Palo Alto Networks NG Firewalls vs Sophos XG comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary
Updated on Apr 10, 2022

We performed a comparison between Palo Alto Networks and Sophos XG based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Some Palo Alto Networks users say the initial setup is straightforward, while others say it is complex. Most Sophos XG users say that the initial setup is straightforward.
  • Features: Reviewers of both products are happy with their stability, security, and scalability. Palo Alto Networks users say that it performs well and is easy to use. Several Palo Alto Networks users would like to see the solution’s logging and reporting improved. Sophos XG users say it is user-friendly and has good reporting and VPN features. A few users note that the user-interface is outdated.
  • Pricing: Palo Alto Networks reviewers feel that it is an expensive product. In contrast, most Sophos XG users feel that the price of the product is fair.
  • ROI: Reviewers of both products report seeing an ROI.
  • Service and Support: Palo Alto Networks reviewers are satisfied with the level of support they receive. Many Sophos XG users say that the support is good, but some say it could improve.

Comparison Results: Palo Alto Networks comes out on top in this comparison. It is robust, performs well, and has good support. Sophos XG does, however, do better in the Pricing and Ease of Deployment categories.

To learn more, read our detailed Palo Alto Networks NG Firewalls vs. Sophos XG Report (Updated: May 2023).
709,643 professionals have used our research since 2012.
Q&A Highlights
Question: Which is better - Palo Alto Networks NG Firewalls or Sophos XG?
Answer: As a Sophos specialist, I can tell you that XG Firewall will cover all that you'll need with a more affordable way.Sophos XG firewall will not disappoint you with its performance, resources or features.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The content filtering is good.""The VPN feature is the most valuable to us because it accomplishes the task well. We're able to do everything we need to do.""I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection.""It brings us the ability to work from anywhere and has allowed us to work remotely without having to incur a lot of other costs. If we didn't have this type of solution, since we have so many on-prem services that are required, we would have likely lost money and been unable to deliver. We have a video services team who helped build the content for our sporting events. When you are watching a Leaf game and those swipes come by as well as the clips and things, those are all generated in-house. Without the ability to access our on-premise resources, we would have been dead in the water. So, the return on that is pretty impressive.""The user interface is very easy to manage and find rules. You can do object searches, which are very easy. Also, the logging is very simple to use. So, it is a lot easier to troubleshoot and find items inside the firewall.""Web filtering is a big improvement for us. The previous version we used, the AC520, did not have that feature included. It was not very easy for us, especially because the environment had to be isolated and we needed to get updates from outside, such as Windows patches. That feature has really helped us when we are going outside to pull those patches.""Cisco's engineer helped us with a lot of scripting to see what existed. Previously, we didn't have a proper policy. In fact, we didn't have any policy because we didn't have any firewall for the data center, so generating a policy was a big challenge. Cisco's engineer helped us to do some scripting and find out what kind of policy we can have and organize those policies. That was nice.""I work with Cisco and other partners, but the Cisco team is the best team in our country. When I call them, they always help us."

More Cisco Secure Firewall Pros →

"The application awareness feature that recognizes application IDs and vulnerability protection are Palo Alto Networks NG Firewalls' most valuable features.""It has a unique approach to packet processing. It has single-pass architecture. We can easily perform policy lookups, application decoding, and integration or merging. This can be all done with a single pass. It effectively reduces the amount of processing required to perform multiple actions. This is the main advantage of using Palo Alto.""Most of the features in Palo Alto are very valuable.""It's very important that Palo Alto NG Firewalls embed machine learning into the core of the firewall to provide inline, real-time attack prevention. That increases our security posture... The firewall is able to capture it and flag it and it is easy to mitigate as soon as we see something like that happening, to secure the environment more, in real time.""In general, I appreciate the regular firewall function of Palo Alto Networks NG Firewalls.""Palo Alto Networks NG Firewalls provide a unified platform that natively integrates all security capabilities.""The first time I came across these firewalls, what surprised me the most was their web user interface. It is complete and gives you a lot of information. You can do 80% of the things related to your network and firewall through the web UI. In some of the other devices, the UI is not as complete. App-ID is also very valuable in customer networks. When you're seeing a lot of traffic in your network, you can see in your web UI which users have the applications that are consuming the most bandwidth. You have a broad context, which is very good.""The application IDs, application controls, URL filtering, visibility, monitoring, and reporting are the most valuable features."

