Sophos XGS OverviewUNIXBusinessApplication

Sophos XGS is the #18 ranked solution in best firewalls. PeerSpot users give Sophos XGS an average rating of 7.8 out of 10. Sophos XGS is most commonly compared to Sophos XG: Sophos XGS vs Sophos XG. Sophos XGS is popular among the large enterprise segment, accounting for 45% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 18% of all views.
Sophos XGS Buyer's Guide

Download the Sophos XGS Buyer's Guide including reviews and more. Updated: January 2023

What is Sophos XGS?

Sophos XGS Series firewalls combine the best of two worlds: the flexibility of a high-performance, multi-core CPU for deep-packet inspection, plus the performance benefits of a dedicated Xstream Flow Processor for intelligent application acceleration.

Sophos XGS Video

Sophos XGS Pricing Advice

What users are saying about Sophos XGS pricing:
  • "I pay close to $10,000 per year, which I find to be expensive compared to the other similar solution or equivalent solutions."
  • "The licensing is reasonable. Comparing the cost of Sophos XGS with that of Fortinet or Palto Alto firewalls, for instance, it's not that expensive. However, the overall cost depends on the hardware you're using in addition to the licensing cost."
  • "The cost of Sophos XGS is based on per unit, per appliance, and capacity."
  • Sophos XGS Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Senior Solution Architect with 51-200 employees
    Real User
    Good centralized security and reporting management with an easy setup
    Pros and Cons
    • "The centralized security is very good."
    • "The stability could be a bit better."

    What is our primary use case?

    In some instances, we are using it in a virtual appliance in a VMware environment.

    I will not rely on Sophos to build my infrastructure. For that, I will go to Fortinet or Palo Alto. However, from an end-user management perspective and the granular control and the reporting stuff, I still prefer Sophos. 

    We are using Sophos as our internet gateway for specific sites that don't have to do with the backend tunneling and the infrastructure and all that stuff.

    How has it helped my organization?

    I have found some difficulties in other products, like in Fortinet, where there is no end-user visibility in a presentable form that non-technical people can interpret. I'm talking more specifically about non-technical management. You have to present something. Apart from that, the end-user integration is fine if you are using it for NCL and or as an internet gateway. Sophos allows for more visibility.

    However, as far as infrastructure is concerned, if I have to apply this as a device in my data center or at any critical point, this device fails to perform. The hardware is not up to par. Even if I answered from proxy to transparent, transparent proxy to the full proxy mode, there are some hardware difficulties.

    What is most valuable?

    The centralized security is very good. 

    The heartbeat system, the reporting management, and the electoral control that is achieved when the Sophos XGS is integrated with the Sophos endpoint is great.

    It's close to the top of the line, alongside Trend Micro in terms of security reporting.

    It is easy to set up.

    What needs improvement?

    I have observed that there are some reliability issues with these products in regard to the hardware performance and RMS.

    I've witnessed many devices go down - even three on the same day. I've never seen that, for example, with Fortinet.

    The stability could be a bit better.

    I would like to have a proper SD-WAN orchestration solution. They are working on it. However, it still needs some improvement. Apart from that, it would be better if they provide the email gateway and the WAF not as a feature in the existing XG but as a dedicated appliance. Barracuda and Fortinet, for example, are providing dedicated services for the WAF and email gateway. Compared to that, Sophos is not up to the same level.

    Buyer's Guide
    Sophos XGS
    January 2023
    Learn what your peers think about Sophos XGS. Get advice and tips from experienced pros sharing their opinions. Updated: January 2023.
    670,400 professionals have used our research since 2012.

    For how long have I used the solution?

    I've used the solution for around five years.

    What do I think about the stability of the solution?

    While their endpoint is a stable solution, their firewall needs to be improved in regard to integration with other products. I have specifically witnessed a case where we tried to integrate Sophos XG with the DLP product by Force Point. That wasn't supported right away. FortiGate was supporting that particular model.

    What do I think about the scalability of the solution?

