Try our new research platform with insights from 80,000+ expert users

OPNsense vs Sophos XG comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 5, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Fortinet FortiGate
Sponsored
Ranking in Firewalls
2nd
Average Rating
8.4
Reviews Sentiment
7.2
Number of Reviews
317
Ranking in other categories
Software Defined WAN (SD-WAN) Solutions (1st), WAN Edge (1st)
OPNsense
Ranking in Firewalls
3rd
Average Rating
8.2
Reviews Sentiment
7.2
Number of Reviews
39
Ranking in other categories
No ranking in other categories
Sophos XG
Ranking in Firewalls
4th
Average Rating
8.2
Reviews Sentiment
7.0
Number of Reviews
198
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of January 2025, in the Firewalls category, the mindshare of Fortinet FortiGate is 20.3%, up from 17.4% compared to the previous year. The mindshare of OPNsense is 14.5%, down from 18.1% compared to the previous year. The mindshare of Sophos XG is 11.5%, up from 9.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Firewalls
 

Featured Reviews

EhabAli - PeerSpot reviewer
Efficient, user-friendly, and affordable
In the past, NSS Labs was utilized to test files and verify the numbers and datasheets. It would be beneficial to have an organization or testing lab that can verify the numbers in our datasheets since changes are frequently made, which can be inconvenient for review. For instance, when comparing different competitors such as Forcepoint, Palo Alto, and Check Point, the throughput or numbers in the datasheet may be lower than the actual numbers. Conversely, Fortinet typically reports very high numbers, but they cannot be replicated in the real world. Therefore, it would be advantageous for them to partner with a neutral testing organization such as NSS Labs to validate these numbers, thus providing more credibility and comfort to everyone regarding the accuracy of the datasheets. For the migration, everyone has a firewall in use and I am selling Fortinet. Typically, I am replacing another firewall. Previously, there was a tool available to convert configurations from one firewall, such as Palo Alto, to Fortinet, but this tool is no longer free. If it could be made free again, it would be very beneficial. This tool shows a lot of promise and is very good. Making it free would help many companies deliver their products in a more efficient and integrated way. It would also be more valuable to include the tool with the firewall package or license instead of having to pay extra for it. Paying extra puts more pressure on small companies to deliver the firewall and complete the configuration, especially if they have hundreds or thousands of policies. It's very painful to move through these policies line by line. The stability has room for improvement. When it comes to Secure SD-WAN, everything is fine. They are going the right way. SD-WAN is very promising. They can provide the SD-WAN solution separately, but they will not take this approach because even the smallest firewall can support the features, so there is no need to have a separate service or appliance. They are following the right steps, and there is nothing to be improved. Feature-wise, I'm really satisfied with the new release, and the features they have added. For now, it's fine.
Eddy Ramirez - PeerSpot reviewer
Good interface and firewall capabilities and overall easy to use
The security has improved as we can isolate the network. We can do attrition prevention via a tool that comes with the solution. We can have a VPN solution in place for those that work from home, outside the network, in a secure manner. We also like that it offers good authentication. It offers radius-based authentication, which has been useful for the company. The main platform is under the Open VPN firewall. The solution has high availability. When we have different ISPs, we can actually load balance those links or actually put some priority or even classify the traffic that might go into one ISP or another.
SherifFouad - PeerSpot reviewer
Gives us customizable policies, modifiable templates, and customized rules for single users
The major problem that I am facing, and I know that others are facing as well, is with the HTTPS classic, in general, or any classic that works on Secure Socket Layers. Let's say I set up a rule to block users from accessing YouTube or Facebook. The rule will only block the HTTP traffic, which is non-secure traffic. But most websites right now, most of the reputable web services providers, for extra security for their own web servers and for the user's security, provide a connection over Secure Socket Layer. The problem comes when you are trying to block, or allow, similar traffic that uses HTTPS. You have to create a certificate and import it into the users' web browsers, whatever they are using. Now, this is not a problem when you're dealing with users stationed and fixed in a specific site or location. They are using desktops, they will never take the desktops and go home with them, nor will they ever take the desktops and travel to another country, or another site with it. The problem occurs when you're dealing with roaming users who use laptops and have to move between different sites that have different types of policies applied to them. You have to import all sorts of certificates from each site into their browser. Doing so will most probably conflict with something else that is totally irrelevant and cause a problem. A way around this is if you are using authentication with Active Directory. But most of the time, especially if you're operating in a remote site with a very slow internet connection, if it's available in the first place, authentication with Active Directory is impossible. So it needs an easier way to apply HTTPS filters, without importing certificates into users' browsers and without the need for using an Active Directory. There must be a way around it. There are workarounds. But with applied workarounds, it will work out once, it won't work out properly 10 other times. That is my only request. Also, since Sophos took over Cyberoam, the online technical library and support library have become super messy. To get a piece of information is becoming a nightmare. They need to reorganize the online technical support and technical library. The easiest way to overcome this is to look at how the Cyberoam online technical library was structured and to build the Sophos technical library the same way. It is messy, totally unorganized, time-wasting. Instead of getting what you want in five minutes it takes half an hour.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"From the firewall perspective, the rules and policies are very sufficient and easy to use."
"Their interface is very easy to use, it is without bugs."
"The most important features with FortiGate are the web filter and application controls. We can control our internet usage and use the web filter for application purposes."
"Fortinet FortiGate's ease of management is the most valuable feature."
"Fortinet FortiGate is easy to use."
"The initial setup is very straightforward and easy, with wizards helping to configure the device efficiently."
"Fortinet FortiGate appears to be scalable."
"It is useful for protecting and segregating the internal networks from the internet. Most of our customers also use the FortiGate client to connect to their offices by using the VPN client, and of course, they usually activate the antivirus, deep inspection, and intrusion prevention services. They are also using it for web filtering and implementing various policies dealing with forwardings, NAT, etc."
"I feel that its valuable features are that it is simple and free."
"What I like the most about OPNsense is that it offers an easy-to-use dashboard for device management and control."
"The most valuable features in OPNsense are reporting and visibility."
"The initial setup is easy. It only takes 15-30 minutes to deploy."
"It has an open license. It works very well, and there is an update every month."
"It is a very good solution. I like the dashboard. I can see what is going on and manage it as I like it."
"OPNsense is highly stable."
"We can open a new VPN connection easily. It's much easier than with Fortinet in our experience."
"The most useful aspect of the solution is the concept of integrated security."
"The user interface is very good."
"The solution was able to be integrated well with exciting hardware and software and in multiple business sectors."
"There are many valuable features."
"The most valuable feature is web filtering."
"Orchestration of the firewall is the most valuable feature. It is a fast and agile solution. It is good with protection. It is also very easy to deploy and manage, and its user interface is easy to use."
"The scalability of Sophos XG is good."
"Technical support is responsive."
 

