We are a solution provider and this is one of the security solutions that we implement for our clients. The primary use for Sophos XG is to secure the internet for an organization. It does a bit of antivirus scanning, application filtering, web filtering, and normal firewalling. Security, obviously.
Some of our clients also have Sophos UAP and access points are also included in Sophos, which is the same with FortiGate.
Sophos XG is easy to manage. You've got the cloud logging and you can manage all of your Sophos firewalls from one cloud, the Sophos Central Portal.
The most valuable feature is endpoint security. If you want to install antivirus and firewalling on endpoints, then Sophos is the best option.
What I don't like about Sophos is that applying policies can sometimes take longer, and there can even be a bit of a network interruption. With FortiGate, it's just one click and then you go, but with Sophos, sometimes the wheel keeps spinning for several seconds.
The SD-WAN capability is not as good as it is in FortiGate, and is something that should be improved.
I have been working with Sophos XG for approximately two and a half years.
Stability-wise, it's almost as good as FortiGate.
I've been selling FortiGate for 10 years and Sophos for two and a half years. I think that Sophos is just about on par with FortiGate. We just had a small thing with a client, but I don't know if that's really going to be reason enough. In terms of stability, I think they are quite good. The issue we had was the locks, and it was causing slowness or interruptions, but that was really not an issue. It's a small thing.
Sophos XG is very scalable. You can go from small to large-sized use cases.
I think that the technical support is very good, and similar to FortiGate,
I actually dealt directly with a Sophos engineer and I must admit, they've been very fortunate that the guy can help even on the weekends and so forth. I'm very impressed with that.
I primarily work with FortiGate, but I am currently dabbling in OPNSense to see if I can learn it. I've also installed Cisco in the past, as well as Sophos.
Although about 80% of our clients ask for FortiGate, some of our clients ask for Sophos instead. For example, there are some banks and commercial institutions that ask for Sophos.
Sophos is better than FortiGate with respect to endpoint protection.
The initial setup is as easy as it is with FortiGate. These products are definitely easier to install than a solution like OPNsense because it is just a hardware appliance.
The price of this solution is mid-range. Obviously, it will never beat OPNsense because that product is available free of charge. Sophos XG is not expensive for a firewall, especially when you compare it with Check Point. Check Point is a really expensive product.
Sophos XG is a bit more expensive than companies like BitDefender and Kaspersky, but their endpoint software is very good.
The suitability of this product depends on the use case. If somebody wants to have full endpoint protection then Sophos is the best choice. If they just want a normal UTM without endpoint software, then FortiGate is slightly better, but only slightly because of the SD-WAN capabilities.
I would rate this solution an eight out of ten.
The primary use case of this solution is to protect the perimeter, the edge of the network, as well as providing anti-virus protection. There are also RED devices that can be deployed and connect to Sophos and they go back to VPN connectivity. We've mainly worked with schools which is different to working with companies because they have particular guidelines to follow. I'm an engineer/revenue development manager and we partner with Sophos.
In terms of hardware, I think Sophos is definitely the easiest to work with. It's very intuitive and easy to learn how to use. The reporting feature is great and they have great customer support.
In terms of improvement, I think the UI could be faster. Sometimes the system freezes and there's a lag. It seems there were some issues with the firmware but it's not a big problem. The user interface could also be improved. It would be great if they could include a little bit more bandwidth management. If they would integrate FatPipe into their product, it would be closer to what Fortinet does.
I've been using this solution for 12 years.
This is a very stable solution.
Sophos has different size appliances, so they're scalable regardless of whether you have 10,000 workstation nodes to any device down to the 1/10, which will provide up to 100 nodes. It's very scalable. I have implemented this mainly in K through 12 educational institutions and some other types of accounting businesses as well as in a wide variety of organizations and companies. In terms of physical maintenance it's a matter of once every six months blowing out the fans. The rest is done for you with Up2Date, which carries out all the firmware upgrades, and rolls it back if there's a problem. Once in a while, an update will get stuck and you'll have to manually push the update.
