We performed a comparison between Sophos UTM and Sophos XG based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It's quite comfortable to handle the FortiGate firewall."
"We are a visual effects company, and there have been a number of high profile security issues in our industry. This has brought us to a higher standard of security, which our clients are very keen on these days."
"The network security and cloud security are most valuable."
"Consolidated our network environment at all locations, but mainly at our datacenter."
"We can detect any attack of viruses or malware at the first point of contact."
"The solution is highly scalable because they have devices that can handle a large amount of traffic."
"The wireless control is helpful."
"The CLI and GUI do a good job of putting a lot at your fingertips."
"Configuration troubleshooting is eased by the use of the color-coded, live firewall log."
"They are all good, but most-used are Network Protection and Web Filtering."
"The most valuable feature of Sophos UTM is the endpoint protection feature."
"Sophos UTM has improved the porting section. It has improved security by seeing the gaps. For example, when you discover that an entry has been using a certain application, with Sophos UTM acting as a Layer 7 firewall, you can block the application, not the port."
"Sophos is a unified solution. We have anti-virus protection, firewall rules, knotting, and DACC all in one box."
"We've found the technical support to be helpful."
"The most valuable feature of Sophos UTM is the efficiency and mail filtering module."
"The stability, overall, is excellent. I haven't had a problem in the last two years."
"The feature that we find most valuable is the VPN, which ensures that people working remotely have a secure connection."
"The product’s most valuable feature is the user management system."
"This is a very stable solution."
"One of the standout features of Sophos XG is its proprietary VPN technology known as RID (Remote Internet Device). This unique technology provides efficient branch connectivity without the need to invest in additional firewalls for each branch. By utilizing an affordable device called RED, users can effectively control and establish connections in a cost-effective manner. Additionally, the solution is feature-rich."
"It's a complete firewall solution that has everything."
"This kind of strategic technology makes it much easier to remove malware and address vulnerabilities quickly."
"I like the dashboard, the interface, the management console, and the remote login."
"The most valuable features of Sophos XG are user-friendliness and it is highly secure."
"The non-error conserve mode has room for improvement."
"In terms of what could be improved, the SD-WAN is quite difficult, because if you install the new box, 15 is okay, but if you change from an old configuration, if there is already configuration and a policy when you change to SD-WAN, you must change the whole policy that you see in the interface."
"Monitoring and reporting could be better."
"Some of the filtering is not robust, you can escape it with a VPN. Some of the users bypass some of the filters. It catches some but it also misses some, that area could be improved. It's functioning reasonably but there's room for improvement in that area."
"Fortinet should focus on enhancing the capabilities of FortiGate by consolidating its various products, such as FortiGate Cloud, FortiManager, and FortiAnalyzer."
"One of the problems I was having was with user mapping, and it is an issue for which I have escalated tickets with Fortinet support."
"The pricing could be reduced or include the first year warranty."
"Fortinet FortiGate needs to improve to be on par with its competitors, such as Palo Alto and Sophos. They are the market leaders. Fortinet FortiGate needs to improve its capabilities. However, we are happy with Fortinet FortiGate."
"Reporting: We have had to work manually in many of our reports."
"The solution needs to do better at covering mobile devices, although they may have an integrated solution for that purpose."
"Sophos UTM sometimes falls short in high-availability environments. They used to launch firmware that didn't work very well in a high-availability environment."
"The integration capabilities could be better."
"We didn’t find any issues but I know there have been some in the last few years."
"The lack of import/export functions for network and service options drives me mad."
"The scalability of the product is an area with certain shortcomings where improvements are required."
"Sophos customer support could use some improvement."
"I would like to see in future releases a tool to scan for malicious packets and give the location of where they are coming from."
"I would like to have more artificial intelligence in the web monitoring service that comes with it. It should alert us when particular events happen. It has already got some of that. I know that it is more of a service, and Sophos is already looking at it. It is called SIEM."
"I would like to have remote access to clients using a static IP for a certain period of time."
"Sophos can improve the debugging of the WAPS function."
"The manuals or guides we are given are too simple. When we are implementing the product, it is difficult for us as we don't have more detailed information."
"An area of improvement would be the reporting as diagnostic graphs take a long time to load and refresh. If there could be an option to show only select graphs, it may speed up the graphics."
"Their support is fairly good, and they come back to me. I've had an issue once or twice where I couldn't understand what the support person was saying because those calls were probably routed to India. They were a bit difficult to understand, but it is generally not an issue."
"Data traffic analysis could be better. I think Fortinet products like FortiAnalyzer are very effective in analyzing data traffic. I think it's better than Sophos. It could also be more stable."
