We changed our name from IT Central Station: Here's why

Fortinet FortiGate vs Sophos XG comparison

You must select at least 2 products to compare!
Fortinet FortiGate Logo
160,462 views|121,922 comparisons
Sophos XG Logo
44,070 views|36,313 comparisons
Comparison Summary
Question: Which firewall is better and why: Sophos XG 210 or Fortinet FortiGate 100E?
Answer: Today I have deployed a small FGT40F with OS 7 build 006. This is replacing a 3 years old FGT30E. In both cases even under heavy attack, memory in the FGT30E would jump to 77% and CPU would reach the 90%. I would then block those addresses and CPU would go down to 1 %. Again this shows again and again how the hardware is so incredible due to what I have written below. Now the OS7 and F40F, memory seats at 55% and CPU 1 %. I have full IPS, SPAM, and any other policy you could imagine. Do that in Sophos and you will need the computer that NSA has in USA. Sorry, it is just the truth and nothing but the truth. When you have the chance to see what OS7 info to the administrator has to offer the user, you will see what I say.
Featured Review
Find out what your peers are saying about Fortinet FortiGate vs. Sophos XG and other solutions. Updated: January 2022.
563,148 professionals have used our research since 2012.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection.""The customer service/technical support is very good with this solution.""It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective.""Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports.""Being able to determine our active users vs inactive users has led us to increased productivity through visibility. Also, if an issue was happening with our throughput, then we wouldn't know without research. Now, notifications are more proactively happening.""The most valuable feature is stability.""Feature-wise, we mostly use IPS because it is a security requirement to protect against attacks from outside and inside. This is where IPS helps us out a bunch.""The most valuable features of this solution are the integrations and IPS throughput."

More Cisco Firepower NGFW Firewall Pros →

"The customization potential is quite impressive.""We use the filtering feature the most. It has filtering and inbuilt securities. We can create customized rules to define which users can access a particular type of site. We can create policies inside the firewall.""It's inexpensive compared to some of the other technology out there.""I like that they have given me a solution at a fair price.""Advanced routing (RIP, OSPF, BGP, PBR). It gives you a seamless and simple integration into a large network.""It's user-friendly and easy to operate.""The user interface (UI) is very, very good.""The most valuable feature of this solution is the analytics."

More Fortinet FortiGate Pros →

"Orchestration of the firewall is the most valuable feature. It is a fast and agile solution. It is good with protection. It is also very easy to deploy and manage, and its user interface is easy to use.""The installation is easy. There is a wizard that can be used for a single connection making it simple and if you have multiple connections you can configure it manually.""IPS and advanced threat protection (ATP) are the most valuable features. I am able to segment my network traffic and block incoming connections. It is also easy to use.""Sophos is a comrehensive solution which allows me to configure all the attendant products, such as Sophos' firewall, Endpoint and Encryption features.""I've tried out Sophos XG a little. It has a good interface that's very user-friendly, but I haven't used all of its functions because I'm only configuring and running the system.""It is feature-rich, I like the server authentication, and the reports are good.""Each user has the ability to manage the solution.""We created and configured a VPN for connecting our remote sites and also to make it more secure and reliable. We also like its two-factor authentication features."

More Sophos XG Pros →

"The performance should be improved.""The change-deployment time can always be improved. Even at 50 seconds, it's longer than some of its competitors. I would challenge Cisco to continue to improve in that area.""The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second.""This product is managed using the Firepower Management Center (FMC), but it would be better if it also supported the command-line interface (CLI).""It would be great if some of the load times were faster.""I believe that the current feature set of the device is very good and the only thing that Cisco should work on is improving the user experience with the device.""The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore.""In a future release, it would be ideal if they could offer an open interface to other security products so that we could easily connect to our own open industry standard."

More Cisco Firepower NGFW Firewall Cons →

"The solution could be more user friendly.""In the next release, maybe the documentation on how to use this solution could be improved.""There is a lot of improvement needed with SSL-VPN.""The visibility of the network can be better. The GUI can be improved for better visibility of the network flow. Other solutions have better GUI in terms of network visibility.""The performance could be a bit better. Right now, I find it to be lacking. Having good performance is very important for our work.""Security is a continuous process. In every product, there is a requirement for improvement. Its pricing should also be improved according to Indian market requirements. They must also improve on the reporting part. Its reporting can be more precise. If we can get a real-time report in a specific format, it will be helpful for customers to know about the current status of their security.""They've become quite expensive.""Currently, FortiGate is providing SSL VPN. But they're missing some features that are available in Palo Alto's SSL VPN."

More Fortinet FortiGate Cons →

"Inability to investigate incidents, there is no tracking.""They need to allow their solution to integrate with other products and not just other Sophos solutions.""The only area that requires improvement is scalability.""The solution could offer a bit more integration with other systems, with other platforms - just to be able to extend the capability and to interface with other kinds of platforms or systems that I can find on the market as it gives the possibility to improve the level of integration.""Lacking network access control, user profiling and analytics dashboards.""Its user interface is a little bit slow.""Data traffic analysis could be better. I think Fortinet products like FortiAnalyzer are very effective in analyzing data traffic. I think it's better than Sophos. It could also be more stable.""Having a web portal where you could make requests for the categorization of non-categorized items, would be beneficial."