Dealing with Sophos technical support is a very easy process, from the regional business directors all the way up to the president. They have very good people and their customer support is amazing. That's one of the big things I love about Sophos. Their customer support and the group of people that run that company are amazing people, great people. I've never seen the support on any other platform that I've seen with Sophos.
The initial setup was very straightforward. They give you an 800 number to call. The licensing portal has improved greatly over the years. So Sophos now has a new license platform which makes things a lot easier than previously and you can now buy individual licensing.
I haven't evaluated other options but I know that Fortinet does much more in terms of protection and uses AI. They do a lot more now they have another platform that sits in the cloud and provides clients with AI, whereas Sophos only recently implemented AI. Fortinet has a much better reporting function, but Sophos has stepped up and is now providing the customer with the information they need to feel secure in the product.
My advice would be to download the VMware and get to know the interface because running one of these devices is probably not as difficult as you'd think. If you have an onsite level one user, YouTube has online training and Sophos support will help you through it. It's a very easy device for a level one engineer to manage. My advice is to download the free VMware for 30 days and then either buy the platform or install the VMware product.
I rate this solution a 10 out of 10.
The solution is primarily used to secure networks, just like PSF, but much better. Sophos XG has a UTM, which is much more security inclusive than a firewall, as it takes a look at the threat management landscape from a unified point of view. They have a firewall and they have an IPS inside the same box. They have a sandbox, they have a web filter, they have a web application firewall, they have a mail gateway, and they have a DMP. These are all inside one box. It's excellent at protecting networks from security threats as well.
The solution offers everything in one product.
It's excellent at protecting networks from malicious threats.
The solution is very easy to use and straightforward.
Once you get past the license activation, the installation is easy.
I would like to see the technical support improve. They have the worst technical support I have ever seen in my whole life.
The initial setup, specifically when activating the license, is a nightmare and is quite difficult.
I've been using the solution for five years now. It's been a while.
We're a distributor, however, the company is still quite new. At my last company, I had 150 clients on Sophos.
Technical support is just awful. They are not helpful or responsive. We are not satisfied with the level of support on offer. They need to improve this aspect. They simply do not reply.
They have very bad response times. It's very strange. Before, when I was dealing with Cyberoam, before Cyberoam was acquired by Sophos, it was good. Now, it's Sophos XG, and, while Cyberoam support was amazing, Sophos support has just gone down the drain. I don't know why.
The initial setup is a nightmare. The installation, getting the box to get up and running, is a hectic process, due to the fact that the box basically would not activate any feature unless the license is activated. And the license is only activated with the cloud. When you are doing that, it's just a sort of a nightmare. Now they have a new feature in which you can just create a license and you can activate the license on the appliance. However, generally speaking, it's one of those appliances that, if it's not registered on the portal online, won't even start. It can be a nightmare sometimes. That said, after the license is activated, it's just plain simple and easy.
I previously was an implementor and would set up the solution for clients.
You need to pay for the license. You need to pay for the hardware as well. The cost depends on the model of the hardware and on which license. They have different editions, and licenses you're going to go with. They have different modules, and the cost depends on which modules you'd like to activate for security features. Not everyone will buy Sophos to utilize all the features. Usually, it's just the firewall, and IPS, sandbox, and the web filter that people are looking for. Not many people have Sophos or VM servers on-prem to protect them.
We use both cloud and on-premises deployment models.
Now, I am using the solution personally at home, however, before, where I was working, I used the solution for three years, specifically implementing Sophos XG for customers.
I'd rate the solution at an eight out of ten.
I'd recommend the solution to other users and companies. For small and medium businesses, Sophos is a good security vendor.
The solution is primarily used as a firewall with all the "next Generation" functionality. We sell this solution to our clients.
I prefer the solution to other Firewalls as it is very intuitive to manage.
The product offers a more complete set of security functionality at one price . It differentiates more in objects to protect like web server protection or email protection.
Troubleshooting is easy with XG Firewall because of clear arrangement of troubleshooting features in GUI. I like the ease of use.
