Sophos XG Reviews

You can use Sophos XG in small or large companies. In a small company we are using it as a router and firewall. In larger company, like in the Bangladesh government, they are using Sophos Firewall in various sites, including the Bangladesh Navy. Many of the sites are using Sophos Firewall as a router and firewall and also for security purposes.

Sophos XG Firewall is for security purposes and we are also using it as a router. Wherever we are deploying it as a router we are mapping and also port forwarding. More clients take it as a router and also a firewall.

Sophos XG Firewall is very usable, very easy to install, and very user friendly.

The features that I have found most valuable are the infiltration prevention and data protection. We provide immune security. There are also many features on the VPN. We provide a social VPN. We deployed so many features.

We are facing some problems on this firmware version, version 18, that require improvement. We want to improve the email security because it doesn't give proper security with the data protection. Also, our clients are facing some problems where most of the sites which they're accessing are getting blocked. I want to improve those sites, that email security, and the data protection on the Firmware version 18. Also, sometimes it gets frozen and we cannot access it. After we shut it down and restart, then it's perfect. That's a point that we want to improve. 

In the next release, I want them to please improve version 18 so that it has more features and is more user friendly and it should have a VRF option.

We are using Sophos XG for five years. 

Sophos XG is stable.

Maintenance, once it is established on the network, requires about two to three people dedicated to Sophos Firewall. We have to give about two to three days monthly.

Scalability is good.

We have about a thousand or more users and have plans to increase usage of this product.

The Sophos support team is good now.

Initial setup is easy. It took about one hour to do the initial setup.

I am an implementer so I deployed it by myself.

Sophos XG is on a subscription basis. We can take a one year or two year subscription.

On a scale of one to ten, I will give Sophos XG a seven.

We use this solution as our main firewall. We also use it for email security purposes. Within our organization, there are roughly eight employees using this solution. 

The user interface is very good. As we've been using Sophos for four years now, we're very comfortable with the GUI interface. In addition, the IPS is quite good. 

We recently updated our previous version; now, the security licensing fee is quite high. I don't know if it's a bug in the OS, but it's not been very stable after we upgraded to the latest version.

we have been using Sophos for XG for four years. 

Sophos is quite stable.

It's not that scalable but it's good enough for us. 

We are not very happy with the customer support they provide — it's quite slow.

A year ago, we contacted technical support regarding the high security licensing fees but they still haven't gotten back to us; they're still analyzing the log.

Support-wise, I would only give Sophos a rating of three to four out of ten. 

For us, the installation was very straightforward. We deal with a local vendor and they guide us through the installation process. We haven't experienced any issues setting up this solution. 

The price of Sophos is reasonable. It's not too expensive — I think it's worth it. Price-wise, I'd give Sophos a rating of eight out of ten.

Before Sophos, we were using Fortinet. Fortinet was also a good solution but Sophos was equipped with more features that we needed. 

Feature-wise, I would give Sophos a rating of seven out of ten.

They need to improve their support, overall customer care, and lower the security licensing fees. If they improved these issues, I would give them a higher rating.

 Before upgrading any Sophos firmware, be sure to contact the Sophos team and upgrade it according to their advice. Without their advice, I wouldn't recommend performing an upgrade.

I am a reseller.

It is feature-rich, I like the server authentication, and the reports are good.

The recent changes of the policy compared to Cyberoam are a little bit less user-friendly and complicated. Cyberoam is much easier to use.

Security could be better.

In the next release, I would like to see improvements made to the policy and simplify the policy-making, as the complexity of it makes it really tough.

I have been working with Sophos XG for more than six years.

It's a stable product.

It's more scalable than most, but like other products, a Sandbox cannot be scalable.

Our clients are small and medium-sized companies.

We get a local-level team for support. There is less support with Cyberoam.

Cyberoam is the first product I started selling. We sell Fortinet also. Customers prefer Fortinet.

There is not a lot of difference between Sophos and Fortinet, they are very similar but in a large environment, Fortinet is better.

The initial setup is really not a problem, but the policy-making is a bit complex.

The price is not reasonable. The price is a bit higher.

Cyberoam is better in terms of cost.

I always recommend Sophos but there is a Enterprise security concern so I prefer Palo Alto.

I would rate Sophos XG an eight out of ten.

Sophos XG protects our network from advanced threats.

VPN client list has a secondary client, so we need to use it without specific software for Sophos Connect client. I am using the VPN client list and it works fine.

There's an IP address delivery for our VPN client and a limited range of IP addresses. So this is a problem in the latest firmware release, but rather than using homework scenarios, we need a lot of VPN clients.

I have been using Sophos XG for a couple of years.

It's important to put together the VPN client features and others because we need to use this to improve the scenario and implement the IP address delivered to the VPN client. With another point of sale there, I believe that incorporating the two solutions is important to make the VPN client work.

We offer contact center services and have a channel to reach the product support team, and they are ready to help when needed.

