Sophos XG Reviews

We use Sophos XG for a central firewall, with some branches making a VPN, but that's the normal deployment. Some clients use it as a proxy, but most of my clients use it as a gateway. We use Sophos to configure policies, work filters, application filters, and the SSL VPN and IPSec VPNs.

Because of the pandemic, the VPN is the most valuable feature. In Bolivia, the clients normally asked for an appliance with a web protection license or network protection and web protection license. These are the most common features demanded by our customers.

Some clients are also using the wireless solution and using XG firewall as a wireless controller. For those clients, this feature is a very important.

I used to work with Fortinet, and sometimes I see that the SD-WAN feature could be better because it's much easier in Fortinet. That area could be improved in Sophos XG as it's too complicated right now.

For example, I remember a case where the routers had to be configured by commands. It's not hard, but you have to read and investigate how to do that. The XG firewall works fine, but you have to read, and it takes some time to do it.

Sophos XG could also improve the floating area. I have more features in Fortinet, more visibility of the networking table, and the networking area. But in Sophos, you have to enter the CLA and display it. It'll also help if they offered more toll booths for VPN like Fortinet.

I've been working with Sophos XG for around five years.

I have no issues with the stability. No reboots are needed, and there hasn't been a problem with that.

The new enterprise models are scalable, and we don't have problems. I think it's fine.

I like their technical support. With Cyberoam, I remember the technical support used to work closely with us. They used to configure some features for us and help us resolve problems, but not just by email. They used to work with us and show us how to do it. I think that was nice, but in Sophos, they give us instructions and help us, but by email.

The initial setup and configuration was very easy for us. I think it's easier than the other options in the marketplace. The deployment time is relative. For example, if you're deploying for a client who has another firewall and have to integrate it, it'll take around two or three days. But if it's a new environment, you can deploy the firewall within two hours.

Normally, my clients look at Fortinet. Both have similar features, and sometimes Sophos is more expensive, or FortiGate is more expensive. It depends. But normally, I have clients that migrate from Fortinet to Sophos. They are used to working with FortiGate without a problem, but the main difference in our case is the support. Because as a company, SUPERNOVATEL, has more experience with Sophos to help our clients immediately. That makes the difference.

On a scale from one to ten, I would give Sophos XG a nine.

We are integrators. We integrate solutions for other our client's companies.

The most valuable feature is the central dashboard. It provides us with good performance.

When you utilize the processors, the device hangs. Many firewalls hang because of the high volume of loads.

If we are using the HP policy and the user policy at the same time, the firewall gets hung and it means that we cannot get clear reports.

We have mitigated the firewall with Palo Alto because Palo Alto is working on multiple environments. 

I would like to see the performance improved.

I have been working with Sophos XG for three years.

Currently, we are using the MR4 v18.

It's a stable solution.

This product is scalable. I would rate the scalability an eight out of ten.

So far we use this solution for SMB and enterprise companies.

Technical support is very good.

We are also working with Fortinet FortiGate and Palo Alto Networks NG Firewalls.

Palo Alto is the best product from a compliance point of view, and security. Fortinet is the second and the last is Sophos XG.

I have installed Sophos XG in multiple organizations.

The initial setup is very easy.

It took less than 10 minutes to deploy.

Sophos is very good for small companies because of the cost of the product compared to other solutions.

The price is reasonable.

I prefer Palo Alto Networks NG Firewalls to Sophos. Palo Alto is very good and the customers are happy. The hardware is customizable with multiple firewalls. I think that it is the best.

I would rate Sophos XG an eight out of ten.

This product serves as our current firewall solution, which is a network protection gateway.

This is a very simple solution.

It integrates well with Sophos Endpoint Protection, and we use the two of them to form a holistic security perimeter control. 

Software updates always come with issues. For example, I just upgraded to the next version, 80.5, and it came with VPN issues. It started dropping my VPN users. So, I had to roll back to before the software update. I think that the main area for improvement is the quality assurance of the updates.

The management console is a little bit rigid.

Scalability can be improved.

I think that it performs a little bit slow when it comes to connectivity, and having the speed increased would be better.

We have been using Sophos XG for the past four years.

This is a very stable platform. In the four years that we have had it, it's never gone down.

