We performed a comparison between Palo Alto Networks and Sophos XG based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Palo Alto Networks comes out on top in this comparison. It is robust, performs well, and has good support. Sophos XG does, however, do better in the Pricing and Ease of Deployment categories.
"This solution has solid UTM features combined with a nice GUI."
"The license management is very valuable. You can get a new license each year, or you can enroll every two to four years. You can get the logs, and you will get the information on the risk in your network and the entire organization. With this information, you can take action on your actives, computers, or devices. You can bring your own device as an SSE."
"Virtual Domains (VDOMs) are a feature that we found valuable."
"The performance is good."
"Fortinet FortiGate is user-friendly and affordable."
"We use the filtering feature the most. It has filtering and inbuilt securities. We can create customized rules to define which users can access a particular type of site. We can create policies inside the firewall."
"Some of the valuable features are the firewall, IPS, web filter, and gateway capabilities. Additionally, it is easy to use and flexible."
"Its user interface is good, and it is always working fine."
"Palo Alto Networks NG Firewalls provide a unified platform that natively integrates all security capabilities."
"It has a solid network security with some robust tools. We can block unexpected attacks, especially zero-day attacks. Since they use the Pan-OS engine, they can collect attacks from all over the world and analyze them. They can then protect against zero-day attacks and unexpected attacks."
"Compared to other firewalls from Check Point, Fortinet, and Cisco, for example, Palo Alto Networks NG Firewalls use the most advanced techniques. They have sandbox integration and others in the orchestrator. Palo Alto's security features are at a higher level than those of the competitors at the moment."
"I typically get involved with it when it comes to audit and compliance and having to gather evidence of those firewalls, routers, and rule sets. The evidence that I typically need is there."
"The initial setup was very easy."
"The most valuable feature is the security provided by the ATP."
"I like that Palo Alto does a good job of keeping the firewall updated with the latest threat signatures."
"Comments have some delay, but overall, it's a good product."
"I've tried out Sophos XG a little. It has a good interface that's very user-friendly, but I haven't used all of its functions because I'm only configuring and running the system."
"The VPN is easy and has good logging, monitoring and notifications."
"The product's initial setup phase was straightforward."
"The most valuable features of Sophos XG for our use cases are its firewall capabilities, its ability to connect to wide area and local networks, and its VPN functionality."
"Sophos is a stable solution, and we haven't had any bugs or limitations."
"The most valuable features of Sophos XG are user-friendliness and it is highly secure."
"The valuable features of this solution are the VPN, load balancer, and the QoS for splitting the ISP band."
"The solution offers a good firewall endpoint and email encryption."
"The integration with third-party tools may be something that they should work on."
"The Wi-Fi controller needs a lot of improvement."
"It would be nice if FortiGate incorporated some built-in endpoint protection features. I would also like a built-in SOC dashboard for managing multiple Fortinet firewalls."
"We would like to see better pricing."
"It does not have key authentication for admin access."
"There aren't really any negative aspects to discuss."
"Currently, without the additional reporting module, we only have access to basic reporting."
"Backup can be improved."
"Support should be improved, wait times can be long."
"I would like them to bring in some features that would encourage traffic shaping or bandwidth routing, like other UTM firewalls, because the solution should be capable of limiting the bandwidth for rules."
"The only real drawback to this product is that it is expensive. But you get what you pay for and there is no way to put a price on top-notch security."
"The support could be improved. Palo Alto does not have a support team located in Bangladesh, and their support team operates from another location. Therefore, when we raise a ticket, it takes some time for them to respond, which can be problematic for us."
"The VPN has room for improvement."
"I like the reports, but I wish the reporting was a little better. When I set up the automatic reports to come in, they're pretty basic. I would like them to be a little more advanced at the ACC monitoring and things like that. I still enjoy all the daily alerts that I get and all the daily PDFs and reports, but I just feel that it could expand upon the visualization of the reports."
"The reporting and visibility are phenomenal, but you don't get that information out of the box. They can email reports regularly, and the functionality is all there. However, a lot of it is based on an older model for email, where customers have in-house email servers. The small and medium-sized business customers I deal with are moving toward Office 365 or some other cloud-based mail and not maintaining their own internal mail servers."