Cons

"The user interface could be improved to make it less confusing and easier to set up."
"The web-cache feature which was previously on the FortiGate device, but was deleted with the recent upgrade should be returned. It was a very valuable feature for us."
"FortiGate can improve its token system, as it requires a purchase before use."
"To the best of my knowledge, Fortinet does not have a CASB solution and Fortinet does not have a Zero trust solution."
"We'd like more management across other integrations."
"Some of the software stability could improve."
"The solution is very expensive."
"Lacks sufficient security options."
"The solution would not be suitable for anything large-scale."
"The user interface could be improved, and the DNS section should be more intuitive."
"They should improve IPEs for security in the future."
"While they do have paid options that actually gives better features, for most of the clients, if they tend to take a paid option will instead opt for Fortinet."
"The solution could be more secure."
"SD-WAN (software-defined wide area network) is integrated into some restricted service providers for OPNSense."
"I would like to see better SD-WAN performance."
"I would like better documentation concerning the provided packages and their integration."
"We recently did an upgrade on the Sophos XG firmware and we were surprised that after the upgrade, the automatic switch actually we were using did not work anymore."
"All of the options should be available when I renew my subscription for the year. As it is now, there are some limitations."
"The support from the vendor needs to be improved."
"On reports, they sometimes give a summary, but it lists different users as unknown. There are times that I really want to know which user or which IP is causing a problem."
"Some of the firewall rules are complicated for us to understand, they should be simplified."
"The two main areas where this product needs improvement are routing and reporting."
"Over the last six months, we have noticed that the hardware is slow, especially the VPN connections."
"XG is at its end of life. People are moving to XGS."
 

