Sophos XG Reviews

We are a solution provider and this is one of the security solutions that we implement for our clients. The primary use for Sophos XG is to secure the internet for an organization. It does a bit of antivirus scanning, application filtering, web filtering, and normal firewalling. Security, obviously.

Some of our clients also have Sophos UAP and access points are also included in Sophos, which is the same with FortiGate.

Sophos XG is easy to manage. You've got the cloud logging and you can manage all of your Sophos firewalls from one cloud, the Sophos Central Portal.

The most valuable feature is endpoint security. If you want to install antivirus and firewalling on endpoints, then Sophos is the best option.

What I don't like about Sophos is that applying policies can sometimes take longer, and there can even be a bit of a network interruption. With FortiGate, it's just one click and then you go, but with Sophos, sometimes the wheel keeps spinning for several seconds.

The SD-WAN capability is not as good as it is in FortiGate, and is something that should be improved.

I have been working with Sophos XG for approximately two and a half years.

Stability-wise, it's almost as good as FortiGate.

I've been selling FortiGate for 10 years and Sophos for two and a half years. I think that Sophos is just about on par with FortiGate. We just had a small thing with a client, but I don't know if that's really going to be reason enough. In terms of stability, I think they are quite good. The issue we had was the locks, and it was causing slowness or interruptions, but that was really not an issue. It's a small thing.

Sophos XG is very scalable. You can go from small to large-sized use cases.

I think that the technical support is very good, and similar to FortiGate,

I actually dealt directly with a Sophos engineer and I must admit, they've been very fortunate that the guy can help even on the weekends and so forth. I'm very impressed with that.

I primarily work with FortiGate, but I am currently dabbling in OPNSense to see if I can learn it. I've also installed Cisco in the past, as well as Sophos.

Although about 80% of our clients ask for FortiGate, some of our clients ask for Sophos instead. For example, there are some banks and commercial institutions that ask for Sophos.

Sophos is better than FortiGate with respect to endpoint protection.

The initial setup is as easy as it is with FortiGate. These products are definitely easier to install than a solution like OPNsense because it is just a hardware appliance.

The price of this solution is mid-range. Obviously, it will never beat OPNsense because that product is available free of charge. Sophos XG is not expensive for a firewall, especially when you compare it with Check Point. Check Point is a really expensive product.

Sophos XG is a bit more expensive than companies like BitDefender and Kaspersky, but their endpoint software is very good.

The suitability of this product depends on the use case. If somebody wants to have full endpoint protection then Sophos is the best choice. If they just want a normal UTM without endpoint software, then FortiGate is slightly better, but only slightly because of the SD-WAN capabilities. 

I would rate this solution an eight out of ten.

The firewall feature of Sophos XG has been the most effective for threat prevention.

The solution’s reporting could be improved.

I have been using Sophos XG for five years.

I rate the solution an eight out of ten for stability.

Around 200 users are using the solution daily in our organization.

I rate the solution an eight out of ten for scalability.

On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup a nine out of ten.

We implemented the solution through an in-house team in half an hour. One person was involved in the solution’s deployment.

On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a seven out of ten.

Sophos XG has sufficiently improved the security of our network. We found the solution's user interface very user-friendly for our daily operations.

Overall, I rate the solution an eight out of ten.

I implemented this firewall for my clients. They're small offices. One has got half a dozen computers, and the other one has about 30 computers on the network. Both utilize VPN to remotely access their workstations in the office.

It is sized based on the client. So, there are actually two different versions that I've utilized.

VPN setup is great and easy to implement for outside users to access data or workstations in the network.  Easy to manage and set up.  No major glitches.  Runs reliably.   Setting up iPhones and Macs is a bit more involved since you have to use VPN apps that are compatible with Apple for VPN and remote desktop.

Compared to other firewalls that I had looked at, I thought Sophos was the better solution. It just seems to be easier to manage versus Cisco, Fortinet, or one of the other options I was looking at.

I'm not going to say that it's easy to configure, but I can understand how to configure it. There is a certain amount of support available to do the configurations. 

I'm just a sole proprietor for IT support, and from my perspective, there could be better ways to educate a proprietor, such as myself, on how to set it up, program it, and manage it. They do tend to have support, but a lot of times, it is for larger networks. I need something simpler and more rudimentary to set up and configure the firewall, set up the rules, and that type of thing. So, if there is a missing component there, that would be it. 

Any firewall will need rules for how it protects the network against a variety of threats or various degrees of protection.  My comments are not aimed at Sophos specifically.  As a new person just learning about firewall protection, it would be helpful for any vendor to have an education area that runs through various scenarios and implements them in the firewall.  Videos would be helpful.  From my initial research on which firewall to choose,  Sophos appeared to have the most straightforward interface. 

