One of the most popular comparisons on IT Central Station is Fortinet FortiGate vs Sophos UTM.
One of the users on our site says about Fortinet FortiGate, "A strong point of FortiGate is that the graphical interface is complete and easy to use, especially if we think there is a list of operations that we are able to perform inside."
Another user says about Sophos UTM, "Brings greater visibility into the network traffic coming inside and passing away from the company."
In your opinion, which is better and why?
Thanks!
I would like to strongly recommend for Fortinet products because of following reason.
1. if you go on Gartner Magic Quadrant for comparing the Security firewalls, you can easy get Fortinet is among leaders for maintaining network security features. Sophos does not come in picture.
2. there are multiple flavours of Fortinet products in market available.
3. Fortinet TAC support is good and having experienced TAC engineers to resolve issues.
4. Fortinet firewall comes with nextgen firewall features which can amplify security posture.
5. Security updates received from Fortinet much better and they release as soon as any outbreak noticed.
Sophos and FortiGate are good solutions, but you need to know the advantages and disadvantages for each.
Sophos is great as a visionary company, keeping up with IT Managers' requests for features within their products (specially Sophos SG Appliances and XG NGFWs). Their hardware addresses a constant situation where many competitors fail; they are scalable, and tough (SSDs Hard Drives, and Intel latest generation processors is about it). Sophos offers HIGH AVAILABILITY with just 1 license. While other vendors, try to squeeze the companies for every penny, Sophos address that issue, and is honest about it: They deliver High Availability in Active/Passive mode, with two identical hardware options, with just one license.
((Pros.))
1 • Scalability, if you needed HA in Active/Passive Mode, but need more throughput during certain
periods when the parameters change (i.e. number of users, or Internet bandwidth growth) you
can always license the second one and it will behave as a Cluster in Active/Active mode in just
2 minutes, with no downtime.
2 • Delivers great WebGUI management, which is easily understandable by every IT Professional
3 • Worldwide RMA, gosh! If you have any kind of issue with your hardware, Sophos will deliver it
to your business door, at no cost, with a return label for you to ship the damaged or faulty
device back. No questions asked.
4 • Constant visionary technology, with out of this world new features.
((Cons.))
1• Better standard support, it used to be great, now, not so much (for paying customers, that only
aquired the Hardware)
2• Better wireless solution, there is always room for that, now that everybody needs robust wifi,
even at home!
3• Faster and more robust wireless Access Points, or different vendor-like compatibility.
Fortinet FortiGate needs a very low maintenance and easy to upgrade and its rich feature set and robust monitoring have made this product almost fun to use.
((Pros.))
1 • VPN client is easy to use and can be customized for your organization.
2 • All features are enabled on the firewall with little to no impact on performance.
3• Easy to configure interface on the firewall but also has a command line available for high level
admins.
4• Excellent technical support department - very quick response time.
5• Pricing was amazing compared to peers.
((Cons.))
1 • Prepare for terrible support, hour long hold time for Level 1, and next-day call backs for Level
2 • Sales team is lacking information (type of licensing, hardware model, etc). Make sure you ask
lots of questions.
Now you have better information about both solutions and you decide which one is better for your needs.
Both vendors have nice useful web UI.
Fortinet wins because, for it's dedicated ASIC hardware.
But I don't know the prices.
100 % Sophos
Like I always said, you should take care of how many devices you need to connect, and then compare! After that, I know Sophos is a better solution they do almost the same in the 99 % of the cases but Sophos is a cheaper solution per device plugged into the network!
I agree with the sentence for all concern the GUI interface and his capability., but a very important strong point is the concept of “Security Fabric” that allows you to bind, manage, monitor and define security policies through a single firewall GUI environment, for different Fortinet Security devices as Forti Switch, FortiAP WIFI, FortiWIFI controller, mobile device/laptop with FortiClient APP and so on. This allows an IT admin to have a close-up picture in a single GUI of his entire environment, even if the real devices are far away from the firewall or the main site, and define security policies for groups of device/class/OS, switches, AP, etc.