More Sophos XG Cons →

Pricing and Cost Advice
  • "Cisco pricing is premium. However, they gave us a 50 to 60 percent discount."
  • "There are additional implementation and validation costs."
  • "Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed."
  • "This product requires licenses for advanced features including Snort, IPS, and malware detection."
  • "This product is expensive."
  • "For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."
  • "The price of Firepower is not bad compared to other products."
  • "The solution was chosen because of its price compared to other similar solutions."
  • More Cisco Firepower NGFW Firewall Pricing and Cost Advice →

  • "Fortinet is the least expensive solution."
  • "It's very affordable."
  • "Setup cost may be not so low, as you expect, because it depends on different factors, but TCO for 5 years may pleasantly surprise you."
  • "The Indian market is different than the European and American markets. When you compare they need to be a bit more aggressive on pricing."
  • "I think that the pricing is fair."
  • "For our organization, the licensing costs are approximately $7,000 per year."
  • "It's an expensive solution."
  • "The price is okay."
  • More Fortinet FortiGate Pricing and Cost Advice →

  • "The Sophos pricing, in general, is better than SonicWall, Fortinet, WatchGuard, or anybody else."
  • "We paid for our licensing for three years, upfront, and there are no costs in addition to the standard fees."
  • "The price is cheaper than that of some competing vendors."
  • "The pricing is flexible. Sophos looks at a country's economy and offers flexible pricing. This is how they have managed to penetrate the market."
  • "It's approximately $6,000 for each device."
  • "It is not expensive, it's a reasonable price,"
  • "The issue of a recurring license is a hassle because every year, we have to subscribe."
  • "It is not very expensive."
  • More Sophos XG Pricing and Cost Advice →

    Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
    563,148 professionals have used our research since 2012.
    Answers from the Community
    Eman Taky
    author avatarLuis Apodaca

    I personally used Sophos UTM 9, and it´s great, it can support all your needs without a problem, the only concern is to find the correct physical server for deployment. Also, it can be purchased in a stand-alone box. I totally suggest the appliance for a UTM version or a XG Firewall

    I never used FortiGate but a lot of people do and they are fine with the choice. So, I think it's a matter of the budget.

    author avatarimadam
    Real User


    This really gets to two things:

    - how fast your internet access is and how much are you planning to grow in the next few years? 

    - are you planning to do the TLS inspection?

    Do proper sizing with partners. Pay attention to XGS2100 which is a new platform by Sophos. 

    Avoid this "✓ Include port forwarding for local service publishing" since both units have some kind of WAF, it is better to do it with WAF. Sophos WAF has more features than Fortigate integrated WAF. 

    ✓ Monitoring and reporting --> what kind of reporting are you looking at?

    ✓ Malware and viruses inspection --> XG can be combined with InterceptX, this is good protection. Been running it for years. 

    Also, pay attention to support from Fortinet and Sophos. Fortinet has version 7.0 out and it is probably full of bugs as they tend to do the last couple of years but Sophos is the same here. They are rushing with features out so make sure partners confirm stable versions for you. 

    Don't bother with 100E, go after 100F or 101F since it is a new box from Fortinet. 

    author avatarRichard Benfatto

    I can see answers with the word "budget", What is cheap may end expensive. CAREFUL.

    Fortinet is a clever company who had put ASIC (Application Specific Integrated Circuits). They use silicon, chips, so they are not only fast but can guarantee throughput. I have since instanced of Sophos where the CPU runs at 90% and struggles.

    So, think how can you guarantee traffic with IPS, VPN and many other simultaneous tasks.

     But it is your decision.

    Good luck. I personally would not touch Sophos at all.

    author avatarreviewer1267734 (Executive Cyber Security Consultant at a tech services company with 11-50 employees)

    The XG210 is a little slow if you turn on all the security.  Unlike the old SG firewalls, the XG firewalls tend to get bogged down.  I have an XG230 and it worked well.  As for Fortigates; they also work very well but they are more expensive.  Both of them meets most all of your requirements depending on the packages you opt for.  I am now running a Fortigate 301E and it is faster than the XG230 and I can do all the inspection I want at 1Gbps whereas the Sophos struggled.    I would not go for the Fortigate 100.  I would go with a slightly higher performance system, and the E series is fine but the F series is a newer breed.  

