We performed a comparison between Fortinet FortiGate and Sophos XG based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Fortinet FortiGate and Sophos XG had a similar user rating regarding ease of deployment, service and support, and ROI. In terms of features, each software has its pros and cons. Fortinet FortiGate offers some great features, but it is a little more complex and needs better reporting. Sophos XG provides a stable, complete firewall solution, but it fails to integrate well with other products, and the SD-WAN needs improvement. Sophos XG was the better option for pricing, as they offer flexible pricing based on region.
"The deep packet inspection is useful, but the most useful feature is application awareness. You can filter on the app rather than on a static TCP port."
"The most valuable features of this solution are advanced malware protection, IPS, and IDS."
"I like the firewall features, Snort, and the Intrusion Prevention System (IPS)."
"I have integrated it for incidence response. If there is a security event, the Cisco firewall will automatically block the traffic, which is valuable."
"The solution offers very easy configurations."
"The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands."
"Cisco's technical support is the best and that's why everybody implements their products."
"The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic."
"I like several features that this product has, such as antivirus and internet navigation inspection. It is also simple to use."
"One of the nice things about FortiGate is that it can be deployed on the cloud or on-premises. You can actually do both. That's the biggest reason why I stick with this solution as opposed to something like Cisco Meraki. Another nice thing is that I can log directly into a FortiGate or get to it through their FortiCloud access products. They're pretty reliable and consistent. One of the reasons why I started using the product was their single pane of management. I can deploy their line of firewalls in conjunction with their switching and access points, and I can manage the entire network from one interface. I don't have to log into one interface for the firewall, another one for the access points, and another one for the switches. These firewalls have access point controller functionality built right into the system, so I don't even have to purchase additional devices to manage them."
"The pricing is great and very reasonable."
"The main reason why I purchased the particular unit was that it had good reviews and what other people were saying as far as its completeness and its leading capabilities in terms of endpoint security was very good."
"The solution is extremely reliable."
"The SD-WAN feature is the most valuable. This feature evolved from link load balancing. It has helped us in terms of our uptime and privatizing applications whenever we experience an outage. The SD-WAN feature has been a plus for us. Two-factor authentication has allowed us to add more users in terms of remote working. We have two-factor authentication for remote workers to authenticate them before they get on the network."
"Security solution with a straightforward and quick setup. It's a stable and scalable product."
"Fortinet FortiGate is easy to use."
"The solution is stable. I've had very few problems with it."
"It is very easy to configure and straightforward. The firewall rules are straightforward. It works great out of the box. It has been working as advertised, and I haven't had any issues with it."
"The solution is a next generation firewall and we have gotten good customer feedback."
"The interface is user-friendly and the product is easy to configure."
"Sophos is a stable solution, and we haven't had any bugs or limitations."
"The VPN access for users is also a great thing, especially nowadays when working from home."
"The product has a console that is based in the cloud for all their products. In this console, they have email security, firewall security, endpoint security, et cetera. All of the products on offer in the console are very useful for us."
"The multifactor authentication is helpful because whenever the user wants to connect to the firewall, they have to use the authenticator before they can access it."
"Cisco Firepower is not completely integrated with Active Directory. We are trying to use Active Directory to restrict users by using some security groups that are not integrated within the Cisco Firepower module. This is the main issue that we are facing."
"They could improve by having more skilled, high-level engineers that are available around the clock. I know that's an easy thing to say and a hard thing to do."
"We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve."
"The price and SD-WAN capabilities are the areas that need improvement."
"FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it."
"I would like it to have faster deployment times. A typical deployment could take two to three minutes. Sometimes, it depends on the situation. It is better than it was in the past, but it could always use improvement."
"The initial setup could be simplified, as it can be complex for new users."
"FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively."
"Fortinet FortiGate can improve by integrating the web application firewall and the DDoS protection part of the solution. Having a WAF feature, web application firewall, and proxy together would be a good benefit."
