Sophos Firewall Reviews

We use the latest version.

We are very familiar with the solution. It's pretty straightforward, our personnel is properly trained and we use it efficiently. The solution integrates very easily with other brands.  I've done VPN tunnels with other brands, and that was fine as well. The solution is quite stable and we don't have any issues with it. The VPN is easy and has good logging, monitoring and notifications.

When compared with Sophos XG, Fortinet lacks the notifications and reporting features. 

When it comes to improvements that the vendor can make, we see that the cloud integration for managing all the firewalls is essentially a replacement of the on-prem version we had. It's not mature yet, being still in its infancy stage. That would require some improvement. As I have many firewalls, having the ability to delegate access to use, such as exists with Microsoft CSP or other services, would be a nice feature to see. 

Also, as a tech person, I know that executives do not wish to receive complicated reports, so a simplified executive report for executives would be a nice improvement. This would save us from having to explain issues which are beyond the scope of their knowledge. 

Sophos XG is basically a mix of UTM9, Check Point and several other technologies. It is essentially a merging of technologies. We've been using it since version UTM9, at which point we switched to Sophos XG..

The solution is quite stable. 

The solution is scalable, but an organization should assess in advance its size based needs. Say, for example, a company utilizes the XG 125 version, but grows rapidly. At this point it may need to switch to the 210 version. Yet, switching from one version to another would not really present an issue. One can restore the backup configuration version on the new hardware and be up and running. 

Technical support is pretty good, although I did have some issues with its availability during the COVID-19 pandemic, even though this seems to have been a challenge faced by all major support companies. There were delay issues owing to their teleworking, but the support they offer is quite supportive and they have all the necessary documentation.  The truth is that I have a need for many cases, although the ones I require have to do with things that are out of my control, such as licensing or the occasion of a new app that failed to show up in the console. I have many sub-sites and I did face a serious issue. Technical support was pretty helpful even though I had to redesign the typology of one of my sites. They actually tried assisting me with the original design and I found them to be quite helpful and to possess a good base of knowledge on the site. 

It is important for a person to properly learn the features of any product so that he can optimize its utilization. The setup of the solution is pretty straightforward. What is truly important for a person with only a basic network background is to undergo proper training, so that he may learn about all the features and how to configure them. 

For any product a person uses, it is a good idea to do a test run. Sophos allows for its product to be evaluated without any financial commitment. It offers a free virtual machine for home use testing of the features. 

At present, Fortinet seems to have a slightly higher rating than Sophos XG, so if it were also to turn out to be more cost effective this would affect my rating of it. The reason is that this factor does have an impact on the decisions reached by CEOs when it comes to cost-benefit analysis.

This said, I rate Sophos XG as a nine out of ten, because we are very happy with it and don't really have any issues. We have actually been replacing Cisco normal routers, not sets, with Sophos and we're very happy with them.

We primarily use the solution as a firewall. 

We have multiple clients. The use case is based on their requirements, for example, as a site-to-site VPN or maybe as an FSL VPN for end users to promote the network access of company systems. Apart from that, it is used for web filtering and URL blocking. Apart from that, it's on a regular day-to-day basis used as a firewall.

It covers most areas that are needed.

The initial setup is straightforward.

The solution is scalable. 

It's stable. 

We've had issues with support. If they improved on the support part, that would be great.

They should customers who are facing issues with their product reviews; they found bots in it. If they can do their proper research and use the user analysis and testing, that would greatly help the clients.

The software release has been giving us problems.

Other firewalls provide better reporting. We need admin and activity logs to be populated for the firewall. 

For the Sophos XGS, I've been working with it for the last four years. Overall, for firewalls in general, I've been working with solutions for more than ten years.

The solution is stable. We haven't really had any issues until a bug hits the firewall. 

We are the service provider to the client, so we have a total of 28 people, excluding the team lead and the presale technical support or maybe a presale technical person. They are working directly on Sophos XGS. e tend to deal with enterprise-level customers. We don't have small-scale organizations under our portfolio. This solution is best suited for mid-range companies and larger. 

The solution is pretty scalable. I'd rate it a three out of five in terms of ease of scalability.

Support has been very poor.

Neutral

We have three major products, which we offer to clients. They are Palo Alto, Cisco ACI, and Sophos XGS.

