We performed a comparison between Cisco Secure Firewall and Sophos XG based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The two solutions are very comparable. The only major difference between the two is that some users of Cisco Secure Firewall consider the deployment to be somewhat complex.
"The most valuable feature is the web filter."
"Fortinet FortiGate is scalable for our users. Right now, we have almost 70 users. We do not have any plan to increase our usage of FortiGate. For maintaining the firewall solution, one staff member is enough."
"The most valuable features are that it is very simple to configure and to manage."
"The ease of setting the solution up is a valuable aspect for us."
"One of the valuable features is a standardized OS."
"FortiGate firewalls are easy to manage through a user-friendly web interface. They also have advanced features like DDoS and DLP. However, I wouldn't recommend enabling all of these features on one device because it can cause performance issues."
"The VPN is the most valuable feature."
"The pipe filter application is an outstanding feature."
"I have integrated it for incidence response. If there is a security event, the Cisco firewall will automatically block the traffic, which is valuable."
"Strong in NAT and access-lists."
"A stable, reliable solution used to protect the network's perimeter."
"It is a secure product."
"The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands."
"It is pretty stable. I haven't seen many issues during the past four years."
"The solution is excellent for enterprise-level networks."
"With Cisco, there are a lot of features such as the network map. Cisco builds the whole network map of the machines you have behind your firewall and gives you insight into the vulnerabilities and attributes that the host has. Checkpoint and Fortinet don't have that functionality directly on the firewall."
"It is easy to implement."
"I have found the solution easy to use and fully integrated."
"We've deployed quite a number for our users and our customers, and the feedback is quite positive in terms of management and also administration."
"I particularly like the visibility it provides into network traffic, allowing us to identify and address issues efficiently."
"As a security solution, it's a very good security solution."
"I like the fact that it can self remove malware and do updates on the cloud via Sophos Central."
"The most valuable features are the central management, the user VPN, and communications."
"Using Sophos endpoint and the firewall, synchronized security is easy."
"With the addition of some features, it is possible that FortiGate can be used in all verticals."
"The debugging and troubleshooting has room for improvement."
"We would like to see better pricing."
"One area for improvement is the performance on bandwidth demands for smaller devices, as well as better web filtering."
"The integration with third-party tools may be something that they should work on."
"This product needs to have an analysis feature, rather than having the analysis done through the integration of a different product."
"The support is the main thing that needs to be improved."
"There are some complex administration tasks in their administration portal. That needs to be improved."
"The ASAs are being replaced with the new Firepowers and they have a different type of structure in the configuration to be able to migrate from one to the other."
"Cisco ASA should be easier to use. It is a bit tough to navigate and see what is going on."
"I was just trying to learn how this product actually operates and one thing that I see from internal processing is it does fire-walling and then sends it to the IPS model and any other model that needs to be performed. For example, content checking or filtering will be done in a field processing manner. That is something that causes delays in the network, from a security perspective. That is something that can be improved upon. Palo Alto already has implemented this as a pilot passed processing. So they put the same stream of data across multiple modules at the same time and see if it is giving a positive result by using an XR function. So, something similar can be done in the Cisco Firepower. Instead of single processing or in a sequential manner, they can do something similar to pile processing. Internal function that is something that they can improve upon."
"Most users do not have awareness of this product's functionality and features. Cisco should do something to make them aware of them. That would be quite excellent and useful to organizations that are still using legacy data-center-security products."
"The Cisco Firewall UI could be improved."
"They really need support for deployment."
"We found it difficult to publish an antennae sidewalk with the ASDM. I think Cisco should improve this by creating a simpler interface for the firewall."
"The solution’s GUI could be better."
"Areas for improvement would be the access points and the on-premise version, which is very bad."
"They should expand their DDoS feature. It's basic. They need to enhance it."
"In the next release, I would like to see improvements made to the policy and simplify the policy-making, as the complexity of it makes it really tough."
"I'd like the dashboard to be improved. It could be a bit more customizable."
"The manuals or guides we are given are too simple. When we are implementing the product, it is difficult for us as we don't have more detailed information."
"We feel that the GUI can be improved a bit because it has a lot of information and looks a bit outdated."
"The UI needs improvement because it can be a little weird at times."
"There should be web caching to improve bandwidth utilization. It should have a very good caching feature. That's because we are in a very poor continent, and the connectivity cost is very high. We have low bandwidth, and the intensive usage of bandwidth is not easy here in Africa. If they improve services for web caching, it would be better."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Sophos XG is ranked 7th in Firewalls with 192 reviews. Cisco Secure Firewall is rated 8.2, while Sophos XG is rated 8.2. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Sophos XG writes "Easy to use and deploy with an improved pricing structure in place". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Meraki MX, Palo Alto Networks NG Firewalls and Juniper SRX Series Firewall, whereas Sophos XG is most compared with Netgate pfSense, OPNsense, Sophos XGS, SonicWall TZ and SonicWall NSa. See our Cisco Secure Firewall vs. Sophos XG report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
My preference is the Sophos XGS, particularly when you team it up with the Sophos Endpoint Protection client and configure it for synchronized security.
Both can be managed through Sophos Central and are available at a decent price for the power they offer the SMB.
I recommend Sophos XGS firewall. It will offer the best solution for malware protection.
Also, I recomend Sophos CIXA with XDR (Sophos Endpoint), so you can use Syncronized Security.