IT Central Station is now PeerSpot: Here's why
Cancel
You must select at least 2 products to compare!
Netgate Logo
100,226 views|83,981 comparisons
Sophos Logo
50,234 views|39,348 comparisons
Executive Summary
Updated on April 28, 2022

pfSense vs Sophos XG

We performed a comparison between pfSense vs Sophos XG based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Most pfSense users say that its initial setup is straightforward, but a small percentage say that the setup is complex and requires a higher level of technical expertise. Sophos XG users agree that initial setup is fast and straightforward.

  • Features: Users of both products are satisfied with their scalability, stability, and VPN features. pfSense reviewers say it is robust and performs well, but its user interface needs enhancements. Sophos XG users like its firewall and intrusion detection tools but mention that it lacks integration options.

  • Pricing: pfSense is an open-source solution and is free of charge. Sophos XG reviewers feel that its price is fair.

  • Service and Support pfSense offers commercial support in addition to free online support forums and community support. pfSense reviewers report being satisfied with the level of support they receive. Sophos XG users give mixed reviews for the product’s support. Some users report being satisfied, while others mention a delayed response time.

  • ROI: Users of both solutions report seeing an ROI.

    Comparison Results: pfSense wins out in this comparison. pfSense performs well, is free of charge, and has superior technical support. One area where Sophos XG does come out on top is in the initial setup category.
To learn more, read our detailed Sophos XG vs. pfSense report (Updated: July 2022).
Buyer's Guide
Sophos XG vs. pfSense
July 2022
Find out what your peers are saying about Sophos XG vs. pfSense and other solutions. Updated: July 2022.
620,600 professionals have used our research since 2012.
Q&A Highlights
Question: Comparison between Sophos XG and pfSense as firewalls
Answer: Basically the major difference between Sophos XG Firewall and PFsense is that Sophos is a nextgen firewall based on objects and services and works on layer 7. Instead, Pfsense is a layer 3 firewall based on addresses and ports that is more difficult to block services like Facebook. On Sophos XG firewall you can block these kinds of services easily. There is more information you can find here https://www.sophos.com/en-us/p...
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"You do not have to do everything through a command line which makes it a lot easier to apply rules.""It has a good security level. It is a next-generation firewall. It can protect from different types of attacks. We have enabled IPS and IDS.""There are no issues that we are aware of. It does its job silently in the background.""Firepower has reduced our firewall operational costs by about 25 percent.""I have integrated it for incidence response. If there is a security event, the Cisco firewall will automatically block the traffic, which is valuable.""The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands.""Its Snort 3 IPS has better flexibility as far as being able to write rules. This gives me better granularity.""The most valuable feature would be ASDM. The ability to go in, visualize and see the world base in a clear and consistent manner is very powerful."

More Cisco Firepower NGFW Firewall Pros →

"It is very easy to use. The interface is quite understandable. There is a good community, and I can take over at any time I want. If there is anything wrong with it, I could just reinstall the whole thing and start all over again, and I'll be up again in less than a few minutes""A valuable feature is that the solution is open source.""The solution is very easy to use and configure.""I have found the firewall portion for the blocking most valuable.""The solution is very easy to use and has a very nice GUI.""Content protection, content inspection, and the application level firewall.""The initial setup was simple and fast.""I like the connectivity to the open VPN. It's very smooth."

More pfSense Pros →

"The VPN is easy and has good logging, monitoring and notifications.""If you want to install antivirus and firewalling on endpoints, then Sophos is the best option.""The feature that we find most valuable is the VPN, which ensures that people working remotely have a secure connection.""The simplicity and timely updates.""Sophos Control Center is a good feature. We can monitor everything from the control panel.""The performance of Sophos XG is generally good and it is stable.""The stability of Sophos XG is very good. However, there have been some issues with other weaker models because they are limited in hardware in resources.""The VPN access for users is also a great thing, especially nowadays when working from home."