    I would like to have scalable products, however, normally what I have witnessed is that every new product that they push out or any additional feature that they push out in a new VMware version or specifically for the firewall may have some stability issues. So scalability at the cost of stability is not an option for me.

    We have about 250 to 300 users. We have multiple branches that use this product. Usually, it's the development team, and hardware and software users. 

    We may expand usage. It will depend on the additional sites we may operationalize soon.

    How are customer service and support?

    I've had some direct escalation experiences with the country manager and their technical lead. I tend to get a good response.

    While in general technical support can be better sometimes, as far as their resolutions are concerned, the team is providing us with technical assistance, and their approach to resolutions can be a bit tricky. Normally they try to avoid dealing with the solution so you have to dig it out and you have to work on it yourself, or you have to push them that there must be a solution.

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    I have some expertise in Sophos and Fortinet; I'm not so sure about Cisco. We are also using Palo Alto.

    We had some granular control in Sophos that was a bit advantageous to us. That's why switched. Also, the reporting, AD integration and the Sophos endpoint integration were key drivers in making the change.

    How was the initial setup?

    The solution is simple to set up. It's not overly complex. It only takes a couple of minutes. 

    YOu only need one person to handle maintenance. 

    What about the implementation team?

    I handled the initial setup myself. 

    What's my experience with pricing, setup cost, and licensing?

    We pay for the solution on a yearly basis, and it is fine. The renewal costs are typically reasonable. If you compare the general cost to Fortinet or Palo Alto, it's lower and more affordable. YOu can also pay for extra support.

    What other advice do I have?

    We are a Sophos end-user.

    For small enterprises or even for some enterprises that do not require large infrastructure, I would recommend Sophos right away. In Pakistan, we have to present something to the management and most of the time the management of the company is non-technical. So the presentability factor and the users' granular control and integration factor, make it attractive. This product can be used as an internet gateway. I have already recommended it to multiple users not for the infrastructure but for the internet gateway or as a proxy service.

    I'd rate the solution a seven out of ten. Some features still need improvement or to be built out, like  proper orchestrations or dedicated services.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer:
    Flag as inappropriate
    PeerSpot user
    Head Of Information Technology at Zambia National Building Society
    Real User
    Top 5
    Reliable and great for firewall purposes but a bit complex
    Pros and Cons
    • "The solution is scalable."
    • "Sophos configurations are a bit complex."

    What is our primary use case?

    We primarily use the solution as a firewall.

    What is most valuable?

    Sophos XGS is okay. It’s excellent for firewall purposes.

    For me, the platform is stable. It's very stable. It works when it's configured. Also, when you're checking, the logs, the graph, and the graphs are easy to read.

    I can also use it for other purposes. For example, it's got a DSCP from there. It can be a distribution. I can have other functions work there, so I can do a lot more than just the firewall components.

    It gets easier and easier to set up.

    What needs improvement?

    It works. However, Sophos configurations are a bit complex. It's not very user-friendly. I don't find it user-friendly when it comes to setting up the firewalls.

    The user interface for the technical admin can be better. It should be set forward to configure a firewall. if a firewall has complexities. I don't know why they did that. However, you should be able to quickly set up a rule to minimize the mistakes that a security administrator or a firewall administrator can make and configure. If not, that becomes an issue. One mistake on a firewall could result in a bridge.

    It should be more straightforward. If you compare it with GFI Carrier Control Firewall, which is very straightforward, you can see why it’s helpful when it's easier.

    For how long have I used the solution?

    I’ve used the solution for about three years now.

    What do I think about the stability of the solution?

    The solution is stable. There are no bugs or glitches. It doesn’t crash or freeze. It’s reliable and the performance is good.

    What do I think about the scalability of the solution?

    The solution is scalable. However, it depends on the model of the physical appliance. There are virtual and physical appliances, so it depends on which one you use. Obviously, there could be a limitation on the number of interfaces you need to use since you may want to have additional services plugged in. Then, the number of ports available may only be two, and yet you actually need to have 10. Maybe you need to buy a module that plugs in; however, there could be a challenge there.