More Palo Alto Networks NG Firewalls Pros →

"The product offers many great features.""The most valuable features are the reporting, dashboards, and graphical user interface. It gives a good overall picture of what is happening over the network.""I like the functionality and the user interface.""The VPN is easy and has good logging, monitoring and notifications.""A valuable feature involves the solution's manageability.""The security of the solution, thanks to the built-in unified threat management, is one of its most valuable features. Plus, one single pane of glass is all you need to manage the whole solution, and web management can be done from anywhere.""Sophos firewalls are scalable. They are pretty strong in security. So, when they provide any kind of firewall, they provide all the features such as anti-spam, antivirus, etc.""The most valuable features are its nice interfaces and configuration. The endpoint is also very good."

More Sophos XG Pros →

Cons
"The most valuable features of the product are the VPN and the NextGen firewall features such as application control, URL filtering, etc.""Setting firewall network rules should be more straightforward with a clearer graphical representation. The rule-setting method seems old-fashioned. The firewall and network rules are separate from the Firepower and web access rules.""The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore.""We would like to be able to manage a set of firewalls rather than individual firewalls. We haven't really looked into it or yet implemented it, but a single pane of glass would be helpful. We also use another vendor's firewalls, and they have a centralized management infrastructure that we have implemented, which makes it a little bit easier when you're managing lots of firewalls.""The reporting and other features are nice, but there is an issue with applying the configuration. That part needs some improvement.""I would like to see more configurable feature parity with Cisco ASA, which is the legacy product that Cisco is moving away from. When configuring remote access VPN, not all of the options are there. You have to download another tool, which means that the configuration takes a little bit longer with Cisco Secure Firewall. Though it's getting there, there are still some features lagging behind.""We have seen some bugs come up with Cisco Secure Firewall in terms of high availability. The solution should be improved to avoid these bugs.""It doesn't have Layer 7 security."

More Cisco Secure Firewall Cons →

"Palo Alto is like Microsoft. It has varied features, but it's too technical. A lot of the features could be simplified. The procedure, process, features, and usability could be more simple.""The areas that need to improve are network protection and user identification.""Unfortunately, Palo Alto Networks products aren't cheap, but you have to pay the price for good security technology. I don't know the exact price, but it's about $10,000 to $15,000 without a subscription. Cisco is priced similarly. FortiGate is inexpensive in Poland, so a lot of customers prefer that.""The solution doesn't support routing in virtual firewall creation, and we want that to be enabled.""The only problem that I see with the Palo Alto NGFW being an all-in-one appliance is that because of the different features that are being put into a single appliance, the OS tends to be beefier. Over the eight years, we have seen that the number of features or analyses being put into the appliance itself has a tendency to slow down the appliance, especially at the time of bootup. So, any time we are doing maintenance work, the time required for the appliance to boot up and be fully functional again is significantly longer than eight years ago. They could find a way to make this all-in-one appliance faster.""It's too expensive.""When we looked at it originally, we needed to host the Panorama environment ourselves. I would prefer it if we could take this as a service. It might be that it is available, but for some reason we didn't choose it. The downsides of hosting are that we need to feed and water the machines. We are trying to move to a more SaaS environment where we have less things in our data centers, whether they be in our cloud data centers or physical data centers, which can reduce our physical data center footprint.""From a documentation standpoint, there is room for improvement. Even Palo Alto says that their documentation is terrible."

More Palo Alto Networks NG Firewalls Cons →

"Over the last six months, we have noticed that the hardware is slow, especially the VPN connections.""It would be better if they made their own hardware like Palo Alto and Fortinet. They use their own ASICs and claim it is more secure.""The security of Sophos XG could be improved.""The user interface could be improved and more bandwidth management would be helpful.""Fortinet surpasses Sophos in terms of support, particularly with its comprehensive five-one feature console.""For the moment, managing the Sophos interface is a little bit challenging.""The current bandwidth consumption is no longer shown in the XG and XGS.""Sophos XG could improve by being more stable and for it to be able to be used for large enterprises."