More Sophos XG Pros →

Cons
"Report generation is an area that should be improved.""We only have an issue with time sync with Cisco ASA and NTP. If the time is out of sync, it will be a disaster for the failover.""One issue with Firepower Management Center is deployment time. It takes seven to 10 minutes and that's a long time for deployment. In that amount of time, management or someone else can ask me to change something or to provide permissions, but during that time, doing so is not possible. It's a drawback with Cisco. Other vendors, like Palo Alto or Fortinet do not have this deployment time issue.""The visibility for VPN is one big part. The policy administration could be improved in terms of customizations and flexibility for changing it to our needs.""Most of the features don't work well, and some features are missing as well.""Deploying configurations takes longer than it should.""We're getting support but there's a big delay until we get a response from their technical team. They're in the USA and we're in Africa, so that's the difficulty. When they're in the office, they respond.""In a future release, it would be ideal if they could offer an open interface to other security products so that we could easily connect to our own open industry standard."

More Cisco Firepower NGFW Firewall Cons →

"It's just not listed as FIPS compliant for where we're at now in government, which is an issue.""It needs to be more secure.""The main problem with pfSense is that it lacks adequate ransomware protection.""I'd like to find something in pfSense that is more specific to URL filtering. We have customers who would like to filter their web traffic. They would like to be able to say to their employees, "You can surf the web, but you cannot get access to Facebook or other social media," or "You can surf the web, but you're not allowed to gamble or watch porn on the web." My technicians say that doing this kind of stuff with pfSense nowadays is not easy. They can implement some filters using IP addresses but not by using the names of the domains and categories. So, we are not able to exclude some categories from the allowed traffic, such as porn, gambling, etc. To do that, we have to use another product and another web filter that uses DNS. I know that there are some third-party products that could work with pfSense, but I'd like the native pfSense solution to do that.""Also, simplifying the rules for the GeoIP. Making it simpler to understand would be an improvement.""We are at the moment looking to use it as a proxy service so that we can limit what websites people go and view and that sort of thing. That's an area I've struggled with a little bit at the moment and it could be a bit easier to set up.""Many people have problems setting up the web cache for the web system.""The integration should be improved."

More pfSense Cons →

"I would want the level of integration to have another device on your network that is also reliable.""Sophos XG's user interface has some room for improvement.""There have been some issues when upgrading. For some reason, parts of the configuration become unconfigured, I then have to reconfigure it. I should not need to keep reconfiguring it after upgrades.""The only area that requires improvement is scalability.""The VPN device could be improved upon.""In the Firewall, the Intrusion Prevention System can be improved.""The initial setup, specifically when activating the license, is a nightmare and is quite difficult.""We feel that the GUI can be improved a bit because it has a lot of information and looks a bit outdated."

More Sophos XG Cons →

Pricing and Cost Advice
  • "Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed."
  • "This product requires licenses for advanced features including Snort, IPS, and malware detection."
  • "This product is expensive."
  • "For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."
  • "The price of Firepower is not bad compared to other products."
  • "The solution was chosen because of its price compared to other similar solutions."
  • "The price is comparable."
  • "It definitely competes with the other vendors in the market."
  • More Cisco Firepower NGFW Firewall Pricing and Cost Advice →

  • "We are using the open-source version, not the commercial one."
  • "It has almost zero cost, and it is open to us. It runs on a small appliance just for a couple of 100 bucks, and I've never had an appliance burn out on me yet."
  • "It is open source."
  • "I spent a couple of $1,000 on hardware, and the OS was free. A comparable firewall would cost me probably 20 grand. It saved a lot of money."
  • "I like the fact that it is open-source."
  • "The pricing is lower than some of its competitors."
  • "pfSense is open-source."
  • "We are using the open-source version which is free. We are testing the solution to see if we are going to go to the enterprise version which requires a license and is not free."
  • More pfSense Pricing and Cost Advice →