I purchased the units from www.firewalls.com, and they worked with me to do the initial setup.  That was very helpful to get started

I have been using Sophos XG for 4 years.

It is very stable.

It is scalable. There are different models, and you really need to choose a model that is appropriate for your current situation. You can buy something with a certain degree of scalability. Because I purchased it through firewalls.com, I was able to have that discussion, describe the application, and then choose a model that would suit that particular client with a degree of scalability. Now, for instance, if they went from 20 employees to 500 employees, then it is not scalable to that degree, but if they went from 20 employees to 50 employees, then it would be scalable. So, you've got to define the criteria in terms of what you're trying to protect, the number of users, the bandwidth that is going through it, the speed, etc. When I purchased them through firewalls.com, they explained and helped me choose the most appropriate appliance for what I'm doing.

I did have a circumstance where the firewall had been damaged during a lightning storm or something like that, and I called them to help me diagnose what the issue was. They were good about the diagnostic. They were good about spending the time with me to figure out what was wrong. In the particular case that I was researching, it turned out that one of the ports was bad for some reason. It was either because of the lightning storm or some other reason. It was under warranty, and they replaced it with a new unit. So, I'm satisfied with Sophos' support.

Previously used a small $100 cisco unit.  Not easy to implement VPN.  They may have an app, now, but at the time it was problematic and way too  complicated. 

I purchased it through firewalls.com. They're an online vendor, and they did the initial setup and configuration on both firewalls. My experience with them was good.

I used firewalls.com and they were excellent

Fewer management headaches

The pricing was reasonable.  VPN licensing is included.

I looked at Cisco, Fortinet, and one of the others, and compared to them, I thought Sophos was the better solution. It seemed to be easier to manage. After the implementation, I could figure out what to do with a Sophos interface. If it was something like Cisco or other vendors, it would be far more complicated to deal with. So, that's one of the reasons why I chose Sophos.

For someone who is not acquainted with firewalls, whether it is Sophos or anything else, dealing with a third party for the implementation is kind of a must. 

I am satisfied with this solution. I don't really have any hands-on experience with other firewalls that I can compare it against, but I'm satisfied with it. I like it, and I'd buy it again.

I would rate Sophos XG a 10 out of 10.

This solution does everything and anything a firewall can do.

I am tempted to say that all of the features are valuable. 

When you choose a firewall you have to make a strategic decision, much more than a tactical one. We decided that everything we use within it, goes through and it's got protection.

The dashboard is intuitive and user-friendly.

Training on the devices is an area that needs improvement. Their training mechanisms are not perfect, and this is where you lose a good appreciation of the product.

The documentation for implementation is not good. For example, when you look up the details on a firewall rule to validate it, the details are not there.

If you click on the help file, they say a zone is an area where you can define specific logical network areas. This is where they stop, with nothing more. If you want to go further into the concept of it, which you know there is, you have nothing. Then you have to revert to the internet and go onto newsgroups to try to see if anybody has had your type of experience. Then you find someone, they explain it to you then say, "Oh, it only makes sense". So, then when you want to implement this, it's much easier at that time. So, that's the best-case scenario that I can explain.

There is an area that is very specific to our setup, where working tools you cannot easily establish a VPN between two internal networks.

When you want to establish a VPN with different wizards, they assume that you're always going through your internet link. 

If you want to create, with the zero-trust concept, which is where you don't trust anybody or any device, you want to make sure that everything on your network is segmented and everything is relative, depending on its flexibility, behind its firewall or a firewall segment. At some points, you might want to establish VPNs between certain network segments. 

Since you cannot establish VPN tunnels from the Sophos interfaces, plus if you are doing something that's going through the internet, then you lose flexibility. 

Currently, let's say we have a factory V-LAN and you don't want anybody within the factory V-LAN to be able to connect to another unless it is to a specific V-LAN, and you want to use VPN technology, you can't do it because you can't establish the connection again between two internal interfaces.

I have been working with Sophos XG for six years.

It's a stable product.

In regards to scalability, it's difficult to ascertain at this time because we haven't scaled it necessarily. 

The use cases that we have are very particular, and we're not in a mode of having scaled it yet. We have approximately 100 users in our organization who are using  Sophos XG.

Their support, we have a mixed review of it. It's good, but where it's bad, is because they're an international company that relies on many different continents to be able to get the support at different levels.

