Sophos Firewall Reviews

We can recommend Sophos XGS for industrial software companies, small businesses at the entry-level, as well as enterprise companies. We offer it for a range of customers, from entry-level to high-end.

The reporting in XGS is a major benefit for us. In other platforms, we can't get reports for one or two months. Secondly, it's very easy to handle and understand, and the deployment process helps enhance our skill set. 

The integration with Azure SSO and IPsec is also great. I like the remote access feature, and I would like to see IPS included as well, where we get more detailed reports and can identify and block issues from a single source.

There are a lot more features I haven't explored yet. We just implemented it based on our colleagues' recommendations and are currently working through the support checklist.

Migration and support processes are improving. Even people new to Sophos are finding it easier to manage now.

A lot of training is required. When I train our engineers, they aren’t able to get sufficient training from Sophos-hosted sessions. We only find textbooks and some videos on Sophos portal. 

More live sessions or time-bound training would help us understand how to pitch the firewall or use specific features, like advanced photo settings or integration with SD-WAN. 

We need to know which feature is suited to different environments. Right now, that knowledge gap makes us more dependent on OEM support, which could be reduced by up to 40% if more training was available.

For me, reporting is a major area for improvement. Detailed reports help pinpoint issues like usage bottlenecks or abnormal activities, allowing us to fine-tune the firewall. IPS in XGS is great because it provides timely attack reports we can present to management. Integration with Active Directory could also be better. Sophos Central integration is good, but the firewall’s performance is slow when accessed through Sophos Central. Our clients also experience slow access when using their credentials. That’s a bottleneck I’d like to see resolved.

I have been using it for the last three years.  

The customer service and support have been very good. It's much better now than it was a year ago. Back then, responses were slower, but now their technical support is good. However, RMAs (Return Merchandise Authorization) can still take a while. For instance, recently it took two days to analyze a faulty box. 

Maybe it was due to the weekend, but after I raised the request on a Friday, the replacement box only arrived by Thursday. This caused a delay, and we didn't have any alternatives for providing Internet services to our clients during that period. It takes longer with XGS devices. So, I would deduct points for the delays in RMA and pricing.

Positive

Along with XGS, we push antivirus with laptop encryption, and also Sophos Intercept X for endpoint protection. We push all these products, along with the red devices (hardware appliances).

We're not pushing Sophos MDR because of the pricing. Clients aren't accepting it because competitors offer lower prices, and clients don't fully understand the additional features of MDR. 

For endpoint protection, I only push Sophos antivirus with all the compliance features, like web filtering, data encryption for laptops, and protection for remote users. For MDR, we focus on larger companies.

We deal with corporate offices. For those types of clients, we push for MDR/XDR. However, they are also checking out other features and platforms because we've had some large opportunities. 

Compared to other products [like Fortigate, SonicWall and Palo Alto], Sophos's pricing is a little higher. 

The second thing is that support is very good, but we're having more issues getting pricing for the Sophos device on time from our vendors. Whenever we request pricing, we simply drop an email. 

We create comparison sheets for Sophos XGS when pitching to our clients. We highlight the benchmarks and advanced features, like reporting, that aren't available in other products. We emphasize the value of the bundle that comes with the firewall role. This is a major factor in convincing clients to choose Sophos XGS. The reporting capabilities and overall features are good.

I would recommend using Sophos. We push Sophos to most of our clients. Almost 99% of them use it. Only a few clients prefer FortiGate due to company policies, and some use Check Point, but we mostly recommend Sophos XGS.

Overall, I would rate it an eight out of ten. 

When compared to older versions, after the 2021 update, there have been significant improvements. Routing has become easier, and integration with third-party platforms like Azure and IPsec is seamless. Creating policies for different VLAN compliance requirements is also simpler, and the flexibility now is much better than earlier versions.

I was a distributor for Sophos XG products and worked with customers seeking network security solutions. In my current company, we previously used Sophos XG products extensively before switching to other options.

Sophos XG offers a robust solution with quota management features that are per IP and per user, which I find to be very effective. The ability to manage everything in one box is a significant advantage, eliminating the need to purchase separate products for email security and other features. The user interface is user-friendly, offering dashboards with widgets that provide speed and status, making configuration easy. Traffic management is facilitated through various configurations and user self-portals. Additionally, Sophos XG makes administrative tasks seamless by allowing easy navigation and configuration.

The technical support could be improved, particularly in terms of response speed, as there were delays when working with their Indian support team.

Traffic management is facilitated through various configurations.

Sophos XG is primarily suitable for SMB and mid-level enterprise categories, but not typically chosen by high-end enterprises in Sri Lanka.

The technical support could be improved, particularly regarding response speed when working with the Indian team.

Neutral

Previously, we used Sophos UTM before transitioning to Sophos XG.

The implementation of Sophos XG is straightforward and easy.