  • "The pricing is flexible. Sophos looks at a country's economy and offers flexible pricing. This is how they have managed to penetrate the market."
  • "It's approximately $6,000 for each device."
  • "It is not expensive, it's a reasonable price,"
  • "The issue of a recurring license is a hassle because every year, we have to subscribe."
  • "It is not very expensive."
  • "We prepaid in advance to get the max discount."
  • "Sophos XG isn't expensive compared to Check Point."
  • "The price is in the mid-range and it is very good for small to medium-sized businesses."
  • More Sophos XG Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
    620,600 professionals have used our research since 2012.
    Questions from the Community
    Top Answer: When you compare these firewalls you can identify them with different features, advantages, practices and… more »
    Top Answer: The Cisco Firepower NGFW Firewall is a very powerful and very complex piece of anti-viral software. When one considers… more »
    Top Answer:It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
    Top Answer:You don't really specify what type of router you are looking for but if you are talking about a gateway router I… more »
    Top Answer:Fortinet’s Fortigate is a firewall solution we use and are very much satisfied with its performance. We find Fortigate… more »
    Top Answer:Two of the most common and well recognized firewalls, PfSense and OPNsense both support site-to-site IPsec VPN and… more »
    Top Answer:From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know… more »
    Top Answer:Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat… more »
    Top Answer:Hi Arvind P ,  The Sophos XG firewall has a number of models right from XG86 to XG135w under the 1U Desktop Form… more »
    Comparisons
    Also Known As
    Cisco Firepower NGFW, Cisco Firepower Next-Generation Firewall, FirePOWER, Cisco NGFWv
    Learn More
    Netgate
    Video Not Available
    Overview

    Cisco Firepower Next-Generation Firewall (NGFW) is a firewall that provides capabilities beyond those of a standard firewall and delivers comprehensive, unified policy management of firewall functions, application control, threat prevention, and advanced malware protection from the network to the endpoint.

    Cisco NGFW Firewalls include advanced threat defense capabilities to meet diverse needs, from small offices to high-performance data centers and service providers, and are deployed in leading private and public clouds. Available in a wide range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Cisco NGFW firewalls are also available with clustering for increased performance, high availability configurations, and more.

    Key Features of Cisco NGFW Firewalls

    • Breach prevention and advanced security: Prevent attacks before they get inside. Cisco provides its firewalls with the latest intelligence to stop emerging threats and employs filtering to enforce policies on hundreds of millions of URLs. Cisco NGFW offers built-in sandboxing and advanced malware protection that continuously analyzes file behavior to quickly detect and eliminate threats.

    • Comprehensive network visibility: Constantly monitor your network so you can rapidly spot and stop bad behavior. Cisco NGFW provides a holistic view of all activity and provides a clear picture of threat activity across users, hosts, networks, and devices, as well as information on threats and website, application, and VM activities.

    • Flexible management and deployment options: Centrally deploy, customize, and manage all your appliances.

    • Fast detection: Detect threats in seconds and detect the presence of a successful breach within hours or minutes. Cisco NGFW allows you to deploy consistent policy that's easy to maintain, with automatic enforcement across all the different parts of your organization.

    • Automation and product integrations: Seamlessly integrate with Cisco tools and automatically share threat information, event data, policy, and contextual information with email, web, endpoint, and network security tools. Cisco NGFW automates security tasks like impact assessment, policy management and tuning, and user identification.

    Reviews from Real Users

    Cisco NGFW stands out among its competitors for a number of reasons. Two major ones are its extensive discovery abilities that enable you to constantly see what is happening on your network and take action when necessary, and the high level of protection it provides.

    Mike B., a director of IT security at a wellness & fitness company, writes, "It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective."

    Zhulien K., the lead network security engineer at TechnoCore LTD, notes, " The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy. Again, with that being said, I cannot shy away from giving kudos to all of the other features such as AVC (Application Visibility and Control), SSL Decryption, Identity policy, Correlation policy, REST API, and more. All of the features that are incorporated in the Cisco Firepower NGFW are awesome and easy to configure if you know what you are doing. Things almost always work, unless you hit a bug, which is fixed with a simple software update. "

    pfSense is a free and open-source operating system for routers and firewalls, and is typically configured as DHCP server, DNS server, WiFi access point, VPN server, all running on the same hardware device. It is operated through a user-friendly web interface, making administration easy even for users with limited networking knowledge.

    In addition, pfSense is feature-rich, has a mature platform, is customizable, is flexible by design, and can be used on a small home router as well as run the entire network of a large corporation. pfSense puts you in control of your networking, is regularly updated, and works to promptly patch security issues. pfSense has recently become the favored alternative to the industry leader, Cisco.

    pfSense is:

    • Robust
    • Powerful
    • Easy to use
    • Secure
    • Scalable

    pfSense Key Features

    pfSense has many key features and capabilities, including:

    • Strength and accuracy: pfSense is able to always follow either default or custom rules, making it a stronger firewall than some of its competitors. It also filters traffic separately, whether it’s coming from your internal network of devices or the open internet, allowing you to set different rules and policies for each.

