We performed a comparison between Palo Alto Networks and Sophos XG based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Palo Alto Networks comes out on top in this comparison. It is robust, performs well, and has good support. Sophos XG does, however, do better in the Pricing and Ease of Deployment categories.
"Whenever I need something, Fortinet improves and updates the software for me."
"The most useful functionality of Fortinet FortiGate is the user interface, multiple engines, and their cloud with the latest integrations. Additionally, the Security Fabric tool is very good."
"Provides good firewall security and has great VPN features."
"It can expand easily."
"Consolidated our network environment at all locations, but mainly at our datacenter."
"It is a one box solution, which covers most of the edge device’s requirements."
"I like that you are able to manage FortiGate from the FortiManager to create a more centralized environment."
"The network security and cloud security are most valuable."
"There are many valuable features within the solution. This includes security, a user-friendly firewall, antivirus, and global protection."
"Palo Alto Networks NG Firewalls saves us time."
"One of the things I really like about it is that we have the same features and functions available on the entry-level device (PA-220), as do large corporations with much more costly appliances."
"The solution is scalable"
"It is critical that Palo Alto Networks NG Firewalls embeds machine learning in the core of the firewall to provide inline, real-time attack prevention. In my environments, we have an integration with a third-party vendor. As soon as there is new information about new threats and the destination that they are trying to reach on any of our network devices, that traffic will be stopped."
"Protection from a single packet and ease of making security rules."
"The technology's very good. We have had a lot of good experience with this solution."
"There are plenty of features available in this solution, such as attack blocker and spam blocker. Additionally, it is very robust and in-depth."
"Reporting is the most valuable feature."
"The two most valuable feature of Sophos XG is, one the option to filter according to different applications and two, the integration with the Active Directory."
"Orchestration of the firewall is the most valuable feature. It is a fast and agile solution. It is good with protection. It is also very easy to deploy and manage, and its user interface is easy to use."
"The stability has been excellent."
"The solution is very easy to use and straightforward."
"This kind of strategic technology makes it much easier to remove malware and address vulnerabilities quickly."
"A valuable feature involves the solution's manageability."
"One of the standout features of Sophos XG is its proprietary VPN technology known as RID (Remote Internet Device). This unique technology provides efficient branch connectivity without the need to invest in additional firewalls for each branch. By utilizing an affordable device called RED, users can effectively control and establish connections in a cost-effective manner. Additionally, the solution is feature-rich."
"One of the problems I was having was with user mapping, and it is an issue for which I have escalated tickets with Fortinet support."
"The non-error conserve mode has room for improvement."
"They should make the rule sets more understandable for the end user. When you're trying to explain to somebody how a computer network is secured, sometimes it's difficult for an end user or customer to understand. If there was a way to make the terminology more accessible to the end user, the set up could be easier. They should translate the technical jargon to an easily relatable and understandable conversation for the end user, the customer, that would be brilliant. Particularly in an environment where the IT structure is audited regularly, there's always pressure from the auditor to up the standards and up the security and you get your USCERT's that come out and there's a warning about this and the customer will want to lock out so much and when you apply it they run into issue where they can't search the internet or print to their remote office. Of course they can't print to your remote office, they just locked it up. They should make the language more understandable for the customer. If there's a product out there that made the jargon understandable to John Q. Public, I would buy that."
"I could not configure sFlow from the FortiGate graphical user interface. I realized that the sFlow configuration is available only from the CLI, and discovered that sFlow is not supported on virtual interfaces, such as VDOM links, IPsec, or GRE."
"It needs to improve its ISP load balancing."
"It needs more available central management."
"Technical support for this solution can be improved."
"They are doing good, but they can improve the distributor assignment. The availability of the product and the timeline of delivery are the main things. The distribution should be swift, and the distributor should not reach out to end customers directly. They should work as a distributor. There should also be one more local distributor. Currently, there is only one distributor in Pakistan, and the rest of them are in UAE. It is difficult to work with only one distributor. Sometimes, you don't get along with the same distributor, and that's why they should have one more distributor. Their licensing should also be improved. The activation or renewal of the product should be done from the date of renewal, not from the date on which the license expired."
"Its software updates can be improved. It sometimes becomes very slow with the software updates for different features. It should have an External Dynamic List of data. The malicious IP is not frequently getting updated in Palo Alto, and this should be done."
"Maybe they could add some tools and more competing services, like servers, but that would increase the cost of the solution."
