that it has a good cost-benefit. Let's just put it that it does the job right.

On a scale of one to ten, I would say Sophos XG is a nine.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Sophos XG
November 2024
Learn what your peers think about Sophos XG. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.
reviewer1740045 - PeerSpot reviewer
Cyber Security Engineer at a tech services company with 201-500 employees
Real User
Good filtering and application control features, but the bandwidth could be more effective
Pros and Cons
  • "Some of the most valuable features are filtering and application control. The DDoS detection also shows traffic jamming and traffic shaping."
  • "This solution could be improved with more effective bandwidth. I found that when I enable DDoS detection for our clients, bandwidth is reduced. If DDoS detection is disabled, the bandwidth will be high, but it isn't secure. We recommend that customers enable DDoS detection, but if they need high bandwidth, we recommend Palo Alto and FortiGate instead of Sophos."

What is our primary use case?

We provide Sophos XG to customers. We work at deploying this solution from scratch to the customer, from unboxing, racking, or stacking, and doing licensing and upgrades for the box. Then we establish the process and security profiles that the customer requires. 

This solution is deployed on-prem. 

What is most valuable?

Some of the most valuable features are filtering and application control. The DDoS detection also shows traffic jamming and traffic shaping. 

What needs improvement?

This solution could be improved with more effective bandwidth. I found that when I enable DDoS detection for our clients, bandwidth is reduced. If DDoS detection is disabled, the bandwidth will be high, but it isn't secure. We recommend that customers enable DDoS detection, but if they need high bandwidth, we recommend Palo Alto and FortiGate instead of Sophos. 

For how long have I used the solution?

I have been using Sophos XG for about six months. 

What do I think about the stability of the solution?

This solution is not as stable as other products. In terms of stability, our number one recommendation is Palo Alto, number two is FortiGate, and number three is Sophos. 

What do I think about the scalability of the solution?

Sophos is scalable, but not enough. 

How are customer service and support?

Sophos technical support is effective. 

How was the initial setup?

The installation takes two days. It is easy to deploy, and not as complicated as Palo Alto or FortiGate. We make it in our company labs and, for deployment and maintenance, we recommend one or two people. 

What about the implementation team?

We provide and implement this solution for customers. 

What's my experience with pricing, setup cost, and licensing?

The licensing for Sophos XG is based on the number of users, so I get the module from the sizing of the customer. 

Which other solutions did I evaluate?

We also recommend that customers use FortiGate and Palo Alto, since these solutions are more stable and have more effective bandwidth. 

What other advice do I have?

I rate Sophos XG a seven out of ten. I would recommend it to others, based on their needs, but the stability could be better. 

We have five to seven customers who are using Sophos XG. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Owner at InternetWorld Solutions Sdn Bhd
Reseller
Functionality is straightforward, but tech support could be improved
Pros and Cons
  • "In terms of the functionality, I think it's pretty straightforward. It's easy to pick up. It's also user-friendly."
  • "Support could be improved."

What is our primary use case?

The firewall is used to maintain security. Basically, it's used to make sure that our clients' corporate network is secure. We want to make sure that their email is scanned, protected, and so on.

What is most valuable?

In terms of the functionality, I think it's pretty straightforward. It's easy to pick up. It's also user-friendly.

What needs improvement?

Support could be improved.

For how long have I used the solution?

I have been selling Sophos XG for two years. It is deployed on-premise. 

What do I think about the scalability of the solution?

When it comes to scalability, of course we can upgrade. A lot of firewalls don't allow upgrades. An upgrade would mean changing the box. For our customers, a lot of the functions of the firewall don't reduce. We just need to make sure they enable the security, and then make sure it's giving the protection to the client.

For scalability when it comes to the server, I can add the RAM, the hard disc, and the CPU to boost up the performance. 

How are customer service and support?

The principal tech support is not very present in Malaysia. We are relying on the distributor. Most of the technical things we can handle on our own, like when it comes to setup. When it comes to the issues related to product hardware or software bugs, we will reach out to them. But the response is from the distributor.

The support could be a bit better.

How was the initial setup?

Installation for each version, like Fortinet and Next Generation Firewall, is simple. Based on how familiar we are with the client, it can take a day or two.