    • Flexibility: pfSense can work both as a basic firewall and as a complete security system because it gives you the flexibility to integrate additional features as code where necessary.

    • Open-source: Because it is open-source, not only is pfSense free to use, but community members can contribute to the code to make it a better software.

    • User-friendly: Usually firewall products are not user-friendly because they often include complex settings, options, and features that require fine-tuning. pfSense’s interface is simple, direct, and easy to use.

    • WireGuard Support: Instead of building your own VPN using pfSense, or settling for a commercial VPN provider, you can directly integrate WireGuard with the pfSense firewall.

    • Speed Management and Fault Tolerance: pfSense’s multi-WAN feature allows your system to continue operating in case components fail.

    • Well-supported: pfSense regularly has security and feature updates. It also has a documentation site and a well-informed and knowledgeable support forum.

    Reviews from Real Users

    Below is some feedback from PeerSpot Users who are currently using the solution.

    Bojan O., CEO at In.sist d.o.o., says, “The classic features, such as content inspection, content protection, and the application-level firewall, are the most important."

    Another PeerSpot user, a chef at a media company, explains what he finds most valuable about pfSense: "The plugins or add-ons are most valuable. Sometimes, they are free of charge, and sometimes, you have to pay for them, but you can purchase or download very valuable plugins or add-ons to perform internal testing of your network and simulate a denial-of-service attack or whichever attack you want to simulate. You can also remote and monitor your network and see where the gap is."

    T.O., a VP of Business Development at a tech services company, mentions, "What I found most valuable is the cost of the platform, the flexibility of the platform, and the fact that the ongoing fees are not there as they are with the competitor."



    Sophos XG Firewall is a complete firewall solution that provides all the real-time security and insights you need to protect your network from ransomware and advanced threats. Sophos XG Firewall provides visibility into suspicious users, unknown and unwanted apps, encrypted traffic, and other threats. With its advanced artificial intelligence capabilities, Sophos XG Firewall immediately identifies potential risks and intrusions on web servers and networks.

    Sophos XG Firewall Features

    Sophos XG Firewall offers a wide range of security features, including:

    • Application control: Prevent widespread infections with XG’s Security Heartbeat. XG Firewall automatically identifies the source of an infection on a network and automatically prevents it from accessing other network resources.

    • Synchronized user ID: Eliminate the need for client or server authentication agents by sharing user identification between the endpoint and the firewall through Security Heartbeat.

    • Centralized management: Easily manage all activities with Sophos Central. The XG cloud management platform allows users to easily set up, manage, and monitor XG firewalls along with other Sophos products. Some of Sophos Central’s features include alerting, backup management, one-click firmware updates, and rapid deployments of new firewalls.

    • Lateral movement protection: Automatically isolate compromised systems at every point in the network to stop attacks dead in their tracks.

    • Network protection: Protect networks from attacks and threats while providing secure network access.

    • Web protection: Gain clear visibility and control over all users’ web and application activity.

    • Web server protection: Solidify web servers and applications against hacking attacks while providing secure web access.

    • Email protection: Consolidate email protection with anti-spam, DLP, and encryption. XG’s Live Anti-Spam provides protection from the most recent spam campaigns, phishing attacks, and malicious attachments. Data Loss Prevention automatically triggers encryption on sensitive data in outgoing emails.

    Reviews from Real Users

    Sophos XG Firewall stands out among its competitors, among other reasons, for its intrusion detection capabilities, its user-friendly management platform, and in general, for being a complete and robust firewall solution.

    Niranjan P., a network & system support engineer, writes, “Sophos is a comprehensive solution which allows me to configure all the attendant products, such as Sophos's firewall, endpoint, and encryption features. A nice feature of Sophos is that it offers in sync and heartbeat security. When my clients have a perimeter involving Sophos firewall and endpoints with Sophos Endpoint, they can communicate with each other.”

    Antonio D., sales manager at INFOSEC, notes, “The product has a console that is based in the cloud for all their products. In this console, they have email security, firewall security, endpoint security, et cetera. All of the products on offer in the console are very useful for us. The solution is stable. The solution works well for enterprises and large-scale organizations.”

