We performed a comparison between Fortinet FortiGate and Sophos UTM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Fortinet FortiGate and Sophos UTM had a similar user rating regarding ease of deployment, service and support, and ROI. If pricing is a factor, Sophos UTM is a more cost-effective solution based on user reviews. In terms of features, Fortinet FortiGate users felt the interface was complex, and the reporting feature needed improvements. In contrast, Sophos UTM users felt the solution needed to do a better job at covering mobile devices.
"Cisco's technical support is the best and that's why everybody implements their products."
"Cisco ASA Firewall is a well known product. They're always updating it, and you know what they're doing and that it works."
"Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports."
"The user interface is very easy to manage and find rules. You can do object searches, which are very easy. Also, the logging is very simple to use. So, it is a lot easier to troubleshoot and find items inside the firewall."
"I like the ASDM for the firewall because it is visual. With the command line, it is harder to visualize what is going on. A picture is worth a thousand words."
"Its Snort 3 IPS has better flexibility as far as being able to write rules. This gives me better granularity."
"I like that Cisco Firepower NGFW Firewall is reliable. Support is also good."
"If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly."
"The most valuable features of Fortinet FortiGate are the APIs. They are the most widely known."
"The SD-WAN is the most valuable feature."
"The interface is very good."
"User-friendly and affordable security solution that's recommended for SMB customers. This solution has good technical support."
"The multi-tenancy feature is most valuable. It integrates very well with FortiManager and FortiAnalyzer."
"Fortinet FortiGate is a stable solution."
"Good performance, stability, and virtual domain ability."
"The scalability is good in Fortinet FortiGate."
"The solution's sandboxing, application center, and database engine are good."
"The solution is scalable."
"The packet filtering's great. You get out what you put into it. It works great as long as you know your security and configure everything adequately. If you just pop one in and it's not configured, then it's basically wide open. It kind of depends on the admin skill, but it's an excellent product."
"The stability, overall, is excellent. I haven't had a problem in the last two years."
"Has great security features and does a good job of protecting the network."
"Sophos UTM's most valuable features are profiling and its simple configuration."
"What I like about the solution is the ease of use."
"With Sophos, we have not had any incidents this year. The security provided has been good. It has proven to be okay for our needs."
"It is hard to control the bandwidth of end-users with a Cisco Firewall. That is the main issue I've faced. I used Mikrotik for many years for this very reason. Mikrotik has the option to set a bandwidth restriction for a single IP or complete segments. Cisco should add this option to their firewall."
"The maturity needs to be better."
"Its user interface is good, but it could be better. Currently, you have to know what to do before you can manage a device. If you don't know what to do, you can mess things up. There are some devices that are easier, such as FortiGate. The user interface of FortiGate is more intuitive. It is very easy to log in and configure things."
"The visibility for VPN is one big part. The policy administration could be improved in terms of customizations and flexibility for changing it to our needs."
"One thing that we really would have loved to have was policy-based routing. We had a lot of connections, and sometimes, we would have liked to change the routing depending on the policies, but it was lacking this capability. We also wanted application filtering and DNS filtering."
"I would like to see them add more next-generation features so that you don't need a lot of appliances to do just one task. It should be a single solution."
"I think they need to review their whole UI because it feels like it was created by a whole bunch of different teams of developers who didn't fully talk to each other. The net policy screen is just a mess. It should look like the firewall policy screen, and they should both act the same, but they don't. I feel like it's two different buildings or programming, who don't talk to each other, and that really annoys me."
"The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second."
"With the addition of some features, it is possible that FortiGate can be used in all verticals."
"Fortinet FortiGate is a stable solution. However, my issue is the performance only. When I use all the profiles, this affects the performance. From the beginning, I should have had a better sizing of the box."
"There aren't really any negative aspects to discuss."
"The support system could be improved."
"Fortinet FortiGate can be integrated with different platforms. They have integrations in place, but I can't say they're 100%."
"Fortinet FortiGate needs to improve the logging and reporting. Additionally, the next-generation application's policies should be improved. When they were released they had bugs."
"Fortinet FortiGate could improve by having more capabilities for troubleshooting VPN connections. For example, I do get some feedback about the current status, but I could use some history and logging of important events. The information is logged in our Syslog server, but I could use that information from the device. If they could provide a GUI to have some more insight on what's going with my VPN would be useful."
"This product needs to have an analysis feature, rather than having the analysis done through the integration of a different product."
"I think that additional metrics features are needed to be able to monitor other areas or to monitor as much as you can, at a fine-grain resolution."
