Sophos XG Reviews

Our primary use case of this program is for antivirus and security purposes.  

What I like about this program is that it is easy to use and easy to manage.

Sometimes we experience difficulties with our server and that is usually due to a bug. Somehow bugs seem to find their way through Sophos' security. The issue is usually resolved when we contact technical support. In the next version, I would like to see an improvement in this. The developers should test everything after any update to ensure that bugs don't come though with the update.

I've used FortiGate before and I would say that Sophos is just as stable, both being around 70% as stable as other products on the market.

The scalability is good. We have 300 to 400 antivirus end users, and our company has around 1,000 users. We do have plans to increase usage because we are growing our projects around the world to countries like the US, Germany, Pakistan, India, UAE (Dubai) and Egypt.

The technical support is okay. Whenever we call them with an issue, they come to us and resolve the issue. Sometimes they take time, but I still think it's good. I will rate the technical support eight out of ten.

We only use Sophos because it can integrate with other product like FortiGate and we can easily connect the two programs. This makes the program scalable and easy to use. Many other products on the market are not compatible with each other and that is why we chose Sophos. 

The initial setup was rather complex but we had no issues with the deployment.

We bought a license for three years and we will renew it but I think the price is too high. If it could be less expensive, more end-users or partners will be able to afford it.

It is a good product and I will definitely recommend it. I rate this product a seven out of ten. In the next version I would like to see an advanced level and not only a basic level. Nowadays it is a very useful feature to be able to upgrade.

I use Sophos XG as a content filtering, web filtering, and application filtering utility, as well as to integrate with the endpoint antivirus software. 

I have Sophos Endpoint Antivirus installed on the user machines as well, i.e. the Central Cloud Management version. That's our main use. 

Sophos XG has cybersecurity. It integrates with the antivirus software.

I have a serious problem because our offices are scattered around the world in very remote areas. We cannot deploy proper branch office guides, active directory sites, and software services. 

It is impossible to apply any sort of group policy on the user machines, which makes it very hard to control issues like USB ports, access to cameras, or access to any preferences on the user machines. 

With the integration between Sophos UTM and the installed endpoint antivirus, you can now manage all those features from your cloud subscription. You can allow and block whatever you want from the cloud. 

You can allow whatever USB ports you want for specific devices with specific IDs, serial numbers or modems. The machine gets updated online or updated from the antivirus settings, i.e. the UTM unit itself.

The UTM unit itself has a cache update on it. Once the clients behind the UTM get updated, they get access or they get denied access to the hardware resources they are applying for. This is a major benefit for us.

The application filters available with Sophos XG are brilliant. The sandboxing and the way the firewall or the UTM integrates with the installed endpoint antivirus clients on the user machines is brilliant. You get the chance to isolate network threats before they become active or become distributed on your network. 

With the cloud version of Sophos XG, you get the proper visibility of your network and the user machines. With the cloud versions of the antivirus, i.e. the cloud central management of the antivirus, you get high visibility.

With the application between the installed Sophos UTM, you get a high level of visibility of what's happening on your network or on your client machines. You get protected against threats. You get proper visibility. That solves a major issue.

There was a big issue with the Cyberoam and with the SG units as well, i.e. the previous Sophos UTM model. With Sophos XG, you get the chance to block what sites operate on SSL or that operate with HTTPS, without the need of extracting and distributing a certificate. 

On older Cyberoam and Sophos SG old versions, if you wanted to block something like YouTube or Facebook or any other websites that operate with HTTPS, you had to extract the certificate. Then you had to export that certificate. Then you had to re-import that certificate in all the user browsers. 

The only problem was if you needed to use an active directory where those certificates would be automatically thrown into the user browsers once they logged in to the domain. 

For a scenario like mine where you don't have a group policy, it is a disaster and ends up with you setting the rules to block certain websites with HTTPS on the firewall, even while they are not being blocked so that the user will still have access to them. This problem is now 100% sorted out with Sophos XG.

Now you can actually block whatever you want, whether it's using HTTPS or HTTP keys from the firewall without the need for extracting certificates. That's a major improvement. That problem with the HTTPS settings was a huge issue. 

I know other people must be enjoying that it's sorted out now. It was a serious and major issue for Sophos. The only issue that Sophos XG now needs to improve is the product's reporting capabilities.

Sophos XG is stable enough for our requirements.

We have about 450 Sophos XG users currently using this edition and 300 for the antivirus platform installed on the machines, plus in-service, around 310. We also have around 15 additional units deployed around the world.