There are many major differences between Sophos and Palo Alto. This product is not comparable to Palo Alto right now. Maybe the basic models of the Palo Alto can be compared with the Sophos XGS firewall, however, not the higher-end ones. Palo Alto is much more advanced. 

The solution is straightforward to set up. It is not overly complex.

How long it takes to deploy depends on how the implementation is requested. It won't take more than one hour if it is a basic implementation like setting up the firewall with ISP connections and all those things. However, if it is a complete setup with implementations, other tests, and all those things, it takes around six to seven hours.

After the installation, we do the software updates periodically along with the model which the client has purchased Apart from that, we also do the maintenance of the various policies and other configurations. We do make changes to the firewalls based on changing industry standards, et cetera.

I'd rate the ease of implementation a four out of five. 

If the customer requests assistance with the initial setup, however, we will provide an engineer to them. They'll come to the implementation site and assist.

I don't take care of the licensing part. There is a separate team.

We are a Sophos Gold partner. 

We have multiple firewalls on multiple OS versions. Basically, we do have two major pieces of software installed in the firewall, which are 1854 MR4 and the latest release, 1801.

There are multiple criteria when making a decision about whether to go with Sophos or maybe another firewall. It depends on the client's requirements as well as their budget. 

I'd rate the solution five out of ten.

In some instances, we are using it in a virtual appliance in a VMware environment.

I will not rely on Sophos to build my infrastructure. For that, I will go to Fortinet or Palo Alto. However, from an end-user management perspective and the granular control and the reporting stuff, I still prefer Sophos. 

We are using Sophos as our internet gateway for specific sites that don't have to do with the backend tunneling and the infrastructure and all that stuff.

I have found some difficulties in other products, like in Fortinet, where there is no end-user visibility in a presentable form that non-technical people can interpret. I'm talking more specifically about non-technical management. You have to present something. Apart from that, the end-user integration is fine if you are using it for NCL and or as an internet gateway. Sophos allows for more visibility.

However, as far as infrastructure is concerned, if I have to apply this as a device in my data center or at any critical point, this device fails to perform. The hardware is not up to par. Even if I answered from proxy to transparent, transparent proxy to the full proxy mode, there are some hardware difficulties.

The centralized security is very good. 

The heartbeat system, the reporting management, and the electoral control that is achieved when the Sophos XGS is integrated with the Sophos endpoint is great.

It's close to the top of the line, alongside Trend Micro in terms of security reporting.

It is easy to set up.

I have observed that there are some reliability issues with these products in regard to the hardware performance and RMS.

I've witnessed many devices go down - even three on the same day. I've never seen that, for example, with Fortinet.

The stability could be a bit better.

I would like to have a proper SD-WAN orchestration solution. They are working on it. However, it still needs some improvement. Apart from that, it would be better if they provide the email gateway and the WAF not as a feature in the existing XG but as a dedicated appliance. Barracuda and Fortinet, for example, are providing dedicated services for the WAF and email gateway. Compared to that, Sophos is not up to the same level.

I've used the solution for around five years.

While their endpoint is a stable solution, their firewall needs to be improved in regard to integration with other products. I have specifically witnessed a case where we tried to integrate Sophos XG with the DLP product by Force Point. That wasn't supported right away. FortiGate was supporting that particular model.

I would like to have scalable products, however, normally what I have witnessed is that every new product that they push out or any additional feature that they push out in a new VMware version or specifically for the firewall may have some stability issues. So scalability at the cost of stability is not an option for me.

We have about 250 to 300 users. We have multiple branches that use this product. Usually, it's the development team, and hardware and software users. 

We may expand usage. It will depend on the additional sites we may operationalize soon.

I've had some direct escalation experiences with the country manager and their technical lead. I tend to get a good response.

While in general technical support can be better sometimes, as far as their resolutions are concerned, the team is providing us with technical assistance, and their approach to resolutions can be a bit tricky. Normally they try to avoid dealing with the solution so you have to dig it out and you have to work on it yourself, or you have to push them that there must be a solution.

Neutral

I have some expertise in Sophos and Fortinet; I'm not so sure about Cisco. We are also using Palo Alto.

We had some granular control in Sophos that was a bit advantageous to us. That's why switched. Also, the reporting, AD integration and the Sophos endpoint integration were key drivers in making the change.

The solution is simple to set up. It's not overly complex. It only takes a couple of minutes. 

YOu only need one person to handle maintenance. 

I handled the initial setup myself. 