More Sophos XG Cons →

Pricing and Cost Advice
  • "This solution is expensive and other solutions, such as FortiGate, are cheaper."
  • "Its pricing is good and competitive. There is a maintenance cost. It includes SecureX that makes it cost-effective as compared to the other solutions where you have to pay for XDR and SOAR capabilities."
  • "When we are fighting against other competitors for customers, whether it is a small or big business, we feel very comfortable with the price that Firepower has today."
  • "Pricing is the same as other competitors. It is comparable. The licensing has gotten better. It has been easier with Smart Licensing."
  • "It is expensive. There is a cost for everything. There is per year license cost and support cost. There is also a cost for any training, any application, and any resource. Things are very costly to do with Cisco. Other brands are cheaper. They are also more flexible in terms of training, subscription, and licensing. They give lots and lots of years free. They provide more than Cisco."
  • "When we bought it, it was really expensive. I'm not aware of the current pricing. We had problems with licensing. After our IPS subscription ended, we couldn't renew it because Cisco was moving to the next-generation firewall platform. So, they didn't provide us with the new license."
  • "Its price is moderate. It is not too expensive."
  • "I like its licensing because you buy the license once, and it is yours. We don't have to go for a subscription. So, I liked how they licensed Cisco ASA. Our clients are also very satisfied with its licensing model."
  • More Cisco Secure Firewall Pricing and Cost Advice →

  • "The price of the solution is on the higher side compared to competitors."
  • "We are on an annual license for this solution. I am happy with the price and when comparing it to other solutions it is priced competitively."
  • "Definitely look into a multi-year license, as opposed to a single-year. That will definitely be more beneficial in terms of cost... Palo Alto is definitely not the cheapest, but if you scale it the right way it will be very comparable to what's out there."
  • "Cheap and faster are the opposite sides of security. Security inspections have some technical and money costs. If you just purchase some cheap, fast firewalls, then you will lose a lot of the security features and fraud protection capabilities."
  • "We were very happy when they released the PA-440s. Previously, we had been looking at the PA-820s, which were a bit of overkill for us. Price-wise and capability-wise, the PA-820s hit the nail on the head for us."
  • "Palo Alto is not a cheap solution but it is competitive when it comes to subscriptions."
  • "Active/Passive mode is very redundant, but they require you to buy all the associated licensing for both firewalls, which is kind of a waste of money because you are really only using the services on one firewall at a time."
  • "I am not involved in the commercial side, but I believe that Palo Alto is quite expensive compared to others."
  • More Palo Alto Networks NG Firewalls Pricing and Cost Advice →

  • "The price of the solution is reasonable when comparing it to other solutions."
  • "The cost could be lower especially if you want to add other features."
  • "The product is well priced."
  • "The solution is not expensive since one pays as he goes."
  • "Because we're in education, Sophos gives us a very competitive price for it."
  • "The price is good for the moment."
  • "I don't believe we have a license for this product."
  • "Its price should be better. Initially, the clients have to pay for the appliance. Then, they have to pay for the software that is installed on the appliance. Depending on whether they have a one-year, two-year, or three-year license, they just have to renew the license of the software after it expires. They don't have to renew the appliance license. So, they have to pay for the appliance only once, and after that, they just renew the software license. That's all."
  • More Sophos XG Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
    709,643 professionals have used our research since 2012.
    Answers from the Community
    Netanya Carmi
    Questions from the Community
    Top Answer: When you compare these firewalls you can identify them with different features, advantages, practices and… more »
    Top Answer:One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet… more »
    Top Answer:It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
    Top Answer:Azure Firewall Vs. Palo Alto Network NG Firewalls Both solutions provide stellar stability and security. Azure… more »
    Top Answer:In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it… more »
    Top Answer:Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat… more »
    Top Answer:From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know… more »
    Top Answer:Hi Arvind P ,  The Sophos XG firewall has a number of models right from XG86 to XG135w under the 1U Desktop Form… more »
    Top Answer:The Sophos UTM is a UTM and Sophos XG is the NGFW. First, you must know about the difference between a UTM and NGFW… more »
    Comparisons
    Also Known As
    Cisco ASA Firewall, Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
    Palo Alto NGFW, Palo Alto Networks Next-Generation Firewall, Palo Alto Networks PA-Series
    Learn More
    Overview

    Cisco Secure Firewall, including Firepower, is a powerful perimeter security solution used for network security, data center protection, advanced malware protection, and site-to-site VPNs. Its most valuable features include NGIPS, application visibility and control, VLAN implementations, intrusion prevention, threat defense, and NAT. 

    The solution has helped organizations discover their environment, improve security, implement dynamic policies, reduce operational costs, and protect against threats from outside and within the data center. Overall, Cisco Secure Firewall is a valuable tool for securing organizations and providing visibility into threats.

