We performed a comparison between Fortinet FortiGate and Sophos UTM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Fortinet FortiGate and Sophos UTM had a similar user rating regarding ease of deployment, service and support, and ROI. If pricing is a factor, Sophos UTM is a more cost-effective solution based on user reviews. In terms of features, Fortinet FortiGate users felt the interface was complex, and the reporting feature needed improvements. In contrast, Sophos UTM users felt the solution needed to do a better job at covering mobile devices.
"Firepower NGFW has improved my organization in several ways. Before, we were trying to stamp out security threats and issues, it was a one-off type of way to attack it. I spent a lot of manpower trying to track down the individual issues or flare-ups that we would see. With Cisco's Firepower Management, we're able to have that push up to basically one monitor and one UI and be able to track that and stop threats immediately. It also gives us a little more granularity on what those threats might be."
"I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection."
"The most valuable feature would be ASDM. The ability to go in, visualize and see the world base in a clear and consistent manner is very powerful."
"It has a good security level. It is a next-generation firewall. It can protect from different types of attacks. We have enabled IPS and IDS."
"The feature set is fine and is rarely a problem."
"A good intrusion prevention system and filtering."
"Its Snort 3 IPS has better flexibility as far as being able to write rules. This gives me better granularity."
"The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic."
"The solution is very easy to understand. It's not overly complex."
"I like Fortinet FortiGate's antispam filter, SPN, and clustering features."
"Anti-Spam web content filterinG."
"The product is easy to use and is stable. The SV1 functionality is a benefit."
"We were looking for the VPN feature and controlling the inflow and outflow of all the traffic within the site and across the sites. We are also using it for the VPN and VLANs."
"I like several features that this product has, such as antivirus and internet navigation inspection. It is also simple to use."
"The most valuable feature is the web filter."
"Fortinet FortiGate is stable. It's used across all the countries, this is the way most multinationals run their system."
"Sophos UTM provides security for our network here and access through a VPN connection for our remote users. It also offers the flexibility to create different tools for accessibility."
"The stability, overall, is excellent. I haven't had a problem in the last two years."
"The stability of Sophos UTM is very good. The solution has been stable since Sophos took over Cyberoam which was the original company providing this solution."
"The three most important features for us are web protection, web server protection, and network protection."
"Sophos SG UTM had all the basic functionality that you needed. It is user-friendly and easy to manage for any integrator."
"The cost of the solution is very reasonable."
"Sophos UTM is very user-friendly and has good integration with other solutions."
"The initial setup is pretty easy."
"They need a VTI. I know it's going to be available in the next software version, which is the 6.7 version. However, the problem with that is that the 6.7 is going to deprecate all the older IKEv1 deployment tunnels. Therefore, the problem is that we have a lot of customers which are using older encryptions. If I do that, update it, it's not going to work for me."
"FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively."
"We're getting support but there's a big delay until we get a response from their technical team. They're in the USA and we're in Africa, so that's the difficulty. When they're in the office, they respond."
"It's mainly the UI and the management parts that need improvement. The most impactful feature when you're using it is the user interface and the user experience."
"The maturity needs to be better."
"The intelligence has room for improvement. There are some hackers that we haven't seen before and its ability to detect those types of attacks needs to be improved."
"In a future release, it would be ideal if they could offer an open interface to other security products so that we could easily connect to our own open industry standard."
"The initial setup can be a bit complex for those unfamiliar with the solution."
"We had some issues in the beginning while setting it up, but after doing the firmware update, it is working fine."
"There is a lot of improvement needed with SSL-VPN."
"It's my understanding that more of the current generation features could be brought in. There could be more integration with EDRs, for example."
"There aren't really any negative aspects to discuss."
"Performance and technical support are the main issues with this solution."
"Fortinet FortiGate is not very easy to use. The navigation could be improved to make it easier to use."
"Fortinet FortiGate could improve by having more capabilities for troubleshooting VPN connections. For example, I do get some feedback about the current status, but I could use some history and logging of important events. The information is logged in our Syslog server, but I could use that information from the device. If they could provide a GUI to have some more insight on what's going with my VPN would be useful."
"You do need some IT knowledge in order to effectively work with the solution."
"The interface configuration could be improved."
"The solution needs to do better at covering mobile devices, although they may have an integrated solution for that purpose."
"Sophos should improve its ability to check something like bandwidth consumption for users or something more real-time."