We only need one or two people for deployment.

What's my experience with pricing, setup cost, and licensing?

For every firewall, you will need to pay the license for the following year. If they don't pay for the license renewal, they basically won't get the support from Sophos.

What other advice do I have?

They do have their own integration, so I don't really have much to comment about Sophos because we basically just maintain the Sophos Firewall that we supply. We don't do a lot of fancy design work.

We are currently still evaluating the solution.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
PeerSpot user
Senior System & Security Administrator at a legal firm with 51-200 employees
Real User
It has a good interface that's very user-friendly
Pros and Cons
  • "I've tried out Sophos XG a little. It has a good interface that's very user-friendly, but I haven't used all of its functions because I'm only configuring and running the system."
  • "I would prefer if Sophos XG were cheaper. A lower price would benefit me as a system provider for the end customer. The cost of the license and renewal for all the software and devices is somewhat high."

What is most valuable?

I've tried out Sophos XG a little. It has a good interface that's very user-friendly, but I haven't used all of its functions because I'm only configuring and running the system.

For how long have I used the solution?

I've been working with Sophos XG for six months. I am not an end-user. I only provide the solution and implementation.

What do I think about the stability of the solution?

I think Sophos XG is very stable because the users who have installed it never mention any issues. It's very stable and scalable. 

What do I think about the scalability of the solution?

Sophos XG is a scalable solution. Our clients who use Sophos are not big companies. 

How are customer service and support?

I haven't dealt with Sophos support because I'm just doing the basic implementation for the Sophos. But I Sophos support is very experienced and helpful. Sophos has a team for administration and implementation—a good team to improve the application. 

How was the initial setup?

It depends on the implementation and the deployment of systems. In my small company, I have four people on my technical team. Two of them specialize in firewall and security. They're working on Fortinet. They deal with antivirus and security implementation as well as Veeam Backup. The other two handle the administration implementation, including Active Directory and other administration solutions.

What's my experience with pricing, setup cost, and licensing?

I would prefer if Sophos XG were cheaper. A lower price would benefit me as a system provider for the end customer. The cost of the license and renewal for all the software and devices is somewhat high. 

What other advice do I have?

I rate Sophos XG nine out of 10. I am a Fortinet partner. If a user asks me which solution to buy, I'll tell them Fortinet. But if the customer needs Sophos, I will implement it for him. However, if I had a Sophos partnership, I would recommend it every time.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
reviewer1231140 - PeerSpot reviewer
IT support officer at a wholesaler/distributor with 51-200 employees
Real User
Performs well, the firewall and threat management are good
Pros and Cons
  • "So far, I'm happy that they have recently added a firewall role, so I feel a little more comfortable with the security. The threat management is good."
  • "For the moment, managing the Sophos interface is a little bit challenging."

What is our primary use case?

There are about 100 people using Sophos at our office. We have two ISPs, so we have to have access to our internet providers. We also need security to deploy our network. Also, our home and external users need to be able to log in. So we use Sophos XG to build our deployment. Sophos is more than just a firewall. It analyzes security effects, so it's a firewall for the future. It's more than just a hardware firewall. There are also some paid options, so we do not have to have the main server inside our office here. We use Office 365. And although we use five servers at our location, not everything is in the cloud yet. 

What is most valuable?

We haven't used it for very long, so I have not analyzed the main features deeply. So far, I'm happy that they have recently added a firewall role, so I feel a little more comfortable with the security. The threat management is good. Also, the graphics and the throughput of our internet access are better than before, so it's the Sophos anti-threat device that we have. 

What needs improvement?

For the moment, managing the Sophos interface is a little bit challenging. We have an external partner that helps me to comprehend. But it's new. It has to keep up with the market, and I understand that. But that's my personal problem at the moment. High-availability clusters have not been implemented, so we have only one firewall and one device. So should this device go down, there's no more internet access. But so far, we haven't had any problems. 

For how long have I used the solution?

I've only been using Sophos XG for three months.

What do I think about the stability of the solution?

Sophos is stable.

What do I think about the scalability of the solution?

Sophos XG is scalable.

How are customer service and support?