Sophos UTM is ranked 1st in Unified Threat Management (UTM) with 110 reviews while Sophos XG is ranked 7th in Firewalls with 192 reviews. Sophos UTM is rated 8.4, while Sophos XG is rated 8.2. The top reviewer of Sophos UTM writes "It's a highly stable platform with very few hardware issues". On the other hand, the top reviewer of Sophos XG writes "Easy to use and deploy with an improved pricing structure in place". Sophos UTM is most compared with Netgate pfSense, OPNsense, Palo Alto Networks NG Firewalls, Cisco Secure Firewall and WatchGuard Firebox, whereas Sophos XG is most compared with Netgate pfSense, OPNsense, Sophos XGS, SonicWall TZ and Palo Alto Networks NG Firewalls. See our Sophos UTM vs. Sophos XG report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
The biggest difference between Sophos SG and Sophos XG is performance.
Now, there's even a newer Hardware Platform (same OS as Sophos XG, which is called SFOS) - the Sophos XGS which has different chipset architecture, to attend each security module, with its newest feature called XStream Technology.
Besides that, the GUI is very different. Nevertheless, it's worth trying the Sophos XG or XGS, since its GUI is getting overhauled for better performance and easier management, by each new release.
Sophos UTM is no longer being developed, according to our reseller. All the development effort is going into XG. So XG will be the only Sophos firewall going forward, UTM will eventually be end of life.
Hi,
The new appliances XGS have a dedicated streaming CPU (Xstream), in addition to the main CPU.
I have personally tested the differences between the XG and XGS similar appliances. The result is spectacular. 30% more perf minimum:
https://www.sophos.com/en-us/p...
The UTM-9 is soon end-life. Sophos security staff is now focused on SFOS 18, XG, XGS.
To respond to the question "the biggest difference", I think is the "Synchronized Security":
https://www.sophos.com/en-us/l...
The firewall is one of the full security solutions centralized in Sophos Central:
https://www.sophos.com/en-us/p...
At most of our customers, we implement a Sophos Endpoint locally on servers and workstations and firewall XGS. The synchronized security interact between firewall and endpoints. This can resolve the problem with the "lateral movement" of an infected computer. It can isolate a computer from the network when detected as infected:
https://news.sophos.com/en-us/...
It can be extended to secure cloud systems with Sophos ClouOptix:
https://www.sophos.com/en-us/p...
Tested with VM in AWS and Azure, work 5*!
Another big difference is the Webserver Application Firewall. All my customers with an internal webserver to be published in the net are protected with this "reverse proxy" (WAF). It really does the job of protecting IIS, Apache, etc. from externals attacks.
Another trick is the SSL VPN sites to sites. When a branch office is implemented with a front ISP router, sometimes the NAT traversal is not possible, for IPSEC VPN connections (UDP 500). With this SSL VPN, Simple NAT works and gives an SSL 128-bit AES encryption.
Finally, I have a lot of experience in implementing UTM and, now, XG(S). No way, the log is a big difference, easier to use as in Fortigates! It is similar to CheckPoint firewalls.
For my experience, no way: -> Sophos XG(S)
Here is an interesting link on differences between UTM and XG:
https://www.avanet.com/en/blog...
Regards,
A.Rastello
My understanding is that UTM is the software; SG is the hardware. You can buy Sophos UTM running on SG hardware and then later upgrade to the XG running on the same hardware.
I've been told by our Sophos reseller that Sophos are pushing the XG as next generation firewall, and developing it to at least as good as UTM. So XG will be the firewall of choice moving forward. UTM will not be developed further, according to him.
To my understanding, UTM and XG are from different legacy companies that
are now owned my Sophos. During my time researching anti-virus, UTM makes
more sense for our needs seeing as XG is primarily a firewall. From the
information I was able to find during the time of research, it seemed most
of the community felt XG had feature gaps from UTM.
UTM specifically SG series is a very mature and stable platform. It lacks some of the new features of XG; however has a very strong feature set. If you are looking for stability, ease of use and something well documented and understood than I suggest going this way. If however you are looking for a strong level of integration and have a greater than 3 year horizon then I suggest XG.
Wifi integration for example works better on the new platform.
There are several differences since there are 2 versions,
XG firewall has integrations with other products like intercept X and admin from Sophos central.
SG UTM has less integration since it's a separate product. It was formerly Astaro firewall, but the most advanced features have been only set to the XG.
There are appliance and software versions of both products. Depending on your need you might choose one or another. But basically, look at them as 2 different firewalls.