When we get into the people that are from India, that's where the support becomes not as efficient as we would want it to be. They have different rules of operating under and they don't show themselves to be flexible. Whereas where I am, currently I'm in Canada. When I speak to the support people within Canada, they're much more flexible when it comes to trying to follow us up on what we're trying to do and get the thing working. They're more flexible.

It was a combination of 75 percent straightforward and 25 percent complicated.

It's approximately $6,000 for each device. We have three devices and it was somewhere around $18,000.

I would recommend Sophos XG to others who are interested in using it.

I would rate this solution an eight out of ten.

Our primary use case of this solution is for protection and to have better governance for our LAN usage. I've got a lot of people working from outside on the corporate infra and all policy based decisions happen there. The solution is basically a firewall that protects us from various internet threats, but other than that provides controlled and properly managed access using various rules of VPN and other fingerprints of people logging in. I'm the CTO of the company and we are customers of Sophos.  

The interface is great and easy to understand. Any firewall engineer who has medium to moderate experience on bylaws, can easily understand the UI. The language presented on various features and the in-built help, is very intuitive. If you have a problem you can figure it out there and then. As a result, there is less probability that we'll call tech support.

The solution really needs some additional features like network access control. If they could incorporate some user profiling and present the analytics of the login user usage patterns, or a typical proper management dashboard to take a decision on the firewall rules, that would be useful. Basically, MI's and the dashboard could be more user friendly. The information is there but the dashboards are not in a graphical format. In short, I'd like to see network access control, user profiling and analytics dashboards. It would make the solution a more competitive product on the market. 

I've been using this solution for over four years. 

This is a stable solution. I haven't had any firewall crashes or any non-performing rules for over two years. We are a hospital so all the lights of all the devices should be on 24/7, 365 days a year.

We manage and control around 250-300 internal users. There would probably be another 75-100 logging in externally.

This is definitely a scalable solution. The way we've configured it, if a device goes down, it can be shut off and removed from the network for repairs or updates and our second firewall automatically takes the load.

We only used technical support during our initial deployment. After that, we didn't need support because the product was working perfectly well. We trained ourselves on the newer software and we are capable of managing and maintaining our own firewalls. In addition, Sophos provides online documentation which is very user friendly. If you follow the steps you get the result. 

I previously used Cisco's firewall ASA and it was extensively implemented in my earlier role. The main reason to migrate to Sophos was due to their aggressiveness in terms of pricing but also the fact that they had features that Cisco did not have.

The initial setup was very straightforward. Deployment took somewhere between six and eight hours. 

There's no annual licensing fee. When we purchased the product, it was with a five year agreement bundled in with the product price and the recent rollout is not yet five years old. When we renew, we'll renegotiate. I can't differentiate between the product costs and the licensing costs at this point. We're very lucky that we get one of the best deals in the country in terms of pricing. The Sophos-backed pre-sales and implementation team were very cooperative and collaborative which really helped us make the decision to choose Sophos.

I would definitely recommend this solution but it's only suitable if it fits the needs of the company so I would suggest carrying out some research. Why does the company need a firewall? What rules do they want to deploy on the firewall? Based on the answers to those questions the company can make a call. 

I would rate this solution a nine out of 10. 

We use the solution as an internet firewall, and a VPN concentrator.

It streamlines the process of creating VPN access for users. Because of the AD integration, it makes it very easy to manage these users from different locations from a central source. It also helps us to get a good idea of what our risks are, or if there's any risky activity going on with the users. 

The SSL VPNs are the most valuable feature for me. I have a lot of systems out of the head office that need to connect to the local networks, and they all connect via the Sophos VPN client.

The initial set up process can be a little tricky, especially when you are registering with Sophos and you have a poor internet connection. Setup is not necessarily complex, but it's not trouble-free. You do have connectivity issues at the initial setup with registering the device on the Sophos platform to access the advanced features. It doesn't always go through the first time around. That may be an issue with the quality of our connection. I'm not sure exactly what it is. 

The single sign-on client I get maybe a 60% success rate on. There are times when it will use single sign-on for verification of users to access Internet resources. It still doesn't always catch the user. The user gets sent to the web login. Even though the single sign-on is helping, it doesn't always work. 

I would like to see a better single sign-on performance. I'd like to see a more streamlined way of managing your licensing as well.

There are no issues with stability. It's a very stable system and you almost never have serious problems for any reason. It's only when you do an upgrade that you have to restart. Stability-wise, for the on-premise solution, I'd give it 4 stars.

Once you've bought the specific version, you are locked into the limitations of that plan. You can't exceed the number of VPNs, connections, etc. There's no way to increase that capacity, per se. You do have options where you can increase the port count and so on. However, in terms of scalability, you have to buy the capacity you require.

