Sophos Firewall Reviews

We are using the Sophos XG in a different manner than the typical use case. We have the physical box, and we are using Sophos XG on the cloud.

We have two different types. We have two different Sophos XG we're running. We're running one on the Microsoft Azure cloud which mostly all security on the cloud goes through the Sophos XG. The second Sophos XG is running on our own physical local data center.

We are doing something similar to an IPsec between Azure and the local data center. So we are doing an IPsec between the two. We connected all our resources and we mostly run the applications on Microsoft Azure. Were now are doing IPsec between the two data centers.

Most of the features Sophos XG has are valuable. However, if I have two different  ISP, I'm able to create an automatic switch between the two ISPs. I can do the same thing for the cloud as well. If I have two subnets coming from the cloud, I'm able to create a type of switch between both of them where if there is traffic on one and has the traffic drop, I'm able to switch to the other ISP without any problems. It's a normal feature and I get to enjoy the ability to switch between services with no issues.

Security is one of the major reasons we are deploying Sophos XG in our process.

We recently did an upgrade on the Sophos XG firmware and we were surprised that after the upgrade,  the automatic switch actually we were using did not work anymore.

We try to understand exactly why it wasn't working with the new 18.5 firmware, but we could not figure it out. I realized that I was stuck with the main ISP. If there's an outage, it was not reliable on the network any longer.

We had to reverse, back to the old firmware even though we were still trying to fix the new version. It is a very efficient feature for our operation. If it was not there, it could make the workings of our operation inefficient. It is one of the best features of Sophos XG. It makes operations very efficient. You don't have to worry about anything at all. We are using the entire Sophos package, such as Sophos endpoint, Sophos XGR, Sophos ZGR.

The documentation can improve with Sophos XG. This will allow our network engineer to work better with the solution. Additionally, they can improve the ability to filter down devices. Recently we were faced with a challenge where we needed to restrict mobile phone users on the network but we realized that we couldn't do this with the solution. 

Recently I was looking at the Cisco Meraki solution, to see what it can do in terms of capacity. There's one feature that stood out to me, and that feature has the ability to implement some policies. Organizations need to have security policies in place. I would like the ability to create policies.

I have been using Sophos XG for approximately two and a half years.

We have approximately 60 people that are working on Sophos XG. However, the number is higher because Microsoft Azure routes every customer through the firewall. We have multiple layers and the traffic passes through Cloudflare and then gets directed to the Sophos XG on Microsoft Azure. The Sophos XG on Azure does all the filtering and routing to the private IP, allowing us not to use the public IP.

The DMs are private, and approximately 14,000 customers  pass through the Sophos XG and Microsoft Azure

The support from Sophos XG is very good. We can easily relate to the support.

I would rate the support from Sophos XG a two out of five. You cannot have good support without good documentation.

If you look at the software environment now, anywhere you go, you see the documentation for everything that has been done. Sophos XG has documentation, however, you should not need to have a certification to be able to understand it.

I have used Sophos Cyberoam previously.

If we had better documentation we would be able to implement Sophos XG better for the organization's exact specifications. When you have already come up with your networking strategy, presented it to the company, then you find out the new framework doesn't conform with the organizational strategy. You have to start going back and receiving approval for a new strategy. However, you are not even sure what the strategy is going to be with the new framework, because everything has changed. Most of the automatic resources stop working.

There is a high chance I do not even know why it is not working or what the major issue is. We have realized the package wasn't switching and we did a lot of troubleshooting for almost a week to understand why. We switch over to our old firewall, then we finally understood that it was something that has to do with the new 18.5 firmware in Sophos XG. Immediately we switch back to the old firmware, this fixed out problems we were having at that point.

I would rate the implementation of Sophos XG a two out of five.

The initial deployment was done approximately three years ago and it was done by a third party because of some complex considerations, such as the VOIP Gateway.

However, since the initial implementation, we have been managing it by our own in-house network engineers and every modification to the network has been done in-house.

We have three network engineers, that work on the solution and the network. They can manage all the features and securities. The amount of people needed to maintain the solution depends on the organization's architecture. 

In information security, the only way you rate ROI is by the level of information you're securing. I will ask myself how much is the information I'm securing is worth? The worth of what I'm securing will determine the amount of cost that I'm spending on the information secured. If I were to judge it that way, the ROI is high. 

