Sophos XG Reviews

My company has normal web-based policies to restrict websites and allow certain legitimate websites. My company also has site-to-site VPNs and SSL VPNs, along with firewalls.

The most valuable feature of Sophos XG for our company's cybersecurity defense strategy stems from a mixture of all of the product's capabilities, which includes areas like web protection and VPN that are important when it comes to cybersecurity.

I would like the product to improve so that it can provide advanced SD-WAN, which can allow users to deal with infinite connections along with seamless bandwidth utilization.

In the product, the area revolving around SD-WAN has certain shortcomings where improvements are required.

It would be great if I could monitor a particular traffic from a network with Sophos XG.

I have been using Sophos XG for around a year and a half. I am a customer of the tool.

It is a stable solution. Stability-wise, I rate the solution an eight to nine out of ten.

Scalability-wise, I rate the solution a seven to eight out of ten.

There are around 200 users of the product in my company.

The solution's technical support is good. I rate the technical support an eight out of ten.

Positive

I have experience with Fortinet.

Sophos and Fortinet provide good features. Interface-wise and usage-wise, Fortinet is good. Fortinet provides a simple interface, while it is an area that is a bit complex in Sophos. Feature-wise, Sophos and Fortinet are similar.

I rate the product's initial setup phase at six or seven on a scale of one to ten, where one is difficult, and ten is easy.

The solution is deployed on the cloud and on-premises.

The solution can be deployed in a day.

The product is expensive. I rate the product price a six on a scale of one to ten, where one is low price and ten is high price.

Sophos XG has the ability to provide good reports.

I rate the tool an eight to nine out of ten.

We primarily use the solution as our firewall.

I'm able to have very granular control over my organization's input and output data that goes in and out of our networks.

The firewall portion of the solution is the best part The rest is really just fluff. 

The initial setup is straightforward.

We have found the stability to be quite good.

User management is the area that, by far, needs the most work. The way that they try to transparently utilize user groups from the active directory to the Sophos firewall is outdated.

I'd like to see them do a little bit better of a job with the content filtering. It has content filtering, however, it rarely works. Sometimes it just fails altogether. I'd like to see a better job done. 

I'd like to see better reporting. While the logs are great, the reports are not.

I've been using the solution for six years at this point. 

The stability is great. There are no bugs or glitches and it doesn't crash or freeze. It's a reliable firewall. 

The product is super scalable. If I had a giant organization, I'd have no problem putting the Sophos firewall in.

Right now, we have 155 on the solution. That's everyone from support to upper-level management. 

We use it every day.

We just recently upgraded. I have no reason or need to upgrade for years to come and therefore don't plan on scaling anytime soon.

Technical support is fairly good. It's a pain to get ahold of them, however, once you get them, they're very thorough.

The only thing that s not so great is that sometimes they try to force me down to my reseller, whoever their partner is. I always have to make up a lie and say I already tried and only then will they help me. Besides that, it's not bad.

I previously used Cyberoam. We really switched as Cyberoam was bought out by Sophos.

The implementation process was pretty straightforward. Learning the ins and outs was a little complex. How, in terms of just getting it set up, I was able to get it set up in a couple of days.

Overall, the deployment took about three days. My strategy was, basically, going from my old Cyberoam to my new Sophos. I just copied each rule individually and tested them. Then I ran them in sync with each other for a couple of weeks. When I realized there were no problems, I pulled the Cyberoam out.

We have three people on staff that can handle deployment and maintenance responsibilities. I've got a system admin, myself, and a help desk/content specialist.

I did not use an integrator, reseller, or consultant for deployment. I handled the process myself. 

From an ROI standpoint, the product I had before, even though they were basically the same thing, I found I was spending a lot of man-hours with it and calling support a lot and actually having to pay for support on the previous model. 

With this firewall, I rarely have to call support. When I do, it's free of charge. The ROI is 100% there. It might be a little more expensive up front, however, the quality is there for a medium-sized business.