I think that Sophos UTM is a quite good product, but, can't provide the same IT admin/operator experience thought a fully & easy to use GUI, and all the capabilities of the Fortinet product with latest FortiOS releases. Definitely, if I can choose a solution and budget is not an “impossible obstacle” I will blindly choose Fortigate firewalls.
When evaluating security vendors check out their free trial and evaluate the two products based on the specific needs of your organization. Make sure they are deployable from configurations stored in source control in an automated fashion, meet your scalability requirements, and don’t have a lot of CVE’s or fix them quickly. Ask where the device and software are manufactured and tested if you have those type of concerns or compliance requirements. Ask if they have pen testing or bug bounty reports from crowd source, hacker one, etc. If you need help putting together your requirements or testing process IANS (iansresearch dot com) is a good source for some consulting help.
FortiGate is better than Sophos UTM.
User 1 - "A strong point of FortiGate is that the graphical interface is complete and easy to use, especially if we think there is a list of operations that we are able to perform inside." - Which is true.
User -2 - "Brings greater visibility into the network traffic coming inside and passing away from the company." - This is also true.
But my opinion is FortiGate is having better features and performance than Sophos UTM. FortiGate is Easy to use as well as easy to manage.
I use a Sophos XG for my home office. Its more than powerful enough for my requirements but I wouldn't deploy it for my client base as I don't like slow webGUI front ends. I have used big Enterprise Fortinet products with FortiManager (FortiMangler!) and I'm not a fan. Then again the Netscreen based approach to NAT and Zones was never my preferred method. I still hold that The Checkpoint SmartDashboard is the best firewall management GUI out there and that swings my decision as less skilled staff can operate the firewall once installed. Palo Alto is also very good. Unfortunately these latter two are more expensive than Sophos, Soniwall, Watchguard and Fortinet. Please always remember anything is better than nothing. However a well managed average device is better than an unmanaged brilliant device. Also PS Only use Cisco ASAs in conjunction with something else. ie use them for advanced internal access control or VPN termination IMHO
Fortinet has three major fronts; Real world performance (not only in papers), security effectiveness, and end-to-end security fabric protection.
While Sophos does have firewall, endpoint, SWG, wireless and Mail protection, only the endpoints share threat data with the firewall. Fortinet’s Security delivers full visibility into every viable network segment and the devices and endpoints behind them. It can seamlessly integrate with third-party solutions, enabling users to ubiquitously collect, share and correlate threat intelligence. It also features a far wider reach - includes a far wider reach (NGFW, switching, wireless, endpoint, SWG, mail, management, IPS, WAF…etc).
By the way, Sophos has no SD-WAN support. If you are looking for the benefits SD-WAN brings will need to bring in an SD-WAN vendor and all the costs associated with it. FortiGate firewalls feature full SD-WAN support with dynamic SLA based WAN path selection and application awareness.
If you want to make a good comparison, make a total cost of ownership based on typical deployments as compared to Sophos.
Features that include FW, IPS, Web Filtering, AV, AC, SSL Inspection, Sandboxing, IPsec tunnels = 20% of users, SSL VPN tunnels = 20% of users, 24 x 7 Support, and Cloud management.
In the TCO is not included endpoint licensing costs which is $0 for Fortinet and ranges from $580 - $11250 for Sophos depending on user count (10-50 users) and length (1-5 years)
The recommendation should not only be based on the Firewall brand and
technical aspects of it. But the organization that is going to use it.
Therefore, things such as manageability - self-managed or outsourced -,
functional requirements of having a heavyweight in the decision. E.g.
What are logging requirements of such firewall? Does logging need to
be share? (Splunk) Fortigate and Sophos handle this in a different
way. What is the current PAM process of the organization? etc...
My advice would be to do a proper requirements assessment to find the
best brand for the job.
Sophos XG Firewall provides protection for the network , web , cloud , email , web server, reverse proxy , wireless. I have never used Fortigate next generation firewall some say that it has performance issues on load.
Sophos brings all the features required to end-user within a box. FortiGate is a forward proxy, it does not provide server protection or reporting features. You have to procure separate boxes and licenses. Moreover, Sophos provides better end-point security as well.
My vote goes to Fortinet. They use a custom chipset on their products.
Hi:
Fortinet has three major fronts; Real world performance (not only in papers), security effectiveness, and end-to-end security fabric protection.
