We performed a comparison between Cisco Secure Firewall and Sophos XG based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The two solutions are very comparable. The only major difference between the two is that some users of Cisco Secure Firewall consider the deployment to be somewhat complex.
"FortiGate is on the cheaper end, and it offers good value."
"The most valuable feature is the interface, which is very user friendly. We are utilizing most of the features, like content filtering. The firewall is powerful."
"The most valuable features are simplicity, management, and that it's constantly evolving."
"Overall security features and performance routing is good."
"It's very fast and easy to configure."
"The most valuable features are SD-WAN, application control, IPS control, and FortiSandbox."
"Fortinet FortiGate is a scalable solution."
"The most valuable feature is the VDOM, which allows the customer to have multiple firewalls in a single campus."
"It's got the capabilities of amassing a lot of throughput with remote access and VPNs."
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"Malicious URLs are being blocked."
"Integration with all the other Cisco tools is valuable."
"One of the most valuable features is the AMP. It's very good and very reliable when it comes to malicious activities, websites, and viruses."
"IPSec Tunnel and AnyConnect (of course), the context awareness was a good feature, but clumsy at the beginning. I think it's better now."
"We can easily track unauthorized users and see where traffic is going."
"The most valuable features are the flexibility and level of security that this solution provides."
"The stability of Sophos XG is very good. However, there have been some issues with other weaker models because they are limited in hardware in resources."
"Some of the most valuable features are filtering and application control. The DDoS detection also shows traffic jamming and traffic shaping."
"It is very easy to use. You can configure and monitor everything from one unique dashboard."
"What we found valuable is the way they deal with emails, as well as the way the bandwidth usage is shown."
"The two most valuable feature of Sophos XG is, one the option to filter according to different applications and two, the integration with the Active Directory."
"SD-WAN features should be added."
"We can configure rules with the user, traffic, etc., making it a very versatile solution for our network."
"I have found configuring the ports to be easier in Sophos XG compared to the other devices."
"The support costs and licensing are sometimes so expensive."
"I think there could be more QoS features"
"It would be good if they had fewer updates."
"They've become quite expensive."
"I need user-behavior analytics, to find threat scenarios from inside the organization, insider attacks. That would be very helpful for us. In addition, I would like next-generation features for small and medium businesses. These businesses require UTM, all in one product. Fortinet must include it."
"The support is the main thing that needs to be improved."
"Fortinet FortiGate is not very easy to use. The navigation could be improved to make it easier to use."
"The biggest "gotcha" is that if the client purchases what they call the UTM shared bundle, which has unified threat management on both, it's not as easy to manage if you have more than one firewall."
"It is not the newest, cutting-edge technology"
"Cisco missed the mark with all the configuration steps. They are a pain and, when doing them, it looks as if we're using a very old technology — yet the technology itself is not old, it's very good. But the front-end configuration is very tough."
"I think that the solution can be improved with the integration of application-centric infrastructure. It could be used to have better solutions in one box."
"An area for improvement is the graphical user interface. That is something that is coming up now. They could make the product more user-friendly. A better GUI is something that would make life much easier."
"We found it difficult to publish an antennae sidewalk with the ASDM. I think Cisco should improve this by creating a simpler interface for the firewall."
"There is limited data storage on the appliance itself. So, you need to ship it out elsewhere in order for you to store it. The only point of consideration is around that area, basically limited storage on the machine and appliance. Consider logging it elsewhere or pushing it out to a SIEM to get better controls and manipulation over the data to generate additional metrics and visibility."
"Its configuration through GUI as well as CLI can be improved and made easier."
"Cisco still has a lot of work to do. You can convert an ASA over to a Firepower, but the competitors, like Palo Alto and Juniper, are coming in. And believe it or not, they are a little bit more intuitive. Cisco has a little bit more work to do. They're playing catch up."
"The main problem with Sophos XG today is that it doesn't have a feature where you actually know the quality of an international link, which would allow us to we know if the link is operational or not. We need more information. It's losing packets on the network. It's high latency. So, we need more information to know if the link is really bad or really good, and today, we will only know if it's working and this just isn't enough."
"It would be helpful if they had a set of standard templates because it would assist in the beginning, when you are just getting started."
"One feature I would like to add is remote wipeout capability. This would be useful in cases where a user leaves the organization and fails to return their laptop. Remote wipeout would allow for the deletion of data from the device with a single command. Regarding technical support from Sophos XG, it's generally satisfactory. However, the response time could be improved. It takes around one hour to receive assistance, but reducing this to 30-45 minutes would benefit us."
"It would be great if the user can have a portal to check on activities related to their account."
"It could offer a DNS Filter for blocking botnet networks."
"Lacking network access control, user profiling and analytics dashboards."
"The support from the vendor needs to be improved."
"The installation could be faster and is longer than that of other solutions, lasting more than a month instead of five minutes."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Sophos XG is ranked 7th in Firewalls with 192 reviews. Cisco Secure Firewall is rated 8.2, while Sophos XG is rated 8.2. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Sophos XG writes "Easy to use and deploy with an improved pricing structure in place". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Meraki MX, Palo Alto Networks NG Firewalls and Juniper SRX Series Firewall, whereas Sophos XG is most compared with Netgate pfSense, OPNsense, Sophos XGS, SonicWall TZ and SonicWall NSa. See our Cisco Secure Firewall vs. Sophos XG report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
My preference is the Sophos XGS, particularly when you team it up with the Sophos Endpoint Protection client and configure it for synchronized security.
Both can be managed through Sophos Central and are available at a decent price for the power they offer the SMB.
I recommend Sophos XGS firewall. It will offer the best solution for malware protection.
Also, I recomend Sophos CIXA with XDR (Sophos Endpoint), so you can use Syncronized Security.