We performed a comparison between Sophos UTM and Sophos XG based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The Intrusion Prevention System and the web filtering are both working well."
"The security on offer is very good."
"The tool is a nice product and easy to handle. The software's user interface is also good. You can easily implement remote access in the solution."
"Using this product makes the VPN seamless and almost invisible to me in the sense that I don't have to think about it."
"I appreciate FortiGate's flexibility, which allows for centralized management through FortiManager."
"The solution has very good threat and content filtering switches."
"We use a southern institution that's audited for IT security and the reporting that automatically comes off the unit makes it much easier to meet compliance standards and makes it easier as far as the amount of time that has to be spent to compile that information. If you get your reporting set up correctly when you initially set it up, you just select the one you want and hit print. The auditing trail on it is the best feature."
"One of the nice things about FortiGate is that it can be deployed on the cloud or on-premises. You can actually do both. That's the biggest reason why I stick with this solution as opposed to something like Cisco Meraki. Another nice thing is that I can log directly into a FortiGate or get to it through their FortiCloud access products. They're pretty reliable and consistent. One of the reasons why I started using the product was their single pane of management. I can deploy their line of firewalls in conjunction with their switching and access points, and I can manage the entire network from one interface. I don't have to log into one interface for the firewall, another one for the access points, and another one for the switches. These firewalls have access point controller functionality built right into the system, so I don't even have to purchase additional devices to manage them."
"I like the web filtering options."
"The product is extremely intuitive."
"Configuration troubleshooting is eased by the use of the color-coded, live firewall log."
"The most valuable feature of Sophos UTM is the endpoint protection feature."
"The packet filtering's great. You get out what you put into it. It works great as long as you know your security and configure everything adequately. If you just pop one in and it's not configured, then it's basically wide open. It kind of depends on the admin skill, but it's an excellent product."
"We've found the technical support to be helpful."
"It is not an easy task to protect your web servers from the big bad internet. The Web Server Protection in this solution does it elegantly and, if configured correctly, even hides the server's base system from prying eyes."
"The most valuable feature of Sophos UTM is the efficiency and mail filtering module."
"I like the functionality and the user interface."
"Most of the features Sophos XG has are valuable. However, if I have two different ISP, I'm able to create an automatic switch between the two ISPs. I can do the same thing for the cloud as well. If I have two subnets coming from the cloud, I'm able to create a type of switch between both of them where if there is traffic on one and has the traffic drop, I'm able to switch to the other ISP without any problems. It's a normal feature and I get to enjoy the ability to switch between services with no issues."
"it's user-friendly, not complex."
"Sophos firewalls are scalable. They are pretty strong in security. So, when they provide any kind of firewall, they provide all the features such as anti-spam, antivirus, etc."
"The firewall feature of Sophos XG has been the most effective for threat prevention."
"It is feature-rich, I like the server authentication, and the reports are good."
"The solution's technical support is good."
"The interface is very user-friendly and it's easy to manage."
"The solution can have more features in a single box that can be multi-applied to integrate everything."
"Monitoring and reporting could be better."
"The solution could be more secure and stable."
"The improvement is related to logs. Instead of the CLI, we should be able to have more insights into the logs of the firewall in the GUI."
"There are just some services that aren't available. For example, the Ethernet or point-to-point protocols. They could add these services to their product offering - especially services for ISPs."
"Its customer service could be better."
"The cloud features and integration could be improved."
"We were not able to build a full-mesh VPN; however, I am not sure if this was the fault of Fortinet FortiGate."
"It's stable, but the reaction time of the GUI is terrible."
"The technical support only communicates via email. I would prefer to communicate directly with someone."
"The solution's technical support for India needs to be improved."
"I would like to see the SD-WAN feature improved."
"It would be nice if it had basic features, such as DLP (Data Loss Prevention)."
"VPN needs IKEv2, but it’s in the roadmap. Also, all new, cool features will only come to the new Sophos XG Firewall."
"During initial configuration, I encountered a few issues."
"We need a better VPN client for the customers."
"Sophos XG could improve the policies, they are a bit confusing when creating them. There are many options that make it confusing and it could be simplified."
"The support engineers of the product are not very tech-savvy, making it an area where improvements are required."
"SD-WAN can be improved."
"The MTR feature needs enhancing."
"The training manual provided to users lacks proper guidance on configuration procedures."
"The solution could offer a bit more integration with other systems, with other platforms - just to be able to extend the capability and to interface with other kinds of platforms or systems that I can find on the market as it gives the possibility to improve the level of integration."
"The SD-WAN could be improved."