The licensing is based on a multi-year contract. It's a bit higher, in terms of price than other options. The billing process is pretty simple and straightforward. they don't have a complex licensing setup. 

I evaluated all the big players out there before choosing Sophos. I likely evaluated seven different options.

I'm a customer and an end-user.

I'd advise those considering this product to stick with it and stay away from the fluff. For example, the Sophos Anti-Virus is not worth it. 

The firewall is fantastic. Definitely take their firewall courses, as there are going to be a lot of tasks that you feel should be easy and they're not. There's going to be a lot of troubleshooting. I've been working on it for five years and I still catch myself sometimes trying to figure out why a certain rule doesn't work doing this or that. Definitely take the training. I would highly recommend staying away from the other products.

I'd give the product an eight out of ten for a score. It does everything I need it to do. The user interface is very modern. It works. I was able to figure out some very advanced things. Even though it has a modern interface, I like the fact that I can always go into the console and it's a Linux box behind the scene - which is very nice for when you're trying to do very advanced tasks. For the most part, it was plug-and-play. The setup was really easy. The support is fantastic.

We use it for firewalling. Lately, we are also using it for remote access or VPN access for the users to the firewall and then onto the local network for people working from home. We've seen a huge jump in work from home. Everybody is working from home, so we need a secure connection to the office.

I am not using its latest version. I normally wait for a couple of months before upgrading the unit to make sure there are no bugs or issues. I check on the forums to see what other people are saying and whether there are any issues. 

There are many features. VPN, firewalling, and intrusion detection are the main features that are most useful for us at this time.

Their support is fairly good, and they come back to me. I've had an issue once or twice where I couldn't understand what the support person was saying because those calls were probably routed to India. They were a bit difficult to understand, but it is generally not an issue.

I have been using this solution for seven years.

It is stable. We've been dealing with it for such a long time. We know exactly how to set it up. Sometimes, clients have got funny ideas, and I just say to them, "You tell me what you need, and I'll do the config and set it up." I've got two clients who have got technical skills. One of them is fairly proficient on Sophos, so he does the work as well, but for most of our other clients, we set it up, and there are no issues. It just works.

It is scalable provided you purchase the correct product. We do a bit of homework. We don't just sell you the first device on the list because that's not always suitable. We do a scope of the client's business. They may be a startup with just five users, but they might have a plan to have 100 or 200 users. We need to just size according to what they anticipate to be. It is no good if we sell them an entry-level device now, and two months later, it is too small. We purchase according to a client's requirements.

We've got clients with four users, and the number can go up to hundreds. I'm currently busy setting one up for 150 users, and obviously, there is much more work involved in doing the remote VPN setups.

I use the local support in South Africa. If they can't help me, then I log a case with their international support. They're fairly good, and they come back to me. 

I've had an issue once or twice where I couldn't understand what the support person was saying because those calls were probably routed to India. They were a bit difficult to understand. They spoke so fast, and I could not hear what they were saying, but it is generally not an issue. It is not a showstopper, and we manage to work. If I don't understand, I say to them, "Can we rather chat by email?", which makes it a lot easier.

There some other firewalls that my company is using, but they're way below in terms of specs and what they can do. Sophos XG is a layer 7 firewall, and most of the others are only layer 2 firewalls. Sophos is far superior. 

I do not have any knowledge about Cisco, Juniper, or other firewalls. I don't really use them. I use some open-source firewalls, but they're also a lot lighter. I've got one or two very small clients or non-profits where we run an open-source firewall, but the feature set is way limited compared to Sophos.

Sophos XG comes in at a fair price as compared to some of the other products out there. Its learning curve wasn't that steep. It makes sense, and it is a sensible product. It is not like some of the other products.

It is simple for me. I've done so many setups. I can probably do these things in my sleep. In fact, I have got one in front of me now that I need to configure and install. I'm fairly proficient in the use of these devices. I'm happy with it.

The deployment duration depends on the setup. Some simple setups can be up and running within two hours. Complex ones most probably will take four to six hours. It also depends on the client's needs. Some of them have simple requirements, and they just want firewalling and one or two remote-access VPNs. Others have got a complex setup where we need to set up cameras and VoIP telephone systems. It all depends on a client's requirements.