"The firmware needs improvement because there are bugs when a new release comes through. Sometimes, the configuration changes, and it's a bit harder to see where the fail is. The first time that you have the firmware, it tends to have some issues, and it's better to wait a bit to update the equipment."
"The solution could have licensing fees reduced in the future."
"My only complaint about FortiGate is a lack of QinQ VLAN tunneling. I haven't found this feature in any Fortinet product. You can do this on all Cisco routers, including the smaller models. However, QinQ isn't available on the biggest, most expensive Fortinet units. They still don't have that. I think now we're on software version 6.0, and they still haven't found a solution for QinQ. It isn't a dealbreaker, but that's my main complaint."
"I would like to see improvements with the antivirus and IPS as they are not working properly all the time."
"FortiLink is the interface on the firewall that allows you to extend switch management across all of your switches in the network. The problem with it is that you can't use multiple interfaces unless you set them up in a lag. Only then you can run them. So, it forces you to use a core type of switch to propagate that management out to the rest of the switches, and then it is running the case at 200. It leaves you with 18 ports on the firewall because it is also a layer-three router that could also be used as a switch, but as soon as you do that, you can't really use them. They could do a little bit more clean up in the way the stacking interface works. Some use cases and the documentation on the FortiLink checking interface are a little outdated. I can find stuff on version 5 or more, but it is hard to find information on some of the newer firmware. The biggest thing I would like to see is some improvement in the switch management feature. I would like to be able to relegate some of the ports, which are on the firewall itself, to act as a switch to take advantage of those ports. Some of these firewalls have clarity ports on them. If I can use those, it would mean that I need to buy two less switches, which saves time. I get why they don't, but I would still like to see it because it would save a little bit of space in the server rack."
"The captive portal could be improved."
"Fortinet FortiGate is a firewall solution and once it's deployed, you can rest assured that your system is secure."
"Sophos XG could improve Data Loss Prevention(DLP)."
"SD-WAN needs to be improved because it often fails at the network security level."
"Sophos XG could improve the connectivity with Microsoft 365 or Azure Active Directory(AD). It doesn't work directly as other solutions do, such as Fortinet FortiGate. The client needs a separate AD server which is a problem."
"Sophos XG's web server protection and log viewer could improve. They should also introduce sandboxing."
"Technical support is difficult to access."
"Some of the firewall rules are complicated for us to understand, they should be simplified."
"I would like to see in future releases a tool to scan for malicious packets and give the location of where they are coming from."
"The reporting could be improved in this solution by adding more details."
More Cisco Firepower NGFW Firewall Pricing and Cost Advice →
Fortinet FortiGate is ranked 1st in Firewalls with 166 reviews while Sophos XG is ranked 6th in Firewalls with 141 reviews. Fortinet FortiGate is rated 8.4, while Sophos XG is rated 8.0. The top reviewer of Fortinet FortiGate writes "Stable, easy to set up, and offers good ROI". On the other hand, the top reviewer of Sophos XG writes "Light and stable with excellent real-time control ". Fortinet FortiGate is most compared with pfSense, Cisco ASA Firewall, Check Point NGFW, Meraki MX and SonicWall TZ, whereas Sophos XG is most compared with pfSense, OPNsense, Palo Alto Networks NG Firewalls, Meraki MX and SonicWall NSa. See our Fortinet FortiGate vs. Sophos XG report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hi,
If I look at it only from the point of view of analytics and performance, I lean towards Fortinet, but if I look at it at the service level and with the possibility of being part of an even larger project, this is when I don't see competitors for Fortinet and I mean the component. of after-sales services, the local presence in my country has come from less to more, which makes the difference when choosing a partner to work with.
FortiGate. Fortinet is in Gartner Leader Magic Quadrant (MQ).
Sophos is in Niche Player Quadrant if I remember right.
You can never go wrong picking a vendor in the Gartner Leader MQ. Show the Gartner MQ to your leadership to get them on board too.