"We'd like to see them offer their services on mobile devices like tablets. I'm not sure if that's an option or not."
"Monitoring and reporting are areas that need improvement."
"Updates come out agonizingly slowly, a trickle."
"The integration capabilities could be better."
"When we call support, we get put on hold for a long time."
More Cisco Firepower NGFW Firewall Pricing and Cost Advice →
Fortinet FortiGate is ranked 1st in Firewalls with 166 reviews while Sophos UTM is ranked 2nd in Unified Threat Management (UTM) with 32 reviews. Fortinet FortiGate is rated 8.4, while Sophos UTM is rated 8.4. The top reviewer of Fortinet FortiGate writes "Stable, easy to set up, and offers good ROI". On the other hand, the top reviewer of Sophos UTM writes "Great web and email filtering with reasonable pricing". Fortinet FortiGate is most compared with pfSense, Cisco ASA Firewall, Sophos XG, Check Point NGFW and Palo Alto Networks WildFire, whereas Sophos UTM is most compared with pfSense, Untangle NG Firewall, Sophos XG, OPNsense and Palo Alto Networks NG Firewalls. See our Fortinet FortiGate vs. Sophos UTM report.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I would have no doubt in recommending Fortinet. I do not know the Sophos UTM product specifically but in general, in companies, we have had unpleasant experiences with Sophos with customers. They typically declare performance values that are overestimated in the field.
We replaced Fortinet with Sophos as our public-facing UTM in 2017 & since then the ride has been extremely rough. I would not recommend Sophos for any mission-critical environment.
Fortinet is easy to manage and it include secure SDWAN as well including many features with easy to configure.
Both firewalls are easy to deploy. But the issue you will encounter when performing troubleshooting. You will not get flexibility in troubleshooting through Cli in Sophos whereas, in FortiGate, we have much more control. Besides if you are deploying a firewall on a large scale where visibility, control, performance as well as the flexibility is important it is better to go with Fortinet rather than Sophos.
I would also like to elaborate on the reporting part in FortiCloud. There is no need to pay any extras. Every box connects to ForticCoud service, and if you want reports to be greater than 7 days (meaning to be kept longer than that in their memory system) then you have to pay. In the meantime, by default Forticloud will send daily emails with reports and once a week you will get 4 to 5 reports, with lots of granular information. These reports are all in PDF with color graphics. In reality, I would be happy to send you some of the reports as in words typed herein would be more than a book. The FortiGate appliance also comes with 10 endpoint security (Forticlient) licences. So you can put this endpoint protection software to servers or clients. It also has a two-factor authentication license included. With these boxes, you can also create VDOM (Virtual Domains, totally separate).
They can afford that as the hardware, as I mentioned before (ASIC) has the power to do that. In 3 years I have had 1 spam message entering my mail server, is that telling you something??? In my first reply, I did tell you that where I work now they purchase Sophos. Well, when the antivirus is set the CPU gets up to 90%. My Fortigate CPU is 0% and peaks during attacks. And I have had quite a few. They were attempting to break into the mail server. More than 2 million attempts in less than 2 hours. Have a look at NSS Labs site. FortiGate is a Rolls Royce, you cannot compare.
Here in Australia, where I work now, the decision was to go with Sophos, ONLY ON PRICE. Yes, great brains. Now they regret that big time. FortiGate is a much more powerful device, especially when it comes to being able to handle the traffic. Most of the models handle throughput via ASIC (Application Specific Integrated Circuit) which is nothing more and less than a customer semiconductor. So, this is handled via hardware. It may be initially more difficult to implement. Now, what does "difficult" mean? To me when there is an unknown, difficult comes up till you learn. So if you make a decision on price and because "it is the easiest" to install.
I would not touch Sophos. Simple as that.
Sophos UTM is better by far. but it is more expensive
Done many installations of both Sophos and FortiGate, Sophos is the easiest to install and best in terms of features.
Reporting is free in Sophos while we need an extra subscription for FortiGate. Deep packet inspection, intrusion prevention advanced threat protection, web filtering, app control and email protection are key features of Sophos. Browsing is made safe with phishing protection and new functionality of ransomware protection. Sophos support is brilliant and community website from Sophos answers to all your questions and ease deployment.
I can’t really comment on FortiGate. We’ve been working with Sophos for years and like it’s integration with their endpoint.