It doesn't require any maintenance because the definitions are auto-updated. I've got a dashboard where I can manage all of the firewall devices from one dashboard. If I want to upgrade the software on 20 of them, I'll log onto the dashboard and upgrade the software just by selecting it and saying upgrade the software, and it is done. It requires very minimal handling on a day-to-day basis. Antivirus definitions, scanning definitions, and all those things are auto-updated anyway.

It comes at a fair price as compared to some of the other products out there. Its price is in the middle. It is not the cheapest, and it is also not as expensive as Juniper, Check Point, and definitely Cisco. Nowadays, everybody is very cost-sensitive, and people don't want to spend unnecessary money, but even before that, it was a fairly priced product.

You've got your choice of what license you want. There are basically two types of licenses, and it depends on what you need to do, and everything is included in that license. There is no cost for VPN and DMZ. You purchase the license, and you know upfront what you're getting or what you're not getting, and that's it. It is one license fee and done and dusted.

I would definitely recommend this solution to others. I recommend it to all my clients. I'm using it at home as well, and it works great. I'm fairly proficient in it, so I'm very confident. I can recommend it to anybody and everybody. It is a great product, and I've got no issue with it.

I would rate Sophos XG a ten out of ten. It is a rock-solid product that works. We've so many deployments of this solution. I'm just happy with it. 

I use the solution in my internal network for my home office, for which I have applied a router in my home. I have deployed a couple of switches in my home network, but I need to secure my network from attacks.

Adaptive security is the most usable and most efficient feature in Sophos XG. The performance and scalability of the tool are advantageous areas.

With the firewall part in Sophos XG, it is not very flexible if you want to block access to a particular site during your internal usage. The tool is not able to block access to a particular website instantly or easily since it takes a considerable amount of time to configure a few things. If you specify that a user should not be able to go to www.google.com, it should be denied for sure.

The support engineers of the product are not very tech-savvy, making it an area where improvements are required.

I have been using Sophos XG for four years. I am a customer of the product.

At times, there are some issues that I have faced with the stability of the product. Not many firmware updates pushed into the tool are bug-free, and because of this, I face issues.

I rate the tool's stability a seven out of ten.

It is a scalable solution.

Based on my experience with the product's support team, I feel that Sophos provides good technical support to its users.

I rate the technical support a six out of ten.

Neutral

The product's initial setup phase was easy, especially compared to Cisco.

The solution is deployed on the cloud. I have also worked with the on-premises model.

The solution can be deployed in only a couple of hours.

The product has improved the security posture. Sophos XG provides features that are almost the same as those Cisco Firepower devices provide. I would say that a couple of features in Sophos XG are the same as the ones provided by other Cisco devices, which are top-notch.

The management tools or log-related solutions that are presented with Sophos are okay but not top-notch when it comes to Cisco. I rate the reporting and visibility tools in Sophos XG a six out of ten compared to Cisco.

Sophos xG's integration capabilities do not apply to a limited number of security tools. Cisco provides integration capabilities with many products, while Sophos XG offers integration with a limited number of products. Cisco provides integration capability with almost any tool that is present in the world. Cisco works day and night to ensure that it provides good integration capabilities with the solutions.

I recommend the tool to those who plan to use it, especially if you own a very small office where you don't need a product with too many functionalities.

I rate the tool a seven out of ten.

We encounter difficulties while navigating through certain features and functionalities of the product. The GUI could be much more transparent.

We have been using Sophos XG for two years. At present, we use the latest version.

I rate the product’s stability an eight out of ten.

We have around 15 to 20 customers using Sophos XG. It is suitable for larger companies. We have around 200 technical engineers in our organization managing it. I rate the scalability a nine out of ten.

The technical support team is friendly and supportive in terms of technical assistance.

Positive

We are working with CheckPoint, SonicWall, and FortiGate.

