We performed a comparison between Palo Alto Networks and Sophos XG based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Palo Alto Networks comes out on top in this comparison. It is robust, performs well, and has good support. Sophos XG does, however, do better in the Pricing and Ease of Deployment categories.
"We've found the solution to be pretty stable."
"The main reason why I purchased the particular unit was that it had good reviews and what other people were saying as far as its completeness and its leading capabilities in terms of endpoint security was very good."
"The most valuable features of Fortinet FortiGate are the ease of use and there are several operating systems that can include the hardware capacities. In the newer releases, the resources were more useful because they were included in the operating system."
"It has very easy management and an amazing ETM configuration."
"This product is definitely scalable."
"The most valuable feature is the bundled subscription, which is IPS, TV and web filtering."
"Web filtering and two-factor authentication are great features."
"The solution is very easy to understand. It's not overly complex."
"They have a good system operator in the firewalls and it provides many tools that they can use to protect their networks."
"The most valuable features are the threat prevention and policy-based routing features."
"The most important part of this solution is its reliability, as it just works without any fancy features."
"One of the best firewalls on the market."
"The WildFire reporting and Cortex XDR platform have huge infrastructures in the cloud that secures the network against threats. So, we have the potential on the system, specifically for users, where we take care of this since the user is the most dangerous. We get reports back from WildFire on a minute-by-minute basis, rather than a daily or weekly update like I used to with different AV vendors. These features can detect viruses and malware more quickly, which is super important."
"It is very scalable."
"I like the architecture because it separates the management plan process and the data plan process."
"Innovative, advanced threat protection is the most valuable feature."
"Valuable features include: the ease of setting up the VPN connection; the fact they have the cloud management option, so I can manage the firewall on a cloud platform from anywhere I am; the user interface is very user-friendly, so it's very easy for the administrator to make any policy changes."
"The performance is good."
"The most valuable feature of this solution is that the license offers everything."
"The solution is a next generation firewall and we have gotten good customer feedback."
"The solution's technical support is good."
"Great reporting feature and great customer support."
"The VPN features and its capabilities are great."
"The features that I have found most valuable are first the Web Filter and the Web Application Firewall SD-Wan on Version 18. Additionally, RED Tunnels allows a Sophos vital to speak to another Sophos vital in headquarters."
"I think there could be more QoS features"
"There is room for improvement related to the logging and reporting aspect."
"The solution could be more evenly structured."
"If they could extend their fabric towards other vendor environments for integration, that would be great."
"At first glance, the interface for the device is very confusing."
"It should come integrated or have its own type of network monitor tool in a module. There should just be one package, and you are good to go."
"The Wi-Fi controller needs a lot of improvement."
"The biggest "gotcha" is that if the client purchases what they call the UTM shared bundle, which has unified threat management on both, it's not as easy to manage if you have more than one firewall."
"Its price can be improved. It is expensive. Other vendors have pre-configured policies for the protection of web servers. Palo Alto has an official procedure for protecting the web servers. Many people prefer pre-configured policies, but for me, it is not an issue."
"Based on the features that I have seen so far, I do not see any room for improvement, but they can improve their CLI documentation. I haven't really seen much when it comes to CLI documentation."
"I wish that the Palos had better system logging for the hardware itself."
"The price could be more friendly, which would be good for Palo Alto and us. If the price were a little lower, then it would be a viable option for mid-level businesses, who may not be able to deploy at the current price point."
"When there was change from IPv4 to IPv6, some of the firewalls still didn't support IPv6. In North America, we have seen most customers are using IPv6, as they are getting the IPv6 IPs from their ISPs. Sometimes, when they go through the firewall, it denies the traffic."
"We have a lot of the older firewall models, i.e., the PA-220. It seems that with newer operating systems the PA-220 is becoming slower than when I first bought it. It is not really an issue for users who are passing traffic through the firewall, but more from the management access of it."
"I think visibility can be improved."
"As part of our internet filtering, we integrate heavily with Active Directory, and we use security groups to separate staff into two groups: those who should have full access to the internet and those who should have limited access. It may be just the way the topology is for our domain controllers and that infrastructure, but at peak usage, there seems to be a delay in reading back against the security group to find out what group the user is in."
"The solution could improve by having better security."
"The user interface could be improved and more bandwidth management would be helpful."
"Integration with Active Directory is not reliable."
"Sophos XG's user interface has some room for improvement."
"For the moment, managing the Sophos interface is a little bit challenging."
"Support for this product is something that is really important, and it needs to improve."
"The VPN has been a persistent problem for us. It's not straightforward to configure."
"I need to open the email to see what it contains and the value of it before I know whether to access it or not."
More Palo Alto Networks NG Firewalls Pricing and Cost Advice →
Palo Alto Networks NG Firewalls is ranked 6th in Firewalls with 161 reviews while Sophos XG is ranked 7th in Firewalls with 191 reviews. Palo Alto Networks NG Firewalls is rated 8.6, while Sophos XG is rated 8.2. The top reviewer of Palo Alto Networks NG Firewalls writes "We get reports back from WildFire on a minute-by-minute basis". On the other hand, the top reviewer of Sophos XG writes "Easy to use and deploy with an improved pricing structure in place". Palo Alto Networks NG Firewalls is most compared with Check Point NGFW, Azure Firewall, Meraki MX, Netgate pfSense and Cisco Secure Firewall, whereas Sophos XG is most compared with Netgate pfSense, OPNsense, Sophos XGS, SonicWall TZ and Meraki MX. See our Palo Alto Networks NG Firewalls vs. Sophos XG report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat signatures and updates. I also appreciate that I can just import addresses and URL objects from the external server. Palo Alto has a dedicated management interface, which makes it easy to manage the device and handle the initial configuration. It has fantastic throughput and its connection speed is pretty fair, even when dealing with a high traffic load. With Palo Alto I can configure and manage with REST API integration. And Palo Alto provides deep visibility into your network activity via Application and Command Control.
Although Palo Alto has great things going for it, there are a few things I dislike about it. For example, when the CPU is 100%, the GUI can take a very long time to respond. Booting time is also time-consuming, and committing the configuration takes more time than I would like it to.
Like Palo Alto, Sophos XG is quick and easy to configure. It is compact in size, and therefore does not weigh a lot either. Similar to Palo Alto as well, it can handle heavy traffic and has a solid performance. A good thing about Sophos XG is that it supports IPsec connection with multiple vendor firewalls. However, I am not impressed with the CLI which is not so useful, and I don’t like that there is no option to import bulk address objects.
Conclusion:
Palo Alto Networks NG Firewalls and Sophos XG are both good products. However, Palo Alto has certain features I really like and that’s why I chose it. For me, Palo Alto’s dynamic address group option is a big advantage because it is a huge time saver instead of having to create address groups manually. Another biggie for me was its DNS Sinkhole feature because it is something I rely on a lot and it is very effective in blocking C2 command control traffic.