    In our organization, we have three to four security administrators.

    How are customer service and support?

    I've never spoken to technical support directly the way I've been talking to the Fortinet team. I was working with a local partner to get it set up.

    How was the initial setup?

    In our case, since we were doing it for the first time, we took about a week to complete everything. We were doing a lot of other things and learning as we went. If I had to redo it now, it wouldn't take me a week as I know exactly what I need to do after learning over a period of time. Also, I have backups that allow me to back up and restore, so I just restore the configuration. It’s much more manageable. The first time there’s a learning curve.

    What about the implementation team?

    We work with a partner and distributor. We are working with the sales party since it was the first time we used them. They offer us professional services.

    What's my experience with pricing, setup cost, and licensing?

    I found the solution to be expensive. I pay close to $10,000 per year, which I find to be expensive compared to the other similar solution or equivalent solutions.

    It's just that one cost, and it's an annual license. As long as my appliance is working okay, I don't need to replace it. However, it's just that. Of course, within that, there are also support services. You might have technical support costs depending on which one of the tiers you pick.

    What other advice do I have?

    I'm a customer of Sophos.

    We’re using the most up-to-date version of the solution. It’s around version 18.

    A new user needs to get trained on the appliance to understand how to implement rules and fully appreciate how to work with it. It's not that straightforward. You need to understand what the different areas are. It's complex in the way the rules are set up. My colleagues in the industry have similar comments about Sophos. It’s more complicated than it looks.

    I’d rate the solution a seven out of ten, mainly due to the complexity. If I make a mistake, then that firewall is of no use. It needs to be easier to set up so that it provides me or guarantees me that what I want to set up is what I've set up to secure my environment.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Sophos XGS
    January 2023
    Learn what your peers think about Sophos XGS. Get advice and tips from experienced pros sharing their opinions. Updated: January 2023.
    670,400 professionals have used our research since 2012.
    Md Masud Parvez - PeerSpot reviewer
    Assistant Director Information Technology at Daffodil International University
    Real User
    Well priced with good features but needs technical support
    Pros and Cons
    • "The solution is stable and reliable."
    • "In Sophos, the user portal is not user-friendly."

    What is our primary use case?

    Basically, we are using these products for our waste filtering, then application filtering and bandwidth management purpose.

    How has it helped my organization?

    The major benefit is that I can shape my bandwidth, basically. In Bangladesh, we do not have a lot of bandwidth management or bandwidth capacity. We have a limited capacity and we share the many people in this capacity. I can shape my bandwidth using this Sophos file, so everyone gets a minimum level of bandwidth. If the user is higher-end, then getting the lower end and the user has the minimum level or less than 1000 or 500, and they're getting better than that.

    What is most valuable?

    Sophos has a feature for user credentials, which means if users are not logging into the capital portal of Sophos, they're not using any internet. We can advertise some products and features using these portals for our university. Basically, I am working at a university, so the university's different features and the different departments are using this portal. If students see this advertisement and then after they log in to the credential in the capital portal and use the internet.

    What needs improvement?

    Sophos is good for a mid-level company, not a large-level one. If the user level is very large, Sophos is not capable of handling such a high level of users. It, therefore, needs to improve the devices so that they work in larger organizations and with a large number of users.

    When we use the hardware level of the device, the RAM or other storage capacity is fixed. We could not change the memory or other capacity of this device. If we need some improvement in capacity, we get different types of problems. If RAM usage is too high or capacity moves higher, the Sophos device does not work properly.

    Sophos has a number of additional features, however, the user graphical interface, the graphical interface when we are using CyberRoam, the user portal, or user interfaces, are so much smarter than Sophos. In Sophos, the user portal is not user-friendly. This needs to change, the UI.

    For how long have I used the solution?

    I've worked with the solution for the last four years. 

    What do I think about the stability of the solution?