The deployment method involves navigating through several pages, such as selecting the country and configuring LAN and WAN ports, before reaching the manual configuration stage. Instead, simplifying the process by allowing users to log in directly to the dashboard and initiate configuration without additional prompts could be helpful. The implementation time depends on specific firewall requirements.

The product is more expensive than SonicWall. Our customers compare devices for office compatibility, such as Sophos XG 4100 and SonicWall NSA 2300, and question license cost disparities.

I rate the pricing a six out of ten.

The product’s new variant allows for faster processing of data packets from LAN to WAN, surpassing the capabilities of an 8G firewall. It provides threat prevention features, including WAF, IPS, and AV. We have configured SSL VPN capabilities for different branches, which have been working efficiently. For our minimalistic usage, it has been performing well in transferring data from on-premise devices. It helps us generate detailed reports on the dashboard. The product’s integration with Sophos Central enhances security architecture by enabling centralized management under a single dashboard.

We recommend Sophos XG as a priority as it is much more reliable and has efficient technical assistance. It is much easier for configuration, web filtering, or web extension than one of its competitors.

I rate it a seven out of ten.

Sophos XG is of firewall security device for our data center or branch data center.

The security measures implemented in this system are robust, particularly at the network level. It includes effective web filtering capabilities to enhance security and protect against potential threats.

Everything is consolidated into a single box, offering comprehensive functionality, including Wi-Fi access and other features.

SD-WAN would benefit from further improvement, particularly in terms of incorporating optimization techniques that are not typically found in traditional firewalls. Nowadays, WAN optimization features are being integrated into many firewalls, and implementing similar capabilities in SD-WAN would enhance its performance and functionality.

The user interface of Sophos is very simple and good compared to Azure.

I have been working with Sophos XG for more than five years.

The stability of Sophos XG has been exceptional, and we have not encountered any issues. 

I would rate the stability of Sophos XG a ten out of ten.

Sophos XG is very scalable. I would rate the scalability of Sophos XG a nine out of ten.

Our network scalability is not extensive, but it does offer certain features such as the ability to create and utilize devices in an Active-Active configuration. Additionally, using devices with an active password is also supported, providing users with various facilities and features.

We have 1,500 users in our organization daily.

The technical support is good.

I would rate the technical support a nine out of ten.

The initial setup is straightforward. It was easy.

The total deployment time was ten days.

We had comprehensive documentation containing all the necessary details, including firewall configurations, host information, and corresponding IP addresses.

It was very easy to install it without any downtime.

We had a total of two people to deploy it.

Sophos XG is expenses. I would rate the pricing a ten out of ten as high.

After evaluating SonicWall and considering recommendations from colleagues, friends, and industry professionals, we found that Sophos received positive feedback. Additionally, our own hands-on experience and thorough examination confirmed that Sophos was a suitable choice. Therefore, based on these factors, we made the decision to proceed with Sophos for our requirements.

If Sophos XG meets your business requirements and fulfills your account needs, it is highly recommended to choose Sophos XG as your preferred solution.

I would rate Sophos XG an eight out of ten.

The product demonstrates excellent stability, accompanied by a user-friendly interface and reliable support services, including the availability of premium support options. However, there are certain features such as WAN optimization, load balancing, advanced techniques, and advanced web filtering that are currently not available. These features have become increasingly crucial in today's environment and are in high demand.

We essentially use Sophos XG to protect our customers. Most of our customers use remote VPN connections. They also use the WAF protection for exposed internet WEB servers.

The web application firewall or WAF is very useful. Web application firewalls help keep your servers safe from hackers by scanning activity and identifying probes and attacks.
Using the Web Application Firewall (WAF), also known as reverse proxy, Sophos
UTM lets you protect your webservers from attacks and malicious
behavior like cross-site scripting (XSS), SQL injection, directory
traversal, and other potent attacks against your servers.
You can define external addresses (virtual webservers) which should be
translated into the "real" machines in place of using the DNAT rule(s).
From there, servers can be protected using a variety of patterns and
detection methods.

