We performed a comparison between Palo Alto Networks and Sophos XG based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Palo Alto Networks comes out on top in this comparison. It is robust, performs well, and has good support. Sophos XG does, however, do better in the Pricing and Ease of Deployment categories.
"We have found it to be very reliable and that's why our teams and various users in our company use it as our main firewall every day."
"Fortinet FortiGate protects against internet-based threats, both internal and external. It is scalable, stable, easy to use, and easy to install."
"The CLI and GUI do a good job of putting a lot at your fingertips."
"The most valuable features of Fortinet FortiGate are it is one of the most mature firewalls in the UTM bundle."
"Virtual Domains (VDOMs) are a feature that we found valuable."
"Fortinet FortiGate's ease of management is the most valuable feature."
"The user interface is relatively easy. The devices are easy to deploy and figure out when you have experience with other security appliances."
"The features that we have found most valuable are the SSL VPN and the User Portal."
"The best features of this solution are URL filtering and traffic visibility."
"I can enable the features I want and configure the policies based on the user and not all users and network traffic, making firewall management much easier."
"Good functionality and features."
"DNS Security is a good feature because, in the real world with web threats, you can block all web threats and bad sites. DNS Security helps to prevent those threats. It's also very helpful with Zero-day attacks because DNS Security blocks all DNS requests before any antivirus would know that such requests contain a virus or a threat to your PC or your network."
"With its single pane of glass, it makes monitoring and troubleshooting a bit more homogeneous. We are not looking at multiple platforms and monitoring management tools. It is more efficient from that perspective. It is more of a common monitoring and control system for multiple aspects of what used to be different systems. It provides efficiency and time savings."
"Their Prisma log collection is pretty great. Our product collects the logs, and it definitely makes the configuration of log collection easier."
"The App-ID, Content-ID, User-ID, and encryption and decryption are valuable features."
"The application control portion of the solution is its most valuable aspect."
"What we found valuable is the way they deal with emails, as well as the way the bandwidth usage is shown."
"I like how you can integrate with other endpoints and Intercept X in one central management platform. I think it's a perfect solution. Sophos will manage everything in one container. You can manage many firewalls or endpoints within one panel."
"Overall the solution works well."
"All of the features are amazing, especially Sandstorm, which prevents bad traffic or downloaded files from reaching our customers' and partners' networks."
"The most valuable feature of this solution is flexibility."
"Each user has the ability to manage the solution."
"The most useful aspect of the solution is the concept of integrated security."
"The firewall provides network visibility and reporting capabilities, constantly improving over time. It can be integrated with the cloud console, allowing centralized management of multiple firewalls. integration with endpoint security products ensures seamless traffic flow and rule enforcement, even when endpoints are not directly connected to the firewall."
"It should come integrated or have its own type of network monitor tool in a module. There should just be one package, and you are good to go."
"The debugging and troubleshooting has room for improvement."
"Compared to some other products, the DLP is not at par for the moment."
"Fortinet currently has many products bundled with FortiGate including the basic firewall and load balancer, and I think that that they need to have separate product portfolios for each of these specialized services."
"The support system could be improved."
"I don't really have anything negative to say as far as Fortinet firewalls are concerned. If anything, they can support a user a little bit better. They can stop being so time-sensitive about how much time the support call has taken, and they can help you do it yourself."
"You do need some IT knowledge in order to effectively work with the solution."
"Scalability is one of the disadvantages. When it comes to scalability, you have to actually change the box. If you want to upgrade it, you need to actually change the existing box and probably you take the system off to other sites."
"The support could be improved."
"Currently, they don't have email protection. They can maybe add it in the future. Currently, if you want to do so, you need to go with another solution."
"I would like to see better third-party orchestration so that it is easier for the team to work with different products."
"The solution would benefit from having a dashboard."
"There are some advanced features that we aren't able to use, which include active IP authentication and app ID. We are facing challenges with implementing those two features."
"The cost has room for improvement."
"The solution could be simplified."
"The VPN connectors should be better. We had some challenges in terms of the VPN with Palo Alto Networks NG Firewall, and that's one of the main reasons why we moved to Sophos. Its load handling can also be improved. There were challenges when traffic was high. During peak business hours, it did not function very well. There was a lot of slowness, and the users used to complain, especially when they were connecting from outside. We even reported this to the support team. Their support should also be improved. Technical support was a bit of a concern while using this solution. We didn't get very good support from the Palo Alto team."
"LAN inbound and outbound traffic requires more control."
"Could have a more simplified functionality for users."
"Some of the firewall rules are complicated for us to understand, they should be simplified."
"The product's user interface has certain shortcomings where improvements are required."
"The two main areas where this product needs improvement are routing and reporting."
"It's easy to use, but it's hard to configure exact settings. They need to make it easier to access advanced features."
"I would like to have more artificial intelligence in the web monitoring service that comes with it. It should alert us when particular events happen. It has already got some of that. I know that it is more of a service, and Sophos is already looking at it. It is called SIEM."
"The GUI and support could be better. I think there are other products that we are going to deploy instead of Sophos. We have already upgraded a month ago because the interfaces and support for Sophos are really weak. But other products like Juniper, Cisco, or FortiGate are better than Sophos. It's also complicated, and the end-user or client does not understand it."
More Palo Alto Networks NG Firewalls Pricing and Cost Advice →
Palo Alto Networks NG Firewalls is ranked 6th in Firewalls with 162 reviews while Sophos XG is ranked 7th in Firewalls with 192 reviews. Palo Alto Networks NG Firewalls is rated 8.6, while Sophos XG is rated 8.2. The top reviewer of Palo Alto Networks NG Firewalls writes "We get reports back from WildFire on a minute-by-minute basis". On the other hand, the top reviewer of Sophos XG writes "Easy to use and deploy with an improved pricing structure in place". Palo Alto Networks NG Firewalls is most compared with Check Point NGFW, Azure Firewall, Meraki MX, Netgate pfSense and Cisco Secure Firewall, whereas Sophos XG is most compared with Netgate pfSense, OPNsense, Sophos XGS, SonicWall TZ and WatchGuard Firebox. See our Palo Alto Networks NG Firewalls vs. Sophos XG report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat signatures and updates. I also appreciate that I can just import addresses and URL objects from the external server. Palo Alto has a dedicated management interface, which makes it easy to manage the device and handle the initial configuration. It has fantastic throughput and its connection speed is pretty fair, even when dealing with a high traffic load. With Palo Alto I can configure and manage with REST API integration. And Palo Alto provides deep visibility into your network activity via Application and Command Control.
Although Palo Alto has great things going for it, there are a few things I dislike about it. For example, when the CPU is 100%, the GUI can take a very long time to respond. Booting time is also time-consuming, and committing the configuration takes more time than I would like it to.
Like Palo Alto, Sophos XG is quick and easy to configure. It is compact in size, and therefore does not weigh a lot either. Similar to Palo Alto as well, it can handle heavy traffic and has a solid performance. A good thing about Sophos XG is that it supports IPsec connection with multiple vendor firewalls. However, I am not impressed with the CLI which is not so useful, and I don’t like that there is no option to import bulk address objects.
Conclusion:
Palo Alto Networks NG Firewalls and Sophos XG are both good products. However, Palo Alto has certain features I really like and that’s why I chose it. For me, Palo Alto’s dynamic address group option is a big advantage because it is a huge time saver instead of having to create address groups manually. Another biggie for me was its DNS Sinkhole feature because it is something I rely on a lot and it is very effective in blocking C2 command control traffic.