What is the biggest difference between Sophos XG and FortiGate?

I have experience working with small to large enterprise network design and architecture, server administration, and cybersecurity research and analysis.

I am currently evaluating Sophos XG and FortiGate. What are the biggest differences between the two? Which would you recommend? 

Thanks! I appreciate the help.

it_user1260153 - PeerSpot reviewer
Network & Endpoint Security Consultant at a tech company with 1-10 employees
  • 11
  • 7420
PeerSpot user
13 Answers
Technical Operations Manager at Turrito Networks
Real User
Jan 9, 2020

From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know the firewalls change every 5 to 7 years as stated but you really do need to upgrade any firewall due to hardware at least every 5 years. You haven't specified your environment so it's not easy to scale which firewall will be best.

Here are my reasons for choosing FortiGate:

1. Sophos firewall has limited capability when it comes to security. FortiGate has much more security and web filtering options to really bring control to a granular level.
2. FortiGate is easier to manage and in my experience much more stable and reliable.
3. Sophos is trying to go to cloud the same as Cisco Meraki does but with a lot of bugs and issues on their cloud platform. We have endless issues at one of our clients regarding this.
4. FortiGate has limited reporting but you can keep 7 days worth of reporting for free on FortiCloud.

Again most of the comments are for smaller networks. You will have to scope each individual company or site to make a decision. Sophos is a small to medium company for me (we would rather use Cisco than Sophos). FortiGate is for large to enterprise size companies who need more granular security and IPSec tunnels. We manage over 40 clients on one FortiGate for internet breakout and have had no issues what so ever. We would not be able to do it with a Sophos device.

And on the point of WiFi access points, it doesn't matter what firewall you use, FortiGate will only manage Fortinet and Sophos will only manage Sophos (Via Web portal or on device)

On SD-WAN I would really prefer FortiGate's as well. Tried and tested and breaks with Sophos.

Product comparison that may be of interest to you
Network Security Engineer at ZOL Zimbabwe
Real User
Jan 20, 2020

Both Sophos and FortiGate are doing a very good job to improve security offerings coming in the firewall.

I had the opportunity to work with both firewalls and FortiGate has become the firewall of choice because of the below-listed points:

1. FortiGate has purpose-built content and network asci processors which makes routing and traffic inspection seamless which is now very critical with advance persistent threats that have emerged in the past few years.
2. If the FortiGate is connected to FortiCloud which is a free cloud base portal you will have sandboxing enables on the FortiGate at no additional cost which is plus on the FortiGate security offering to the network.
3. The FortiGate can be integrated with all Fortinet products eg the FortiSwitches, FortiAP and FortiClient endpoint which will give you great visibility into the network traffic and all connected devices on the network, all devices integrated with the FortiGate can be centrally managed and monitored from the FortiGate without the need to login to each individual network devices.
4. We also find the VDOM function on the FortiGate very useful for us as we have separate networks in the building that require two different routers but now with VDOMs you can virtually separate the firewall into 10 with no need for an additional license or hardware.
5. We also find policy deployment and management to be very simple to work with which makes troubleshooting very easy as well on the FortiGate.

I would highly recommend the FortiGate based on the above few points. The merger disadvantage we had on the Sophos was getting more information on network traffic visibility in real-time and integration with other network devices like switches and directly control than from the firewall.

Consultant indépendant with 201-500 employees
Jan 9, 2020

My current UTM is FortiGate 1200D and I have finished a POC for Sophos XG450 trying to deduct the cost of the license renewal of the UTM

There is big difference between FortiGate and Sophos. There are some features of FortiGate that Sophos doesn’t provide, and the visibility of network, internet lines, and devices is very poor with Sophos but it’s excellent with FortiGate. Also, the "Traffic Shaping" for bandwidth doesn’t work correctly at all with Sophos but works perfectly with FortiGate.

