Sophos XGS Reviews

We use Sophos XGS firewall for edge control.

The solution's most valuable features are IPS, IDS, and web application security.

Sophos XGS should improve its customer service and educate its implementation partner. It should also work on building relationships with customers directly because there is no Sophos office or person to handle the Pakistan region. If Sophos opens its local office, its business will increase. Sophos XGS should train the technical staff about new challenges in security.

I have been using Sophos XGS for almost three years.

Sophos XGS is a stable solution.

At our data center head office, we have two high-availability devices. On the remote side, we are using a single piece of equipment. All these are XGS 2000, 126, and 200 series. So, we have already chosen a scalable solution. Around 700 users are using the solution in our organization.

The solution’s initial setup is straightforward. It took hardly one hour to deploy the solution.

We have outsourced the solution's deployment to a service provider or implementation partner. A team of professionals went on-site and installed it, and the configuration will be done through our remote support.

We signed a three-year support contract with the implementation partner when we purchased the hardware. Now, they are providing support, but it is not good. We have lodged an official complaint against the implementation partner because they sometimes refuse to provide support.

Initially, we were going with another partner, but the distributor recommended Information Systems Associates Pvt Ltd to us. So, I have also lodged an official complaint against the distributor.

Sophos XGS is a very expensive solution. It cost us $ 33,000. Huawei and Sangfor make much cheaper firewalls available in Pakistan. The equipment is being sold at throwaway prices. If we compare the market prices, the acquisition cost of Sophos XGS is much higher than that of the other market competitors. However, Sophos XGS is cheaper than Palo Alto.

Its competitor, Sangfor, provides an add-on EDR feature with the same firewall. Each and every node is connected with the firewall through EDR because all traffic is monitored. This functionality is not available in Sophos.

The solution provides threat intelligence capabilities, but some other tools are much better than Sophos XGS. I would recommend the solution to other users.

Overall, I rate the solution a seven out of ten.

For network security and filtering through our infrastructure, we rely on Sophos Firewall, specifically using Connect Sophos Cloud in our branches. 

Endpoint protection is crucial, so we integrate with DuoSet, and the system allows for VPN connections with various devices like SaaS, Alibaba, Fortinet, and Cisco, supporting encryption detection and more.

It's crucial for our company, as well as other companies and customers. When our customer licenses expire, they request to renew or make changes to their Sophos XGS boxes. This process is significant and managed by our technical team or engineers.

The Sophos XGS product is highly versatile and well-suited for various companies, including small, medium, and large enterprises. Its effectiveness lies in its inspection firewall capabilities, making it a commonly chosen option in our country due to its reasonable pricing. Sophos Firewall's support for VPN encryption and thorough inspection makes it a suitable choice for many companies, and I recommend it accordingly.

At the moment, I can't propose any new features. The primary concern is traffic stability, which needs improvement. Although the traffic stability is generally good, it has been noted that it can impact RAM and CPU, affecting workflow and inspection.

In my view, Sophos operates effectively in a reactive mode, focusing on static detection and forwarding traffic. However, Fortinet takes a more proactive approach, blocking both connection and route connections. While Sophos forwards any connection in both inbound and outbound traffic, I believe this is a positive aspect, especially in a country with various sizing considerations. This is my perspective, emphasizing the significance of Sophos XGS in software work.

I have been using Sophos XGS for two years. 

It's a stable solution. I would rate it around nine. There is room for improvement, especially in terms of support. As I mentioned earlier, when the CPU and memory reach their maximum capacity, the tool forwards traffic. This is a critical aspect—no inspection, no traffic, and no log.

It is a highly scalable solution. I can't provide an exact count because I work with multiple solutions, including Sophos XGS, Fortinet, and Palo Alto. Counting all the users across these platforms is challenging.

Positive

In the last two years, I have worked with Sophos Firewall, and it is an excellent firewall. It's easy to set up with encryption and inspection features. In my view, it's well-suited for all.

The initial setup of Sophos XGS has been quite smooth and user-friendly. Unlike my experience with Fortinet and Palo Alto, which posed challenges, Sophos XGS stands out for its ease of use. End users can handle the setup themselves without requiring an engineer to configure the firewall or register the device.

It's highly effective and well-suited for medium and small companies. The pricing is attractive, and our customers find it suitable for regular license renewals.

The solution is a layer 7 next-generation firewall, which we use as a firewall and router. We customize rules to help with our security.

We like the layer 7 capability. We have a couple of servers behind the XGS firewall which understands HTTP packets. The solution offers a very accurate setup, and we can use it as a kind of reverse proxy device. Based on the connected URL, we can direct traffic to different servers without a solution.

The solution is very user-friendly, and the GUI is so good that I don't have to use the CLI. This eliminates the need for typing; clicking allows me to get to what I'm looking for.

The application is a little slow; it takes five to ten seconds to respond to every click when configuring. If we need to do significant configuration, it can take a lot of time. This might be because we have a low-end machine, and it could be faster with a high-end one.

We have been working with Sophos XGS for nine months. 

The stability has always been good, we haven't encountered any issues. 