It is not a very scalable product. I would rate the scalability a seven out of ten because where you order it, it comes with prefixed ports. You will only have perhaps two for the WAN, and then maybe four LAN ports, and one console. In this regard, it's not scalable. 

When you buy it, you can't change the port configuration. In order to get more ports, you may have to upgrade to a bigger firewall.

We have about 130 accounts for approximately 80 employees.

Technical support for Sophos is very good and they have a big presence in South Africa. It uses something called Sophos Central, where support can fix the problem before you, as the user, actually finds it.

It is a very simple and very quick initial setup and configuration. Because it is a next-generation firewall, it does most of the rule development in the background. You just need to set up the basics and start it up.

For what you are buying, it's good value for the money.

Sophos is very good when it comes to pricing. A firewall has a lot of things to look for when you're buying it, including throughput and its features. When we purchased this product, Sophos was the best on the market.

In addition to Sophos, we looked at FortiGate, SonicWall, and Cisco. We were looking for a next-generation firewall, and Cisco was out of range because it was too expensive. We settled on Sophos because we already had the endpoint solution in our environment, and the price was very good as well.

Sophos XG is a firewall that I recommend because it's a very simple firewall. It's not complicated, and a LAN expert can just start using it and learn very quickly. Definitely, its usability is very good, and it's a very robust firewall.

I would rate this solution a seven out of ten.

Overall, everything about the solution works well. We haven't had any issues at all.

The features on offer are great. It has pretty much everything we need.

The solution is very user-friendly.

The product is very easy to explore. It has a very good layout.

I need to do a bit more research on the product. I can't think of any features that are missing.

The solution is tied to the US dollar. You need to pay whatever the equivalent is in your own currency, and, if the exchange is bad, it can really add to the cost.

We've been using the solution for three years. It hasn't been an extremely long amount of time.

The stability is great. We don't have any issues. I haven't come across bugs or glitches. There isn't crashing or freezing. It's reliable.

Technical support is quite good. That said, we really haven't had any issues with the product itself.

I used to use Fortinet. That was at a different company, however.

The solution is very straightforward to set up. It's not too complex. Sophos Endpoint is similar in that respect. It's easy to implement.

The pricing is a bit expensive. That is mostly due to the US exchange. If the exchange is bad, it's quite an expensive option for us.

We are Sophos customers. We're just end-users.

We also use Sophos Intercept X and Sophos Endpoint as well.

It's a good option. It's easy to explore and to use. Everything is pretty straightforward, especially if you compare it to other firewalls.

Overall, I would rate it at a nine out of ten. We've been very happy with it in general.

We are using this product as the firewall for our head office, so any connections going outside of the office go through it. We are also using VPN clients and especially during the lockdown, it was very helpful.

The feature that we find most valuable is the VPN, which ensures that people working remotely have a secure connection.

The email security and other security-related features are useful.

We feel that the GUI can be improved a bit because it has a lot of information and looks a bit outdated.

Nowadays, you hear a lot about next-generation firewalls, so some additional features can be added from an EI perspective. Products like FortiGate, for example, have a lot of features apart from the basic firewall. 

We would like to see integration with existing IPAM and IDAM products.

In the future, I would like to see new kinds of automations, as well as the inclusion of artificial intelligence-related features. A lot of other firewalls already have these now.

I have been using Sophos XG for approximately three years.

We have not had many issues, perhaps two or three of them, when using Sophos XG.

Scalability-wise, they have different models. With the requirements that we have, this firewall did a good job. It's still doing a good job in terms of performance. For a larger enterprise with a higher number of users, they can recommend other models.

Currently, we have approximately 100 users.

We have received good support. For the small number of issues that we have had, we received help from IT. This included assistance with configuring some additional policies. Whenever we reached out to them, they were very prompt in terms of responding to us.

Prior to Sophos XG, we were using a firewall by Palo Alto. The major reason we began looking for a different one was that the support was not very good. The firewall was pretty decent but whenever we wanted some help, it was a bit difficult to reach out to them. To summarize, it was not very prompt.

The initial setup was simple. Within one to two hours, we were done. This was not just the installation, but the complete configuration.