    The solution is stable and reliable. There are no bugs or glitches, and it doesn't crash or freeze. I'd rate the performance at 75%. Some improvements could be made. 

    What do I think about the scalability of the solution?

    We have 4,000 or 5,000 people that are connected in Sophos.

    It is not easily scalable as it has fixed capabilities and that means C2 RAM is fixed. That makes it not easily scalable.

    We use the product on a daily basis. 

    How are customer service and support?

    Sophos' technical support is not good. I have not been getting better support from their technical people. The response time needs to be better.

    Which solution did I use previously and why did I switch?

    I am also using the Cisco Firepower model 4110.

    The main difference is basically Sophos is not like a Firepower. Sophos we can call by the UTM device management. For security purposes, we are using a Cisco firewall for different types of attacks. For bandwidth management with filtering and other activities, just normal activities, we are using Sophos.

    How was the initial setup?

    The initial deployment is not complex, however, it's mid-level. You do need some experience. It depends on the device model. If we purchase the higher model, then the price or other investment is also more.

    The deployment takes a maximum of one month. We do maintenance on the devices maybe once a year. 

    What about the implementation team?

    For the deployment process, the partner helped us deploy the devices and three people were working on the deployment.

    What's my experience with pricing, setup cost, and licensing?

    The initial price is high and we purchased a three-year licensing model. Every three years, after every three years, we need to renew Sophos. Everything is included under the license. 

    The pricing is quite low, and we are quite happy with it.

    What other advice do I have?

    We're a customer and end-user.

    We are using the hardware version of the product. It's the latest version. 

    I'd rate the solution a seven out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    LauriLaanenurm - PeerSpot reviewer
    Network and Security Engineer at Datafox OÜ
    Real User
    Top 10
    Easy to set up, easy to manage, and easy to scale firewall solution
    Pros and Cons
    • "Easy to set up firewall product, that's also easy to manage and scale."
    • "What could be improved in Sophos XGS is its connectivity with Azure AD. It's best if it could work directly without using any servers locally, or in the data center, and this functionality should be made available in this product."

    What is our primary use case?

    We normally use physical appliances for office and virtual appliances for datacenter.

    How has it helped my organization?

    XGS is similar to XG series but adds new Xstream Flow processors that are used to accelerate various functionalities that are normally done in x86 CPU.

    Sophos will soon release SFOS v19 software which will utilize Xstream for even more functionalities like IPsec, SSLVPN, SDWAN and etc.

    What is most valuable?

    What I found most valuable in Sophos XGS is that it's very easy to manage.

    What needs improvement?

    Authentication with Azure AD needs improvement. It would be better if it could work directly without using local AD server. For comparison Fortinet FortiGate allows to use SAML authentication with Azure AD and does not require any local server. It is currently unknown to me, if or when it will be implemented on Sophos.

    Local DHCP service also needs improvement. Windows DHCP service offers more functionality and is more flexible and easier to use. SFOS v18.5.3 added DHCP option functionality in the GUI - which previously worked only from CLI. 

    For how long have I used the solution?

    I've been working with Sophos XGS since they came out. I cannot remember exactly the year and date, but it hasn't been so long, e.g. just one year.

    What do I think about the stability of the solution?

    It is very stable - have not had any issues.

    What do I think about the scalability of the solution?

    The scalability of Sophos XGS is good. Normally we suggest the clients to use firewall as a service, since it gives more flexibility both for client and us, since usually we manage the client's firewall. There is a virtual version of the firewall which scales even more, since it can be upgraded to a license that offers more RAM and CPU cores. For us, it scales very well, e.g. I'm giving it the maximum score: ten out of ten.

    If a client is looking for a new firewall, then we normally need to consider as much information as possible (user count, weight per user, LAN throughput, WAN throughput, functionalities and etc). If a client wants to pick a solution for larger environment, then we also ask recommendation from Sophos to get the most optimal solution.

    How are customer service and support?


    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?


    How was the initial setup?

    The initial setup for Sophos XGS is very easy. From cloud it can be deployed even faster, since it allows to create configuration templates.

