Sophos XG is a versatile network security solution that offers network protection, firewall management, VPN access, web filtering, and intrusion prevention, providing comprehensive security for businesses from small offices to large enterprises.
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| Fortinet FortiGate | 4.2 | 21.4% | 90% | 350 interviewsAdd to research |
| Netgate pfSense | 4.3 | 12.7% | 93% | 217 interviewsAdd to research |
Sophos XG stands out for its Synchronized Security, easy setup, and robust templates. It manages VPN access, protects against threats, and handles load balancing and traffic monitoring. The cloud-based management, centralized dashboard, and detailed logging make it user-friendly and reliable. Integration of features like email protection, SD-WAN, and unified threat management ensures a broad spectrum of security needs are covered. However, it could benefit from improvements in network security, user portals, technical support, and more scalable SD-WAN features.
What are the key features of Sophos XG?Sophos XG is implemented across industries such as healthcare, education, and finance to secure sensitive data and ensure regulatory compliance. It aids in endpoint protection, application control, load balancing, and traffic monitoring essential for these industries. Enhancing network security, simplifying VPN setup, and integrating adaptive security features remain focal points for businesses.
We use the solution as an internet firewall, and a VPN concentrator.
It streamlines the process of creating VPN access for users. Because of the AD integration, it makes it very easy to manage these users from different locations from a central source. It also helps us to get a good idea of what our risks are, or if there's any risky activity going on with the users.
The SSL VPNs are the most valuable feature for me. I have a lot of systems out of the head office that need to connect to the local networks, and they all connect via the Sophos VPN client.
The initial set up process can be a little tricky, especially when you are registering with Sophos and you have a poor internet connection. Setup is not necessarily complex, but it's not trouble-free. You do have connectivity issues at the initial setup with registering the device on the Sophos platform to access the advanced features. It doesn't always go through the first time around. That may be an issue with the quality of our connection. I'm not sure exactly what it is.
The single sign-on client I get maybe a 60% success rate on. There are times when it will use single sign-on for verification of users to access Internet resources. It still doesn't always catch the user. The user gets sent to the web login. Even though the single sign-on is helping, it doesn't always work.
I would like to see a better single sign-on performance. I'd like to see a more streamlined way of managing your licensing as well.
There are no issues with stability. It's a very stable system and you almost never have serious problems for any reason. It's only when you do an upgrade that you have to restart. Stability-wise, for the on-premise solution, I'd give it 4 stars.
Once you've bought the specific version, you are locked into the limitations of that plan. You can't exceed the number of VPNs, connections, etc. There's no way to increase that capacity, per se. You do have options where you can increase the port count and so on. However, in terms of scalability, you have to buy the capacity you require.
On the system I have now, it's not fully populated, but we have about 100 users. The plan is to eventually support about 1,400 users.
I don't use the solution's technical support. I typically just use the documentation. There are lots of guides and videos available. In most cases, I search the guide. There's a step-by-step guide to deploy so I don't have to contact technical support.
The initial setup isn't hard, but it can be tricky. Since I've been using several Sophos devices, I now find it's fairly simple. I get the deployment done in two hours, including integration. For others, it may take about a day to get everything done.
There's almost no maintenance. There's really only the requirements of adding users and populating VPN connections. One person does that on a part-time basis.
I handled the implementation myself.
We do see an ROI. It would be the cost of the support. If I had to hire a CCNP in Nigeria, I would be paying about $10,000 per annum for a CCNP minimum. For a less experienced person, I can get for about $6,000. I am probably saving about $4,000 a year in personnel costs from going with the XG rather than the ASA.
We are paying about $1,500 yearly for the Enterprise Plus. As far as I know, there aren't costs above this standard fee.
We evaluated Cisco ASA as well as the FortiGate before ultimately choosing Sophos.
I chose Sophos over FortiGate because I'd already had experience with Cyberoam and it was a fairly similar migration in terms of configuration from the UTM over. But in terms of features and capabilities, I think FortiGate is pretty similar to the Sophos. Cisco ASA I choose not to go with because it's much harder to configure. I also needed to be able to have someone other than myself manage it and not need to have someone with CCNP sitting down just to add VPN users etc. I felt that the Sophos solution was a better option because it gave me all the functionality of the ASA, but it's much easier to manage.
We use the on-premises deployment model.
We definitely plan to increase the usage and also add high variability too. Right now, it is the main internet gateway and firewall for my network.
We're using both Sophos XG and Sophos UTM.
I would warn those considering implementation that, once you've got it, you're stuck with it. You can't really increase the capacity very much beyond what you have. It's always good to have the expertise available to take care of the box because even though it's a lot easier than the Cisco ASA, you still need someone that has a little expertise in managing it.
You can get very good performance without spending all of your money and without having to send a lot of high-end techs in-house to monitor processes.
I would rate the solution nine out of ten.