We performed the deployment with the Sophos team guiding us over the phone. It was not complex. There was one person from Sophos who was coordinating it, and it was done by our internal IT manager.

For the most part, I can say that we plan to continue using this product. However, we would like to see if they have come up with new models and what additional features have they been incorporating. With cybersecurity, I know there have been a lot of threats of late, so we would like to see some new technologies or new features being incorporated.

This is a product that I can recommend. My advice for anybody who is implementing it is to first try to understand what the major use cases are. People need to know that there are quite a few options, such as Fortinet, and all of them have different advantages. Sophos fits perfectly for a smaller group of users, with perhaps between a hundred and two hundred people. For larger enterprises, I recommend that they implement Fortinet or Check Point.

I would rate this solution a nine out of ten.

This solution does everything and anything a firewall can do.

I am tempted to say that all of the features are valuable. 

When you choose a firewall you have to make a strategic decision, much more than a tactical one. We decided that everything we use within it, goes through and it's got protection.

The dashboard is intuitive and user-friendly.

Training on the devices is an area that needs improvement. Their training mechanisms are not perfect, and this is where you lose a good appreciation of the product.

The documentation for implementation is not good. For example, when you look up the details on a firewall rule to validate it, the details are not there.

If you click on the help file, they say a zone is an area where you can define specific logical network areas. This is where they stop, with nothing more. If you want to go further into the concept of it, which you know there is, you have nothing. Then you have to revert to the internet and go onto newsgroups to try to see if anybody has had your type of experience. Then you find someone, they explain it to you then say, "Oh, it only makes sense". So, then when you want to implement this, it's much easier at that time. So, that's the best-case scenario that I can explain.

There is an area that is very specific to our setup, where working tools you cannot easily establish a VPN between two internal networks.

When you want to establish a VPN with different wizards, they assume that you're always going through your internet link. 

If you want to create, with the zero-trust concept, which is where you don't trust anybody or any device, you want to make sure that everything on your network is segmented and everything is relative, depending on its flexibility, behind its firewall or a firewall segment. At some points, you might want to establish VPNs between certain network segments. 

Since you cannot establish VPN tunnels from the Sophos interfaces, plus if you are doing something that's going through the internet, then you lose flexibility. 

Currently, let's say we have a factory V-LAN and you don't want anybody within the factory V-LAN to be able to connect to another unless it is to a specific V-LAN, and you want to use VPN technology, you can't do it because you can't establish the connection again between two internal interfaces.

I have been working with Sophos XG for six years.

It's a stable product.

In regards to scalability, it's difficult to ascertain at this time because we haven't scaled it necessarily. 

The use cases that we have are very particular, and we're not in a mode of having scaled it yet. We have approximately 100 users in our organization who are using  Sophos XG.

Their support, we have a mixed review of it. It's good, but where it's bad, is because they're an international company that relies on many different continents to be able to get the support at different levels.

When we get into the people that are from India, that's where the support becomes not as efficient as we would want it to be. They have different rules of operating under and they don't show themselves to be flexible. Whereas where I am, currently I'm in Canada. When I speak to the support people within Canada, they're much more flexible when it comes to trying to follow us up on what we're trying to do and get the thing working. They're more flexible.

It was a combination of 75 percent straightforward and 25 percent complicated.

It's approximately $6,000 for each device. We have three devices and it was somewhere around $18,000.

I would recommend Sophos XG to others who are interested in using it.

I would rate this solution an eight out of ten.

I am using it for unified management.

I like the firewall, inbound, and outbound modules the most. The VPN feature also works well. It is very easy to configure rules in Sophos XG.

We have got local service here in Zimbabwe from Sophos, which is something that I like a lot. We have got good local support, and they come on-site when we have any challenges.

Sophos provides a lot of good training all around Zimbabwe. They are quite dominant here, similar to other solutions like Fortinet or WatchGuard.

When you are using it as a controller for the wireless access points, it doesn't perform well.

It is not suitable for the public cloud. It is more suitable for enterprise data. It is not really the equipment for cloud data centers. I am looking for a data center firewall.

I have been using Sophos XG for more than five years. I started with Cyberoam, which was bought by Sophos.

It is stable. I have managed to secure my network. It has been good so far.