    What's my experience with pricing, setup cost, and licensing?

    The ratio of price and functionality is good.

    Licensing cost depends on particular model and required functionality:
    - It is possible to use the firewall without any license, but then it will work only as port based firewall.
    - Normally we suggest to use at least Standard License.
    - Licensing cost for single appliance or active/passive HA cluster is the same - only 1 license.
    - Active/Active cluster requires 2 licenses and performance gain is very small. It is better to use more powerful appliance. 

    Which other solutions did I evaluate?

    We are Sophos Gold partner and mainly like to use Sophos XGS firewalls.
    If it a requirement by client, then we can also offer non-Sophos firewall solutions.

    What other advice do I have?

    There are multiple models of Sophos XGS that we use, e.g. we use both desktop  and 1U sized models.

    Sophos XGS can be fully cloud managed, and it's possible to deploy it directly from the cloud, that you installed the hardware, and maybe I have to use an ESB key, though I'm not sure. We haven't tried deploying it that way yet.

    The only difference between Sophos XGS and Sophos XG is the software version that is supported on the hardware. The difference will be when the version 19 software comes up, as it will not work on Sophos XG.

    I recommend Sophos XGS to others who are thinking of implementing it. I recommend for them to use it. Sophos firewall can be also used without additional firewall, but we strongly suggest using Standard license, which offers application filtering and IDS/IPS.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Datafox OÜ is Sophos certified Gold partner.
    PeerSpot user
    Poorwang Desai - PeerSpot reviewer
    Technical Presale Engineer at Bridge
    Real User
    Top 20
    Straightforward to set up and covers most company needs but needs better support
    Pros and Cons
    • "The initial setup is straightforward."
    • "They should customers who are facing issues with their product reviews; they found bots in it. If they can do their proper research and use the user analysis and testing, that would greatly help the clients."

    What is our primary use case?

    We primarily use the solution as a firewall. 

    We have multiple clients. The use case is based on their requirements, for example, as a site-to-site VPN or maybe as an FSL VPN for end users to promote the network access of company systems. Apart from that, it is used for web filtering and URL blocking. Apart from that, it's on a regular day-to-day basis used as a firewall.

    What is most valuable?

    It covers most areas that are needed.

    The initial setup is straightforward.

    The solution is scalable. 

    It's stable. 

    What needs improvement?

    We've had issues with support. If they improved on the support part, that would be great.

    They should customers who are facing issues with their product reviews; they found bots in it. If they can do their proper research and use the user analysis and testing, that would greatly help the clients.

    The software release has been giving us problems.

    Other firewalls provide better reporting. We need admin and activity logs to be populated for the firewall. 

    For how long have I used the solution?

    For the Sophos XGS, I've been working with it for the last four years. Overall, for firewalls in general, I've been working with solutions for more than ten years.

    What do I think about the stability of the solution?

    The solution is stable. We haven't really had any issues until a bug hits the firewall. 

    What do I think about the scalability of the solution?

    We are the service provider to the client, so we have a total of 28 people, excluding the team lead and the presale technical support or maybe a presale technical person. They are working directly on Sophos XGS. e tend to deal with enterprise-level customers. We don't have small-scale organizations under our portfolio. This solution is best suited for mid-range companies and larger. 

    The solution is pretty scalable. I'd rate it a three out of five in terms of ease of scalability.

    How are customer service and support?

    Support has been very poor.

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    We have three major products, which we offer to clients. They are Palo Alto, Cisco ACI, and Sophos XGS.

    There are many major differences between Sophos and Palo Alto. This product is not comparable to Palo Alto right now. Maybe the basic models of the Palo Alto can be compared with the Sophos XGS firewall, however, not the higher-end ones. Palo Alto is much more advanced. 

    How was the initial setup?

    The solution is straightforward to set up. It is not overly complex.

    How long it takes to deploy depends on how the implementation is requested. It won't take more than one hour if it is a basic implementation like setting up the firewall with ISP connections and all those things. However, if it is a complete setup with implementations, other tests, and all those things, it takes around six to seven hours.