This function has been completely re-developed in XG, relatively of the UTM-9 version, and it works fine. I protect many internet web servers (IIS) for my customers with this function, due to of a lot of attempted attacks. It's a very useful and relatively simple to implement in Sophos XG.

Obviously, like all security systems, it is not a "fire and forget" configuration. It is necessary to properly analyze the system to be protected, create an appropriate policy and monitor its behavior once activated.

https://support.sophos.com/sup...

I think Sophos XG can improve some annex features. Like in DHCP, we can't make IP reservations in the range. We must reserve out of the range, which is not good. It will not be the same as the DHCP function in a Windows Server. We can't make an IP reservation in the range of the DHCP in the Sophos.

Better in the next release? I hope...

Sophos can also improve the debugging of the WAF function and provide a better resolution in the log, in the attached WEB log. The initial error doesn't appear. You must tail the console log to find the source pattern, cause of the error.

I have been using Sophos XG for about tree years.

Sophos XG is stable. I don't encounter problems that are typical with broken systems. But bugs in the system exists. Last example, I discovered a bug is in the asymmetric routing implementation. In a specific network configuration, asymmetric routing, with sub-net 25 doesn't work, but mask 24 and mask 26 works!!

But this is just a bug, and Sophos' support is very good to correct quickly, ASAP.

I only had a break function once because of the appliance BIOS. The Sophos support send me a new BIOS very quickly, and the problem was resolved.

I have a lot of issues with Sophos technical support. I still have some pending issues that need to be resolved. It's very odd in the beginning because your first contact is with the sub-part of another sub-part of Sophos based in India or Pakistan. It's very odd to have a quick connection with the second level or third level engineer at Sophos in UK.

I have personal contact with some security managers and the sub-part manager of Sophos support. When they don't resolve a problem quickly, I send an email, or I call my contacts Sophos UK, and it happens! They have good reactivity.

We start with Sophos UTM-9, the old version of Sophos firewalls, and then we switched to the XG.

The initial setup of the last version of Sophos XG is good. The initialization is very simple, but you must prepare it. You need an Sophos customer account , on the web cell, to declare easy a firewall.

It'll ask for an account, and you can create it in the interface, but it's better to prepare it before in the Sophos site, to have the account ready, for the first initialization of the firewall.

The deployment time depends on the system's complexity, the number of ISPs, the number of sub-nets, WAF functions and VPNs. 

It's normally very easy for a little company. A retail company with 20-30 computer-users, and a simple connection to the internet, it'll take about four to six-hours to deploy. If you need to fine-tune it, maybe two hours more. So like eight hours or a day to deploy.

Sophos XG isn't expensive compared to Check Point. Sure, Check Point is the Rolls-Royce of firewalls: It's great, it's fun, technically good tunned, but it's very expensive. 

But the specs and technical side of Sophos XG are close to Check Point, and the price is lower. It's better for our customers. I can do the same complex configurations with Sophos XG that I used to do on Check Point firewalls.

The main difference between Sophos XG and Check Point is keylogging and working with clouds. Both FortiGate and Watchguard doesn't have  in log packet analyzer to do so deeply. 

For me personally, Check Point firewall is the best firewall, because the log console is the power key of the firewalls. But Sophos XG is the main challenger of Check Point, I think. You can open the debugging packet analyzer, like a Wireshark, directly in the WEB log console. This function is a powerful tool and must be discovered, because it's very useful for quick debugging.

If I had to rank them, it's Check Point first, second, Sophos XG, and in third with FortiGate and Watchguard. We chose Sophos XG because it's much cheaper than Check Point.

I think it's very important to choose the right appliance first. Implementing a lot of things like VPN, IPS strong protection and WAF functions will stress more the appliance CPU. It depend also with the number of connections and number of users too.

Sophos XG is a lot of fun because you can change the appliance model without changing the configuration. You can back-up the configuration of the old appliance and import into the new appliance without spending hour for migration. It's powerful, and the new system is quickly operational.