The Base License includes already VPN, network protection and web protection functionality and you have a wireless controller on top. The data stream analysis and security features are built-in; these are the main features we need these days.
The user interface is very good. It's already quite simple and easy to use.
Recently, I've had a problem with updating firmware. Updates should be more stable . The last update I did was not successful and ended in a unusable device. Also the support case i opened for it could have been more effective.
I don't use all of the features and therefore it would be difficult to evaluate if anything is missing.
I've been dealing with the solution for around 12 months or so. It's been about a year at this point.
From the update side, the last update didn't run successfully and this is not good for us as the customer needs this device to access the internet. If this device is failing and it has no connection to the internet it is a great problem for the customer.
It may be possible to implement a second device in a fail-over cluster and this would avoid such a problem as then if one device fails in the updating process, the other device could be take over, and so it would be not such a great problem. That said, in this scenario, you have to sell two devices. That would be the best way to ensure stability, however.
The scalability of the solution is limited according to sizing. You buy one device with specific performance parameters, which should be equivalent to the customer's needs, and this device is not able to customize to a higher level. If you need to grow, you must buy another device with higher parameters.
In our case, the customers we work with have small setups. They aren't large organizations. Sophos told us about a sizing guide in the future.
We are a reseller and our first and only support case was not very effective. It should not be used as a guideline.
We also resell Cisco products.
The initial setup is not overly complex. The process is straightforward. A company shouldn't run into problems but need a understanding of the device and the functions.
The deployment process depends on the requirements. A good planning is beneficial.
The pricing is good due to the fact that you get so much functionality from one overall solution. The base license covers all features you need to protect against threats from internet. Setting up the device basically is intuitive and there are a lot of help from internet community.
We are a reseller of both Cisco and Sophos.
We're using the latest version of the solution for our clients.
I'd rate the solution at an nine out of ten. We've been satisfied with the product, however, there is still more they could do in testing updates.
We do not have a primary use case for this solution. We are using Sophos XG to configure wireless networks. Some of our clients have Sophos XG integrations and we are using the MAC filtering on it.
We also use the Sophos XG antivirus, content filtering, and as a secure email gateway.
We have a bundled license with an email security subscription. We also use the free Sophos XG VPN.
What sets Sophos XG apart from other vendors is the solution's dual antivirus. We enabled the Security Heartbeat feature, which synchs endpoints with the network layer antivirus; they work as a single unit. If there is a virus attack from outside world, the firewall handles it. If a virus comes when the network layer is idle, the endpoint protection takes care of it, which is why we are using this solution in our office scenario.
The solution is not vulnerable and that is the most important aspect of it for me. We deployed the Sophos XG firewall on the Edge browser and everything that comes in from the outside world as a potential threat is handled by the firewall.
I'm satisfied with the user interface and the solution's security level. They have a sandboxing solution for zero-day threats and a real-time cloud solution with millions of tags. I think the number at this point is four million tags. This is a good features in Sophos XG; it provides more security against new attacks, which are generated every day.
I don't see any drawbacks to this solution at the moment. I know of other products that have more features and are more advanced stages, but ultimately, an organization's choice of software depends on its budget. If you have a small amount of money and you want to secure your network, Sophos XG can provide you with network security. Sophos ZG is a mid-range solution. There are solutions that are above it in terms of features on the market, but they cost more money.
They could work on their technical support to make it more productive for the end customer. Some of my friends and colleagues have had unfavorable experiences with the tech support taking too long to close their ticket. However, I opened two cases this week and both have been resolved.
I have been using Sophos XG for five years.
My impressions of the solution's scalability is that it varies depending on the model or capability of the box. When we have clients that want to deploy a small box on 200 or 150 users, we suggest that they get a box that's better able to cater to problems and their traffic. If a customer has 35 or 50 users, we will propose just a small box.
We are facing some technical issues with Sophos XG right now. We have already escalated this issue with the Sophos technical support. They seem to be working on it.
