Sophos XG Reviews

We use Sophos XG for ensuring security, implementing web filtering, enforcing policies, and blocking traffic as needed.

I appreciate its interface, but I find that the available ports are insufficient. I've encountered limitations, often finding that three to four ports are not adequate for our needs.

It stands out with its side-to-side VPN and SSL VPN capabilities.

The most significant aspect is the protection it offers.

I encountered an issue while implementing web filtering for users. Specifically, when attempting to access reports detailing which sites users are visiting, the diagnostic report fails to display the complete URLs of the websites visited. This becomes particularly problematic when users utilize proxy software to bypass the firewall, as it renders tracking their website visits nearly impossible. Training presents a major challenge as there are numerous features available, such as IPS and IDS, which many network administrators are unfamiliar with and tend to leave disabled. Users are unable to enable these features themselves due to their lack of understanding of their functionalities and configuration processes. The training manual provided to users lacks proper guidance on configuration procedures. The content outlined in the user manual differs significantly from the live configuration process.

I have been working with it for approximately six years.

There are several glitches in the new firewall. One particular issue arises when applying filtering settings. The firewall fails to unblock sites without requiring a restart to save and execute the changes properly.

We have a multitude of distinct sites, amounting to a total of six to seven thousand users in total.

Our experience with Fortinet was better compared to Sophos. Also, configuring Fortinet is much easier than configuring Sophos.

Installation is not straightforward; it's a bit complex. For instance, when setting up two ISP connections and terminating them on two firewalls, the process involves configuring LAN and WAN interfaces separately, along with DNS and routing configurations in different tabs. Many users may find these functions unfamiliar. It would be more convenient if all functions related to traffic routing were consolidated into a single tab for easier management. Maintenance is also challenging.

The price of Sophos in PTR is significantly higher compared to Fortinet.

Overall, I would rate it three out of ten.

Sophos XG is of firewall security device for our data center or branch data center.

The security measures implemented in this system are robust, particularly at the network level. It includes effective web filtering capabilities to enhance security and protect against potential threats.

Everything is consolidated into a single box, offering comprehensive functionality, including Wi-Fi access and other features.

SD-WAN would benefit from further improvement, particularly in terms of incorporating optimization techniques that are not typically found in traditional firewalls. Nowadays, WAN optimization features are being integrated into many firewalls, and implementing similar capabilities in SD-WAN would enhance its performance and functionality.

The user interface of Sophos is very simple and good compared to Azure.

I have been working with Sophos XG for more than five years.

The stability of Sophos XG has been exceptional, and we have not encountered any issues. 

I would rate the stability of Sophos XG a ten out of ten.

Sophos XG is very scalable. I would rate the scalability of Sophos XG a nine out of ten.

Our network scalability is not extensive, but it does offer certain features such as the ability to create and utilize devices in an Active-Active configuration. Additionally, using devices with an active password is also supported, providing users with various facilities and features.

We have 1,500 users in our organization daily.

The technical support is good.

I would rate the technical support a nine out of ten.

The initial setup is straightforward. It was easy.

The total deployment time was ten days.

We had comprehensive documentation containing all the necessary details, including firewall configurations, host information, and corresponding IP addresses.

It was very easy to install it without any downtime.

We had a total of two people to deploy it.

Sophos XG is expenses. I would rate the pricing a ten out of ten as high.

After evaluating SonicWall and considering recommendations from colleagues, friends, and industry professionals, we found that Sophos received positive feedback. Additionally, our own hands-on experience and thorough examination confirmed that Sophos was a suitable choice. Therefore, based on these factors, we made the decision to proceed with Sophos for our requirements.

If Sophos XG meets your business requirements and fulfills your account needs, it is highly recommended to choose Sophos XG as your preferred solution.

I would rate Sophos XG an eight out of ten.

The product demonstrates excellent stability, accompanied by a user-friendly interface and reliable support services, including the availability of premium support options. However, there are certain features such as WAN optimization, load balancing, advanced techniques, and advanced web filtering that are currently not available. These features have become increasingly crucial in today's environment and are in high demand.