    Antony M., ICT/HMIS supervisor at a healthcare company, writes, “The VPN feature is the most valuable. It has come in handy during this period when people are working from home. The filtering feature is also valuable because you can easily filter the sites that you don't want to visit. You can also set timely surfing quotas”

    Offer
    Learn more about Cisco Firepower NGFW Firewall
    Learn more about pfSense
    Learn more about Sophos XG
    Sample Customers
    Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield
    Nerds On Site Inc., RKC Development Inc., Expertech, Fisher's Technology, Ncisive, Consulting, CPURX, Vaughn's Computer House Calls, Imeretech LLC, Digital Crisis, Carolina Digital Phone, Technigogo Technology Services, The Simple Solution, SwiftecITInc, Rocky Mountain Tech Team, Free Range Geeks, Alaska Computer Geeks, Lark Information Technology, Renaissance Systems Inc., Cutting Edge Computers, Caretech LLC, GoVanguard, Network Touch Ltd, P.C. Solutions.Net, Vision Voice and Data Systems LLC, Montgomery Technologies, Techforce, Concero Networks, ASONInc, CPS Electronics and Consulting, Darkwire.net LLC, IT Specialists, MBS-Net Inc., VOICE1 LLC, Advantage Networking Inc., Powerhouse Systems, Doxa Multimedia Inc., Pro Computer Service, Virtual IT Services, A&J Computers Inc., Envision IT LLC, CommunicaONE Inc., Bone Computer Inc., Amax Engineering Corporation, QPG Ltd. Co., IT 101 Inc., Perfect Cloud Solutions, Applied Technology Group Inc., The Digital Sun Group LLC, Firespring
    Information Not Available
    Top Industries
    REVIEWERS
    Comms Service Provider19%
    Financial Services Firm17%
    Government13%
    Non Profit6%
    VISITORS READING REVIEWS
    Comms Service Provider29%
    Computer Software Company20%
    Government7%
    Manufacturing Company4%
    REVIEWERS
    University12%
    Comms Service Provider10%
    Marketing Services Firm10%
    Computer Software Company6%
    VISITORS READING REVIEWS
    Comms Service Provider41%
    Computer Software Company14%
    Government6%
    Educational Organization4%
    REVIEWERS
    Manufacturing Company11%
    Financial Services Firm11%
    Healthcare Company8%
    Comms Service Provider8%
    VISITORS READING REVIEWS
    Comms Service Provider37%
    Computer Software Company17%
    Government7%
    Educational Organization3%
    Company Size
    REVIEWERS
    Small Business40%
    Midsize Enterprise25%
    Large Enterprise35%
    VISITORS READING REVIEWS
    Small Business26%
    Midsize Enterprise20%
    Large Enterprise55%
    REVIEWERS
    Small Business70%
    Midsize Enterprise17%
    Large Enterprise13%
    VISITORS READING REVIEWS
    Small Business27%
    Midsize Enterprise24%
    Large Enterprise50%
    REVIEWERS
    Small Business62%
    Midsize Enterprise24%
    Large Enterprise14%
    VISITORS READING REVIEWS
    Small Business32%
    Midsize Enterprise23%
    Large Enterprise45%
    Buyer's Guide
    Sophos XG vs. pfSense
    July 2022
    Find out what your peers are saying about Sophos XG vs. pfSense and other solutions. Updated: July 2022.
    620,600 professionals have used our research since 2012.

    pfSense is ranked 2nd in Firewalls with 58 reviews while Sophos XG is ranked 6th in Firewalls with 141 reviews. pfSense is rated 8.6, while Sophos XG is rated 8.0. The top reviewer of pfSense writes "Feature-rich, well documented, and there is good support available online". On the other hand, the top reviewer of Sophos XG writes "Light and stable with excellent real-time control ". pfSense is most compared with OPNsense, Fortinet FortiGate, Untangle NG Firewall, Sophos UTM and Zyxel Unified Security Gateway, whereas Sophos XG is most compared with Fortinet FortiGate, OPNsense, Palo Alto Networks NG Firewalls, Meraki MX and SonicWall NSa. See our Sophos XG vs. pfSense report.

    See our list of best Firewalls vendors.

    We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.