I would rate the ROI of Sophos XG a five out of five.

We pay for two licenses for the use of Sophos XG annually and it is a flat fee. We do not have everyone going through both of the Sophos XG firewalls a the same time and the Sophos XG on Microsoft Azure is only accessible from the VPN.

Sophos XG has changed its pricing model for extreme protection.

I rate the price of Sophos XG a two out of five.

When we were evaluating other solutions we looked at Barracuda and it had an old GUI. This was an issue when we were making decisions between Barracuda and Sophos XG.

The solution has served its purpose in my organization.

I rate Sophos XG a nine out of ten.

This product is our firewall that protects our connections from the internet. It controls access for our employees when they want to access streaming media websites such as YouTube.

It controls the connection to our resources that originate from outside of our infrastructure.

We use it to monitor users and their activity including which websites they visit and what portals they use.

This product is compatible with my business and our market.

This Sophos product has a lot of features included.

This product does load-balancing between our connections. This is helpful because our infrastructure in Egypt is not stable and it requires several connections to achieve the required performance.

Sophos Control Center is a good feature. We can monitor everything from the control panel.

It can be used to create a VPN connection between users and our server. 

The performance and speed of the appliance are good. I have also tried the software deployment, without the appliance, and it was also good.

The VPN features can be improved. Due to covid-19, we have a lot of employees that work from home and we need better VPN capabilities.

We would like to be able to override policies set by the country. For example, VPN is banned in Egypt. If we could bypass this then it would be helpful because it would allow us to distribute our connections, or services, to other sites. 

After upgrading from version 17 to 18, not everything is in the same place in the interface. For example, the firewall rules are in a different place. Consequently, my IT team department cannot understand the portal and find it not user-friendly. They were used to the previous version.

Better training should be available because there is nothing on the Sophos website to assist with setting up VPN connections or VPN SSL certificates. For instance, there is nothing to explain how to configure the DDNS.

We have been using Sophos XG for between six and seven years, since 2015.

This product is usually stable. In the past few days, I have found problems where some services are not stable. This is something that I have used the portal to submit a ticket for.

We have 90 people working on the network concurrently. Combined, they have between 300 and 350 open sessions.

When the size of our staff increased, we purchase another appliance to expand our infrastructure. Beyond that, I haven't been able to test scalability.

In addition to the recent ticket I created for technical support, I keep in touch with them. The support is okay.

Previously, we used the Microsoft TMG firewall, and I have also used Cisco ASA.

I already had some experience with Sophos and firewalls. The first time I attended a Sophos event, I made a deal with Sophos and they helped me learn how to transition from TMG.

The user interface with Sophos is easier to use. For example, Sophos makes it is easier to create firewall rules for a VPN connection to the outside. With the other vendors such as Cisco, the process is more complex. 

Fortinet is also a top firewall provider but I recommend Sophos because it is more stable. I have limited experience with FortiGate.

The initial setup was easy. It was not complex for our IT department but you need some technical knowledge to do things such as creating a VPN connection between two endpoints, either site-to-site or site-to-client. You should also be familiar with SSL certificates.

The setup took between two and three hours, and after that, we had to prepare our network connections. It took two days in total.

No maintenance is required for the appliance.

We used a system integrator to assist us with the transition from TMG to Sophos.

We pay licensing fees of approximately $2,000. We have a contract for three years.

The vendor is very professional when it comes to firewall products. Aside from the issues with the VPN, It has all of the features that we need.

My advice for anybody considering this product is that the result depends on your country. In my country, there are a lot of problems with ransomware and viruses. Sophos has already helped to mitigate and stop issues such as these on our network. It is the best firewall on the market.

I would rate this solution a ten out of ten.

My clients are mostly based in the government. They are my core clients. I install the solution for my clients.

The solution is very easy to use. 

Of course, we have the skills, however, it's very easy for us to deploy the solution. That's one of the valuable features. 

They have a communication between the endpoint and the firewall which is very, very useful for security purposes.

Pricing is now pretty good. They changed the pricing structure a few months ago.

The initial setup is pretty easy.

The integration could be a bit better. They need to allow their solution to integrate with other products and not just other Sophos solutions.