We're using Sophos XG within one business unit for security. We use it for the firewall and mapping some services.

Sophos XG's price is right, and it's easy to manage. It's a good fit for our current needs at the moment. 

Sophos XG's user interface has some room for improvement. 

We started using Sophos XG in June of this year, so it has only been a few months. 

I think Sophos XG is stable.

Sophos XG is scalable. We have about 600 users here in Mexico, and everyone is behind this solution. I think it's possible we might increase usage, and we've discussed this with our corporate office in Germany. We could decide to go with another product, but we might expand Sophos if it performs well.

Support is one area where I have some issues. Sophos support isn't that good. 

In some companies where I've worked, I used Fortinet and ASA with FirePOWER from Cisco. In some places, I used Meraki with the MX and the Advance Security licensing. I have some issues with other technologies. Last year, they had Sophos UTM on the devices, but there was an opportunity was to switch our clients to Sophos XG and try out the solution.

Setting up Sophos XG is too easy. It took about two hours. The only part of the solution that I deployed was the firewalls. It's something I do all the time in my business unit, so it was quick. We have two people responsible for deployment and maintenance, including me. 

I had some support from a partner.

A Sophos XG license costs approximately $45,000 

I rate Sophos XG nine out of 10. Our experience so far has been good, but maybe we'll come across another solution that's at the same or a higher level.

I enjoy synchronized security, where you have to synchronize both the firewall and the endpoint. When I deploy a firewall, I integrate it with the endpoint so that they can send the security heartbeat from the endpoint to the firewall. In the Sophos firewall, there's deep inspection, which works quite well. Sophos has the web application firewall inbuilt. This is unlike other firewalls, where you have to integrate with another standalone web application firewall. Being inbuilt in Sophos, you just have to configure an application so that it's more of a policy, and you're good to go. It's pretty simple in terms of the user. 

We've deployed quite a number for our users and our customers, and the feedback is quite positive in terms of management and also administration.

The technical support is pretty good. 

The initial setup is easy.

There's quite a number of items on offer. When you look at Gartner, it's doing well. The uptake in the market has been wonderful and currently, it's competing with other top firewalls such as Check Point, Fortinet, and Palo Alto.

XG is at its end of life. People are moving to XGS. With those changes on the horizon, a client might end up in, maybe 10 years, having four or five appliances, which they might not use. I don't know what Sophos is doing to maybe change this. Right now, we've moved from XG to XGS.

Another feature, which might be good and which other vendors are maybe exploring is the NAC. Sophos doesn't have a NAC solution. 

Maybe they can improve on their WAF. Currently, they have the inbuilt. 

They could work on their SD-WAN solution. I have seen it. It's not that competitive compared to other vendors. We've had some device issues.

I've been dealing with the solution for the last four years.

In terms of when it's in the network, it's stable compared to other firewalls, where I have had some issues. I had a case with another firewall, which the client changed to Sophos and it was not that stable as the client had to go and actually restart the firewall. The challenge comes in terms of stability when, let's say, the engineer doing the scoping does the round-sizing for the firewall. This causes the IPS to become overloaded or overworked, so it disconnects the traffic at the port level. In terms of stability, I might say sometimes we might experience challenges maybe when the sizing is not done correctly. That's why we might experience that disconnect at the interface level where the internet gets disconnected, however, that's the case of sizing, not the product itself. In terms of stability, it's stable in the network.

In terms of Sophos' support, they have been wonderful. I had a device issue and I found the return policy to be quite simple. 

Their technical support is pretty straightforward. When you raise a ticket, the feedback is immediate, and you are assigned a support person. It's been a wonderful experience.

Even to the end-user, it's a pretty straightforward system that they have. A user would just log into support.id, then key in their credentials and raise a support ticket. It's pretty simple.

I'm also familiar with Check Point, FortiGate, and Palo Alto. We also used to use Sonic Wall, however, we've moved to Sophos.

The initial setup is pretty straightforward. It's not overly complex.