I strongly don't recommend at all to replace FortiGate with Sophos. Maybe Sophos would be good for a kind of customers who hasn't used UTM appliance before.

it_user1096875 - PeerSpot reviewer
Senior Technical Support Executive at a tech consulting company with 11-50 employees
Jan 9, 2020

I do not know more about Sophos but I would like to highlight some FortiGate features:

- Number of IP-sec and SSL VPN user clients. (Minimum 100 with lowest Model FG30E)
- Fortisandbox and Forticloud Free with some good features for managing firewalls from FortiCloud.
- FortiTocken (Dual Authentication) - Two Token Free with every FortiGate device.
- FortiAP (Guest Network without Any L2 and L3 Switch over Wi-Fi and you can also manage FortiAP using FortiCloud too.)
- Secure SD-wan, not only useful for multiple WAN but also useful for MPLS and VPN connectivity fail-over between multiple locations.
- More application list and inbuilt SLA for SD-Wan.
- Web-filter is common in All UTM but google domain-specific feature in FortiGate is awesome.
- Internet-Service-Database list is also very helpful and an advanced feature.
- The Fortiswitch controller is also a good feature.

Global sales head at MEPCSA
Real User
Jan 9, 2020

For comparison purpose i.e. Sophos XG 310 & Fortinet FortiGate FG-200E, to my understanding, Fortinet appliance has an upper hand if you are looking for IPSec or VPN Tunnelling and FortiGate has the capability for High Availability configuration options i.e. Active/Active, Active/Passive and clustering.

Also Note Sophos XG 310 has a higher firewall throughput as 28Gbps. Fortinet FG 200E has multi Ethernet fixed port, but only 2 WAN interface while Sophos XG 310 can add up to 8 WAN ports.

Sabyasachi Sen - PeerSpot reviewer
IT General Manager at Manav Rachna International School
Real User
Jan 9, 2020

I have extensively used Sophos (previously Cyberoam) and FortiGate also. The biggest differences are as below:

1. For FortiGate, it is required to use a Fortinet wifi access point only.
2. In case of expiry of the license in FortiGate, the entire service goes kaput except basic firewall services. The other UTM only updates and support ceases to work.
3. Every 5 - 7 years FortiGate changes its model and the old device becomes trash.
4. Any changes in the policies will need to wait for total version changes and you need to wait till then

Because of the above reasons, presently we are trying our hands with WiJungle UTM. However, the bottleneck is Fortinet WiFi access points which are denied to work in tandem with any UTM other than FortiGate.

We have around 700 Fortinet WiFi access points and it is ridiculous that going away from FortiGate costs a fortune.

Find out what your peers are saying about Fortinet FortiGate vs. Sophos XG and other solutions. Updated: May 2023.
708,461 professionals have used our research since 2012.
it_user1108107 - PeerSpot reviewer
Senior Executive Server Admin with 201-500 employees
Jan 9, 2020

In one sentence, the biggest difference between Sophos and FortiGate is the “RED” option in Sophos XG.

Technical & Pre-Sales Manager at GateLock
Real User
Top 5Leaderboard
Jan 8, 2020

The main points between both are Sophos hardware in all of its models except the smallest one, XG 86, have SSD hard desk. It has a total security solution especially when you get the benefits of synchronized security with its Endpoint interceptX as it is amazing when it works with the XG firewall. You can also have benefits if you got the encryption solution and the Wireless.

The reporting on the XG firewall is an amazing feature that does not exist on one box with Fortinet.

The DLP solution on the XG firewall is impressive.

Fortinet in performance is better than Sophos.

For the small and medium businesses, I recommend XG firewall but for large data centers, I recommend Fortinet.

I hope it is informative, please feel free to contact me with any further queries.

Security and Network Specialist at a government with 201-500 employees
Jan 8, 2020

I evaluated both and in the end, I decided to go with Sophos. It has a good application filter & Web filter, WAF is included, report integrated, has a VPN of any kind, and synchronized security with the endpoint.

it_user1146165 - PeerSpot reviewer
Cibersecurity Pre-Sales at Ingram Micro Inc.
Real User
Jan 8, 2020

Both devices have the same architecture (UTM), but FortiGate has more granularity in networking security, it´s more friendly for management, and it has more performance. In the Gartner and NSS Lab reports, FortiGate has a better ranking.