Sophos has a feature that in my opinion is very limited. They don't have enough VPNs on their models. They have the XG 750, which is a sizeable appliance. On those models, they used to have not enough VPNs. They always were short on that area. 

Pricing used to be very bad, however, they've adjusted their strategy recently. 

The product needs to improve its marketing in Mexico. It's not a well-recognized product in our country.

The solution's technical support is very bad.

There is an overall lack of documentation in relation to features and capabilities. We need these to help explain aspects of the solution to our clients. 

I've used the solution since around 2014. I have about six years of experience at this point. It's been a while. I've definitely worked with the product in the last 12 months.

The solution is quite stable. There are no bugs and glitches. It doesn't crash and freeze. It's quite reliable. We don't have problems with it.

The solution is very scalable. It is not a problem. Sometimes we have issues when we are trying to do something with a different traditional version of hardware as sometimes the new hardware has more ports. However, if we are talking about scalability in a huge customer, we can do it very easily. 

Mexico is very different than other countries and continents as here, when we say it's a big customer, we are talking about 2,000 to maybe 3,000 users. There aren't too many large-scale operations in the country. However, in general, for our area, we tend to deal with large-scale companies.

For a company that has maybe 1,000 users, Sophos seems to work very well. We have one operation with 10,000 endpoints and it is working quite well.

Technical support from Sophos is very bad.

Sometimes we lose a project due to the fact that we need to solve some issues or answer questions. Things that may be technical but also involve the administrative side. I'm talking about licensing and the capabilities of the feature. We need some documentation, something we can show clients. They can better in those cases. They can either help us or supply us with what we need. 

In response time, they are terrible. In the area of technical knowledge, they are getting better, however, they aren't where they need to be. Right now, we are not satisfied with the level of support provided.

The initial setup is not complex. However, here in Mexico, it's very complex to sell the product. The brand is not as well known.

That said, the process is pretty straightforward. 

The deployment times vary. It depends on the end-user and what they need. Sometimes, it's easy as they don't have too many policies. The more policies they have, the longer it takes.

In other cases, clients may have a lot of VPNs. We have to work on those VPNs, and we have to do a lot of routing. However, that depends on the customer. Not all are like that.

For one appliance, you just need one person for deployment and maintenance. If we are working a lot of VPNs, we would have to use more people. We need to involve maybe two or three individuals and re-apply the configuration in that case. 

We handle the installation process ourselves. We do not need the assistance of consultants.

The pricing has recently changed on Sophos. Their licensing and cost structures are much more clear now. It's much better than it was.

Clients, in many cases, evaluate for Check Point, Forcepoint, and sometimes Fortinet. Occasionally, they may look at SonicWall, or Palo Alto however, the others are the main big competitors. 

Palo Alto is very expensive as are Check Point and Forcepoint. That's why we sometimes win the projects. We find Fortinet, is very, very hard to beat as they have a lot of market share, have a lot of marketing. Sophos doesn't have that presence, that marketing. Also, when you have to think about prices, Fortinet gives customers everything and it's hard to beat.

The biggest issue I've found with Sophos is the small number of VPNs that we can do compared to a similar appliance with Fortinet or in the same level center. In fact, many other brands offer more VPNs than Sophos.

I'm a Sophos reseller.

We use multiple versions. We have worked with XG 460 and XG 135 and some others -such as XG 230. In those cases, sometimes it has been Rev 1 and in other cases Rev 2 in terms of the hardware versions.

I mostly work with on-premise deployments. The only item I have installed in the cloud is an email solution by Sophos.

I'd recommend the solution to other organizations. Overall, I would rate it at a nine out of ten.

I use the solution in my company as an edge device on our network.

The solution's most valuable feature stems from its ability to protect our organization's web servers.

In Sophos XG, the throughput for larger networks is an area of concern where improvements are required.

I hope the product comes up with some better prices and offers for the tools provided to academic institutions.

I have been using Sophos XG for two years.

Stability-wise, I rate the solution a six out of ten.

Scalability-wise, I rate the solution a seven out of ten.

There are around 200 to 300 users in our institution.

Though our institution plans to increase the solution's use, we are unsure about the vendor we want to approach.

I rate the product's initial setup phase a seven on a scale of one to ten, where one means it is a difficult process and ten means it has an easy setup phase.