I used Sophos tech support for the previous solution because Sophos sold that as well. Now, we only work with the external partners. So for the moment, I haven't had to send questions directly to Sophos. But my past experience with Sophos support was good. It was very professional and easy. We stay with Sophos software because of the technical support.

Which solution did I use previously and why did I switch?

We had Cyberoam. That brand that doesn't exist anymore, so we had to change.

How was the initial setup?

I contacted the external partner, and the setup was easy. It took about two or three days. Some little pictures were difficult for us to find, but that's normal. We could not make a one-to-one copy of the older one, so we had to search for some little personal configurations here. Now that everything is configured right, we are happy to have it. 

What's my experience with pricing, setup cost, and licensing?

Because Sophos is sold by the brand that we had before that and Cyberoam does not exist anymore, it costs less because we stayed within the older firewalls. The price was also very good. It was not expensive before because of their value at the time. I think it's not cheap but not very expensive, either. It's in the middle. 

What other advice do I have?

Based on what I know from using it so far, I would recommend Sophos. I rate it eight out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
RathinVaidya - PeerSpot reviewer
Vice President (Technical) at Shaligram Infotech LLP
Reseller
Top 20
Great antivirus software that's very easy to deploy and very user friendly
Pros and Cons
  • "Easy to deploy and user friendly."
  • "Could have a more simplified functionality for users."

What is our primary use case?

It's primarily for on-premise firewall functionality and functionality of internet lines.

What is most valuable?

The appeal to our IT team is that this is an easy to deploy, user friendly, and easy to work with solution that includes antivirus software.

What needs improvement?

I'd like to see a more simplified functionality for our customers. We also had a negative experience with the sales team of Sophos, which offered a three-year renewal to our customer. We'd suggested one year, keeping the customer's cashflow in mind and Covid. The result was that it affected our credibility with the customer. These are some of the irritants in the sales policy.  

For how long have I used the solution?

I've been using this solution for four years. 

What do I think about the stability of the solution?

The solution is stable. 

What do I think about the scalability of the solution?

We have deployed it for 100 users to date, so it's quite scalable. We mainly work with small and medium size organizations. 

How was the initial setup?

The implementation is straightforward. It depends on your environment, and the number of users as well as the complex rules you're making. That aside, it is easy to deploy.

What other advice do I have?

I rate the solution eight out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
PeerSpot user
PeerSpot user
Senior IT Consultant - Sophos Architect at ARENTIA S.A.
Real User
A powerful and cost-effective web application firewall solution
Pros and Cons
  • "The web application firewall reverse proxy is very good."
  • "Sophos can improve the debugging of the WAPS function."

What is our primary use case?

We essentially use Sophos XG to protect our customers. Most of our customers use remote VPN connections. They also use the WAF protection for exposed internet WEB servers.

What is most valuable?

The web application firewall or WAF is very useful. Web application firewalls help keep your servers safe from hackers by scanning activity and identifying probes and attacks.
Using the Web Application Firewall (WAF), also known as reverse proxy, Sophos
UTM lets you protect your webservers from attacks and malicious
behavior like cross-site scripting (XSS), SQL injection, directory
traversal, and other potent attacks against your servers.
You can define external addresses (virtual webservers) which should be
translated into the "real" machines in place of using the DNAT rule(s).
From there, servers can be protected using a variety of patterns and
detection methods.

This function has been completely re-developed in XG, relatively of the UTM-9 version, and it works fine. I protect many internet web servers (IIS) for my customers with this function, due to of a lot of attempted attacks. It's a very useful and relatively simple to implement in Sophos XG.

Obviously, like all security systems, it is not a "fire and forget" configuration. It is necessary to properly analyze the system to be protected, create an appropriate policy and monitor its behavior once activated.

https://support.sophos.com/sup...

What needs improvement?

I think Sophos XG can improve some annex features. Like in DHCP, we can't make IP reservations in the range. We must reserve out of the range, which is not good. It will not be the same as the DHCP function in a Windows Server. We can't make an IP reservation in the range of the DHCP in the Sophos.

Better in the next release? I hope...

Sophos can also improve the debugging of the WAF function and provide a better resolution in the log, in the attached WEB log. The initial error doesn't appear. You must tail the console log to find the source pattern, cause of the error.

