I am a Network and Security Engineer at a small tech consulting company.
I am about to import the backup configuration file of my hardware-based FortiGate firewall onto my VM-based FortiGate firewall.
Can you please assist me with the procedure?
Thank you for your help.
In the best tradition of these comparisons- it depends. The XG450 is an older series, so it is outpaced by more modern models from both vendors, and the two vendors have different strengths driven by their hardware platforms and ASICs.
For IPSec VPN throughput, anything except FG-40F is faster. For threat protection throughput (the vendor's opinion on "everything turned on" mode) you'd find a 200F in the same league. For straight SSL inspection throughput, 80F and 100F are around that level, but for just regular L4 firewalling, you'd need a 400F. And, for just that extra cherry on top, all of the above are taken from datasheet numbers, which both vendors (I sell both) say are conservative, but should always be taken with a pinch of salt because the actual use cases and traffic/feature mixes can make things vary a lot.
The FortiGate units are fixed ports, with no expansion slots, versus Sophos using port modules, so there's no direct replacement there unless you know exactly how many and what type of ports you need.
I suggest you get the Fortinet product matrix from their website and size it from the first requirements, rather than trying to match what you have directly, or you'll give yourself a headache.
The XG 450 supports 2 10Gb SFP+ slots and 8 GE ports. A Fortinet FG200F supports 4 10Gb SFP+ slots, 8 GE SFP slots, and 18 GE ports. A Fortinet FG400F supports 8 10Gb SFP+ slots, 8 GE SFP slots, and 18 GE ports. Barebones the Sophos XV 450 carries a list price of $11,823, whereas an FG200F costs $5,544, and the FG400F, $11,523. What I look for is the ability of a firewall to decrypt SSL sessions. Given that 80% or more of your network traffic will be encrypted, the firewall has to be able to decrypt packets to find malware. The Sophos XG 450 can inspect 770 Mbps of SSL traffic. The FG200F will inspect 4 Gbps and the FG400F will inspect 8 Gbps of SSL traffic. The Sophos XG 450 has a threat protection throughput of 3.4 Gbps whereas the FG200F datasheet states 3.5 Gbps and the FG400F, has 9 Gbps of threat protection throughput.
According to the datasheet, it can be the 400F, but I almost think that with 200F it can work without a problem, the detail is that XG is the previous generation. At the moment, they are the XGS of SOPHOS.