The solution is deployed on an on-premises model.

The solution can be deployed in two to three days.

The product is expensive.

My company considers Fortinet as an option against Sophos XG.

The product has improved network security for all the networks in my organization. The product also offers endpoint security since my organization has been using the anti-virus software from Sophos for the past ten years.

Sophos XG's interface is very user-friendly.

The performance of Sophos XG's VPN to meet the organization's remote access needs is an area that cannot be discussed due to security concerns. Though the product can meet our organization's current requirements, we are considering alternate solutions since we have plans to improve our network.

The reporting and analytics functionalities helped identify security incidents in our company.

I recommend the product to those who plan to use it because it is easy to manage and solve network-related problems.

I rate the product a seven out of ten.

Sophos XG has greatly strengthened our network security and threat management. Its integrated EDR capabilities and seamless integration with firewalls, along with additional services like their NOC services, provide a comprehensive solution. With all these features working together, it is a complete package that ensures robust security for our clients.

One feature of Sophos XG that I found incredibly beneficial for threat prevention is its endpoint protection. It monitors all activities on our devices and effectively blocks any harmful files from infecting our machines. It has been a game-changer in preventing troubles for our customers.

While Sophos XG is a great product overall, there could be some room for improvement in its pricing since my clients usually feel like the product is on the expensive side.

I have been working with Sophos XG for five years.

Overall, the solution is stable, and we rarely encounter glitches. Any issues that arise are usually related to Microsoft updates rather than the Sophos software itself.

I would rate the scalability of the solution as an eight out of ten. The clients I work with who use Sophos are typically small enterprises.

I have worked with other firewalls like Cisco and Fortinet over my 20 years of experience. Comparing Sophos to other solutions, I have seen significant improvements over the years. While it may not have been the easiest or best software three years ago, it is continually getting better with updates. Overall, Sophos is moving in the right direction, becoming more competitive with its counterparts.

Installing Sophos XG is straightforward and typically takes around one hour for configuration, excluding the physical setup. Usually, only one person is needed to complete the installation and configuration process. It is quite easy to maintain it.

There was a time when our network faced a sophisticated malware attack that bypassed traditional security measures. However, with Sophos XG in place, it quickly detected and mitigated the threat before it could cause any damage. The seamless integration of software and hardware ensured there were no vulnerabilities or gaps in our defense.

The interface of Sophos XG is user-friendly and suitable for new users. It is continually improving, with updates addressing any issues promptly. 

Deploying Sophos XG has led to noticeable improvements in network performance. 

Overall, I would rate Sophos XG as an eight out of ten.

We are resellers.

The SD-WAN feature stands out as the most valuable aspect.

Fortinet surpasses Sophos in terms of support, particularly with its comprehensive five-one feature console. 

Additionally, there are notable differences between appliance models, including variations in hardware, utility, and product offerings. 

It is essential to compare these aspects to ensure optimal performance and functionality. 

While Sophos may not excel in the support aspect, it still provides satisfactory performance overall. 

However, other solutions may offer better support and resource availability.

I have been working with Sophos XG for three years.

Sophos XG is a stable solution.

Sophos appliances typically offer a fixed level of throughput, which means their scalability may be limited compared to more flexible solutions. 

It is important to consider this aspect when implementing Sophos for your organization. 

Technical support is good.

When considering master gold names, it is evident that they offer a competitive package.

I would rate technical support an eight out of ten.

Microsoft's protection has received positive feedback and strong on-site support from both customers and partners. 

Their response to cases, including targeted remediation, has been prompt and efficient. 

In certain instances, there is a reliance on Microsoft's expertise and direct involvement to ensure a satisfactory resolution.

The initial setup is straightforward. It is easy.

The price is reasonable.

The licensing cost in the final currency amount, is 163,080, with three years of support. 

Support costs are approximately 50 percent.

As for advice on implementing Sophos, it would depend on your specific requirements and the desired features you seek in a security solution.

Evaluating factors such as support, performance, compatibility, and cost-effectiveness is essential when making a decision.

It is recommended to carefully assess your organization's needs and consult with Sophos representatives or IT professionals to determine if Sophos is the right fit for your environment.