It is not so scalable. If you want to upgrade, you have to buy another appliance. I don't see so much scalability. You can only change a port from 1 gigabit to 10 gigabits. There are other solutions like Fortinet that are more scalable.

Their support is good. We get local support from them.

The initial setup is straightforward. The deployment took two days.

The pricing is flexible. Sophos looks at a country's economy and offers flexible pricing. This is how they have managed to penetrate the market.

I would definitely recommend it. It has good support and training.

I would rate Sophos XG a seven out of ten.

We use the solution as an internet firewall, and a VPN concentrator.

It streamlines the process of creating VPN access for users. Because of the AD integration, it makes it very easy to manage these users from different locations from a central source. It also helps us to get a good idea of what our risks are, or if there's any risky activity going on with the users. 

The SSL VPNs are the most valuable feature for me. I have a lot of systems out of the head office that need to connect to the local networks, and they all connect via the Sophos VPN client.

The initial set up process can be a little tricky, especially when you are registering with Sophos and you have a poor internet connection. Setup is not necessarily complex, but it's not trouble-free. You do have connectivity issues at the initial setup with registering the device on the Sophos platform to access the advanced features. It doesn't always go through the first time around. That may be an issue with the quality of our connection. I'm not sure exactly what it is. 

The single sign-on client I get maybe a 60% success rate on. There are times when it will use single sign-on for verification of users to access Internet resources. It still doesn't always catch the user. The user gets sent to the web login. Even though the single sign-on is helping, it doesn't always work. 

I would like to see a better single sign-on performance. I'd like to see a more streamlined way of managing your licensing as well.

There are no issues with stability. It's a very stable system and you almost never have serious problems for any reason. It's only when you do an upgrade that you have to restart. Stability-wise, for the on-premise solution, I'd give it 4 stars.

Once you've bought the specific version, you are locked into the limitations of that plan. You can't exceed the number of VPNs, connections, etc. There's no way to increase that capacity, per se. You do have options where you can increase the port count and so on. However, in terms of scalability, you have to buy the capacity you require.

On the system I have now, it's not fully populated, but we have about 100 users. The plan is to eventually support about 1,400 users.

I don't use the solution's technical support. I typically just use the documentation. There are lots of guides and videos available. In most cases, I search the guide. There's a step-by-step guide to deploy so I don't have to contact technical support.

The initial setup isn't hard, but it can be tricky. Since I've been using several Sophos devices, I now find it's fairly simple. I get the deployment done in two hours, including integration. For others, it may take about a day to get everything done. 

There's almost no maintenance. There's really only the requirements of adding users and populating VPN connections. One person does that on a part-time basis.

I handled the implementation myself.

We do see an ROI. It would be the cost of the support. If I had to hire a CCNP in Nigeria, I would be paying about $10,000 per annum for a CCNP minimum. For a less experienced person, I can get for about $6,000. I am probably saving about $4,000 a year in personnel costs from going with the XG rather than the ASA.

We are paying about $1,500 yearly for the Enterprise Plus. As far as I know, there aren't costs above this standard fee.

We evaluated Cisco ASA as well as the FortiGate before ultimately choosing Sophos.

I chose Sophos over FortiGate because I'd already had experience with Cyberoam and it was a fairly similar migration in terms of configuration from the UTM over. But in terms of features and capabilities, I think FortiGate is pretty similar to the Sophos. Cisco ASA I choose not to go with because it's much harder to configure. I also needed to be able to have someone other than myself manage it and not need to have someone with CCNP sitting down just to add VPN users etc. I felt that the Sophos solution was a better option because it gave me all the functionality of the ASA, but it's much easier to manage.

We use the on-premises deployment model.

We definitely plan to increase the usage and also add high variability too. Right now, it is the main internet gateway and firewall for my network.

We're using both Sophos XG and Sophos UTM.

I would warn those considering implementation that, once you've got it, you're stuck with it. You can't really increase the capacity very much beyond what you have. It's always good to have the expertise available to take care of the box because even though it's a lot easier than the Cisco ASA, you still need someone that has a little expertise in managing it.

You can get very good performance without spending all of your money and without having to send a lot of high-end techs in-house to monitor processes.

I would rate the solution nine out of ten.