I can't speak much to the scalability as we haven't scaled the tool. I don't think it is scalable the way I have it configured, but there is a high-availability function in the menus. I don't know if the configuration is automatically transferred to new devices.

We have 600 users working behind the solution, and it is very lightweight in terms of maintenance. Sophos provides free web access, so we can go to their website and configure the firewall, which is automatically passed on to the device.

I escalated a question regarding a license issue, and they solved it very quickly, so I rate the tech support highly.

Positive

The initial setup was straightforward. It has an old-style GUI, so we just followed the steps, and much of the setup was automatic.

We implemented via an in-house team. 

We must purchase separate web server licenses, as they are not included in the regular device license. I would rate the product an eight out of ten in terms of price. It's relatively affordable.

I would rate this solution a ten out of ten. 

For personal use, I suggest pfSense, but for business applications, Sophos is great because they have better support and offer an excellent GUI, which makes XGS very easy to operate. pfSense offers console access and is a lot more configurable, which is why I prefer it for home use.

I would advise potential customers to get a free trial license, as it offers the freedom to trial the solution to see if it has the functionality and configuration options required.

We use the solution as a VPN and for web filtering. It helps to connect sites to our data center. 

It's a competent solution. 

It's easy to deploy and connect.

The initial setup is not complex. 

We can scale the solution.

It is stable. 

It's reasonably, competitively priced. 

The solution could have a bit more functionality.

We'd like to have a log viewer. We'd like to have visibility to see what traffic has crossed the firewall. 

They need more local support and different language options available for when they need help.

I've used the solution for four or five years. 

The solution is stable, and the performance is pretty good. It's a good platform. There are no bugs or glitches. It doesn't crash or freeze.

We have between 2,000 and 2,500 users on the solution right now. 

The solution can scale. 

At this point, we have no plans to increase usage, although we may expand in about two years. 

Technical support has been okay. However, they need more local support. They need to, for example, speak French.

Neutral

We also use Palo Alto. We've used it for about six months. It has more functionality than Sophos. 

The solution is very straightforward and simple. It's not overly complex. 

Originally, when we deployed, we migrated from another platform to Sophos. To do the migration took us two weeks. 

I'd rate the ease of setup a three out of five. 

We do have some maintenance tasks we need to perform after setup. For example, we need to do backups and some configurations. We have an internal team that can handle these tasks in terms of network infrastructure. 

The first time we deployed the solution, we did it via a third party, a partner.

The pricing is good and very competitive. 

The costs depend on what model of Sophos we take. A central firewall on the cloud with a cluster might be 70,000 to 80,000 euros for a three-year license. The price of the license and hardware are all under that pricing. You can integrate other features on top.

I'd rate the solution a four out of five in terms of affordability.

We are using the latest version of the solution. We're customers. 

I'd recommend the solution. It has pretty good functionality and good pricing. It's a good product.

I'd rate the solution a seven out of ten.

The performance is good. 

It is scalable.

Technical support has been helpful in general. 

The fabric solution, the access points, and the WiFi, is not being delivered to Egypt due to some regulations. It's hard to get any devices in Egypt right now.  I need one solution and one centralized interface to monitor all the switches, access points, firewalls, and everything. I found this in Fortinet. Sophos is falling short.

We'd like an interface that can monitor everything. 

The costs could be better. 

I've used the solution for two to three years. 

I can't speak to the stability, however, the performance is good. 

The solution can scale well. It's not a problem to expand it. 

We have about 400 people on the solution currently. 

Technical support is good. 

We also worked with Fortinet. While we are on Sophos right now, we're also moving again towards Fortinet. I'm waiting on the delivery right now. 

I am implementing a new public solution for access points and switches. I'm going to FortiGate since it offers a full solution, and it is already delivered to the country, Egypt. With the Sophos access points, they are not delivering regarding regulatory issues and something like that.

We do have some people on the solution that maintains it. I don't handle the initial step myself. We have a team that does it. 

Our own team can handle the initial implementation.

The pricing of Sophos is the same as Fortinet. In general, the solutions in the market are all around the same price. 

When you go to finalize the project and include another competitor, the distributor tends to give a big discount on the solution to exit to another one.

I'm a customer and end-user. 

I don't know which version of the solution we're currently on. I'm the director of the department, and therefore, I'm not working with it directly. There's a team that's working on the versions and upgrading software and so on, while handling the technical issues. 

I'm just dealing with the high level of design or decision-making.

It's not a bad solution. It's a good option and it takes a market share in Egypt. However, I like Fortinet as they have a device that's reaching in the market and the cost is not bad. They also have an impressive monitoring interface with FortiAnalyzer and FortiManager. 

I'd rate Sophos seven out of ten. 

The prominent use cases for Sophos XGS depend on the type of customer. Local governments, schools, production companies, sales companies, and the finance sector use it.

It’s popular because it’s easy to manage, the cloud console is excellent, and it supports VPNs. It can also integrate with endpoints, though this is optional. Regarding threat intelligence, customers in Central Europe often prefer managing their threat hunting rather than using the more expensive service from Sophos. This feature is handy for large international companies with many employees. Threat intelligence requires separate licensing and is optional. Customers can either manage it themselves or purchase the additional service from Sophos, which includes further actions and is more expensive. Smaller companies often don’t have the budget for this.

