I have experience working with small to large enterprise network design and architecture, server administration, and cybersecurity research and analysis.
I am currently evaluating Sophos XG and FortiGate. What are the biggest differences between the two? Which would you recommend?
Thanks! I appreciate the help.
From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know the firewalls change every 5 to 7 years as stated but you really do need to upgrade any firewall due to hardware at least every 5 years. You haven't specified your environment so it's not easy to scale which firewall will be best.
Here are my reasons for choosing FortiGate:
1. Sophos firewall has limited capability when it comes to security. FortiGate has much more security and web filtering options to really bring control to a granular level.
2. FortiGate is easier to manage and in my experience much more stable and reliable.
3. Sophos is trying to go to cloud the same as Cisco Meraki does but with a lot of bugs and issues on their cloud platform. We have endless issues at one of our clients regarding this.
4. FortiGate has limited reporting but you can keep 7 days worth of reporting for free on FortiCloud.
Again most of the comments are for smaller networks. You will have to scope each individual company or site to make a decision. Sophos is a small to medium company for me (we would rather use Cisco than Sophos). FortiGate is for large to enterprise size companies who need more granular security and IPSec tunnels. We manage over 40 clients on one FortiGate for internet breakout and have had no issues what so ever. We would not be able to do it with a Sophos device.
And on the point of WiFi access points, it doesn't matter what firewall you use, FortiGate will only manage Fortinet and Sophos will only manage Sophos (Via Web portal or on device)
On SD-WAN I would really prefer FortiGate's as well. Tried and tested and breaks with Sophos.
Both Sophos and FortiGate are doing a very good job to improve security offerings coming in the firewall.
I had the opportunity to work with both firewalls and FortiGate has become the firewall of choice because of the below-listed points:
1. FortiGate has purpose-built content and network asci processors which makes routing and traffic inspection seamless which is now very critical with advance persistent threats that have emerged in the past few years.
2. If the FortiGate is connected to FortiCloud which is a free cloud base portal you will have sandboxing enables on the FortiGate at no additional cost which is plus on the FortiGate security offering to the network.
3. The FortiGate can be integrated with all Fortinet products eg the FortiSwitches, FortiAP and FortiClient endpoint which will give you great visibility into the network traffic and all connected devices on the network, all devices integrated with the FortiGate can be centrally managed and monitored from the FortiGate without the need to login to each individual network devices.
4. We also find the VDOM function on the FortiGate very useful for us as we have separate networks in the building that require two different routers but now with VDOMs you can virtually separate the firewall into 10 with no need for an additional license or hardware.
5. We also find policy deployment and management to be very simple to work with which makes troubleshooting very easy as well on the FortiGate.
I would highly recommend the FortiGate based on the above few points. The merger disadvantage we had on the Sophos was getting more information on network traffic visibility in real-time and integration with other network devices like switches and directly control than from the firewall.
My current UTM is FortiGate 1200D and I have finished a POC for Sophos XG450 trying to deduct the cost of the license renewal of the UTM
There is big difference between FortiGate and Sophos. There are some features of FortiGate that Sophos doesn’t provide, and the visibility of network, internet lines, and devices is very poor with Sophos but it’s excellent with FortiGate. Also, the "Traffic Shaping" for bandwidth doesn’t work correctly at all with Sophos but works perfectly with FortiGate.
I strongly don't recommend at all to replace FortiGate with Sophos. Maybe Sophos would be good for a kind of customers who hasn't used UTM appliance before.
I do not know more about Sophos but I would like to highlight some FortiGate features:
- Number of IP-sec and SSL VPN user clients. (Minimum 100 with lowest Model FG30E)
- Fortisandbox and Forticloud Free with some good features for managing firewalls from FortiCloud.
- FortiTocken (Dual Authentication) - Two Token Free with every FortiGate device.
- FortiAP (Guest Network without Any L2 and L3 Switch over Wi-Fi and you can also manage FortiAP using FortiCloud too.)
- Secure SD-wan, not only useful for multiple WAN but also useful for MPLS and VPN connectivity fail-over between multiple locations.
- More application list and inbuilt SLA for SD-Wan.
- Web-filter is common in All UTM but google domain-specific feature in FortiGate is awesome.
- Internet-Service-Database list is also very helpful and an advanced feature.
- The Fortiswitch controller is also a good feature.
For comparison purpose i.e. Sophos XG 310 & Fortinet FortiGate FG-200E, to my understanding, Fortinet appliance has an upper hand if you are looking for IPSec or VPN Tunnelling and FortiGate has the capability for High Availability configuration options i.e. Active/Active, Active/Passive and clustering.
Also Note Sophos XG 310 has a higher firewall throughput as 28Gbps. Fortinet FG 200E has multi Ethernet fixed port, but only 2 WAN interface while Sophos XG 310 can add up to 8 WAN ports.
I have extensively used Sophos (previously Cyberoam) and FortiGate also. The biggest differences are as below:
1. For FortiGate, it is required to use a Fortinet wifi access point only.
2. In case of expiry of the license in FortiGate, the entire service goes kaput except basic firewall services. The other UTM only updates and support ceases to work.
3. Every 5 - 7 years FortiGate changes its model and the old device becomes trash.
4. Any changes in the policies will need to wait for total version changes and you need to wait till then
Because of the above reasons, presently we are trying our hands with WiJungle UTM. However, the bottleneck is Fortinet WiFi access points which are denied to work in tandem with any UTM other than FortiGate.
We have around 700 Fortinet WiFi access points and it is ridiculous that going away from FortiGate costs a fortune.
In one sentence, the biggest difference between Sophos and FortiGate is the “RED” option in Sophos XG.
The main points between both are Sophos hardware in all of its models except the smallest one, XG 86, have SSD hard desk. It has a total security solution especially when you get the benefits of synchronized security with its Endpoint interceptX as it is amazing when it works with the XG firewall. You can also have benefits if you got the encryption solution and the Wireless.
The reporting on the XG firewall is an amazing feature that does not exist on one box with Fortinet.
The DLP solution on the XG firewall is impressive.
Fortinet in performance is better than Sophos.
For the small and medium businesses, I recommend XG firewall but for large data centers, I recommend Fortinet.
I hope it is informative, please feel free to contact me with any further queries.
I evaluated both and in the end, I decided to go with Sophos. It has a good application filter & Web filter, WAF is included, report integrated, has a VPN of any kind, and synchronized security with the endpoint.
Both devices have the same architecture (UTM), but FortiGate has more granularity in networking security, it´s more friendly for management, and it has more performance. In the Gartner and NSS Lab reports, FortiGate has a better ranking.
FortiGate is more advanced and stable than Sophos-XG with the below extra features:
1- SD-WAN.
2- Load Balance.
3- SLA Tracking.
4- Multiple VDOMs.
5- Tech Support
Sophos reporting is better than FortiGate but if we're talking about the analysis and performance with a level of security Fortigate is the best.
If you are a smaller company, Sophos XG has the best value. FortiGate is better for larger companies. However, there are better alternatives in the market. Palo Alto technology is one of the best in the market and is one of the most expensive. CISCO is also making inroads.