We are satisfied with the technical support. They reply quickly to our queries, but sometimes take time upgrading their systems.
The initial setup was not complex. I was new to the solution when I deployed it and I didn't face any problems; it wasn't a hassle or challenging for me.
I did not evaluate any other options.
This is a mature product. It has a good Gartner rating. It is best for the enterprise level, for the SMBs. Anyone can deploy according to the needs of their customers.
Sophos CG is cost-effective, which makes it really suitable for SMB. If you want basic security and more embedded features, go with Sophos XG.
Most of the clients use it for web filtering, application control, SSL inspection, and VPN. We have on-premise and cloud or virtual environment deployments. On the cloud, Sophos XG is on Azure or OVH.
The most valuable is the synchronized security between Sophos XG and Sophos endpoint because it provides a lot of visibility about unknown applications. The endpoint shares the information of unknown applications, and you can learn about those applications and create policies to allow or block those applications.
Everything is working as expected at this moment, but the anti-spam solution in Sophos XG needs to be improved. It needs more granular features and more stability. The anti-spam solution currently doesn't have many features, and we would like to have more features. At this moment, there is no expression filter for anti-spam. We need something to be able to filter subjects or attachments in emails based on the keyword. Sometimes, there is an issue with anti-spam, and Sophos XG suddenly stops processing incoming or outgoing emails. The only solution for this issue is to restart the appliance.
Their support should be improved. It takes a long time to escalate a support case from level one to level two.
I have been using Sophos XG for six years.
It is stable, but sometimes, there is an issue with anti-spam, and Sophos XG suddenly stops processing incoming or outgoing emails. This is the only issue that I have with the anti-spam solution on Sophos XG.
It is scalable. Most of our clients are small enterprises. We also have some medium enterprises.
Their support should be improved. When we open a support case on their support portal, it first goes to their tier-one support. When an issue is complex, it takes a long time to escalate a support case to a level-two engineer, which is frustrating. Their response time is slow.
Its deployment and setup are very easy. It is not at all complex to set up. The deployment duration varies. It can take around three days for a deployment with anti-spam, application control, IPS, and VPN with filtering.
For its deployment and maintenance, usually, there are two of us, but sometimes, there is just one person.
Most of the customers here evaluate FortiGate against Sophos XG. Some of them also evaluate WatchGuard Firebox. In the past, FortiGate had the advantage of having an SD-WAN solution, but now Sophos also has an SD-WAN solution with a graphical user interface.
Sophos XG is very easy to follow and easy to configure, which is something very valuable for me and our customers. It is also very easy to use a site-to-site VPN with certificates, which is another pro. SD-RED devices are one more advantage that Sophos has over other vendors. These devices are very useful for those customers who don't have IT personnel in branch offices. With SD-RED devices, they can connect to the central site. The connection is automatically established with Sophos XG on the site. There is no need to have an IT person on the site.
I would recommend this solution because it is really easy to implement. Sophos XG is very focused on cybersecurity. Its ability to synchronize information with Sophos endpoint is a very good feature when you are concerned about security. Other vendors or firewalls are more focused on establishing the connection and policies.
I would rate Sophos XG an eight out of ten. It is very good, but it could be better.
We are primarily using Sophos XG for the identity base, policies, load balancing, and SD-WAN. Right now we have separate, different branches, therefore, we need to integrate it with SD-WAN. Of course, with SD-WAN, we need to do the load balancing, the VPN failovers, and also watch the connectivity. We are more particular on the link, and also the implementation of user policies.
The Multi-Link, or the Multi-Wan, SD-WAN, is extremely valuable to our organization.
The Anti-Spam and the Gateway Anti-Virus capabilities have been very useful.
The solution offers a very good Network Ring, QRS, and landing management.
We've found that the reporting is very good overall.
They really work scalability into the solution at the outset.
The SD-WAN could be improved. It is not yet full-blown; it's only basic, really. They need to move on with the algorithm on how the SD-WAN works, and how it works in comparison to other brands of SD-WAN. Sophos should study those algorithms on how they do the SD-WAN to learn a few things that may help them build out their own solution.
