We performed a comparison between Sophos UTM and Sophos XG based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The CLI and GUI do a good job of putting a lot at your fingertips."
"The flexibility and ease of configuration are the most valuable features."
"We were looking for the VPN feature and controlling the inflow and outflow of all the traffic within the site and across the sites. We are also using it for the VPN and VLANs."
"FortiGate has a very strong unified threat management system."
"The solution is very user-friendly."
"The application control features, such as Facebook blocking and Spotify blocking, are the most valuable."
"Fortigate represents a really scalable way of delivering perimeter network security, some level of layer 7 security, WAF, and also a way to create a meshed ADVPN solution."
"There are lots of features and most of them are deployed for internet security. Users are protected if they accidentally go to some malicious sites."
"It's easy to use."
"It's a stable solution."
"It is not an easy task to protect your web servers from the big bad internet. The Web Server Protection in this solution does it elegantly and, if configured correctly, even hides the server's base system from prying eyes."
"UTM 9 brings along IPSec as well as iPhone and iPad support. This seems small but it’s useful."
"It improved bandwidth utilization and provided link load balancing features for internet and intranet lease lines."
"The management suite is easy and the agent is easy to develop."
"The solution's sandboxing, application center, and database engine are good."
"Sophos UTM is the simplest of these products to setup."
"It's a product that is in continuous improvement and is following what the customer is asking for. They are taking inputs and designing new releases specifically according to the client and their needs."
"Web publishing is important, as well as the importance of the antivirus patch."
"My clients gain efficiency in protecting against attacks from malware such as ransomware and hacker attacks. It also provides them efficient internet access control, and full visibility of ports, applications, and websites."
"The web application firewall reverse proxy is very good."
"I have found the solution easy to use and fully integrated."
"I like it for its simplicity. It is very simple to configure and implement. It is a very good product for medium-sized organizations."
"The antivirus features are valuable."
"The product's initial setup phase was straightforward."
"With the reports, you can see it, and you can get good feelings so upper management can go, "Oh, wow. That looks pretty." However, it's very basic."
"There are problems with the custom reporting of the unique traffic. The data is there, but it is too difficult for us to extract."
"This product needs to have an analysis feature, rather than having the analysis done through the integration of a different product."
"The license renewal process, annual renewal price, and the web application firewall features should be improved."
"Its reporting and pricing need improvement."
"Compared to some other products, the DLP is not at par for the moment."
"To the best of my knowledge, Fortinet does not have a CASB solution and Fortinet does not have a Zero trust solution."
"It should have a better pricing plan. It is too expensive. It should also have a more granular view of the attack. I don't have FortiAnalyzer, and it is difficult for me to have a complete view when there is an attack on my server."
"Monitoring and reporting are areas that need improvement."
"The UI can be cumbersome and, sometimes, features are not where you think they should be."
"There's an issue that when we deploy UTM on fiber, it automatically upgrades to the latest version without giving an option to stay on the current one."
"Sophos UTM's firewall is a bit weak, and some of its features lack depth compared to other products like F5."
"The classification segregation of applications lacks sufficient definition."
"Initially, there were issues with the wireless network as wireless access points were disappearing from the dashboard after some time."
"The reporting system needs to allow for customizations because many reports do not include details that we expect."
"Needs to improve the certificate management (ex. Let's Encrypt support)."
"The solution could be improved if it offered more documentation or at least provided more information about the products themselves."
"The reporting could be improved in this solution by adding more details."
"I would like to see in future releases a tool to scan for malicious packets and give the location of where they are coming from."
"The two main areas where this product needs improvement are routing and reporting."
"While it is a secure solution, I believe it could be improved."
"Sophos XG could improve Data Loss Prevention(DLP)."
"When you are using it as a controller for the wireless access points, it doesn't perform well. It is not suitable for the public cloud. It is more suitable for enterprise data. It is not really the equipment for cloud data centers. I am looking for a data center firewall."
"The solution could be more secure."