"The analysis of the ITS ID by Palo Alto Networks NG Firewalls could be improved."
"The UTM itself needs improvement. When you're navigating it seems like it takes forever to load anything. The hardware is okay. It's just the software that could be more responsive."
"Inability to investigate incidents, there is no tracking."
"An area of improvement would be the reporting as diagnostic graphs take a long time to load and refresh. If there could be an option to show only select graphs, it may speed up the graphics."
"They need to do more quality checks before they release firmware upgrades. Currently, a few Cyberoam firewall customers are facing some issues while upgrading the Cyberoam firmware to Sophos. After the new firmware is installed, they are seeing some performance issues, which require some bug fixes. The performance is fine after getting the required support. Customers who are already using Sophos hardware are quite satisfied with this solution. Their support should also be improved. We are facing difficulties getting support on time through email or phone."
"They can lower its price. It is very expensive. We are looking for a less expensive solution depending on our budget. They can also improve it in terms of firewall protection."
"Everything is working as expected at this moment, but the anti-spam solution in Sophos XG needs to be improved. It needs more granular features and more stability. The anti-spam solution currently doesn't have many features, and we would like to have more features. At this moment, there is no expression filter for anti-spam. We need something to be able to filter subjects or attachments in emails based on the keyword. Sometimes, there is an issue with anti-spam, and Sophos XG suddenly stops processing incoming or outgoing emails. The only solution for this issue is to restart the appliance. Their support should be improved. It takes a long time to escalate a support case from level one to level two."
"Lacks improved throughput performance in a box."
"The SD-WAN capability is not as good as it is in FortiGate, and is something that should be improved."
More Palo Alto Networks NG Firewalls Pricing and Cost Advice →
Palo Alto Networks NG Firewalls is ranked 6th in Firewalls with 162 reviews while Sophos XG is ranked 7th in Firewalls with 192 reviews. Palo Alto Networks NG Firewalls is rated 8.6, while Sophos XG is rated 8.2. The top reviewer of Palo Alto Networks NG Firewalls writes "We get reports back from WildFire on a minute-by-minute basis". On the other hand, the top reviewer of Sophos XG writes "Easy to use and deploy with an improved pricing structure in place". Palo Alto Networks NG Firewalls is most compared with Check Point NGFW, Azure Firewall, Meraki MX, Netgate pfSense and Cisco Secure Firewall, whereas Sophos XG is most compared with Netgate pfSense, OPNsense, Sophos XGS, SonicWall TZ and WatchGuard Firebox. See our Palo Alto Networks NG Firewalls vs. Sophos XG report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat signatures and updates. I also appreciate that I can just import addresses and URL objects from the external server. Palo Alto has a dedicated management interface, which makes it easy to manage the device and handle the initial configuration. It has fantastic throughput and its connection speed is pretty fair, even when dealing with a high traffic load. With Palo Alto I can configure and manage with REST API integration. And Palo Alto provides deep visibility into your network activity via Application and Command Control.
Although Palo Alto has great things going for it, there are a few things I dislike about it. For example, when the CPU is 100%, the GUI can take a very long time to respond. Booting time is also time-consuming, and committing the configuration takes more time than I would like it to.
Like Palo Alto, Sophos XG is quick and easy to configure. It is compact in size, and therefore does not weigh a lot either. Similar to Palo Alto as well, it can handle heavy traffic and has a solid performance. A good thing about Sophos XG is that it supports IPsec connection with multiple vendor firewalls. However, I am not impressed with the CLI which is not so useful, and I don’t like that there is no option to import bulk address objects.
Conclusion:
Palo Alto Networks NG Firewalls and Sophos XG are both good products. However, Palo Alto has certain features I really like and that’s why I chose it. For me, Palo Alto’s dynamic address group option is a big advantage because it is a huge time saver instead of having to create address groups manually. Another biggie for me was its DNS Sinkhole feature because it is something I rely on a lot and it is very effective in blocking C2 command control traffic.