    Palo Alto Networks NG Firewalls are next-generation firewalls used for security to protect networks from threats and attacks. It is used for perimeter security, data center protection, and managing secure access to environments. 

    The firewall provides application control, malware protection, scalability, stability, user-friendly interface, threat hunt capabilities, application visibility and awareness, URL filtering, traffic monitoring, machine learning for attack prevention, a unified platform for all security capabilities, DNS security, VPN, and embedded machine learning. Palo Alto Networks NG Firewalls is easy to manage, reliable, and balances security and network performance well. It also provides complete visibility through logs and alerting.

    Palo Alto Networks NG Firewalls Features

    Palo Alto Networks NG Firewalls has many valuable key features. Some of the most useful ones include:

    • Secure Application Enablement (App-ID, User-ID, Content-ID)
    • Malware Detection and Prevention (threat prevention service, buffer overflows and port scans, anti-malware capabilities, command-and-control protection, and WildFire)
    • DNS Security (URL filtering, predict and block malicious domains, signature-based protection, extensible cloud-based architecture)
    • Panorama Security Management (including graphical views and analytics, manage rules and dynamic updates, customizable application command center (ACC), log collection mode, physical or virtual appliance)
    • Threat Intelligence (high-fidelity threat intelligence, priority alerts, automatic extraction and sharing of prevention indicators, native integration with Palo Alto Networks products)

    Palo Alto Networks NG Firewalls Benefits

    There are several benefits to implementing Palo Alto Networks NG Firewalls. Some of the biggest advantages the solution offers include:

    • Dedicated management interface for managing and initial configuration of the device
    • Regular threat signatures and updates
    • Import addresses and URL objects from the external server
    • Configure and manage with REST API integration
    • Great throughput and connection speed is fair even in high traffic load
    • Deep visibility into the network activity through Application and Command Control
    • Easy to manage and very user friendly

    Reviews from Real Users

    Below are some reviews and helpful feedback written by Palo Alto Networks NG Firewalls users.

    A Solutions Architect at a communications service provider says, “The product stability and level of security are second to none in the industry. We value the security of our client's infrastructure so these features are valuable to us. An example of a very valuable feature behind Palo Alto is the application-aware identifiers that help the firewall know what its users are trying to do. It can block specific activities instead of just blocking categories. For example, you can block an application, or all unknown applications.”

    PeerSpot user Gerry H., CyberSecurity Network Engineer at a university, mentions that the solution has a “Nice user interface, good support, is stable, and has extensive logging capabilities.” He also adds, “Wildfire has been a very good feature. This solution provides a unified platform that natively integrates all security capabilities, which is 100% important to us. This is a great feature.”

    Eric S., Network Analyst at a recreational facilities/services company, states, "With its single pane of glass, it makes monitoring and troubleshooting a bit more homogeneous. We are not looking at multiple platforms and monitoring management tools. It is more efficient from that perspective. It is more of a common monitoring and control system for multiple aspects of what used to be different systems. It provides efficiency and time savings."

    Sophos XG Firewall is a complete firewall solution that provides all the real-time security and insights you need to protect your network from ransomware and advanced threats. Sophos XG Firewall provides visibility into suspicious users, unknown and unwanted apps, encrypted traffic, and other threats. With its advanced artificial intelligence capabilities, Sophos XG Firewall immediately identifies potential risks and intrusions on web servers and networks.

    Sophos XG Firewall Features

    Sophos XG Firewall offers a wide range of security features, including:

    • Application control: Prevent widespread infections with XG’s Security Heartbeat. XG Firewall automatically identifies the source of an infection on a network and automatically prevents it from accessing other network resources.

    • Synchronized user ID: Eliminate the need for client or server authentication agents by sharing user identification between the endpoint and the firewall through Security Heartbeat.

    • Centralized management: Easily manage all activities with Sophos Central. The XG cloud management platform allows users to easily set up, manage, and monitor XG firewalls along with other Sophos products. Some of Sophos Central’s features include alerting, backup management, one-click firmware updates, and rapid deployments of new firewalls.

    • Lateral movement protection: Automatically isolate compromised systems at every point in the network to stop attacks dead in their tracks.

    • Network protection: Protect networks from attacks and threats while providing secure network access.

    • Web protection: Gain clear visibility and control over all users’ web and application activity.

    • Web server protection: Solidify web servers and applications against hacking attacks while providing secure web access.