I'll give Sophos XG technical support an eight out of ten for their service.

I used Cyberoam previously, although I always used it as a UTM only. What made me move to Sophos is that they were acquired, i.e. they acquired Cyberoam to start with the development. At that time the software had many features that were not available with FortiGate, in terms of content filtering, and it was an appliance when Websense was the software to be installed on a server. 

There was a problem with our operating system with some of the updates, i.e. with the operating system or the hardware. I moved from Websense to Cyberoam because it wasn't applying properly.

The initial setup is definitely something different than the old Cyberoam and it's a bit complex. If you've been dealing with UTMs and you understand the concept, it is still complex but then I find it enjoyable.

Sophos XG is not hard to configure. Too much detail is always good. 

I required three or four hours for the initial setup. One day for the testing, fine-tuning, optimizing, and categorizing. Three days for the first unit with the initial setup and the customization including testing. Finally, three days for testing all the rules, the QA, and then putting everything live. 

I used to work for an integrator myself years ago, as well as my team. We are all trained. We are all professional in what we are doing. No external help was used.

Our ROI is 100%. I've got the ransomware attacks being blocked. I've got the users' consumed bandwidth by using proxy bypasses and all sorts of applications being blocked now. 

It's saving on the companies and the employees working hours and time. It's saving on minimizing virus infections and applications that the users like to use on their machines in order to bypass blocking USB ports or cameras. 

It is saving the company money by saving bandwidth and saving employees time by not allowing them to access time-wasting websites.

We have the annual license for Sophos XG. It all depends on what you would like to have in the package that you are purchasing.

I evaluated FortiGate but wasn't happy with it. I evaluated another group called WatchGuard. WatchGuard has good features in it, but it's for a smaller business scale than the Sophos clients.

I evaluated Cisco ASA or PIX but now, I use Sophos XG as the firewall. I have confidence in their unit. Before Cyberoam and Sophos, I used FortiGate and Websense for our UTM requirements.

I recommend that everyone should have a proper understanding of new network requirements and then enjoy it. Sophos XG is definitely a good product.

On a scale of 1 to 10, I would give Sophos XG an eight.

Our primary use case for this solution is to act as the main broadband device in our data center. The XG 210 model is being used for a hospitality solution.

The main improvement for us is with our email. The email options and email security features are good. 

We have found that the simplicity of the XG 210 is its most valuable feature. There are a lot of options available for the default firewall rules, such as email and web, that are used to secure the network.

I like all of the options, but the most important thing is that it is easy to understand how to configure everything, compared to other firewalls.

We are having a lot of issues with conflicts and user sessions, and Sophos has suggested that we change the device to the XG 400.

Aside from these issues with scalability, the email security features are good, but there are not many options. We would like to know why an email is being blocked, and how we can allow delivery. It does not keep emails in the queue for delivery. It can only log whether it is delivered or not delivered. If I need more details then I have to log in using SSH to get that information.

When an email comes in from the outside it is detected. When we check the log it only tells us that it is not delivered. We would like to create an exception, but there are not many options available for this. For example, a domain space is not allowed. Only the user name can be used to do that. We need a domain-based exception for email.

Next, the XG 210 is easy to configure, but when we are looking for more details then we can only get this information through SSH. It is quite difficult. If we can get all of those details then it would help us to understand, so this needs to be improved.

There are a lot of options and it gets confusing sometimes. If they can give limited options, with more information, then it would be good for the large sites.

The product is stable, but by stable, I mean that we still have issues. The issues are more technical, which is why they suggest that we change the device to fix the problems.

Our main data center has more than seventy servers that host a web server and internal applications. This is where we use the XG 400.

We have installed the XG 210 model at a smaller data center. We have between three and four hundred users at the most. However, because we have more than three hundred sessions, the vendor has suggested that we change to the XG 400. We do not yet know if this will fix our problem.

At our remote sites, we use the XG 135 model, and we do not have many issues.

I am not sure why Sophos suggested using the XG 210 model after doing a site check, but we are facing issues and they suggested that we replace the model.

When I call, I have to wait for at least one to two hours to reach them. Sometimes they will pick up the call immediately, but most of the time they will not. I usually have to wait one hour before they pick up the phone.

When a ticket is created we have to wait three days before getting a reply from them. When they create a ticket for a critical issue, the response is delayed. This is a new device, and we expect support from Sophos. At least the partner should support the product, but the partners are always looking for money. Even if they deploy the device, for example, the XG 450, then they only offer support for one day. After that, there is no support.