"There were a lot of features and functionality in Sophos SG UTM but nothing was state of the art in terms of technology. You did not get the latest functions. It was very monolithic as it was based on an old Linux PuTTY system."
"The management suite is easy and the agent is easy to develop."
"Last year, Sophos had some major internal management changes that negatively impacted their support."
"Sophos customer support could use some improvement."
"The solution is not scalable."
"Sophos UTM sometimes falls short in high-availability environments. They used to launch firmware that didn't work very well in a high-availability environment."
"The ease of use could be a bit better."
Fortinet FortiGate is ranked 1st in Firewalls with 92 reviews while Sophos UTM is ranked 1st in Unified Threat Management (UTM) with 39 reviews. Fortinet FortiGate is rated 8.4, while Sophos UTM is rated 8.2. The top reviewer of Fortinet FortiGate writes "SSL proxy makes URL filtering easier because the encryption is done before the packet ever leaves ". On the other hand, the top reviewer of Sophos UTM writes "Great web and email filtering with reasonable pricing". Fortinet FortiGate is most compared with pfSense, Sophos XG, Check Point NGFW, Meraki MX and SonicWall NSa, whereas Sophos UTM is most compared with pfSense, OPNsense, Sophos XG, Untangle NG Firewall and WatchGuard Firebox. See our Fortinet FortiGate vs. Sophos UTM report.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I would have no doubt in recommending Fortinet. I do not know the Sophos UTM product specifically but in general, in companies, we have had unpleasant experiences with Sophos with customers. They typically declare performance values that are overestimated in the field.
We replaced Fortinet with Sophos as our public-facing UTM in 2017 & since then the ride has been extremely rough. I would not recommend Sophos for any mission-critical environment.
Fortinet is easy to manage and it include secure SDWAN as well including many features with easy to configure.
Both firewalls are easy to deploy. But the issue you will encounter when performing troubleshooting. You will not get flexibility in troubleshooting through Cli in Sophos whereas, in FortiGate, we have much more control. Besides if you are deploying a firewall on a large scale where visibility, control, performance as well as the flexibility is important it is better to go with Fortinet rather than Sophos.
I would also like to elaborate on the reporting part in FortiCloud. There is no need to pay any extras. Every box connects to ForticCoud service, and if you want reports to be greater than 7 days (meaning to be kept longer than that in their memory system) then you have to pay. In the meantime, by default Forticloud will send daily emails with reports and once a week you will get 4 to 5 reports, with lots of granular information. These reports are all in PDF with color graphics. In reality, I would be happy to send you some of the reports as in words typed herein would be more than a book. The FortiGate appliance also comes with 10 endpoint security (Forticlient) licences. So you can put this endpoint protection software to servers or clients. It also has a two-factor authentication license included. With these boxes, you can also create VDOM (Virtual Domains, totally separate).
They can afford that as the hardware, as I mentioned before (ASIC) has the power to do that. In 3 years I have had 1 spam message entering my mail server, is that telling you something??? In my first reply, I did tell you that where I work now they purchase Sophos. Well, when the antivirus is set the CPU gets up to 90%. My Fortigate CPU is 0% and peaks during attacks. And I have had quite a few. They were attempting to break into the mail server. More than 2 million attempts in less than 2 hours. Have a look at NSS Labs site. FortiGate is a Rolls Royce, you cannot compare.
Here in Australia, where I work now, the decision was to go with Sophos, ONLY ON PRICE. Yes, great brains. Now they regret that big time. FortiGate is a much more powerful device, especially when it comes to being able to handle the traffic. Most of the models handle throughput via ASIC (Application Specific Integrated Circuit) which is nothing more and less than a customer semiconductor. So, this is handled via hardware. It may be initially more difficult to implement. Now, what does "difficult" mean? To me when there is an unknown, difficult comes up till you learn. So if you make a decision on price and because "it is the easiest" to install.
I would not touch Sophos. Simple as that.
Sophos UTM is better by far. but it is more expensive
Done many installations of both Sophos and FortiGate, Sophos is the easiest to install and best in terms of features.
Reporting is free in Sophos while we need an extra subscription for FortiGate. Deep packet inspection, intrusion prevention advanced threat protection, web filtering, app control and email protection are key features of Sophos. Browsing is made safe with phishing protection and new functionality of ransomware protection. Sophos support is brilliant and community website from Sophos answers to all your questions and ease deployment.
I can’t really comment on FortiGate. We’ve been working with Sophos for years and like it’s integration with their endpoint.