"I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection."
"The customer service/technical support is very good with this solution."
"It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective."
"Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports."
"Being able to determine our active users vs inactive users has led us to increased productivity through visibility. Also, if an issue was happening with our throughput, then we wouldn't know without research. Now, notifications are more proactively happening."
"The most valuable feature is stability."
"Feature-wise, we mostly use IPS because it is a security requirement to protect against attacks from outside and inside. This is where IPS helps us out a bunch."
"The most valuable features of this solution are the integrations and IPS throughput."
"The customization potential is quite impressive."
"We use the filtering feature the most. It has filtering and inbuilt securities. We can create customized rules to define which users can access a particular type of site. We can create policies inside the firewall."
"It's inexpensive compared to some of the other technology out there."
"I like that they have given me a solution at a fair price."
"Advanced routing (RIP, OSPF, BGP, PBR). It gives you a seamless and simple integration into a large network."
"It's user-friendly and easy to operate."
"The user interface (UI) is very, very good."
"The most valuable feature of this solution is the analytics."
"Orchestration of the firewall is the most valuable feature. It is a fast and agile solution. It is good with protection. It is also very easy to deploy and manage, and its user interface is easy to use."
"The installation is easy. There is a wizard that can be used for a single connection making it simple and if you have multiple connections you can configure it manually."
"IPS and advanced threat protection (ATP) are the most valuable features. I am able to segment my network traffic and block incoming connections. It is also easy to use."
"Sophos is a comrehensive solution which allows me to configure all the attendant products, such as Sophos' firewall, Endpoint and Encryption features."
"I've tried out Sophos XG a little. It has a good interface that's very user-friendly, but I haven't used all of its functions because I'm only configuring and running the system."
"It is feature-rich, I like the server authentication, and the reports are good."
"Each user has the ability to manage the solution."
"We created and configured a VPN for connecting our remote sites and also to make it more secure and reliable. We also like its two-factor authentication features."
"The performance should be improved."
"The change-deployment time can always be improved. Even at 50 seconds, it's longer than some of its competitors. I would challenge Cisco to continue to improve in that area."
"The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second."
"This product is managed using the Firepower Management Center (FMC), but it would be better if it also supported the command-line interface (CLI)."
"It would be great if some of the load times were faster."
"I believe that the current feature set of the device is very good and the only thing that Cisco should work on is improving the user experience with the device."
"The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore."
"In a future release, it would be ideal if they could offer an open interface to other security products so that we could easily connect to our own open industry standard."
"The solution could be more user friendly."
"In the next release, maybe the documentation on how to use this solution could be improved."
"There is a lot of improvement needed with SSL-VPN."
"The visibility of the network can be better. The GUI can be improved for better visibility of the network flow. Other solutions have better GUI in terms of network visibility."
"The performance could be a bit better. Right now, I find it to be lacking. Having good performance is very important for our work."
"Security is a continuous process. In every product, there is a requirement for improvement. Its pricing should also be improved according to Indian market requirements. They must also improve on the reporting part. Its reporting can be more precise. If we can get a real-time report in a specific format, it will be helpful for customers to know about the current status of their security."
"They've become quite expensive."
"Currently, FortiGate is providing SSL VPN. But they're missing some features that are available in Palo Alto's SSL VPN."
"Inability to investigate incidents, there is no tracking."
"They need to allow their solution to integrate with other products and not just other Sophos solutions."
"The only area that requires improvement is scalability."
"The solution could offer a bit more integration with other systems, with other platforms - just to be able to extend the capability and to interface with other kinds of platforms or systems that I can find on the market as it gives the possibility to improve the level of integration."
"Lacking network access control, user profiling and analytics dashboards."
"Its user interface is a little bit slow."
"Data traffic analysis could be better. I think Fortinet products like FortiAnalyzer are very effective in analyzing data traffic. I think it's better than Sophos. It could also be more stable."
"Having a web portal where you could make requests for the categorization of non-categorized items, would be beneficial."