I worked as a distributor and the setup was handled internally or with assistance from vendors.

During my research, I explored products like Fortinet FortiGate and Netgate pfSense.

I rate Sophos XG eight out of ten. While the implementation was straightforward and easy, the technical support could use improvement. I recommend looking into improving the features and security validations to cater to the needs of bigger companies.

I am using the Sophos firewall, such as the XG series 2300. Some other branches have Sophos and Fortinet. There is an additional failover feature for site to site vpn in Sophos.

Sophos firewall has failover facilities for site to site vpn. When one active tunnel goes down, backup tunnel goes up automatically. It helps my organization to keep the service up always.

Sophos has a centralized management system where I can manage and control all the Sophos firewalls at the same time. They have introduced MDA threats in their latest version. Sophos firewall is a little bit cheaper than Fortinet. Some features are free. There is a central management system, which is a free service from Sophos.

There is no option for right-clicking on any feature after logging into the firewall. I am unable to open a feature in a new tab. In FortiGate, I can do it; in Sophos, I cannot.

I have been working with Sophos for around one and a half years.

When Sophos introduced firmware version twenty, there was a bug in DHCP server. Later, they removed it, and a bug-fix firmware was introduced. Now, the latest firmware version of the firewall is stable

I am satisfied with the support team.

Positive

Before using Sophos, I was working with Cisco ASA Firewall and Fortinet.

It's really easy to configure the firewall.

I will recommend both Sophos and Fortinet. 

Overall, I rate Sophos firewall nine out of ten. There is no option for right-clicking on any feature after logging into the firewall. It would be helpful if there is right-click option here.

My company has normal web-based policies to restrict websites and allow certain legitimate websites. My company also has site-to-site VPNs and SSL VPNs, along with firewalls.

The most valuable feature of Sophos XG for our company's cybersecurity defense strategy stems from a mixture of all of the product's capabilities, which includes areas like web protection and VPN that are important when it comes to cybersecurity.

I would like the product to improve so that it can provide advanced SD-WAN, which can allow users to deal with infinite connections along with seamless bandwidth utilization.

In the product, the area revolving around SD-WAN has certain shortcomings where improvements are required.

It would be great if I could monitor a particular traffic from a network with Sophos XG.

I have been using Sophos XG for around a year and a half. I am a customer of the tool.

It is a stable solution. Stability-wise, I rate the solution an eight to nine out of ten.

Scalability-wise, I rate the solution a seven to eight out of ten.

There are around 200 users of the product in my company.

The solution's technical support is good. I rate the technical support an eight out of ten.

Positive

I have experience with Fortinet.

Sophos and Fortinet provide good features. Interface-wise and usage-wise, Fortinet is good. Fortinet provides a simple interface, while it is an area that is a bit complex in Sophos. Feature-wise, Sophos and Fortinet are similar.

I rate the product's initial setup phase at six or seven on a scale of one to ten, where one is difficult, and ten is easy.

The solution is deployed on the cloud and on-premises.

The solution can be deployed in a day.

The product is expensive. I rate the product price a six on a scale of one to ten, where one is low price and ten is high price.

Sophos XG has the ability to provide good reports.

I rate the tool an eight to nine out of ten.

I am using this product for security purposes.

Sophos XG is user-friendly, easily configured, and has all the latest features, including URL filtering.

I have used the Synchronized Security feature of Sophos XG along with the Heartbeat functionality, specifically the Security Heartbeat.

The filtering capabilities of Sophos XG are good and I find it user-friendly.

An area that could be improved is technical support's ticket registration process. Sometimes when I contact technical support, they do not register the tickets properly. They ask about registered mail ID and registration number when I am already under pressure. For instance, when the internet is not working or when I cannot apply certain rules, I am already stressed, but the tech support did not register the calls. This happened three to four months ago.

I have been using Sophos XG for one year.

Installing Sophos XG is very easy, with no issues encountered.

The complete installation, including setting up all rules, takes approximately one and a half hours.

I am familiar with Sophos XG.

We have purchased Sophos XG directly through Sophos, though I am not aware of the financial operations regarding the purchase.

I rate the technical support as eight out of ten.

On a scale of one to ten, I rate Sophos XG as eight.

Sophos XGS is primarily used for similar use cases as Fortinet. It is utilized for network security, with a focus on cost-effectiveness in comparison to Fortinet.

Sophos offers a centralized system available to everyone, even for their smaller models, which is an advantage over Fortinet, which requires separate purchases for similar services.

Some of the most critical features for enhancing network security with Sophos XGS include their centralized management system, vulnerability system, and integrated IDS. Additionally, Sophos offers a centralized system available to everyone, even for their smaller models, which is an advantage over Fortinet, which requires separate purchases for similar services.

Hardware stability needs improvement. I have experienced multiple hardware complaints, particularly during firmware updates that sometimes cause crashes. Improvements to the hardware would be a critical enhancement.