We essentially use Sophos XG to protect our customers. Most of our customers use remote VPN connections. They also use the WAF protection for exposed internet WEB servers.

The web application firewall or WAF is very useful. Web application firewalls help keep your servers safe from hackers by scanning activity and identifying probes and attacks.
Using the Web Application Firewall (WAF), also known as reverse proxy, Sophos
UTM lets you protect your webservers from attacks and malicious
behavior like cross-site scripting (XSS), SQL injection, directory
traversal, and other potent attacks against your servers.
You can define external addresses (virtual webservers) which should be
translated into the "real" machines in place of using the DNAT rule(s).
From there, servers can be protected using a variety of patterns and
detection methods.

This function has been completely re-developed in XG, relatively of the UTM-9 version, and it works fine. I protect many internet web servers (IIS) for my customers with this function, due to of a lot of attempted attacks. It's a very useful and relatively simple to implement in Sophos XG.

Obviously, like all security systems, it is not a "fire and forget" configuration. It is necessary to properly analyze the system to be protected, create an appropriate policy and monitor its behavior once activated.

https://support.sophos.com/sup...

I think Sophos XG can improve some annex features. Like in DHCP, we can't make IP reservations in the range. We must reserve out of the range, which is not good. It will not be the same as the DHCP function in a Windows Server. We can't make an IP reservation in the range of the DHCP in the Sophos.

Better in the next release? I hope...

Sophos can also improve the debugging of the WAF function and provide a better resolution in the log, in the attached WEB log. The initial error doesn't appear. You must tail the console log to find the source pattern, cause of the error.

I have been using Sophos XG for about tree years.

Sophos XG is stable. I don't encounter problems that are typical with broken systems. But bugs in the system exists. Last example, I discovered a bug is in the asymmetric routing implementation. In a specific network configuration, asymmetric routing, with sub-net 25 doesn't work, but mask 24 and mask 26 works!!

But this is just a bug, and Sophos' support is very good to correct quickly, ASAP.

I only had a break function once because of the appliance BIOS. The Sophos support send me a new BIOS very quickly, and the problem was resolved.

I have a lot of issues with Sophos technical support. I still have some pending issues that need to be resolved. It's very odd in the beginning because your first contact is with the sub-part of another sub-part of Sophos based in India or Pakistan. It's very odd to have a quick connection with the second level or third level engineer at Sophos in UK.

I have personal contact with some security managers and the sub-part manager of Sophos support. When they don't resolve a problem quickly, I send an email, or I call my contacts Sophos UK, and it happens! They have good reactivity.

We start with Sophos UTM-9, the old version of Sophos firewalls, and then we switched to the XG.

The initial setup of the last version of Sophos XG is good. The initialization is very simple, but you must prepare it. You need an Sophos customer account , on the web cell, to declare easy a firewall.

It'll ask for an account, and you can create it in the interface, but it's better to prepare it before in the Sophos site, to have the account ready, for the first initialization of the firewall.

The deployment time depends on the system's complexity, the number of ISPs, the number of sub-nets, WAF functions and VPNs. 

It's normally very easy for a little company. A retail company with 20-30 computer-users, and a simple connection to the internet, it'll take about four to six-hours to deploy. If you need to fine-tune it, maybe two hours more. So like eight hours or a day to deploy.

Sophos XG isn't expensive compared to Check Point. Sure, Check Point is the Rolls-Royce of firewalls: It's great, it's fun, technically good tunned, but it's very expensive. 

But the specs and technical side of Sophos XG are close to Check Point, and the price is lower. It's better for our customers. I can do the same complex configurations with Sophos XG that I used to do on Check Point firewalls.

The main difference between Sophos XG and Check Point is keylogging and working with clouds. Both FortiGate and Watchguard doesn't have  in log packet analyzer to do so deeply. 

For me personally, Check Point firewall is the best firewall, because the log console is the power key of the firewalls. But Sophos XG is the main challenger of Check Point, I think. You can open the debugging packet analyzer, like a Wireshark, directly in the WEB log console. This function is a powerful tool and must be discovered, because it's very useful for quick debugging.

If I had to rank them, it's Check Point first, second, Sophos XG, and in third with FortiGate and Watchguard. We chose Sophos XG because it's much cheaper than Check Point.

I think it's very important to choose the right appliance first. Implementing a lot of things like VPN, IPS strong protection and WAF functions will stress more the appliance CPU. It depend also with the number of connections and number of users too.

Sophos XG is a lot of fun because you can change the appliance model without changing the configuration. You can back-up the configuration of the old appliance and import into the new appliance without spending hour for migration. It's powerful, and the new system is quickly operational.

Another key is VPN LAN to LAN in SSL, allowing connections to be set up much faster. Is this the end of the old IPSEC protocol? No, but it is a function which increases the versatility of the Sophos XG firewall.

Last, but not least, the virtual appliance works perfectly, in private or public clouds. Very simple to implement, work perfectly.

On a scale from one to ten, I would give Sophos XG a nine. 