On the system I have now, it's not fully populated, but we have about 100 users. The plan is to eventually support about 1,400 users.

I don't use the solution's technical support. I typically just use the documentation. There are lots of guides and videos available. In most cases, I search the guide. There's a step-by-step guide to deploy so I don't have to contact technical support.

The initial setup isn't hard, but it can be tricky. Since I've been using several Sophos devices, I now find it's fairly simple. I get the deployment done in two hours, including integration. For others, it may take about a day to get everything done. 

There's almost no maintenance. There's really only the requirements of adding users and populating VPN connections. One person does that on a part-time basis.

I handled the implementation myself.

We do see an ROI. It would be the cost of the support. If I had to hire a CCNP in Nigeria, I would be paying about $10,000 per annum for a CCNP minimum. For a less experienced person, I can get for about $6,000. I am probably saving about $4,000 a year in personnel costs from going with the XG rather than the ASA.

We are paying about $1,500 yearly for the Enterprise Plus. As far as I know, there aren't costs above this standard fee.

We evaluated Cisco ASA as well as the FortiGate before ultimately choosing Sophos.

I chose Sophos over FortiGate because I'd already had experience with Cyberoam and it was a fairly similar migration in terms of configuration from the UTM over. But in terms of features and capabilities, I think FortiGate is pretty similar to the Sophos. Cisco ASA I choose not to go with because it's much harder to configure. I also needed to be able to have someone other than myself manage it and not need to have someone with CCNP sitting down just to add VPN users etc. I felt that the Sophos solution was a better option because it gave me all the functionality of the ASA, but it's much easier to manage.

We use the on-premises deployment model.

We definitely plan to increase the usage and also add high variability too. Right now, it is the main internet gateway and firewall for my network.

We're using both Sophos XG and Sophos UTM.

I would warn those considering implementation that, once you've got it, you're stuck with it. You can't really increase the capacity very much beyond what you have. It's always good to have the expertise available to take care of the box because even though it's a lot easier than the Cisco ASA, you still need someone that has a little expertise in managing it.

You can get very good performance without spending all of your money and without having to send a lot of high-end techs in-house to monitor processes.

I would rate the solution nine out of ten.

The antivirus features are valuable.

The price should be cheaper. Xstream must be included in future releases.

I have been using the solution for five years.

I rate the tool’s stability a seven out of ten.

I rate the tool’s scalability a ten out of ten. Our clients are SMBs.

I rate the ease of setup a ten out of ten. The solution is deployed both on-premise and on the cloud. The deployment takes half an hour.

I rate the pricing a six out of ten.

We are distributors. We sell the solution. We have many customers. Overall, I rate the product an eight out of ten.

We use it for network protection. We use Sophos XG as a firewall in our own company, and we have also implemented it for customers. I have been using Sophos XG for a small office for my own family. 

We have also implemented Sophos Email Gateway for government mailing servers. It is not so elaborate, but for basic usage, it works very well.

We have implemented version 17 to the latest version of Sophos XG.

I like it for its simplicity. It is very simple to configure and implement. It is a very good product for medium-sized organizations.

There should be web caching to improve bandwidth utilization. It should have a very good caching feature. That's because we are in a very poor continent, and the connectivity cost is very high. We have low bandwidth, and the intensive usage of bandwidth is not easy here in Africa. If they improve services for web caching, it would be better.

It should also support a feature for Virtual Domains. Similar to FortiGate, we should be able to use a single device to create two or more virtual units. Such a feature is useful for separating the traffic between departments in a large enterprise.

When I try to use Sophos for Email Gateway, it's not easy to check a user in the LDAP directory. It's not as good as other products, such as HCL Domino. Sophos is good, but it is not so good. When we use the LDAP filter to select some users, we have small problems, but overall, Sophos is very good for me.

Their support in Africa is not so good, which is a problem. Their support can be improved.

I have been using Sophos technology for four years.

It is very stable.

Generally, when we implement a Sophos product, we do the sizing and plan the resources based on the expected traffic. We anticipate the resource usage for one or two years, which helps with scalability, but it is a product for medium enterprises. In my company, we have around 20 employees.

Their account manager and support in Africa are not so good. Their community support is very good, and a lot of times, I use their community when I need any kind of support, and I get a response for my issue. 

I use Sophos and Fortinet. I sometimes also use Cisco Firepower. We are an integrator in West Africa, and my choice also depends on a customer's choice. Sometimes, they are telecom operators, and sometimes, they are small companies, such as non-governmental organizations.

It is very easy to implement.

Its price is good. All features are grouped in the same license. It is an all-in-one license, and the license price is acceptable.

I would rate it a nine out of 10.