I've compared Check Point, CloudGen Network Security, and Sophos XG previously for clients. Not being biased to any vendor, normally, in this region, what normally happens is the budget. You might recommend Check Point to a customer, however, Check Point is a bit expensive, so you might end up losing the deal. What you would recommend, is Check Point as the Quantum, as the firewall. Sophos is doing quite well in terms of the endpoint for the workstations and the servers, the physical and the virtual. Likely it would be a good idea to recommend Sophos Security. That said, if the client has the budget, you'd recommend Check Point as a firewall. It's always good to do a bit of comparison and advise the client as to what is best for them.

We've actually deployed and supported quite a number of the products, from XG105 to XG3430.

Sophos is on-prem mostly, however, now there's another product for Sophos, for the endpoints, which is cloud-based.

I'd rate the solution at a ten out of ten. It's one of the best products. We have deployed quite a number of them - almost 20 - and I've not seen any of my clients complain.

We are an IT solution company and we provide network security. This solution is used for securing your network.

The solution has very good security features, is easy to use for administrators and users, and has informative reports.

I would like to see in future releases a tool to scan for malicious packets and give the location of where they are coming from. Nowadays all over the world is suffering from ransomware threats. If they could map where those packets are coming from and make the packet monitoring more efficient it will be helpful to prevent more of these kinds of threats.

I have been using the solution for approximately five years.

The solution has been highly stable.

We have used SonicWall and Fortinet in the past.

The installation is very easy for anyone. The configuration is straightforward, all the information is available through a quick Google search.

The price can be a bit steep but for the number of features, it is worth it. Additionally, the enterprise version of this solution is priced well for all the features that you receive.

If you are thinking about implementing Fortinet, SonicWall, or any other product you will pay extra for additional security features and might need to purchase additional licenses. If they just spend a little more on this solution they will get the extra features for the same amount.

This solution has security features that in other solution you have to purchase them as add-ons, such as malware and email filters. Comparing this solution overall to competitors it is by far the best.

I rate Sophos XG an eight out of ten.

Our primary use case for this solution is to act as the main broadband device in our data center. The XG 210 model is being used for a hospitality solution.

The main improvement for us is with our email. The email options and email security features are good. 

We have found that the simplicity of the XG 210 is its most valuable feature. There are a lot of options available for the default firewall rules, such as email and web, that are used to secure the network.

I like all of the options, but the most important thing is that it is easy to understand how to configure everything, compared to other firewalls.

We are having a lot of issues with conflicts and user sessions, and Sophos has suggested that we change the device to the XG 400.

Aside from these issues with scalability, the email security features are good, but there are not many options. We would like to know why an email is being blocked, and how we can allow delivery. It does not keep emails in the queue for delivery. It can only log whether it is delivered or not delivered. If I need more details then I have to log in using SSH to get that information.

When an email comes in from the outside it is detected. When we check the log it only tells us that it is not delivered. We would like to create an exception, but there are not many options available for this. For example, a domain space is not allowed. Only the user name can be used to do that. We need a domain-based exception for email.

Next, the XG 210 is easy to configure, but when we are looking for more details then we can only get this information through SSH. It is quite difficult. If we can get all of those details then it would help us to understand, so this needs to be improved.

There are a lot of options and it gets confusing sometimes. If they can give limited options, with more information, then it would be good for the large sites.

The product is stable, but by stable, I mean that we still have issues. The issues are more technical, which is why they suggest that we change the device to fix the problems.

Our main data center has more than seventy servers that host a web server and internal applications. This is where we use the XG 400.

We have installed the XG 210 model at a smaller data center. We have between three and four hundred users at the most. However, because we have more than three hundred sessions, the vendor has suggested that we change to the XG 400. We do not yet know if this will fix our problem.

At our remote sites, we use the XG 135 model, and we do not have many issues.

I am not sure why Sophos suggested using the XG 210 model after doing a site check, but we are facing issues and they suggested that we replace the model.

When I call, I have to wait for at least one to two hours to reach them. Sometimes they will pick up the call immediately, but most of the time they will not. I usually have to wait one hour before they pick up the phone.

