We changed our name from IT Central Station: Here's why

How does Meraki MX compare with Sophos XG?

Which is better and why?

ITCS user
33 Answers

author avatar
Top 5Real User

Meraki is designed for zero deployments and no in-house firewall specialist personnel. Best to secure Networks like remote offices, branches or home offices. Also to protect Internet Access (your computer accesses the internet). 

Sophos is more of a professional firewall, not only protecting internet access but also providing security for publishing services like web servers, data centers, central services. They will need a specialist to install and support them. Therefore offer much more sophisticated protection features.

So, you can't really compare these solutions as they are targeting different markets.

author avatar
Real User

Meraki MX is a small business product and lacks a lot of features compared to Sophos XG/XGS.

- IPsec IKEv2 does not work (it is in the menu, but does not work and can only be enabled by meraki support)

- no SSLVPN or IPsec VPN client. AnyConnect can only be tested with beta firmware.
 Cisco Client VPN (L2TP) is a total joke - not sure for who it is meant for?

- no user based firewall rules (for VPN)

- no firewall rule grouping

- no masquerade option for DNAT (sometimes it is very useful if I can do a DNAT with masquerade to another subnet)

- no VLAN tagging support on WAN port (would be usable for IPTV - solvable if WAN is bypassed through a managed switch)

- no multiple IP support on WAN port (Sophos has alias support on every interface, which means that multiple IP addresses can be added on the same LAN or WAN port)

- no LAG or LACP support (would be usable to connect aggregation switch to firewall to bypass more traffic through the MX)

- no DAC cable support for SFP port (why I do have to use optical cable to connect aswitch?)

- no custom IPS policies - only on/off button

- no e-mail protection option (Sophos has it with extra license)

- no web server protection (Sophos has it with extra license)

- no sandstorm option (most firewalls have it with extra license)

- hardware may probably too weak compared to the user count

- no BGP, OSPF routing

- no multiple VPN user groups and LDAP servers

author avatar

Cisco mx64, for example, has 2 WANs, is very practical and simple for the two services, has a balancing for two internet services and bandwidth control (by groups and users).

Find out what your peers are saying about Meraki MX vs. Sophos XG and other solutions. Updated: March 2020.
563,780 professionals have used our research since 2012.