While Sophos does have firewall, end point, SWG, wireless and Mail protection, only the end points share threat data with the firewall. Fortinet’s Security delivers full visibility into every viable network segment and the devices and endpoints behind them. It can seamlessly integrate with third-party solutions, enabling users to ubiquitously collect, share and correlate threat intelligence. It also features a far wider reach - includes a far wider reach (NGFW, switching, wireless, end point, SWG, mail, management, IPS, WAF…etc).
By the way, Sophos has no SD-WAN support. If you are looking for the benefits SD-WAN brings will need to bring in an SD-WAN vendor and all the costs associated with it. FortiGate firewalls feature full SD-WAN support with dynamic SLA based WAN path selection and application awareness.
If you want to make a good comparison, make a total cost of ownership based on a typical deployments as compared to Sophos. Features that include FW, IPS, Web Filtering, AV, AC, SSL Inspection, Sandboxing, IPsec tunnels = 20% of users, SSL VPN tunnels = 20% of users, 24 x 7 Support, and Cloud management.
By far, Fortinet.
Is Palo an option? Their small firewalls come with the same features as their $100k ones. The UI is amazing with great drill down options and easy to configure and maintain. My experience with Fortigate wouldn't be fair because we have an aged model. However, make sure you look at what analysis and reporting features you get with it. If it's the same as the FortiCloud service we have, it's ridiculously horrible to use, making it not very useful, whereas the Palo is so simple, you can do all sorts of stuff within 5 minutes of logging in the first time!
I have no real experience with Sophos, but can comment on Fortigate.
I'm a huge fan of both Meraki and Fortigate. Meraki is used for more hands-off approaches while Fortigate is used for those times when I need greater granularity in control. The boxes are priced out about the same, but while both machines are packed with features, the Fortigates offer more control.
Hi.
I would recommend Palo Alto but from the two I would recommend FortiGate.
I would like to strongly recommend for Fortinet products because of the following reasons:
1. if you go to Gartner Magic Quadrant for comparing the Security firewalls, you can easy get Fortinet is among leaders for maintaining network security features. Sophos does not come in picture.
2. there are multiple flavors of Fortinet products in the market available.
3. Fortinet TAC support is good and having experienced TAC engineers to resolve issues.
4. Fortinet firewall comes with nextgen firewall features which can amplify security posture.
5. Security updates received from Fortinet much better and they release as soon as any outbreak noticed.
I just can comment on Fortigate, don´t have experience on Sophos.
Fortinet has a central point of visibility and full integration with other Fortinet security products (security fabric) and there are different flavors too...as VMs, UTM box or in the Cloud (Advanced Technologies like Fortimail,FortiSandbox, etc)
Both solutions are good, I prefer Fortinet FortiGate (great performance), but consider that the better answer only you know, It all depends on your requirements and budget.
For me, Sophos UTM is better in everything.
I would definitely recommend for ease of use, Sophos UTM with the UTM/XG Series (any of those). They have included graphic reporting and really easy GUI. Hope this helps.
Sophos is much better, stable, easy, flexible. Go for Sophos XG series.
so far we have PaloAlto and Firepower
UTMs are being used by people, who wants to lead a simple life without any hassles. Therefore Sophos are simple to use with better visibility over fortigate. We have both at our campus and hence comparison was easy to do.
Fortinet FortiGate is the superior next-generation firewall. FortiGuard Labs has discovered over 500 zero-day exploits fortiguard.com and has more devices deployed globally than any other vendor, while also outperforming every other competing product due to its ASIC (Application Specific Integrated Circuit) technology, as verified by 3rd party validation by NSS Labs
www.fortinet.com
Our experience with the Fortigate products, firewall included, has been very successful and reliable. We have a low to medium volume closed network for an education setting and the ability to flexibly adjust responses to our needs and threats has been powerful for our needs.
Let me know your questions
I Never worked on Sophos, But I was using Fortinet FortiGate as my internet facing firewall, it is a great user-friendly interface and feature set
I suggest Fortinet FortiGate!
· Fortinet – market leader (Leader at the Gartner Magic Quadrant for Enterprise Network Firewalls);
· Great performance and hardware quality;
· FortiGate delivers good visibility and accelerated security, which provide efficient operations;
· Ease of deployment.