One area for improvement would be including automatically generated certificates for HTTPS, which was available in earlier versions but might not be in the latest.

I’ve worked with Sophos XGS for over ten years, starting with Astaro and then Sophos.

Sophos XGS is not expensive and is scalable. It can fit small schools and companies with just ten employees, showing its flexibility for different sizes.

Sophos has two levels of support. The first level is qualified but may not handle complex issues well. I usually skip it and go straight to the second level for better results.

Positive

Deployment is quick and easy. Small installations take about three hours, and even remotely if necessary. It might take up to two days for more extensive infrastructures, including initial setup and follow-up checks.

Sophos XGS does use AI, particularly for sandboxing and analyzing suspicious documents in the cloud. It’s practical, as I haven’t had any major security breaches in the past five years.Overall, I’d rate Sophos XGS as nine out of ten. It has improved significantly over the years.

We use the solution for the firewall.

The configuration is fantastic, highly efficient, and robust. We don’t have to spend more considering the organization’s size. It's easy to configure what you want to do. The response time is very good. VPN connections have been stable.

The payment plan could be improved.

Sophos XGS comes with mostly eight ports, excluding the five ports. It would be better if they could increase the eight ports to ten. Most times, we don't want to use two. I will need to get another switch if I have five ISPs. Sophos engineer should look into that.

There were issues while switching the firmware to an upgraded version.

I have been using Sophos XGS for five years.

The product is stable.

The solution's scalability is good. It depends on what you have and the advanced structures from purchasing a particular version.

We have 80 users and 30 servers in our organization.

The initial setup is straightforward but a bit complex on production. You will need to configure the IP addresses of each device. We have scheduled downtime to safeguard stakeholder data periodically. We anticipate smooth transitions during these times. However, there may be instances where complexity arises, particularly regarding backups. For instance, when transitioning from firmware version 19.0 to 20.0, you must first downgrade the new device to version 19.04 before restoring the backup. This process requires a good understanding of the techniques involved. While we aim for simplicity, complexities may still arise. The migration takes two hours to complete.

We terminated one cable and continued the conversion using the backup from production. We quickly transferred it and pushed it into the new one. When we noticed it was running, we didn't even remove the whole one. We pushed it to the top and started to unplug the cable, then plugged it in again, repeating the process while waiting for the new box to learn the IP addresses of all the devices.

The solution’s pricing is good.

The first thing to consider is the size of the organization. When evaluating pricing, consider your current needs and what the device offers. You may not need all the features immediately. For smaller enterprises like mortgage institutions and microfinance, we recommend Sophos. It's suitable for them. However, larger organizations can also integrate it, perhaps for specific functions. The configuration, efficiency, and scalability are excellent.

Overall, I rate the solution a nine out of ten.

In terms of the firewall, I'm using Sophos X on everything, including the VPN, firewall, and endpoints.

Everything about the product is okay. 

I cannot single out anything specifically, as the firewall is working perfectly. The endpoint is helping me greatly and people have been able to work from home using the VPN. It has been great.

The pricing has been fine so far.

It has a pretty straightforward initial setup.

The solution's quite stable. 

The solution is scalable. 

Technical support has always been very helpful.

In terms of updates with the current technologies and current trends, which we're always exposed to, they update their databases frequently. 

It quickly detects issues. 

It is a plug-and-play system. 

Mainly, it's a cloud-based firewall for cloud-based endpoint protection. I can be able to manage my devices from anywhere without configuring all these VLANs and whatnot.

If I could host my emails using an email transfer agent, hosting it, it would be ideal.

The configurations can be a bit complex. It may be a while before you understand the configuration process.

If you do not have any experience with the product, you may struggle to set it up.

I'd like to see more integrated services from Sophos so I can handle everything from one place without a third-party. I would like to have email hosting and management integrated into Sophos XGS.

I've been using the solution for more than five years now.

It is very stable. There are no bugs or glitches. It doesn't crash or freeze. 

The solution can scale. It just depends on the model we are using. For example, on an XG transit, I can add as many users as I want. On XG 105, I can only have limited users. It depends on the package.

We have more than 80 general users on the solution. We use it intermittently.

I've dealt with support several times. They were awesome. We found them to be helpful and responsive. They are quite knowledgable. 

Positive

The setup process is perfectly okay. I'm an IT administrator. It's not very difficult for me to get everything up and running. I also need to check the integration. 

I'd rate the initial setup a four out of five in terms of ease of execution. 

In terms of pricing, it's good. They've been giving us some promotions where we would pay for two years and get an extra year free. We appreciate that level of savings.

We paid for a three-year license a while ago. I can't recall the exact amount that was paid. It was likely around $12,000 or less - around $4,000 a year.

It's one of the best pricing strategies they have used. Initially, if I were paying for a year, I would pay around $5,000 or $6,000. 

It is very affordable for a small enterprise. It is very competitive.

I am looking into Sophos NAC.

We are a customer of Sophos. 

I'd rate the solution eight out of ten.