For how long have I used the solution?

I have been using Sophos XG for about tree years.

What do I think about the stability of the solution?

Sophos XG is stable. I don't encounter problems that are typical with broken systems. But bugs in the system exists. Last example, I discovered a bug is in the asymmetric routing implementation. In a specific network configuration, asymmetric routing, with sub-net 25 doesn't work, but mask 24 and mask 26 works!!

But this is just a bug, and Sophos' support is very good to correct quickly, ASAP.

I only had a break function once because of the appliance BIOS. The Sophos support send me a new BIOS very quickly, and the problem was resolved.

How are customer service and technical support?

I have a lot of issues with Sophos technical support. I still have some pending issues that need to be resolved. It's very odd in the beginning because your first contact is with the sub-part of another sub-part of Sophos based in India or Pakistan. It's very odd to have a quick connection with the second level or third level engineer at Sophos in UK.

I have personal contact with some security managers and the sub-part manager of Sophos support. When they don't resolve a problem quickly, I send an email, or I call my contacts Sophos UK, and it happens! They have good reactivity.

Which solution did I use previously and why did I switch?

We start with Sophos UTM-9, the old version of Sophos firewalls, and then we switched to the XG.

How was the initial setup?

The initial setup of the last version of Sophos XG is good. The initialization is very simple, but you must prepare it. You need an Sophos customer account , on the web cell, to declare easy a firewall.

It'll ask for an account, and you can create it in the interface, but it's better to prepare it before in the Sophos site, to have the account ready, for the first initialization of the firewall.

The deployment time depends on the system's complexity, the number of ISPs, the number of sub-nets, WAF functions and VPNs. 

It's normally very easy for a little company. A retail company with 20-30 computer-users, and a simple connection to the internet, it'll take about four to six-hours to deploy. If you need to fine-tune it, maybe two hours more. So like eight hours or a day to deploy.

What's my experience with pricing, setup cost, and licensing?

Sophos XG isn't expensive compared to Check Point. Sure, Check Point is the Rolls-Royce of firewalls: It's great, it's fun, technically good tunned, but it's very expensive. 

But the specs and technical side of Sophos XG are close to Check Point, and the price is lower. It's better for our customers. I can do the same complex configurations with Sophos XG that I used to do on Check Point firewalls.

Which other solutions did I evaluate?

The main difference between Sophos XG and Check Point is keylogging and working with clouds. Both FortiGate and Watchguard doesn't have  in log packet analyzer to do so deeply. 

For me personally, Check Point firewall is the best firewall, because the log console is the power key of the firewalls. But Sophos XG is the main challenger of Check Point, I think. You can open the debugging packet analyzer, like a Wireshark, directly in the WEB log console. This function is a powerful tool and must be discovered, because it's very useful for quick debugging.

If I had to rank them, it's Check Point first, second, Sophos XG, and in third with FortiGate and Watchguard. We chose Sophos XG because it's much cheaper than Check Point.

What other advice do I have?

I think it's very important to choose the right appliance first. Implementing a lot of things like VPN, IPS strong protection and WAF functions will stress more the appliance CPU. It depend also with the number of connections and number of users too.

Sophos XG is a lot of fun because you can change the appliance model without changing the configuration. You can back-up the configuration of the old appliance and import into the new appliance without spending hour for migration. It's powerful, and the new system is quickly operational.

Another key is VPN LAN to LAN in SSL, allowing connections to be set up much faster. Is this the end of the old IPSEC protocol? No, but it is a function which increases the versatility of the Sophos XG firewall.

Last, but not least, the virtual appliance works perfectly, in private or public clouds. Very simple to implement, work perfectly.

On a scale from one to ten, I would give Sophos XG a nine. 

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company has a business relationship with this vendor other than being a customer: ARENTIA S.A. - Sophos Gold Partner Av. Francisco Sá Carneiro 380 2415-376 Leiria - Portugal
PeerSpot user
Buyer's Guide
Download our free Sophos XG Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Product Categories
Firewalls
Buyer's Guide
Download our free Sophos XG Report and get advice and tips from experienced pros sharing their opinions.