    After the installation, we do the software updates periodically along with the model which the client has purchased Apart from that, we also do the maintenance of the various policies and other configurations. We do make changes to the firewalls based on changing industry standards, et cetera.

    I'd rate the ease of implementation a four out of five. 

    What about the implementation team?

    If the customer requests assistance with the initial setup, however, we will provide an engineer to them. They'll come to the implementation site and assist.

    What's my experience with pricing, setup cost, and licensing?

    I don't take care of the licensing part. There is a separate team.

    What other advice do I have?

    We are a Sophos Gold partner. 

    We have multiple firewalls on multiple OS versions. Basically, we do have two major pieces of software installed in the firewall, which are 1854 MR4 and the latest release, 1801.

    There are multiple criteria when making a decision about whether to go with Sophos or maybe another firewall. It depends on the client's requirements as well as their budget. 

    I'd rate the solution five out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    Bhanu Brahmaji - PeerSpot reviewer
    Senior Network Engineer at Prospecta Technologies
    Real User
    Sophos XG firewall is the Best protection and security Management, authentication, hashing, and encryption; unfortunately updating policies can create a lag meshing with administrators' environment,
    Pros and Cons
    • "There are good KCL rules and policies as well as NATing rules."
    • "There can be lag time when updating an operating policy."

    What is our primary use case?

    We use Sophos XGS for web security and web policies, it's our primary solution. authentication VPN site to site, SSL VPNs installations. Sophos Firewall designed its extreme protection IT Rules and policies security level Authentication is good sometimes it's tricky and very helpful. Sophos Firewall delivers advanced threat protection to instantly identify bots and other advanced threats while defending your network from today's sophisticated attacks. current live user activities diagnostics to generate logs and objectionable site restrictions, daily reports are a great solution for the work environment.

    How has it helped my organization?

    With the increase in cybersecurity threats, this solution has helped us at an organizational level. We have always been hit by someone at the end of our desk or hidden somewhere ex:- spoofing attacks, a man in the middle attacks, and ransomware new era of cybersecurity pain full concept, Mail spoof attacks, all these have to improve DMZ and secure the firewall policies and server-client Antivirus solutions. Daily monitoring manually or trusted third-party vendors monitoring tools. finally, we are worried about how strong we are at the cybersecurity level.

    What is most valuable?

    This is a great solution for security, authentication, hashing, and encryption level. Sophos is good at ACL rules, Port forwarding, SDWAN route policies, IT Rules and policies as well as Natting rules. It's a reliable product to secure web securities. whenever we want we switch to the ports securely Heartbeat monitoring live user activities is great to execute on a production level. Bandwidth control sometimes referred to as traffic shaping is one of the best firewall features. Link aggregation and SD-WAN (Software-defined Wide Area Network) are great features for businesses that need multiple links to the internet. thank you

    What needs improvement?

    There are occasional issues when we update an operating firmware there's some lag time. Updating requires us to reboot the firewall, in this scenario 24/7 organization will be the most effective. In addition, I'd like to see more focus on customer support calls we were waiting for hours to connect with them. In some cases, Sophos's team is extraordinarily helpful to solve any issues in the firewall. Sophos needs to focus on customer support through a chatbot or call management quickly so we can find some help on the client side. Thank you

    For how long have I used the solution?

    I've been using this solution for five years. 

    What do I think about the stability of the solution?

    The solution is stable despite having to restart when we update. 

    What do I think about the scalability of the solution?

    The solution is very scalable and we're able to handle all the pressure in our organization. We have over 100 VPNs and it all works well, Authentications, port forwarding, and all kind of security levels are much appreciated. 

    How are customer service and support?

    Customer support needs to be improved. They're very helpful once you get them on the line but sometimes take up to an hour before we can speak to someone who can fix a problem. when a problem occurs at the production level we freeze and everything goes blank so a faster customer support call is much more appreciated.