Sophos UTM SG series is awesome, in the industry, Security solutions is already complex enough. Sophos addresses this by "Security Made Simple" which addresses most of the complex security and rendering them easy to manage on the UTM 9 SG Series. In the XG Series it is better.
I would prefer Sophos UTM as in my organization.
Fortinet will be always better compare to Sophos,
Fortinet with 5.6 Fortios really stands high with Internet Services(approach to SAAS application)
SD-wan features and Security Fabric Integration are really cool.
It all depends on your requirements and budget. Been using Fortigate Firewalls in our IDC network without much issues. Met our requirements. Easily configured with Web-based GUI or CLI.
particularly like the VDOM capability. Easily Integrated into the VM network. Reporting wise, you will need to get another module for this. SSLVPN & IPsec vpn are quite easily setup.
FYI
I have no any experience about Forti Gate, so can’t say anything about it.
But yes I have much work on SonicWALL UTM and SOPHOS UTM / XG.
SOPHOS UTM Series is So Better in against XG Platform as per the Configuration level and Diagnostic level.
SonicWALL Is Much Better then Sophos UTM / XG.
. SonicWALL is using especially Security Designed Processer
. SonicWALL is Work in RFDPI Mode in Gateway mode and other UTM work as a proxy architect,
. SonicWALL is Using Sonic O.S they are not Share the Any Root Privileges, another product kernel us I open you can do anything.
This my opinion if I am wrong on any points please help to correct me.
Fortinet provides a comprehensive solution for nowadays threats through security fabric. Hence, it's not only about the FortiGate firewall they provide, but it’s about the vision they provide on all integrated security components.
Using Fortigate UTM Bundle where it easy to manage all Routing, Natting, and UTM feature from one place with excellent visibility on all traffic passing for each policy, bandwidth utilized, number of sessions, and last time active session time.
Forti Analyzer for security alerts, analytics, and reports.
Forti-Manager: GUI facilitates the management of all firewalls policy from one console.
Hi
I'm used product of Sophos UTM320 for 4 years. I can say this product is very simple to configuration by yourself.(I'm setup this firewall by myself) But for select UTM model please select model is bigger than total user in your company have. Because UTM is use a lots of resource in case you turn on all filter function. But now I'm already replace to Sophos XG330 because UTM320 is EOL. (They have new model UTM SG)
However , for judge which brand is suitable for your company. I'm suggest to request vendor for test product in your system. This will help to see the real result for each product.
PS. Please compare about distributor in same product. You can find cheap product and best service. (In Thailand I'm found famous distributor but they sold will high price and after sales service isn't impress but another distributor isn't famous but their price is friendly and service is good)
I only have an opinion on FortiGate and only from a 3rd party's perspective.
It was pervasive enough for them that they replaced over 1000 Cisco routers nationwide with Fortinet FortiGate firewalls.
Make sure that the admin knows that the Sophos is somewhat underpowered for full use of the security subscription. IPS is a resource hog as is AV. Basically, the CPU is too underpowered to accommodate high-speed connections. I can run all subscriptions on a 100 Mbps symmetrical circuit with no issues, but that’s about the max throughput. Also, all throughput figures in their literature should be divided by 2.
That being said, its user interface is just as friendly and the only truly taxing job is getting the security certificates to work properly IF you insist on using them. I like the Sophos a lot and will be replacing my current UTM with another one.
Both types of equipment are good but the configuration on SOPHOS is very simple and clean but if you are more technical FortiGate is for you
Those are not bad, however, we have standardized on Meraki from Cisco. We recommend Meraki.
I can’t compare the two because I’ve only worked on the Fortinet FortiGate, not the Sophos UTM.
What I do know about the Fortinet FortiGate is that it is imperative to keep the hardware on a regular patching/upgrade process and to keep the firmware flashed to the latest as well. Must have test appliances because success is not always guaranteed. ?
on my side i have no experience with fortigate, there fore i recommend Sophos UTM since it is easy to use, its GUI provide everything you need to do without involving command,and it has many features in on package no addition purchase of hardware is required to accomplish certain feature.