When a ticket is created we have to wait three days before getting a reply from them. When they create a ticket for a critical issue, the response is delayed. This is a new device, and we expect support from Sophos. At least the partner should support the product, but the partners are always looking for money. Even if they deploy the device, for example, the XG 450, then they only offer support for one day. After that, there is no support.

We have been using the Sophos XG 135 model at our remote sites and it works.

This year we deployed the XG 210 model at our data center, but prior to this we used Barracuda. We switched because Barracuda is too expensive. The options are very limited because you have to pay for each additional option. Each one represents a different service, like ADP (Active DDoS Prevention) or firewall. In contrast, Sophos is only a single payment, so we switched even though we lost some options that we liked.

The initial setup is very easy.

Our deployment took only two to three days. The problem is that we had a lot of issues, especially with the email. The SMTP did not work, so I could not continue with the deployment. It took between fifteen and twenty days to resolve this. I do not know what they did to fix it, but we were delayed between twenty-five days and a month.

We had contacted the Sophos partner for help, but they were not able to fix our issue. After the problem was resolved I re-initiated the deployment. Only one staff member is required to maintain the solution.

Even when you purchase the product from Sophos, they ask for a separate contract for support which is on an hourly basis.

For licensing the XG 210, we paid approximately $3000 for three years. There are no additional fees on top of this.

Other than the Barracuda and the Sophos models, I did not evaluate other solutions.

Because of the problems that we are having, I cannot recommend this solution to anyone at this time.

I would rate this solution five out of ten.

The product has improved our network security posture. We got some phishing and malware attacks. We found out that someone was attacking our network. Since we installed the solution, we are not facing any attacks.

IPS works smoothly. The policies and rules work fine. The network performance and reporting tools of Sophos XG are good.

We are facing a little bit of an issue with the product's web filtering capabilities. It must be improved. SD-WAN can be improved.

I have been using the solution for almost two years.

I rate the tool’s stability a seven or eight out of ten.

I rate the tool’s scalability a seven or eight out of ten. Almost 5000 people are using the solution in our organization. We have installed the firewall. It is always running.

The support takes a lot of time to resolve issues.

Neutral

I rate the ease of setup a seven out of ten. The deployment took a few weeks.

The deployment was done in-house. We needed two to three people for the deployment.

I rate the pricing a seven or eight out of ten.

I will recommend the product to others. The solution is not extremely good, but it is good. Overall, I rate the product a seven or eight out of ten.

We are using Sophos XG, but not the latest version. The solution works as the main gateway. We are a small company of 250 employees so we also use the solution as a router.

The hardware and VPN connections are slow so we are planning on upgrading the solution. Next month we will be replacing the Sophos XG we have as it is reaching the end of life next year. We will be purchasing the XG 3000 to gain more options in the VPN tunnels.

The two most valuable feature of Sophos XG is, one the option to filter according to different applications and two, the integration with the Active Directory.

Over the last six months, we have noticed that the hardware is slow, especially the VPN connections.

Sophos would benefit if they could improve the integration with Active Directory. It does not function consistently and we have to reconfigure it to make it function again. 

Integration with IPA, which is like Active Directory for Linux servers, would be a nice feature to include.

I have been using Sophos XG for three years.

This solution is very stable. We have not had any problems in the three years we have been using Sophos XG. We did have one infection that gained access to one server in the DMZ but it was because the rules were not well configured and not because of the product.

We haven't had to scale the solution. 

Support from Sophos XG has been fine for what we have required.

We had been using Astaro. We selected Sophos XG because we knew it would be easy to set up and configure as the two solutions are similar.

Previously we were working with Astaro, so the setup and configuration of Sophos XG was easy. The implementation took less than a month.

The company that sold the firewall solution provided support hours while we were migrating the rules of our old firewall. They provided us with advice on some of the rules, especially on the routing to connect to a branch office.

We purchase an annual standard license.

I recommend Sophos XG if you are coming from pfSense or Astaro as the migration will be really easy. The learning path will also be easy. If you are coming from Barracuda or Cisco it will be more difficult especially the web interface of the firewall is not intuitive.

I would rate Sophos XG an 8 out of 10.