Sophos UTM is ranked 1st in Unified Threat Management (UTM) with 110 reviews while Sophos XG is ranked 7th in Firewalls with 192 reviews. Sophos UTM is rated 8.4, while Sophos XG is rated 8.2. The top reviewer of Sophos UTM writes "It's a highly stable platform with very few hardware issues". On the other hand, the top reviewer of Sophos XG writes "Easy to use and deploy with an improved pricing structure in place". Sophos UTM is most compared with Netgate pfSense, OPNsense, Palo Alto Networks NG Firewalls, Cisco Secure Firewall and WatchGuard Firebox, whereas Sophos XG is most compared with Netgate pfSense, OPNsense, Sophos XGS, SonicWall TZ and Palo Alto Networks NG Firewalls. See our Sophos UTM vs. Sophos XG report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
The biggest difference between Sophos SG and Sophos XG is performance.
Now, there's even a newer Hardware Platform (same OS as Sophos XG, which is called SFOS) - the Sophos XGS which has different chipset architecture, to attend each security module, with its newest feature called XStream Technology.
Besides that, the GUI is very different. Nevertheless, it's worth trying the Sophos XG or XGS, since its GUI is getting overhauled for better performance and easier management, by each new release.
Sophos UTM is no longer being developed, according to our reseller. All the development effort is going into XG. So XG will be the only Sophos firewall going forward, UTM will eventually be end of life.
Hi,
The new appliances XGS have a dedicated streaming CPU (Xstream), in addition to the main CPU.
I have personally tested the differences between the XG and XGS similar appliances. The result is spectacular. 30% more perf minimum:
https://www.sophos.com/en-us/p...
The UTM-9 is soon end-life. Sophos security staff is now focused on SFOS 18, XG, XGS.
To respond to the question "the biggest difference", I think is the "Synchronized Security":
https://www.sophos.com/en-us/l...
The firewall is one of the full security solutions centralized in Sophos Central:
https://www.sophos.com/en-us/p...
At most of our customers, we implement a Sophos Endpoint locally on servers and workstations and firewall XGS. The synchronized security interact between firewall and endpoints. This can resolve the problem with the "lateral movement" of an infected computer. It can isolate a computer from the network when detected as infected:
https://news.sophos.com/en-us/...
It can be extended to secure cloud systems with Sophos ClouOptix:
https://www.sophos.com/en-us/p...
Tested with VM in AWS and Azure, work 5*!
Another big difference is the Webserver Application Firewall. All my customers with an internal webserver to be published in the net are protected with this "reverse proxy" (WAF). It really does the job of protecting IIS, Apache, etc. from externals attacks.
Another trick is the SSL VPN sites to sites. When a branch office is implemented with a front ISP router, sometimes the NAT traversal is not possible, for IPSEC VPN connections (UDP 500). With this SSL VPN, Simple NAT works and gives an SSL 128-bit AES encryption.
Finally, I have a lot of experience in implementing UTM and, now, XG(S). No way, the log is a big difference, easier to use as in Fortigates! It is similar to CheckPoint firewalls.
For my experience, no way: -> Sophos XG(S)
Here is an interesting link on differences between UTM and XG:
https://www.avanet.com/en/blog...
Regards,
A.Rastello
My understanding is that UTM is the software; SG is the hardware. You can buy Sophos UTM running on SG hardware and then later upgrade to the XG running on the same hardware.
I've been told by our Sophos reseller that Sophos are pushing the XG as next generation firewall, and developing it to at least as good as UTM. So XG will be the firewall of choice moving forward. UTM will not be developed further, according to him.
To my understanding, UTM and XG are from different legacy companies that
are now owned my Sophos. During my time researching anti-virus, UTM makes
more sense for our needs seeing as XG is primarily a firewall. From the
information I was able to find during the time of research, it seemed most
of the community felt XG had feature gaps from UTM.
UTM specifically SG series is a very mature and stable platform. It lacks some of the new features of XG; however has a very strong feature set. If you are looking for stability, ease of use and something well documented and understood than I suggest going this way. If however you are looking for a strong level of integration and have a greater than 3 year horizon then I suggest XG.
Wifi integration for example works better on the new platform.
There are several differences since there are 2 versions,
XG firewall has integrations with other products like intercept X and admin from Sophos central.
SG UTM has less integration since it's a separate product. It was formerly Astaro firewall, but the most advanced features have been only set to the XG.
There are appliance and software versions of both products. Depending on your need you might choose one or another. But basically, look at them as 2 different firewalls.