I have been working with Sophos for more than three years.

While the software and policy implementations are stable, hardware can be critical, reflecting in a rating of seven point five out of ten.

In terms of scalability, Sophos XGS can be improved due to hardware faults, reflected in a rating of seven point five out of ten.

Sophos has a good technical support team, with a rating of nine out of ten.

Positive

We are working with both Fortinet and Sophos, deploying solutions based on customers' needs.

The initial setup of Sophos XGS is user-friendly and can be done within a few hours.

We have eight network security engineers in our team, and the number involved in deploying Sophos varies depending on the complexity of the task.

As for the commercials, they are cost-effective, and the price is justified by the overall results.

The pricing is justified, and the solution is considered budget-friendly compared to other vendors.

We have evaluated solutions from Fortinet and other vendors to address different customer needs.

The overall rating for Sophos XGS is eight out of ten. It is a good option for a budget-friendly environment, despite hardware issues.

Actually, we are using Tekton for creating CI/CD pipelines for building and deploying applications to different environments.

It helped a lot in terms of automation. We sometimes use Tekton for purposes like sending emails, running batch jobs, and similar tasks.

The valuable features include cloud-native integration, which makes it highly available and efficient in modern containerized environments. Another feature is the modular pipeline that allows reusing CI/CD manifests for different purposes. This modularity helps in reducing redundancy and maintaining a streamlined process.

One area of improvement is the lack of cross-cluster capability, meaning you need different sets of tasks and pipelines for each Kubernetes cluster. Tekton also has an unstable API with frequent changes, making it challenging to maintain consistency across versions. Additionally, there's a need for a better dashboard and built-in authentication mechanisms.

It's about one and a half years we have been working with Tekton.

Tekton is quite stable when used in a well-established Kubernetes cluster. The stability largely depends on the stability of the Kubernetes environment itself, which is designed for high availability.

Tekton's scalability is one of its most advanced features. Since it uses the underlying Kubernetes infrastructure, it can scale easily if the Kubernetes cluster is sufficiently large. I would rate it eight out of ten for scalability.

We primarily used community resources like Stack Overflow for addressing our issues and did not directly contact Tekton's customer service.

Positive

In my previous company, we used GitLab and Jenkins for creating CICD pipelines. Currently, Tekton is the primary tool we are using, with Jenkins as a backup solution if Tekton encounters any issues.

The initial setup was manageable but required extensive reading and understanding of documentation. If the Kubernetes cluster is already in place, the setup can be completed in less than ten minutes.

The deployment of Tekton was done in-house with a team of six to seven people handling deployment, creating CI/CD pipelines, and maintaining the solution.

Tekton is an open-source tool, meaning there are no setup costs associated with it. I would rate the cost at one, indicating it is free to use.

In my previous company, we used GitLab and Jenkins for similar purposes.

My advice is to avoid using Tekton if possible due to its complex setup and lack of user-friendly features like a comprehensive dashboard and built-in authentication mechanisms.

I'd rate the solution eight out of ten.

The tool's most valuable feature is threat protection and DLP features. So far, basic DLP features like content protection and blocking. Furthermore, for remote users, features such as back filtering and application control are available, allowing for command and control from our side. It is very easy to understand policy applications. 

It has multi-console features, where you can designate administrators or super admins. There's also a read-only feature available. Visibility features are included in XDR. This provides information on user impact, potential threats on specific machines, source and destination IPs, setup firewall details, and unique identifiers for each machine. Another notable feature is network isolation, ensuring that data remains secure by isolating affected machines from others.

Sophos XG offers visibility into network information, sources, destinations, and threats. Depending on the policies applied, users may monitor specific issues without blocking them. However, policies that block threats should be applied.

One feature I would like to add is remote wipeout capability. This would be useful in cases where a user leaves the organization and fails to return their laptop. Remote wipeout would allow for the deletion of data from the device with a single command. Regarding technical support from Sophos XG, it's generally satisfactory. However, the response time could be improved. It takes around one hour to receive assistance, but reducing this to 30-45 minutes would benefit us.

The tool has only a base DLP feature. It needs to have a full DLP feature with additional licensing. 

I have been working with the product for ten years. 

I rate the tool's stability an eight point five out of ten. 

I rate the solution's scalability a seven point five out of ten. 

The tool's installment is easy. 

The tool's pricing is cheaper compared to other alternative products. 

Sophos XG has a lab center where they analyze signatures and automatically update them on the product. This eliminates the need for manual updates on individual machines or centers. Additionally, it has features like MDR and management response features. So, Sophos XG seems to have a roadmap in place.

I would recommend the product based on the situation. Cortex, a next-generation antivirus for larger enterprises, would likely provide sufficient coverage. It's also known for its scalability and visibility features, including root cause analysis and terminology features.

I rate the overall solution an eight out of ten.