    In my opinion, the Fortigate line is a little more robust and it is more intuitive to manage.  That said, they are both quality firewalls.  

    author avatarPaul Yuen

    The Fortinet FortiGate appliance is recommended,  we have in the past used Sophos and found that certain malware gets through rendering it very unreliable. Fortinet has a great reputation and you should not just select Sophos base on pricing alone as you will have more than a 100 VPN users, you can't have a bad inconsistent box which will break your network.

    author avatarAbayomi Ajisefinni
    Real User

    Sophos XG210 dusts Fortinet fortigate 100E in every department far more than you can ever imagine. SSD storage and throughputs Sophos is dope.

    author avatarNorman Freitag

    I can only agree with the previous speakers. Both systems are good and differ in details.

    Apart from the budget, topics such as scalability and which systems (SIEM/SOC) the components are connected to are important.

    And then there is the saying that we all know: Who buys cheap buys twice.

    Best Regards


    author avatarAbayomi Ajisefinni
    Real User

    Sophos XG210 fills these needs adequately. Give it a go.

    Questions from the Community
    Top Answer: 
    When you compare these firewalls you can identify them with different features, advantages, practices and… more »
    Top Answer: 
    The Cisco Firepower NGFW Firewall is a very powerful and very complex piece of anti-viral software. When one considers… more »
    Top Answer: 
    It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
    Top Answer: 
    As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite… more »
    Top Answer: 
    In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it… more »
    Top Answer: 
    I have experience on both from Disti and channel experience. Please find below my comments (nothing new as such)… more »
    Top Answer: 
    Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat… more »
    Top Answer: 
    Sophos UTM is no longer being developed, according to our reseller. All the development effort is going into XG. So XG… more »
    Top Answer: 
    In terms of the functionality, I think it's pretty straightforward. It's easy to pick up. It's also user-friendly.
    Also Known As
    Cisco Firepower NGFW, Cisco Firepower Next-Generation Firewall, FirePOWER, Cisco NGFWv
    FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate
    Learn More

    Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
    small/branch offices to high performance data centers and service providers. Available in a wide
    range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
    defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
    Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
    features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
    volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
    for increased performance, high availability configurations, and more.
    Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
    deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
    the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
    can deliver micro-segmentation to protect east-west network traffic.
    Cisco firewalls provide consistent security policies, enforcement, and protection across all your
    environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
    delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
    SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
    greater simplicity, visibility, and efficiency.
    Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.

    The FortiGate family of NG firewalls provides proven protection with unmatched performance across the network, from internal segments, to data centers, to cloud environments. FortiGates are available in a large range of sizes and form factors and are key components of the Fortinet Security Fabric, which enables immediate, intelligent defense against known and new threats throughout the entire network.

    Sophos XG Firewall is next gen firewall that is optimized for today’s business, delivering all the protection and insights you need in a single, powerful appliance that’s easy to manage.

    Learn more about Cisco Firepower NGFW Firewall
    Learn more about Fortinet FortiGate
    Learn more about Sophos XG
    Sample Customers
    Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield
    Pittsburgh Steelers, LUSH Cosmetics, NASDAQ, Verizon, Arizona State University, Levi Strauss & Co. Whitepaper and case studies here
    Information Not Available
    Top Industries
    Comms Service Provider22%
    Financial Services Firm16%
    Manufacturing Company8%
    Non Profit8%
    Comms Service Provider33%
    Computer Software Company21%
    Manufacturing Company4%
    Comms Service Provider14%
    Computer Software Company10%
    Financial Services Firm8%
    Manufacturing Company6%
    Comms Service Provider37%
    Computer Software Company20%
    Educational Organization4%
    Manufacturing Company11%
    Financial Services Firm11%
    Healthcare Company8%
    Comms Service Provider8%
    Comms Service Provider40%
    Computer Software Company18%
    Media Company4%
    Company Size
    Small Business43%
    Midsize Enterprise28%
    Large Enterprise29%
    Small Business21%
    Midsize Enterprise13%
    Large Enterprise66%
    Small Business48%
    Midsize Enterprise24%
    Large Enterprise27%
    Small Business35%
    Midsize Enterprise25%
    Large Enterprise40%
    Small Business63%
    Midsize Enterprise24%
    Large Enterprise13%
    Small Business51%
    Midsize Enterprise23%
    Large Enterprise26%
    Find out what your peers are saying about Fortinet FortiGate vs. Sophos XG and other solutions. Updated: January 2022.
    563,148 professionals have used our research since 2012.

    Fortinet FortiGate is ranked 1st in Firewalls with 97 reviews while Sophos XG is ranked 5th in Firewalls with 129 reviews. Fortinet FortiGate is rated 8.4, while Sophos XG is rated 8.2. The top reviewer of Fortinet FortiGate writes "Stable, easy to set up, and offers good ROI". On the other hand, the top reviewer of Sophos XG writes "Light and stable with excellent real-time control ". Fortinet FortiGate is most compared with Cisco ASA Firewall, pfSense, Check Point NGFW, Meraki MX and SonicWall TZ, whereas Sophos XG is most compared with pfSense, Meraki MX, Palo Alto Networks NG Firewalls, Sophos UTM and Azure Firewall. See our Fortinet FortiGate vs. Sophos XG report.

    See our list of best Firewalls vendors.

    We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.