Another key is VPN LAN to LAN in SSL, allowing connections to be set up much faster. Is this the end of the old IPSEC protocol? No, but it is a function which increases the versatility of the Sophos XG firewall.

Last, but not least, the virtual appliance works perfectly, in private or public clouds. Very simple to implement, work perfectly.

On a scale from one to ten, I would give Sophos XG a nine. 

I implemented this firewall for my clients. They're small offices. One has got half a dozen computers, and the other one has about 30 computers on the network. Both utilize VPN to remotely access their workstations in the office.

It is sized based on the client. So, there are actually two different versions that I've utilized.

VPN setup is great and easy to implement for outside users to access data or workstations in the network.  Easy to manage and set up.  No major glitches.  Runs reliably.   Setting up iPhones and Macs is a bit more involved since you have to use VPN apps that are compatible with Apple for VPN and remote desktop.

Compared to other firewalls that I had looked at, I thought Sophos was the better solution. It just seems to be easier to manage versus Cisco, Fortinet, or one of the other options I was looking at.

I'm not going to say that it's easy to configure, but I can understand how to configure it. There is a certain amount of support available to do the configurations. 

I'm just a sole proprietor for IT support, and from my perspective, there could be better ways to educate a proprietor, such as myself, on how to set it up, program it, and manage it. They do tend to have support, but a lot of times, it is for larger networks. I need something simpler and more rudimentary to set up and configure the firewall, set up the rules, and that type of thing. So, if there is a missing component there, that would be it. 

Any firewall will need rules for how it protects the network against a variety of threats or various degrees of protection.  My comments are not aimed at Sophos specifically.  As a new person just learning about firewall protection, it would be helpful for any vendor to have an education area that runs through various scenarios and implements them in the firewall.  Videos would be helpful.  From my initial research on which firewall to choose,  Sophos appeared to have the most straightforward interface. 

I purchased the units from www.firewalls.com, and they worked with me to do the initial setup.  That was very helpful to get started

I have been using Sophos XG for 4 years.

It is very stable.

It is scalable. There are different models, and you really need to choose a model that is appropriate for your current situation. You can buy something with a certain degree of scalability. Because I purchased it through firewalls.com, I was able to have that discussion, describe the application, and then choose a model that would suit that particular client with a degree of scalability. Now, for instance, if they went from 20 employees to 500 employees, then it is not scalable to that degree, but if they went from 20 employees to 50 employees, then it would be scalable. So, you've got to define the criteria in terms of what you're trying to protect, the number of users, the bandwidth that is going through it, the speed, etc. When I purchased them through firewalls.com, they explained and helped me choose the most appropriate appliance for what I'm doing.

I did have a circumstance where the firewall had been damaged during a lightning storm or something like that, and I called them to help me diagnose what the issue was. They were good about the diagnostic. They were good about spending the time with me to figure out what was wrong. In the particular case that I was researching, it turned out that one of the ports was bad for some reason. It was either because of the lightning storm or some other reason. It was under warranty, and they replaced it with a new unit. So, I'm satisfied with Sophos' support.

Previously used a small $100 cisco unit.  Not easy to implement VPN.  They may have an app, now, but at the time it was problematic and way too  complicated. 

I purchased it through firewalls.com. They're an online vendor, and they did the initial setup and configuration on both firewalls. My experience with them was good.

I used firewalls.com and they were excellent

Fewer management headaches

The pricing was reasonable.  VPN licensing is included.

I looked at Cisco, Fortinet, and one of the others, and compared to them, I thought Sophos was the better solution. It seemed to be easier to manage. After the implementation, I could figure out what to do with a Sophos interface. If it was something like Cisco or other vendors, it would be far more complicated to deal with. So, that's one of the reasons why I chose Sophos.

For someone who is not acquainted with firewalls, whether it is Sophos or anything else, dealing with a third party for the implementation is kind of a must. 

I am satisfied with this solution. I don't really have any hands-on experience with other firewalls that I can compare it against, but I'm satisfied with it. I like it, and I'd buy it again.

I would rate Sophos XG a 10 out of 10.