Right now, we are using this product as a perimeter firewall just to deal with emails and to protect servers, as well as other equipment that is on the network.

What we found valuable is the way they deal with emails, as well as the way the bandwidth usage is shown. I find this information to be very interesting.

We are having challenges with social media because ever since this issue of COVID-19 came into existence, the idea of using online discussions has become relevant. Before this, they were not made the priority because they were not considered to be important. Now, we've discovered that we need to use a lot of these online applications.

We are having challenges when using Zoom with Sophos XG deployed. Our wireless network is not stable through the connection. More work needs to be done there, since the FW is doubling up as a wireless controller.

I would like to see improvements made to the display and visibility. I'm also using Sophos XG firewall as our wireless controller, but as it is now, I can't see my access points on the firewall. My wish is to see the Wireless network and reports also on this firewall cum- controller. 

We have been using Sophos XG for almost three years.

Sophos XG is stable and we have no problems with it.

I think there is a limitation on the issue of scalability, and it is related to the interfaces that we bought. Right now, all of the employees are using it. The traffic that passes through it covers close to 2,000 users.

For us, our bandwidth is growing so we may have to scale further, in terms of the hardware networking components.

We are constantly in touch with the distributor in Zimbabwe and they are excellent.

Prior to Sophos XG, we were using Cyberoam for our firewall. We switched because Cyberoam was acquired by Sophos.

The initial setup is very simple. It takes perhaps an hour to complete, which included importing rules from Cyberoam.

We completed some certifications for using this product, but for the implementation, we were assisted by IDSS. In some instances, we are doing the maintenance on our own. When we have a challenge, on a case-by-case basis, we might contact the vendor and may require them to come in and assist.

The issue of a recurring license is a hassle because every year, we have to subscribe. It causes us problems in our organization.

We are expanding and setting up a new data center, and I want to put a new firewall in. We have an interest in diversifying, in terms of vendors, so that we do not create a single point of failure in case one product fails. Ideally, we want to have different products.

This is a product that I can recommend for anybody who is looking for a firewall.

I would rate this solution a eight point six out of ten.

We use this firewall as part of our security solution.

The most valuable feature is the intrusion prevention system.

The two main areas where this product needs improvement are routing and reporting.

The security can be improved, as well.

I have been using Sophos XG for more than two or three years.

Stability has not been a problem for us.

I am satisfied with the scalability.

The technical support from Sophos is excellent.

I previously used the Microsoft Firewall. It is easy to use but it doesn't the IPS and malware detection capabilities that Sophos has.

The initial setup and configuration are not difficult for somebody with firewall experience. However, for somebody who has not worked on one in the past, it will be complicated.

We had assistance with the deployment.

The price is cheaper than that of some competing vendors.

Prior to implementing Sophos, I tried using a solution by Fortinet. However, it was much more expensive.

My advice for anybody who is implementing this solution is to ensure that somebody with firewall experience handles the deployment.

Overall, I find that this is a good product. That said, there are improvements that need to be made in the routing, reporting, and security.

I would rate this solution a seven out of ten.

• URL Filtering: because of the importance of controlling what and individual might access from the organization’s network. Sophos XG has 90+ categories, providing a level of granularity that eliminates the need to create customized categories.
• IPS (Intrusion Prevention System): because of the importance of preventing hackers from using exploits and other mechanisms that might compromise the network
• Anti-malware: Sophos XG comes with two anti-malware engines: its own and Avira, making the UTM more effective at catching malicious code.
• Control Center: an interface crammed with the most vital information like security issues, appliance performance, and Internet link status.

With a very intuitive and easy-to-use interface, it made it much easier to setup access and business rules, VPNs and to identify issues like Internet link outages and security issues.

Sophos XG lacks link load balancing options like ratio and spill over, both useful in some scenarios.

I also think they might consider improving the RAM of some of the appliances, since there are processes that are very memory intensive.

Lastly, I would say packet monitor is another area for improvement as it lacks capabilities like exporting the capture from inside the GUI tool.

A year and a half.

Yes, on the SFOS Version 15, I had to upgrade the firmware of an appliance since it had a problem with the JAMVM process (an apparently known issue in which that process consumes almost all of the CPU resources).

No.

I would say that Sophos Brazil has an excellent support team.

No.

It was very straightforward. And I credit that to the great job Sophos did on its OS interface, providing different ways of accessing the same option, hiding some of the complexities of a firewall system, and deploying it with many pre-built policies, objects and rules that for most of the environments makes it unnecessary to spend hours tuning the system.

Sophos is clearly trying to position itself as the market leader in the UTM niche. One way they are doing this is by having an aggressive pricing policy and this makes it a good moment to start using their products.

Yes, FortiGate.

Try to have the help of a Sophos Partner for the correct sizing and purchasing of an adequate licensing bundle.

In addition, I would recommend having a PoC in place in order to make sure that the solution is what the organization needs.

It is important to notice that the XG is available for a 30 days free trial and that there are virtual appliances available for the main virtualization platforms on the market.