It is recommended to carefully assess your organization's needs and consult with Sophos representatives or IT professionals to determine if Sophos is the right fit for your environment.

I would rate Sophos XG an eight out of ten.

I am an integrator of this solution, and I have installed it in small- and medium-sized businesses and schools.

My company now spends less time tracking issues because of the security provided by Sophos XG in conjunction with Sophos Endpoint protection.

The security of the solution, thanks to the built-in unified threat management, is one of its most valuable features. Plus, one single pane of glass is all you need to manage the whole solution, and web management can be done from anywhere. If I get a call and I'm at home, I can open the solution in a web browser and address the situation.

I have been using this solution since 2013.

The stability of this solution is excellent. 

The solution is available in different sizes. As long as you purchase a version that is larger than you currently need, there is room to grow. If you purchase one for your current needs, then the scalability is not good and you're going to have to repurchase if you want to scale up. On a scale of one to ten, I would give this solution a five or six for scalability. 

I would rate the technical support as a ten out of ten. I'm a Sophos partner, and their partner support is excellent. 

Positive

I previously used Cisco Meraki, but Sophos XG has built-in web filtering and is a better overall security solution. Due to these features, I have tried to migrate as many of my schools to Sophos XG as possible.

On a scale of one to five, with five being complex, I would rate the initial setup as a four. If you don't understand the terminology and how Sophos designates the way they do things, then it is a little confusing.

Depending on the location, most deployments take a day. We leave the current firewall in place while we configure the new one, then we swing the cable over and fire up the new firewall. That way if we have to take it back offline, we can keep the client productive until we are done configuring the new firewall.

For deployment you really only need one person, and maintenance can easily be handled by one person, too.

The pricing depends on the size. Each Sophos XG solution is custom fit to the size of the client's network. For example, for the XG 135, you're looking at a yearly subscription. You can get a one-year subscription for a few hundred dollars, or a three-year subscription for $1,500-$1,600, so it's not bad. There are no costs in addition to the standard licensing fees. I would rate the pricing as a three point eight on a scale of one to five.

I've had schools running different firewalls with subscriptions and different web filters with subscriptions, and I've found that it is less expensive for smaller schools to run Sophos XG with its unified threat management instead of multiple appliances.

I have evaluated some other options. It really boils down to price, and I haven't had a chance to explore Palo Alto much. I've played with PortaNet a little bit, but I think that Sophos XG has better features for the price point.

For the standard end user, self-based training is necessary. When you get into the Sophos XG firewall and try to start creating NAT rules, it can be a little cumbersome for a novice. It's pretty easy once you know how to do it, but it will be hard for anybody who doesn't have experience.

My advice to someone purchasing this solution would be to look closely at the licensing package to make sure they get what they need.

For small businesses and small schools, I would rate this solution as an eight out of ten.

The prominent use cases for Sophos XGS depend on the type of customer. Local governments, schools, production companies, sales companies, and the finance sector use it.

It’s popular because it’s easy to manage, the cloud console is excellent, and it supports VPNs. It can also integrate with endpoints, though this is optional. Regarding threat intelligence, customers in Central Europe often prefer managing their threat hunting rather than using the more expensive service from Sophos. This feature is handy for large international companies with many employees. Threat intelligence requires separate licensing and is optional. Customers can either manage it themselves or purchase the additional service from Sophos, which includes further actions and is more expensive. Smaller companies often don’t have the budget for this.

One area for improvement would be including automatically generated certificates for HTTPS, which was available in earlier versions but might not be in the latest.

I’ve worked with Sophos XGS for over ten years, starting with Astaro and then Sophos.

Sophos XGS is not expensive and is scalable. It can fit small schools and companies with just ten employees, showing its flexibility for different sizes.

Sophos has two levels of support. The first level is qualified but may not handle complex issues well. I usually skip it and go straight to the second level for better results.

Positive

Deployment is quick and easy. Small installations take about three hours, and even remotely if necessary. It might take up to two days for more extensive infrastructures, including initial setup and follow-up checks.

Sophos XGS does use AI, particularly for sandboxing and analyzing suspicious documents in the cloud. It’s practical, as I haven’t had any major security breaches in the past five years.Overall, I’d rate Sophos XGS as nine out of ten. It has improved significantly over the years.