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    The initial setup is complex. Sophos has some features like rules and policies, NATing, and PATing so deployment might take more time than if we were using an alternate solution. Deployment can take up to two weeks because every policy and VPN requires checking and that takes time. I've been working for the past 10+ years experience in network engineering and firewall configuration so we deployed in-house but we contacted Sophos for assistance when we needed it.

    What's my experience with pricing, setup cost, and licensing?

    The Sophos or any kind of firewall is worthy to buy when we have dedicated servers and switches to implementation.

    What other advice do I have?

    There are some very good features in this firewall and also some areas that need improving. I rate this product seven out of 10. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    MarounAbboud - PeerSpot reviewer
    Data Department Manager at BTC Networks
    Real User
    Top 10
    Gives us peace of mind with network security, application control, and web server protection
    Pros and Cons
    • "All the features are valuable, in my opinion, but for us the most important features are the network security, application control, and web server protection. Sophos Sandstorm is another good feature off the top of my head."
    • "Having previously worked with the Astaro Security Gateway platform (now called Sophos UTM), I can attest that the configuration and dashboard for this older platform was easier to manage than that of both Sophos XG and XGS. If it were up to me, I would prefer to go back to the older SG dashboard."

    What is our primary use case?

    Our main use case for Sophos XGS is to protect our network and internet connection, which consists of Aruba, HP, Avaya, and Sophos switches. It's a very new product for us at this time, having previously used a variety of other security solutions including Sophos SG (now UTM), Sophos XG, as well as those from vendors such as Fortinet, Hillstone, and WatchGuard. At the moment, I am only working with Sophos SG, XG, and XGS, with the new Sophos switches.

    Sophos XGS is deployed on-premises as we tend not to work in the cloud for our kind of environment. We have many different departments where it is currently in use, including accounting, IT and development, administration, and so on, and there are probably around 200 users throughout these departments.

    What is most valuable?

    All the features are valuable, in my opinion, but for us the most important features are the network security, application control, and web server protection. Sophos Sandstorm is another good feature off the top of my head.

    What needs improvement?

    Having previously worked with the Astaro Security Gateway platform (now called Sophos UTM), I can attest that the configuration and dashboard for this older platform was easier to manage than that of both Sophos XG and XGS. If it were up to me, I would prefer to go back to the older SG dashboard. I am hoping that in future, the dashboard for Sophos XGS will be simpler and easier.

    For how long have I used the solution?

    I have been using Sophos XGS for about three or four months. 

    What do I think about the stability of the solution?

    So far, the stability of Sophos XGS is better than Sophos XG. With XG, we have faced so many problems with not only the interface, but also with the system itself including the hardware and software. Thus, in comparison with XG, XGS appears more stable at this point.

    Currently, our maintenance of Sophos XGS only needs to managed by one person, because alongside the Sophos switches, all the management can be done through the central management system.

    What do I think about the scalability of the solution?

    I would say it's scalable, as we already have around 200 people using it across not just one single department, but several, including accounting, IT and development, and administration.

    When it comes to expanding our usage further, in general, I am not sure. We are currently watching the situation in Lebanon, and whether we have plans to extend it depends on what's happening in the country.

    How are customer service and support?

    The technical support is helpful.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    Although I am using Sophos XGS in a personal capacity at our company, we are also partners and resellers of not only Sophos XGS, but also many other products from different vendors. For example, I have worked with Hillstone, Fortinet, WatchGuard, and Genesis products, and whichever product we end up using depends on the client's requirements.

    How was the initial setup?

    It was very easy to set up and it only took a couple of minutes. However, even so, it is still not as easy compared to Sophos SG version 9 (UTM).

    What about the implementation team?

    We did the whole deployment of Sophos XGS in-house. And further, for maintenance and management, we only require one person, since everything can be managed centrally when you have the Sophos switches.

    What's my experience with pricing, setup cost, and licensing?

