"We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government."
"I like the firewall features, Snort, and the Intrusion Prevention System (IPS)."
"The most valuable feature is the access control list (ACL)."
"The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands."
"When it comes to the integration among Cisco tools, we find it easy. It's a very practical integration with other components as well."
"It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective."
"We have not had to deal with stability issues."
"It's got the capabilities of amassing a lot of throughput with remote access and VPNs."
"What's most important is the ease of use."
"Some of the valuable features are the firewall, IPS, web filter, and gateway capabilities. Additionally, it is easy to use and flexible."
"This is an easy solution to deploy."
"It is a safe product."
"The most important feature, normally for small business customers, is link load balancing."
"It's user-friendly and easy to operate."
"The payment function for applications is good."
"The solution has very good threat and content filtering switches."
"The most valuable feature is ransomware protection."
"So far, the solution has been problem-free."
"The initial setup is pretty easy."
"Sophos UTM is the simplest of these products to setup."
"The cost of the solution is very reasonable."
"It is easy to manage."
"The three most important features for us are web protection, web server protection, and network protection."
"It's a stable solution."
"We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve."
"This product is managed using the Firepower Management Center (FMC), but it would be better if it also supported the command-line interface (CLI)."
"I would like to see improvement when you create policies on Snort 3 IPS on Cisco Firepower. On Snort 2, it was more like a UI page where you had some multiple choices where you could tweak your config. On Snort 3, the idea is more to build some rules on the text file or JSON file, then push it. So, I would like to see a lot of improvements here."
"The initial setup was a bit complex. It wasn't a major challenge, but due to our requirements and network, it was not very straightforward but still easy enough."
"The performance should be improved."
"The initial setup can be a bit complex for those unfamiliar with the solution."
"Cisco Firepower NGFW Firewall can be more secure."
"I believe that the current feature set of the device is very good and the only thing that Cisco should work on is improving the user experience with the device."
"The pricing could be a bit better, especially when you consider how they have the most basic offering priced."
"Fortinet doesn't provide multiple virtual firewalls which would facilitate end users and customers."
"The solution could have licensing fees reduced in the future."
"We had a minor problem where there was a major system upgrade on the hardware platfrom and the Mac client was not available as soon as it might have been. The PC client was available immediately, but we had to wait a month or so, before there was a mac client. I was slightly irritated that it was not ready on time, but it was eventually resolved."
"The initial setup and configuration are not intuitive and require training."
"The solution could be more evenly structured."
"The sniffing packets or packet captures, can be simplified and improved because it's a little confusing."
"The solution could be more user friendly."
"I think that additional metrics features are needed to be able to monitor other areas or to monitor as much as you can, at a fine-grain resolution."
"The integration capabilities could be better."
"Anti-phishing functionality should be improved."
"It's stable, but the reaction time of the GUI is terrible."
"Sophos UTM sometimes falls short in high-availability environments. They used to launch firmware that didn't work very well in a high-availability environment."
"Updates come out agonizingly slowly, a trickle."
"The logs are not clear, which means that you need an additional piece of software in order to read them clearly."
"Sophos should improve its ability to check something like bandwidth consumption for users or something more real-time."
More Cisco Firepower NGFW Firewall Pricing and Cost Advice →
Fortinet FortiGate is ranked 1st in Firewalls with 98 reviews while Sophos UTM is ranked 2nd in Unified Threat Management (UTM) with 24 reviews. Fortinet FortiGate is rated 8.4, while Sophos UTM is rated 8.6. The top reviewer of Fortinet FortiGate writes "Stable, easy to set up, and offers good ROI". On the other hand, the top reviewer of Sophos UTM writes "Great web and email filtering with reasonable pricing". Fortinet FortiGate is most compared with Cisco ASA Firewall, pfSense, Check Point NGFW, Meraki MX and Juniper SRX, whereas Sophos UTM is most compared with pfSense, Sophos XG, Untangle NG Firewall, OPNsense and Kerio Control. See our Fortinet FortiGate vs. Sophos UTM report.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I would have no doubt in recommending Fortinet. I do not know the Sophos UTM product specifically but in general, in companies, we have had unpleasant experiences with Sophos with customers. They typically declare performance values that are overestimated in the field.
We replaced Fortinet with Sophos as our public-facing UTM in 2017 & since then the ride has been extremely rough. I would not recommend Sophos for any mission-critical environment.
Fortinet is easy to manage and it include secure SDWAN as well including many features with easy to configure.
Both firewalls are easy to deploy. But the issue you will encounter when performing troubleshooting. You will not get flexibility in troubleshooting through Cli in Sophos whereas, in FortiGate, we have much more control. Besides if you are deploying a firewall on a large scale where visibility, control, performance as well as the flexibility is important it is better to go with Fortinet rather than Sophos.
I would also like to elaborate on the reporting part in FortiCloud. There is no need to pay any extras. Every box connects to ForticCoud service, and if you want reports to be greater than 7 days (meaning to be kept longer than that in their memory system) then you have to pay. In the meantime, by default Forticloud will send daily emails with reports and once a week you will get 4 to 5 reports, with lots of granular information. These reports are all in PDF with color graphics. In reality, I would be happy to send you some of the reports as in words typed herein would be more than a book. The FortiGate appliance also comes with 10 endpoint security (Forticlient) licences. So you can put this endpoint protection software to servers or clients. It also has a two-factor authentication license included. With these boxes, you can also create VDOM (Virtual Domains, totally separate).
They can afford that as the hardware, as I mentioned before (ASIC) has the power to do that. In 3 years I have had 1 spam message entering my mail server, is that telling you something??? In my first reply, I did tell you that where I work now they purchase Sophos. Well, when the antivirus is set the CPU gets up to 90%. My Fortigate CPU is 0% and peaks during attacks. And I have had quite a few. They were attempting to break into the mail server. More than 2 million attempts in less than 2 hours. Have a look at NSS Labs site. FortiGate is a Rolls Royce, you cannot compare.
Here in Australia, where I work now, the decision was to go with Sophos, ONLY ON PRICE. Yes, great brains. Now they regret that big time. FortiGate is a much more powerful device, especially when it comes to being able to handle the traffic. Most of the models handle throughput via ASIC (Application Specific Integrated Circuit) which is nothing more and less than a customer semiconductor. So, this is handled via hardware. It may be initially more difficult to implement. Now, what does "difficult" mean? To me when there is an unknown, difficult comes up till you learn. So if you make a decision on price and because "it is the easiest" to install.
I would not touch Sophos. Simple as that.
Sophos UTM is better by far. but it is more expensive
Done many installations of both Sophos and FortiGate, Sophos is the easiest to install and best in terms of features.
Reporting is free in Sophos while we need an extra subscription for FortiGate. Deep packet inspection, intrusion prevention advanced threat protection, web filtering, app control and email protection are key features of Sophos. Browsing is made safe with phishing protection and new functionality of ransomware protection. Sophos support is brilliant and community website from Sophos answers to all your questions and ease deployment.
I can’t really comment on FortiGate. We’ve been working with Sophos for years and like it’s integration with their endpoint.