More Cisco Firepower NGFW Firewall Pricing and Cost Advice →
Fortinet FortiGate is ranked 1st in Firewalls with 97 reviews while Sophos XG is ranked 5th in Firewalls with 129 reviews. Fortinet FortiGate is rated 8.4, while Sophos XG is rated 8.2. The top reviewer of Fortinet FortiGate writes "Stable, easy to set up, and offers good ROI". On the other hand, the top reviewer of Sophos XG writes "Light and stable with excellent real-time control ". Fortinet FortiGate is most compared with Cisco ASA Firewall, pfSense, Check Point NGFW, Meraki MX and SonicWall TZ, whereas Sophos XG is most compared with pfSense, Meraki MX, Palo Alto Networks NG Firewalls, Sophos UTM and Azure Firewall. See our Fortinet FortiGate vs. Sophos XG report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I personally used Sophos UTM 9, and it´s great, it can support all your needs without a problem, the only concern is to find the correct physical server for deployment. Also, it can be purchased in a stand-alone box. I totally suggest the appliance for a UTM version or a XG Firewall
I never used FortiGate but a lot of people do and they are fine with the choice. So, I think it's a matter of the budget.
Hi,
This really gets to two things:
- how fast your internet access is and how much are you planning to grow in the next few years?
- are you planning to do the TLS inspection?
Do proper sizing with partners. Pay attention to XGS2100 which is a new platform by Sophos.
Avoid this "✓ Include port forwarding for local service publishing" since both units have some kind of WAF, it is better to do it with WAF. Sophos WAF has more features than Fortigate integrated WAF.
✓ Monitoring and reporting --> what kind of reporting are you looking at?
✓ Malware and viruses inspection --> XG can be combined with InterceptX, this is good protection. Been running it for years.
Also, pay attention to support from Fortinet and Sophos. Fortinet has version 7.0 out and it is probably full of bugs as they tend to do the last couple of years but Sophos is the same here. They are rushing with features out so make sure partners confirm stable versions for you.
Don't bother with 100E, go after 100F or 101F since it is a new box from Fortinet.
I can see answers with the word "budget", What is cheap may end expensive. CAREFUL.
Fortinet is a clever company who had put ASIC (Application Specific Integrated Circuits). They use silicon, chips, so they are not only fast but can guarantee throughput. I have since instanced of Sophos where the CPU runs at 90% and struggles.
So, think how can you guarantee traffic with IPS, VPN and many other simultaneous tasks.
But it is your decision.
Good luck. I personally would not touch Sophos at all.
The XG210 is a little slow if you turn on all the security. Unlike the old SG firewalls, the XG firewalls tend to get bogged down. I have an XG230 and it worked well. As for Fortigates; they also work very well but they are more expensive. Both of them meets most all of your requirements depending on the packages you opt for. I am now running a Fortigate 301E and it is faster than the XG230 and I can do all the inspection I want at 1Gbps whereas the Sophos struggled. I would not go for the Fortigate 100. I would go with a slightly higher performance system, and the E series is fine but the F series is a newer breed.
In my opinion, the Fortigate line is a little more robust and it is more intuitive to manage. That said, they are both quality firewalls.
The Fortinet FortiGate appliance is recommended, we have in the past used Sophos and found that certain malware gets through rendering it very unreliable. Fortinet has a great reputation and you should not just select Sophos base on pricing alone as you will have more than a 100 VPN users, you can't have a bad inconsistent box which will break your network.
Sophos XG210 dusts Fortinet fortigate 100E in every department far more than you can ever imagine. SSD storage and throughputs Sophos is dope.
I can only agree with the previous speakers. Both systems are good and differ in details.
Apart from the budget, topics such as scalability and which systems (SIEM/SOC) the components are connected to are important.
And then there is the saying that we all know: Who buys cheap buys twice.
Best Regards
Norman
Sophos XG210 fills these needs adequately. Give it a go.