    The licensing is reasonable. Comparing the cost of Sophos XGS with that of Fortinet or Palto Alto firewalls, for instance, it's not that expensive. However, the overall cost depends on the hardware you're using in addition to the licensing cost.

    What other advice do I have?

    Because it's such a new product for us, I would need some more time to determine whether there are any issues with bugs or hardware failure, so for now I would rate Sophos XGS an eight out of ten because it otherwise ticks all the boxes for us in terms of features.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
    Flag as inappropriate
    PeerSpot user
    PeerSpot user
    Technical & Pre-Sales Manager at GateLock
    Real User
    Top 5Leaderboard
    Provides a good dashboard and reporting for small to medium sized companies
    Pros and Cons
    • "The most valuable feature of Sophos XGS is the application control."
    • "Sophos XGS would benefit from further development in the SD-WAN area."

    What is our primary use case?

    I am a cyber professional. I support customers with this solution. Sophos XGS is primarily a firewall. The product allows my customers to manage their internet access for their employees while protecting their environment from things like malware.

    The solution requires one administrator as it does not require much maintenance. It depends on the usage and the environment. For example, in some account configurations, the environment has only four or five rules, other times there are over 100 rules. More rules will require more maintenance. 

    What is most valuable?

    The most valuable feature of Sophos XGS is the application control. I also enjoy the dashboard and reporting that it provides to my customers. 

    Sophos helps my customers manage applications from accessing the internet, not only websites. We can ensure there is limited access to applications like Facebook. For example, Facebook is not accessible, but Facebook Messenger for chatting is. This prevents posting and sharing. We make restrictions without prevention.

    What needs improvement?

    Sophos XGS would benefit from further development in the SD-WAN area. It would be great if they could give technical people access to all the WAN links that we are connecting to, including inside the SD-WAN. 

    They should make available or round robin inside the SD-WAN. This would allow us to move to another link if one goes down.

    For how long have I used the solution?

    I have been using Sophos XGS for six years.

    What do I think about the stability of the solution?

    There have been issues with the stability of this product. Sometimes it requires restarting. We have looked into the client environment and this is not causing the instability. The problem is common.

    What do I think about the scalability of the solution?

    Sophos XGS is not scalable. It is a hardware appliance and we should migrate the settings if we need to. In order for it to scale, you require additional hardware.

    How are customer service and support?

    Sophos' technical support is responsive. There are times we need to push them to accelerate the process because there is a delay in replying. Sometimes, the first stage of first-line support does not have enough knowledge.

    Overall, I would rate their technical support a three out of five.

    How would you rate customer service and support?

    Neutral

    How was the initial setup?

    The initial setup of Sophos XGS is straightforward. I would rate it five out of five for ease of setup.

    What's my experience with pricing, setup cost, and licensing?

    The cost of Sophos XGS is based on per unit, per appliance, and capacity. The capacity depends on the environment. Based on the size, we choose the model. The model selected dictates the pricing.

    When comparing the pricing of Sophos to the competition, I give them a five out of five. It is competitively priced.

    Which other solutions did I evaluate?

    I have worked with Fortinet and WatchGuard. Other solutions have better performance and security value than Sophos XGS. 

    Sophos has most of the features. If they don't have the features one year, they are added the next. At one point they did not have SGON, but now they do. It is not performing like Fortinet or Watch Guard, they need to do some enhancements. 

    Sophos has the upper hand on reporting on the firewall itself. For small to medium-sized businesses Sophos is better than the competition.

    What other advice do I have?

    If the organization is small or medium-sized I would recommend this solution. I would give it a nine out of 10 in this case. If the company is enterprise level, I would rate the solution a five out of 10.

    Overall, I rate the Sophos XGS a seven out of 10.

    Disclosure: My company has a business relationship with this vendor other than being a customer: System Integrator
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free Sophos XGS Report and get advice and tips from experienced pros sharing their opinions.
    Updated: January 2023
    Product Categories
    Firewalls
    Buyer's Guide
    Download our free Sophos XGS Report and get advice and tips from experienced pros sharing their opinions.