We pay for the solution on a yearly basis, and it is fine. The renewal costs are typically reasonable. If you compare the general cost to Fortinet or Palo Alto, it's lower and more affordable. YOu can also pay for extra support.

We are a Sophos end-user.

For small enterprises or even for some enterprises that do not require large infrastructure, I would recommend Sophos right away. In Pakistan, we have to present something to the management and most of the time the management of the company is non-technical. So the presentability factor and the users' granular control and integration factor, make it attractive. This product can be used as an internet gateway. I have already recommended it to multiple users not for the infrastructure but for the internet gateway or as a proxy service.

I'd rate the solution a seven out of ten. Some features still need improvement or to be built out, like  proper orchestrations or dedicated services.

This solution is like our gateway to the internet. We use it for access control. 

This solution is very simple to manage. It's user-friendly and quite easy to configure. It's easy to communicate with the Sophos support team.

I would like to see a history of the monthly bandwidth utilization, the bandwidth consumption for a period of time. Right now, I know they have something where you can see the live bandwidth utilization when you go to reports. However, there is not a history where you can go back and say, "I want to see what was consumed during the last month." You can't get that history. I know there are other third-party tools that do that, but if Sophos could have it integrated into its file device, that would be cool. 

I would like to see them reduce the price.

I have had experience with this tool for about three years now.

This is a stable product. 

This solution is scalable. There are currently 250 systems connected to this solution. 

My experience with the Sophos technical team has been fantastic. I was trying to set up a VPN tunnel through a SAP X server, so I was having some challenges, and our consultant tried and then he just decided to set up an appointment with the Sophos technical team. Within a short period of time, we were able to pinpoint where the problem was coming from and we got the problem solved. I would rate the technical support as a five out of five.

Positive

The initial setup is quite easy. It's not a challenge. On a scale of one to five, where one is difficult and five is easy, I would give it a four. 

It was done in-house but we consulted a third party that is more experienced with Sophos.

The price of this solution is quite high. Currently in my country, in Nigeria, we are facing a lot of problems with products. The value of the naira and the dollar keep heating up, and it's not good for us here Nigeria, so the Sophos price is not friendly. I think the price needs to be worked on so that it can at least be commercially available to us here in Nigeria. I would rate the pricing as a three out of five.

Sophos is always my preferred solution. I've worked with Sophos, Fortinet, and MikroTik in terms of configuring VPN access to the routers. I find it very, very easy to do it on Sophos, so I prefer to use it instead of the other two solutions. 

I would rate this solution as a nine out of ten.

The solution is a layer 7 next-generation firewall, which we use as a firewall and router. We customize rules to help with our security.

We like the layer 7 capability. We have a couple of servers behind the XGS firewall which understands HTTP packets. The solution offers a very accurate setup, and we can use it as a kind of reverse proxy device. Based on the connected URL, we can direct traffic to different servers without a solution.

The solution is very user-friendly, and the GUI is so good that I don't have to use the CLI. This eliminates the need for typing; clicking allows me to get to what I'm looking for.

The application is a little slow; it takes five to ten seconds to respond to every click when configuring. If we need to do significant configuration, it can take a lot of time. This might be because we have a low-end machine, and it could be faster with a high-end one.

We have been working with Sophos XGS for nine months. 

The stability has always been good, we haven't encountered any issues. 

I can't speak much to the scalability as we haven't scaled the tool. I don't think it is scalable the way I have it configured, but there is a high-availability function in the menus. I don't know if the configuration is automatically transferred to new devices.

We have 600 users working behind the solution, and it is very lightweight in terms of maintenance. Sophos provides free web access, so we can go to their website and configure the firewall, which is automatically passed on to the device.

I escalated a question regarding a license issue, and they solved it very quickly, so I rate the tech support highly.

Positive

The initial setup was straightforward. It has an old-style GUI, so we just followed the steps, and much of the setup was automatic.

We implemented via an in-house team. 

We must purchase separate web server licenses, as they are not included in the regular device license. I would rate the product an eight out of ten in terms of price. It's relatively affordable.

I would rate this solution a ten out of ten. 

For personal use, I suggest pfSense, but for business applications, Sophos is great because they have better support and offer an excellent GUI, which makes XGS very easy to operate. pfSense offers console access and is a lot more configurable, which is why I prefer it for home use.

I would advise potential customers to get a free trial license, as it offers the freedom to trial the solution to see if it has the functionality and configuration options required.