    • Email protection: Consolidate email protection with anti-spam, DLP, and encryption. XG’s Live Anti-Spam provides protection from the most recent spam campaigns, phishing attacks, and malicious attachments. Data Loss Prevention automatically triggers encryption on sensitive data in outgoing emails.

    Reviews from Real Users

    Sophos XG Firewall stands out among its competitors, among other reasons, for its intrusion detection capabilities, its user-friendly management platform, and in general, for being a complete and robust firewall solution.

    Niranjan P., a network & system support engineer, writes, “Sophos is a comprehensive solution which allows me to configure all the attendant products, such as Sophos's firewall, endpoint, and encryption features. A nice feature of Sophos is that it offers in sync and heartbeat security. When my clients have a perimeter involving Sophos firewall and endpoints with Sophos Endpoint, they can communicate with each other.”

    Antonio D., sales manager at INFOSEC, notes, “The product has a console that is based in the cloud for all their products. In this console, they have email security, firewall security, endpoint security, et cetera. All of the products on offer in the console are very useful for us. The solution is stable. The solution works well for enterprises and large-scale organizations.”

    Antony M., ICT/HMIS supervisor at a healthcare company, writes, “The VPN feature is the most valuable. It has come in handy during this period when people are working from home. The filtering feature is also valuable because you can easily filter the sites that you don't want to visit. You can also set timely surfing quotas”

    Offer
    Learn more about Cisco Secure Firewall
    Learn more about Palo Alto Networks NG Firewalls
    Learn more about Sophos XG
    Sample Customers
    There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
    SkiStar AB, Ada County, Global IT Services PSF, Southern Cross Hospitals, Verge Health, University of Portsmouth, Austrian Airlines, The Heinz Endowments
    Information Not Available
    Top Industries
    REVIEWERS
    Financial Services Firm15%
    Comms Service Provider13%
    Computer Software Company12%
    Manufacturing Company8%
    VISITORS READING REVIEWS
    Computer Software Company18%
    Comms Service Provider11%
    Educational Organization11%
    Government7%
    REVIEWERS
    Comms Service Provider14%
    Computer Software Company13%
    Financial Services Firm13%
    Educational Organization9%
    VISITORS READING REVIEWS
    Computer Software Company18%
    Government7%
    Financial Services Firm7%
    Comms Service Provider7%
    REVIEWERS
    Manufacturing Company11%
    Financial Services Firm11%
    Healthcare Company9%
    Comms Service Provider8%
    VISITORS READING REVIEWS
    Computer Software Company19%
    Comms Service Provider13%
    Government7%
    Retailer5%
    Company Size
    REVIEWERS
    Small Business35%
    Midsize Enterprise24%
    Large Enterprise41%
    VISITORS READING REVIEWS
    Small Business28%
    Midsize Enterprise22%
    Large Enterprise51%
    REVIEWERS
    Small Business33%
    Midsize Enterprise28%
    Large Enterprise39%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise17%
    Large Enterprise58%
    REVIEWERS
    Small Business62%
    Midsize Enterprise24%
    Large Enterprise14%
    VISITORS READING REVIEWS
    Small Business37%
    Midsize Enterprise20%
    Large Enterprise44%
    Buyer's Guide
    Palo Alto Networks NG Firewalls vs. Sophos XG
    May 2023
    Find out what your peers are saying about Palo Alto Networks NG Firewalls vs. Sophos XG and other solutions. Updated: May 2023.
    709,643 professionals have used our research since 2012.

    Palo Alto Networks NG Firewalls is ranked 5th in Firewalls with 85 reviews while Sophos XG is ranked 7th in Firewalls with 73 reviews. Palo Alto Networks NG Firewalls is rated 8.8, while Sophos XG is rated 8.2. The top reviewer of Palo Alto Networks NG Firewalls writes "Provides zero trust implementation, more visibility, and eliminated security holes". On the other hand, the top reviewer of Sophos XG writes "Secure, duel switch capabilities, and good support". Palo Alto Networks NG Firewalls is most compared with Azure Firewall, Check Point NGFW, Meraki MX, Fortinet FortiGate and Sophos UTM, whereas Sophos XG is most compared with Fortinet FortiGate, pfSense, OPNsense, Sophos XGS and SonicWall TZ. See our Palo Alto Networks NG Firewalls vs. Sophos XG report.

    See our list of best Firewalls vendors.

    We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.