"While it is a secure solution, I believe it could be improved."
Sophos UTM is ranked 1st in Unified Threat Management (UTM) with 110 reviews while Sophos XG is ranked 7th in Firewalls with 192 reviews. Sophos UTM is rated 8.4, while Sophos XG is rated 8.2. The top reviewer of Sophos UTM writes "It's a highly stable platform with very few hardware issues". On the other hand, the top reviewer of Sophos XG writes "Easy to use and deploy with an improved pricing structure in place". Sophos UTM is most compared with Netgate pfSense, OPNsense, Palo Alto Networks NG Firewalls, Cisco Secure Firewall and Untangle NG Firewall, whereas Sophos XG is most compared with Netgate pfSense, OPNsense, Sophos XGS, SonicWall TZ and WatchGuard Firebox. See our Sophos UTM vs. Sophos XG report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
The biggest difference between Sophos SG and Sophos XG is performance.
Now, there's even a newer Hardware Platform (same OS as Sophos XG, which is called SFOS) - the Sophos XGS which has different chipset architecture, to attend each security module, with its newest feature called XStream Technology.
Besides that, the GUI is very different. Nevertheless, it's worth trying the Sophos XG or XGS, since its GUI is getting overhauled for better performance and easier management, by each new release.
Sophos UTM is no longer being developed, according to our reseller. All the development effort is going into XG. So XG will be the only Sophos firewall going forward, UTM will eventually be end of life.
Hi,
The new appliances XGS have a dedicated streaming CPU (Xstream), in addition to the main CPU.
I have personally tested the differences between the XG and XGS similar appliances. The result is spectacular. 30% more perf minimum:
https://www.sophos.com/en-us/p...
The UTM-9 is soon end-life. Sophos security staff is now focused on SFOS 18, XG, XGS.
To respond to the question "the biggest difference", I think is the "Synchronized Security":
https://www.sophos.com/en-us/l...
The firewall is one of the full security solutions centralized in Sophos Central:
https://www.sophos.com/en-us/p...
At most of our customers, we implement a Sophos Endpoint locally on servers and workstations and firewall XGS. The synchronized security interact between firewall and endpoints. This can resolve the problem with the "lateral movement" of an infected computer. It can isolate a computer from the network when detected as infected:
https://news.sophos.com/en-us/...
It can be extended to secure cloud systems with Sophos ClouOptix:
https://www.sophos.com/en-us/p...
Tested with VM in AWS and Azure, work 5*!
Another big difference is the Webserver Application Firewall. All my customers with an internal webserver to be published in the net are protected with this "reverse proxy" (WAF). It really does the job of protecting IIS, Apache, etc. from externals attacks.
Another trick is the SSL VPN sites to sites. When a branch office is implemented with a front ISP router, sometimes the NAT traversal is not possible, for IPSEC VPN connections (UDP 500). With this SSL VPN, Simple NAT works and gives an SSL 128-bit AES encryption.
Finally, I have a lot of experience in implementing UTM and, now, XG(S). No way, the log is a big difference, easier to use as in Fortigates! It is similar to CheckPoint firewalls.
For my experience, no way: -> Sophos XG(S)
Here is an interesting link on differences between UTM and XG:
https://www.avanet.com/en/blog...
Regards,
A.Rastello
My understanding is that UTM is the software; SG is the hardware. You can buy Sophos UTM running on SG hardware and then later upgrade to the XG running on the same hardware.
I've been told by our Sophos reseller that Sophos are pushing the XG as next generation firewall, and developing it to at least as good as UTM. So XG will be the firewall of choice moving forward. UTM will not be developed further, according to him.
To my understanding, UTM and XG are from different legacy companies that
are now owned my Sophos. During my time researching anti-virus, UTM makes
more sense for our needs seeing as XG is primarily a firewall. From the
information I was able to find during the time of research, it seemed most
of the community felt XG had feature gaps from UTM.
UTM specifically SG series is a very mature and stable platform. It lacks some of the new features of XG; however has a very strong feature set. If you are looking for stability, ease of use and something well documented and understood than I suggest going this way. If however you are looking for a strong level of integration and have a greater than 3 year horizon then I suggest XG.
Wifi integration for example works better on the new platform.
There are several differences since there are 2 versions,
XG firewall has integrations with other products like intercept X and admin from Sophos central.
SG UTM has less integration since it's a separate product. It was formerly Astaro firewall, but the most advanced features have been only set to the XG.
There are appliance and software versions of both products. Depending on your need you might choose one or another. But basically, look at them as 2 different firewalls.