Pricing and Cost Advice

"It was worth the money overall. It's good value."
"It is cost-effective, and provides a good value for your money. The pricing, and license renewal, is very reasonable for us."
"They need to be competitive with other solutions."
"For medium and enterprise organizations, FortiGate is more affordable."
"The price of FortiGate is average and I would say that based on the top five products available on the market, it is in the affordable range."
"The pricing is very reasonable."
"The price depends on the size of the company. From the beginning, you just want to know the internet bandwidths, speed, and the number of users to be able to offer the right product and model. They have a lot of products in FortiGate according to the size of the company, like 200D and 300D."
"The price is okay."
"It is free."
"We are using the paid version."
"I've used the free version. My computer with two network cards at home allows me to try as many different software options as I want. I did pay for the license, but it was for the Zenarmor license, which is the packet inspection tool. They use AI for packet inspection, which integrates with OPNsense and pfSense."
"OPNsense is a well known open-source tool."
"It is open source and free."
"The price of OPNsense is good."
"I'm using the free version of OPNsense. I didn't check the pricing for the solution because I still need to test it before getting the approval to purchase OPNsense, and it isn't easy to get approval from the higher-ups."
"It's not expensive."
"There is no need to get one edition, just the licensing, as we are talking about a common bundle which encompasses all the features."
"The price of Sophos is reasonable. It's not too expensive — I think it's worth it."
"The price is reasonable"
"There is no license required to use this solution."
"It is fairly priced."
"The product is well priced."
"The price of the solution is reasonable when compared to the market."
"I paid for a license for the solution for three years costing approximately $11,000. Additionally, I received the Web Appliance fee for paying for the full licencing."
report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
831,369 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
22%
Computer Software Company
14%
Comms Service Provider
6%
Manufacturing Company
6%
Computer Software Company
16%
Comms Service Provider
11%
Government
8%
Educational Organization
7%
Computer Software Company
17%
Comms Service Provider
8%
Manufacturing Company
7%
Financial Services Firm
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?
When you compare these firewalls you can identify them with different features, advantages, practices and usage a...
What is the biggest difference between Sophos XG and FortiGate?
From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...
What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?
As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...
What is the difference between PfSense and OPNsense?
Two of the most common and well recognized firewalls, PfSense and OPNsense both support site-to-site IPsec VPN and cl...
What do you like most about OPNsense?
What I like the most about OPNsense is that it offers an easy-to-use dashboard for device management and control.
What is your experience regarding pricing and costs for OPNsense?
I consider the pricing of OPNsense to be high when compared with other market products. However, as a free firewall p...
Which is better - Palo Alto Networks NG Firewalls or Sophos XG?
Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat si...
What are the main differences in features between Sophos XG and FortiGate 80F?
Hi Arvind P , The Sophos XG firewall has a number of models right from XG86 to XG135w under the 1U Desktop Form Fact...
What Is The Biggest Difference Between Sophos UTM and Sophos XG?
The Sophos UTM is a UTM and Sophos XG is the NGFW. First, you must know about the difference between a UTM and NGFW. ...
 

Comparisons

 

Also Known As

FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate, Fortinet Firewall
No data available
No data available
 

Overview

 

Sample Customers

Amazon Web Services, Microsoft, IBM, Cisco, Dell, HP, Oracle, Verizon, AT&T, T-Mobile, Sprint, Vodafone, Orange, BT Group, Telstra, Deutsche Telekom, Comcast, Time Warner Cable, CenturyLink, NTT Communications, Tata Communications, SoftBank, China Mobile, Singtel, Telus, Rogers Communications, Bell Canada, Telkom Indonesia, Telkom South Africa, Telmex, Telia Company, Telkom Kenya
1. Deciso B.V. 2. iXsystems, Inc.  3. EuroBSDCon  4. Netgate  5. Claranet  6. Voleatech  7. Open Systems AG  8. Securebit AG  9. Proxmox Server Solutions GmbH  10. AVM Computersysteme Vertriebs GmbH  Additional customers include: T-Systems International GmbH, Deutsche Telekom AG, Vodafone GmbH, 1&1 IONOS SE, OVHcloud, Hetzner Online GmbH, Strato AG, PlusServer GmbH, Host Europe GmbH, United Internet AG, 1&1 Versatel Deutschland GmbH, QSC AG, Bechtle AG, Cancom SE, Computacenter AG & Co. oHG, T-Systems Multimedia Solutions GmbH, Atos SE, Capgemini SE, Accenture plc, IBM Corporation, Hewlett Packard Enterprise Company, Cisco Systems, Inc.
Information Not Available
Find out what your peers are saying about OPNsense vs. Sophos XG and other solutions. Updated: January 2025.
831,369 professionals have used our research since 2012.