In terms of the firewall, I'm using Sophos X on everything, including the VPN, firewall, and endpoints.

Everything about the product is okay. 

I cannot single out anything specifically, as the firewall is working perfectly. The endpoint is helping me greatly and people have been able to work from home using the VPN. It has been great.

The pricing has been fine so far.

It has a pretty straightforward initial setup.

The solution's quite stable. 

The solution is scalable. 

Technical support has always been very helpful.

In terms of updates with the current technologies and current trends, which we're always exposed to, they update their databases frequently. 

It quickly detects issues. 

It is a plug-and-play system. 

Mainly, it's a cloud-based firewall for cloud-based endpoint protection. I can be able to manage my devices from anywhere without configuring all these VLANs and whatnot.

If I could host my emails using an email transfer agent, hosting it, it would be ideal.

The configurations can be a bit complex. It may be a while before you understand the configuration process.

If you do not have any experience with the product, you may struggle to set it up.

I'd like to see more integrated services from Sophos so I can handle everything from one place without a third-party. I would like to have email hosting and management integrated into Sophos XGS.

I've been using the solution for more than five years now.

It is very stable. There are no bugs or glitches. It doesn't crash or freeze. 

The solution can scale. It just depends on the model we are using. For example, on an XG transit, I can add as many users as I want. On XG 105, I can only have limited users. It depends on the package.

We have more than 80 general users on the solution. We use it intermittently.

I've dealt with support several times. They were awesome. We found them to be helpful and responsive. They are quite knowledgable. 

Positive

The setup process is perfectly okay. I'm an IT administrator. It's not very difficult for me to get everything up and running. I also need to check the integration. 

I'd rate the initial setup a four out of five in terms of ease of execution. 

In terms of pricing, it's good. They've been giving us some promotions where we would pay for two years and get an extra year free. We appreciate that level of savings.

We paid for a three-year license a while ago. I can't recall the exact amount that was paid. It was likely around $12,000 or less - around $4,000 a year.

It's one of the best pricing strategies they have used. Initially, if I were paying for a year, I would pay around $5,000 or $6,000. 

It is very affordable for a small enterprise. It is very competitive.

I am looking into Sophos NAC.

We are a customer of Sophos. 

I'd rate the solution eight out of ten.

The solution provides firewall protection.

The solution is easy to use and configure, once you know how to apply the policies.

The customer service response time can be improved.

I am currently using the solution.

The stability is good. I have not had any problems with it.

The scalability of the solution is good.

The customer service response time is slow and could use improvement.

The setup is straightforward if you know how to do iOS.

The cost is around $50 per endpoint, and there is a one-time purchase fee for the firewalls of $2,500, plus services. It is roughly around $4,000.

I am currently evaluating CrowdStrike. I like it better.

I give this solution seven out of ten.

If you are looking for a low-cost solution, cheaper than Cisco I recommend this solution. You should also look at Fortinet.

We use Sophos XG for the firewall.

I like the tunneling part which we are using for the VOIP. We have various other sites where we connect via tunneling. The tunneling part is very fast and easy to implement.

The deployment is very easy for my network team, and it is very easy to implement policies. The support that Sophos provides for the upgrade of new features and their interaction with the customer is very good.

Customer engagement is what I like about the product. We are very well informed about what is going on and new best practices. If anything new has gone wrong or anything in the world of cybersecurity we should know about, they will let us know.

Any firewall is dependent on how you use it. It's also on the user, how you configure it, what you allow, and what you don't allow, and so on. The ease of defining policies and the customer connect is what I appreciate about Sophos.

It would be better if they made their own hardware like Palo Alto and Fortinet. They use their own ASICs and claim it is more secure. 

The SD-WAN can be improved. The traffic optimization somehow needs to be improved, or there is a scope for improvement in Sophos XG.

It would be better if they moved towards the cloud side of things. Now a lot of things are moving on to the cloud.

I have been using Sophos XG for a couple of years.

Sophos XG is a stable product.

Sophos XG is scalable.

The Sophos forum and Sophos direct support are excellent. 

On a scale from one to ten, I would give Sophos support a ten.

We had Cyberoam, which Sophos took over.

The initial setup is straightforward and took us about a week to deploy.

An internal team made up of two people implemented Sophos XG.

We generally buy it for a three-year license.

I would recommend Sophos XG to potential users.

On a scale from one to ten, I would give Sophos XG an eight.