"I would like to see some Machine Learning because I have observed new types of attacks that are able to bypass existing security rules."
"Could also use better customer support."
"Palo Alto should improve their support. It's sometimes difficult to get the right technician or engineer to fix the problem as soon as possible."
"There is a web-based GUI to do management, but you need to know how the machine or firewall operates. There are hundreds of different menus and options. I have used other firewalls before. Just implementing or designing a policy with Palo Alto, if you want a certain port to be open to different IP addresses, then that could take 20 to 25 clicks. That is just testing it out. It is quite complex to do. Whereas, with other places, you tell it, "Okay, I want this specific port open and this IP address to have access to it." That was it. However, not with Palo Alto, which is definitely more complex."
"The pricing of the solution is quite high. It's one of the most expensive firewall solutions on the market."
"Palo Alto Networks NG Firewalls need better training modules. You have to do a lot of reading prior to watching the training videos, and it's good for people who are really into it. However, often you want to use a video for a TID. You want to see how to do something rather than spend 30 minutes reading and then another 30 minutes watching the class. As a result, I take third-party training classes rather than Palo Alto's training because they are a lot better."
"The interface of Sophos XG could be improved. I would prefer the Sophos XG to have an interface for the technician who is setting it up similar to the Sophos SG. I felt the Sophos SG user interface was superior. however, in terms of the functionality of the product, Sophos XG is in many ways more powerful than the Sophos SG. I have no complaints about the quality of the product or the end result. For someone who has used both, I preferred the old interface to the new one."
"The user interface could be improved and more bandwidth management would be helpful."
"They can simplify its interface so that it is mostly drag-and-drop. There was an SQL injection attack on some Sophos devices. They just need to harden their devices a little bit so that they can't be hacked very easily."
"Fortinet surpasses Sophos in terms of support, particularly with its comprehensive five-one feature console."
"Sophos XG should improve on the GDPR features involving data protection and encryption. Security regarding data protection is important."
"In Sophos XG, the throughput for larger networks is an area of concern where improvements are required."
"While it is a secure solution, I believe it could be improved."
"Their updates can be faster and more regular."
More Palo Alto Networks NG Firewalls Pricing and Cost Advice →
Palo Alto Networks NG Firewalls is ranked 6th in Firewalls with 162 reviews while Sophos XG is ranked 7th in Firewalls with 192 reviews. Palo Alto Networks NG Firewalls is rated 8.6, while Sophos XG is rated 8.2. The top reviewer of Palo Alto Networks NG Firewalls writes "We get reports back from WildFire on a minute-by-minute basis". On the other hand, the top reviewer of Sophos XG writes "Easy to use and deploy with an improved pricing structure in place". Palo Alto Networks NG Firewalls is most compared with Check Point NGFW, Azure Firewall, Meraki MX, Netgate pfSense and Cisco Secure Firewall, whereas Sophos XG is most compared with Netgate pfSense, OPNsense, Sophos XGS, SonicWall TZ and WatchGuard Firebox. See our Palo Alto Networks NG Firewalls vs. Sophos XG report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat signatures and updates. I also appreciate that I can just import addresses and URL objects from the external server. Palo Alto has a dedicated management interface, which makes it easy to manage the device and handle the initial configuration. It has fantastic throughput and its connection speed is pretty fair, even when dealing with a high traffic load. With Palo Alto I can configure and manage with REST API integration. And Palo Alto provides deep visibility into your network activity via Application and Command Control.
Although Palo Alto has great things going for it, there are a few things I dislike about it. For example, when the CPU is 100%, the GUI can take a very long time to respond. Booting time is also time-consuming, and committing the configuration takes more time than I would like it to.
Like Palo Alto, Sophos XG is quick and easy to configure. It is compact in size, and therefore does not weigh a lot either. Similar to Palo Alto as well, it can handle heavy traffic and has a solid performance. A good thing about Sophos XG is that it supports IPsec connection with multiple vendor firewalls. However, I am not impressed with the CLI which is not so useful, and I don’t like that there is no option to import bulk address objects.
Conclusion:
Palo Alto Networks NG Firewalls and Sophos XG are both good products. However, Palo Alto has certain features I really like and that’s why I chose it. For me, Palo Alto’s dynamic address group option is a big advantage because it is a huge time saver instead of having to create address groups manually. Another biggie for me was its DNS Sinkhole feature because it is something I rely on a lot and it is very effective in blocking C2 command control traffic.