We have been using the Sophos XG 135 model at our remote sites and it works.

This year we deployed the XG 210 model at our data center, but prior to this we used Barracuda. We switched because Barracuda is too expensive. The options are very limited because you have to pay for each additional option. Each one represents a different service, like ADP (Active DDoS Prevention) or firewall. In contrast, Sophos is only a single payment, so we switched even though we lost some options that we liked.

The initial setup is very easy.

Our deployment took only two to three days. The problem is that we had a lot of issues, especially with the email. The SMTP did not work, so I could not continue with the deployment. It took between fifteen and twenty days to resolve this. I do not know what they did to fix it, but we were delayed between twenty-five days and a month.

We had contacted the Sophos partner for help, but they were not able to fix our issue. After the problem was resolved I re-initiated the deployment. Only one staff member is required to maintain the solution.

Even when you purchase the product from Sophos, they ask for a separate contract for support which is on an hourly basis.

For licensing the XG 210, we paid approximately $3000 for three years. There are no additional fees on top of this.

Other than the Barracuda and the Sophos models, I did not evaluate other solutions.

Because of the problems that we are having, I cannot recommend this solution to anyone at this time.

I would rate this solution five out of ten.

Sophos XG is an on-premise next-generation firewall with comprehensive features and the console is centralized on the cloud.

Sophos XG could improve Data Loss Prevention(DLP).

I have been using Sophos XG for approximately two years.

Sophos XG is a stable solution.

The scalability of Sophos XG is good.

We have approximately 20 users using the solution.

The support is a bit behind compared to other vendors.

The installation is straightforward and only took one and a half hours.

We have one or two people for the deployment and maintenance of the solution.

My customers pay a license for one or three years to use Sophos XG.

I would recommend this solution to others.

I rate Sophos XG a nine out of ten.

We use the solution for incoming and outgoing computer traffic. It has advanced Samsung features, which means it adds IPS to each of the packets. It creates different zones and manages of each of them individually. It can also be managed from the central cloud solution, known as the super central. It works with most devices. 

The server comes with web server protection and and provides application, email and avenue protection, meaning the solution boasts many features. 

The solution is really cool and has a very user friendly GUI. 

It comes with a common bundle which comprises all the feature. There is no need to get one edition, just the license. With Cisco, I must get different bonds and types, but Sophos XG has all the bundles in a single box. 

While it is possible to configure between two of the solution's devices in the same model, the high available usually fails. We are talking about when there are two devices running concurrently. When it comes to the traffic, there is a distribution of load balancing and the upworking. This is what is meant by high availability. 

I have been using Sophos XG for three years.

The solution is definitely stable. 

For sure, the solution is scalable. 

We did not use a different solution prior to Sophos XG. 

The installation is extremely straightforward. 

Deployment takes one hour, tops. 

Installation can be done on one's own. 

The same holds true of deployment. 

There is no need to get one edition, just the licensing, as we are talking about a common bundle which encompasses all the features. 

Unlike Cisco, which requires the purchase of different bonds and types, Sophos provides all of the bundles in a single box. 

I would recommend the solution to others. 

I rate Sophos XG as a nine out of ten. 

The most valuable features are its nice interfaces and configuration. The endpoint is also very good.

Areas for improvement would be the access points and the on-premise version, which is very bad.

I've been using this solution for two years.

The technical support is very, very bad.

Sophos is about three or four years behind FortiGate. I would score this solution nine out of ten.

We are resellers of Sophos XG and I'm the company's managing director. 

I like the firewall endpoint and email encryption that Sophos XG provides.

As with solutions like Palo Alto and other firewalls, the SD-WAN needs to be rigorously and aggressively improved because when we provide this solution to our customers, it often fails at the network security level. 

I've been using this solution for seven years. 

The stability of this product is good, we've never had any complaints from our customers. 

The scalability is fine. 

Licensing costs for this product are reasonable. 

I rate this solution eight out of 10. 

The solution acts as a filter. 

A valuable feature involves the solution's manageability. 

Even though things work on the back end, we have encountered bugs in the solution. 

User interface and integration can stand improvement.

I have been working with Sophos XG for two or three years. 

Owing to the fast and adequate response time we get, we do not have complaints about the stability. 

Scalability is not an issue for us, as we are getting the requisite support, with fast response time. 

The price is good for the moment. 

We are a provider of services to our customers.

I would recommend this product to others. 

I rate Sophos XG as a seven out of ten, owing to the bugs we have come across.