I've been using the solution and various other Sophos solutions for a while.
If you do the right planning, most of the time Sophos is good for five years. It depends on the recommendations as well. Sometimes the Sophos team or supplier will show you the number of users or number of networks and they'll illustrate to you a plan most suited to what you have and what you might have. They assess everything and give you a five-year plan. That way, if you need to expand, they've already taken that into consideration at the outset and there's room to scale.
We have about 100 users.
Due to the pandemic, we don't really have any plans to expand. We may be downsizing a bit. We'll see.
We've been satisfied with Sophos' technical support. They are very helpful and responsive. Their staff is quite knowledgeable.
I've worked with Sophos previously and we had a different setup. In terms of implementation, sometimes there are complex setups and sometimes the setup s are more basic. Right now, we have a complex setup. We need to ensure interconnectivity between our branches. We'll have different networks, different sites, and a lot of complexity.
It doesn't really take too long to deploy, however. The support from the supplier is good. They're always available to assist. They are well-trained and they are already familiar with the setups and configuration so they're doing a pretty good job in terms of helping us.
The supplier, the reseller, the partner of Sophos, is doing the change for the end-users. Most of the basic configuration has already been already done by us, however, for more complex areas, we could ask them, and they could come to us to configure it for us.
The pricing is based on the acquisition cost.
We have evaluated a few different solutions. We've looked at Palo Alto and FortiGate products. In terms of our end-point security, we've also looked at Trend Micro and a few others.
We are just a customer and an end-user.
We are using the latest version of the solution.
ON a scale from one to ten, I would rate this solution at an eight.
We are using this product as the firewall for our head office, so any connections going outside of the office go through it. We are also using VPN clients and especially during the lockdown, it was very helpful.
The feature that we find most valuable is the VPN, which ensures that people working remotely have a secure connection.
The email security and other security-related features are useful.
We feel that the GUI can be improved a bit because it has a lot of information and looks a bit outdated.
Nowadays, you hear a lot about next-generation firewalls, so some additional features can be added from an EI perspective. Products like FortiGate, for example, have a lot of features apart from the basic firewall.
We would like to see integration with existing IPAM and IDAM products.
In the future, I would like to see new kinds of automations, as well as the inclusion of artificial intelligence-related features. A lot of other firewalls already have these now.
I have been using Sophos XG for approximately three years.
We have not had many issues, perhaps two or three of them, when using Sophos XG.
Scalability-wise, they have different models. With the requirements that we have, this firewall did a good job. It's still doing a good job in terms of performance. For a larger enterprise with a higher number of users, they can recommend other models.
Currently, we have approximately 100 users.
We have received good support. For the small number of issues that we have had, we received help from IT. This included assistance with configuring some additional policies. Whenever we reached out to them, they were very prompt in terms of responding to us.
Prior to Sophos XG, we were using a firewall by Palo Alto. The major reason we began looking for a different one was that the support was not very good. The firewall was pretty decent but whenever we wanted some help, it was a bit difficult to reach out to them. To summarize, it was not very prompt.
The initial setup was simple. Within one to two hours, we were done. This was not just the installation, but the complete configuration.
We performed the deployment with the Sophos team guiding us over the phone. It was not complex. There was one person from Sophos who was coordinating it, and it was done by our internal IT manager.
For the most part, I can say that we plan to continue using this product. However, we would like to see if they have come up with new models and what additional features have they been incorporating. With cybersecurity, I know there have been a lot of threats of late, so we would like to see some new technologies or new features being incorporated.
This is a product that I can recommend. My advice for anybody who is implementing it is to first try to understand what the major use cases are. People need to know that there are quite a few options, such as Fortinet, and all of them have different advantages. Sophos fits perfectly for a smaller group of users, with perhaps between a hundred and two hundred people. For larger enterprises, I recommend that they implement Fortinet or Check Point.
I would rate this solution a nine out of ten.