User at a tech services company with 1,001-5,000 employees
Jan 13, 2020

FortiGate is more advanced and stable than Sophos-XG with the below extra features:

1- SD-WAN.

2- Load Balance.

3- SLA Tracking.

4- Multiple VDOMs.

5- Tech Support

CEO at C-Selection Technologies
Real User
Jan 9, 2020

Sophos reporting is better than FortiGate but if we're talking about the analysis and performance with a level of security Fortigate is the best.

President with 11-50 employees
Jan 9, 2020

If you are a smaller company, Sophos XG has the best value. FortiGate is better for larger companies. However, there are better alternatives in the market. Palo Alto technology is one of the best in the market and is one of the most expensive. CISCO is also making inroads.

Related Questions
Cloud Engineer at Inara Technologies
Jun 2, 2023
Hello community,  I am a Cloud Engineer at a small tech services company.  I am currently researching firewalls. Which solution do you prefer: Palo Alto Networks PA-3410 Firewall or FortiGate 601F? What are the pros and cons of each solution? Thank you for your help.
Commercial Manager - Government at core tecnologia
May 16, 2023
Hello peers,  I am a Commercial Manager at a small tech services company. I am currently researching alternative firewalls for Hillstone. Which FortiGate firewall model can you replace with Hillstone? Thank you for you help.
See 1 answer
Bořivoj Tydlitát - PeerSpot reviewer
Chief Security Officer at The Mama AI
May 16, 2023
There is no simple answer. Like Hillstone, FortiGate firewalls are a line with a huge range of capabilities. Here are some ideas based on our experience: - Think about high availability? How stringent are your requirements? What would device reboot (minutes downtime), tripped circuit breaker (minutes to hours down), or hardware failure (days down or more) mean? Are you operating single or multiple installations? What is the availability of a replacement device? Based on that - are you considering a single device, a single device with a dual power supply, or a HA pair of devices? (We have quite good experience with a HA pair of 60F's.) - What are the Internet and local network connectivity requirements? Is 1Gbit Ethernet enough, or do you need 10Gbit? Will FortiGate serve as a router for multiple segments of your local network? That may mandate 10Gbit interfaces on the LAN side even where your Internet connectivity does not require that bandwidth. - Do you need a hard drive in the unit? Typically, it is used for local logging where remote logging options (FortiCloud, Syslog, etc.) are not practical or possible for technical, financial, or irregular reasons.  - Rackmount - do not worry too much about that - the low-end units (40F, 60F) are not rack-mounted per se, but you can get an original adapter kit or just use a shelf as we do. - Remember that the HW cost is just a fraction of TCO, the subscription being a substantial part. - On the HW capacity scaling - this one is tricky, as it heavily depends on the traffic patterns and on the depth of firewall scrutiny. Think more of the number of transactions (TCP connections, UDP "sessions") than the actual packet or byte rates. In our use case, it looks like the RAM is a more scarce resource than the CPU. FortiGate goes into Conserve Mode when hitting something like 75% RAM use, so it is a good idea to keep the normal usage around 50%. - If you are using a virtualized infrastructure, you may consider a FortiGate VM form factor. Or you can request a free trial VM (feature-restricted) or full-featured evaluation VM (available on request) and use it for evaluation. - Needless to say - FortiGate is a complex device with tons of features, and it has quite a learning curve. Additionally, some of the more advanced features are available in CLI only or have to be explicitly enabled to be visible in GUI. - One more piece of advice - be conservative about FortiOS (FG firmware) major/minor releases. New releases tend to be quite buggy and it is a good idea to avoid anything that ends with a patch level less than about 5-6. On the other hand, do apply security patches diligently, some of them close really critical holes. For example, we are on 7.0.11 firmware, even though 7.2.4 and now also 7.4.0 is out.
it_user72771 - PeerSpot reviewer
Info Sec Consultant at Size 41 Digital
Real User
Top 5
Product Comparisons
Download Free Report
Download our FREE report comparing Fortinet FortiGate and Sophos XG based on reviews, features, and more! Updated: May 2023.
708,461 professionals have used our research since 2012.