We performed a comparison between Palo Alto Networks and Sophos XG based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Palo Alto Networks comes out on top in this comparison. It is robust, performs well, and has good support. Sophos XG does, however, do better in the Pricing and Ease of Deployment categories.
"Their reliability and their policy of pre-shipping replacements when a unit has failed."
"It's quite comfortable to handle the FortiGate firewall."
"The solution is highly scalable because they have devices that can handle a large amount of traffic."
"The signature database and zero-day detection are Fortinet FortiGate's most valuable features."
"The SD-WAN function is very developed. It has SD-WAN functionality with security features in one device. We can manage from one single console SD-WAN and the security policy."
"I'm pretty happy with its reliability. It is also very scalable."
"Good anti-malware and web filtering features."
"We can detect any attack of viruses or malware at the first point of contact."
"We have found the SSL decryption within this solution to be great; you can enable this feature and have the ability to see more of what is happening across your network."
"The technology's very good. We have had a lot of good experience with this solution."
"Everything is easy in Palo Alto Networks NG Firewall. It is very stable, easy to configure, and easy to upgrade. It is also very easy to create custom policies and applications. Everything can be done with the click of a button. It is also good for the protection of web services. Nowadays, they have a rather new DNS security feature, which is pretty good and functional. We did a one-month trial, and it is the best product for the firewall network."
"Some of the valuable features in this solution are traffic monitoring, GUI functionality, and it very easy to troubleshoot if there is any problem that happens."
"One of the simple features I like about Palo Alto firewalls is that it's extremely easy to find out what's happening in the network. The reporting is phenomenal, and it's easy to find which threats have been detected and what traffic is going through the box. When a customer notices something is wrong, you can quickly check the amount of traffic going through the firewall around that time. If there is anything out of the ordinary, you can decide it needs to be investigated further."
"Prisma Access is the most valuable feature of Palo Alto Networks NG Firewalls."
"We have not had to replace hardware routers nor purchase additional hardware. So, that has provided a little bit of an ROI."
"Palo Alto Networks NG Firewalls enabled us to have better visibility overall."
"The solution seems to be very easy to use."
"The product is very easy to explore. It has a very good layout."
"The VPN feature is the most valuable. It has come in handy during this period when people are working from home. The filtering feature is also valuable because you can easily filter the sites that you don't want to visit. You can also set timely surfing quotas."
"I rate Sophos support 10 out of 10. When my device was freezing, I contacted them, and sent me a replacement. It only took a couple of days for Sophos to ship the device to Kenya. I didn't have a redundant device, so it was urgent."
"They really work scalability into the solution at the outset."
"It is easy to implement."
"Sophos is a stable solution, and we haven't had any bugs or limitations."
"The solution offers a good firewall endpoint and email encryption."
"They should improve the interface to make it more user-friendly."
"I would like reporting to be improved and should offer a lot more tools to monitor the products."
"If I had any criticism that I would give FortiGate, it would be that they need to stop changing their logging format. Every time we do a firmware upgrade, it is a massive issue on the SIM. Parsers have to be rebuilt. Even the FortiGate guys came in and said that they don't play well in the sandbox."
"I have to say that the initial setup was complex. The deployment took a few days to get set up. Initially, we were using an IPVanish. We switched to this tool since we thought it would be easier. But it turns out it wasn't easier to set up and run."
"I could not configure sFlow from the FortiGate graphical user interface. I realized that the sFlow configuration is available only from the CLI, and discovered that sFlow is not supported on virtual interfaces, such as VDOM links, IPsec, or GRE."
"It would be ideal if they had some sort of GUI interface for troubleshooting and diagnostics."
"One issue that I have had is that sometimes I need to monitor the traffic, so I need to filter it according to the user and which user is using it the most. I experience a bottleneck most of the time, particularly at the peak time when the number of contracts and users are at maximum."
"Fortinet FortiGate can improve the integration with Active Directory. Additionally, I would like to have a Cloud Controller, such as they do in the Cisco Meraki solution."
"The analytics could be improved."
"Maybe they could add some tools and more competing services, like servers, but that would increase the cost of the solution."
"In Mexico, Palo Alto's discounts are significantly lower than Cisco's. They are also more expensive – about 15% or 20% – than Cisco, but their platforms are very similar."
"In the cloud, the HA could be a lot better. Its price could also be better. It is very expensive."
"People sometimes find it more expensive as compared to other solutions. There are also fewer training opportunities for Palo Alto than Cisco and other vendors."
"Palo Alto Networks NG Firewalls need better training modules. You have to do a lot of reading prior to watching the training videos, and it's good for people who are really into it. However, often you want to use a video for a TID. You want to see how to do something rather than spend 30 minutes reading and then another 30 minutes watching the class. As a result, I take third-party training classes rather than Palo Alto's training because they are a lot better."
"The price is high and has room for improvement."
"Palo Alto Networks NG Firewalls work slowly for vulnerability management. Its performance could be faster."
"Scalability could be improved. It could be better."
"I would like to have remote access to clients using a static IP for a certain period of time."
"The product's user interface has certain shortcomings where improvements are required."
"We encounter difficulties while navigating through certain features and functionalities of the product."
"While it is a secure solution, I believe it could be improved."
"It's easy to use, but it's hard to configure exact settings. They need to make it easier to access advanced features."
"It would be great if the user can have a portal to check on activities related to their account."
"The reporting could be improved in this solution by adding more details."
More Palo Alto Networks NG Firewalls Pricing and Cost Advice →
Palo Alto Networks NG Firewalls is ranked 6th in Firewalls with 162 reviews while Sophos XG is ranked 7th in Firewalls with 192 reviews. Palo Alto Networks NG Firewalls is rated 8.6, while Sophos XG is rated 8.2. The top reviewer of Palo Alto Networks NG Firewalls writes "We get reports back from WildFire on a minute-by-minute basis". On the other hand, the top reviewer of Sophos XG writes "Easy to use and deploy with an improved pricing structure in place". Palo Alto Networks NG Firewalls is most compared with Check Point NGFW, Azure Firewall, Meraki MX, Netgate pfSense and Cisco Secure Firewall, whereas Sophos XG is most compared with Netgate pfSense, OPNsense, Sophos XGS, SonicWall TZ and WatchGuard Firebox. See our Palo Alto Networks NG Firewalls vs. Sophos XG report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat signatures and updates. I also appreciate that I can just import addresses and URL objects from the external server. Palo Alto has a dedicated management interface, which makes it easy to manage the device and handle the initial configuration. It has fantastic throughput and its connection speed is pretty fair, even when dealing with a high traffic load. With Palo Alto I can configure and manage with REST API integration. And Palo Alto provides deep visibility into your network activity via Application and Command Control.
Although Palo Alto has great things going for it, there are a few things I dislike about it. For example, when the CPU is 100%, the GUI can take a very long time to respond. Booting time is also time-consuming, and committing the configuration takes more time than I would like it to.
Like Palo Alto, Sophos XG is quick and easy to configure. It is compact in size, and therefore does not weigh a lot either. Similar to Palo Alto as well, it can handle heavy traffic and has a solid performance. A good thing about Sophos XG is that it supports IPsec connection with multiple vendor firewalls. However, I am not impressed with the CLI which is not so useful, and I don’t like that there is no option to import bulk address objects.
Conclusion:
Palo Alto Networks NG Firewalls and Sophos XG are both good products. However, Palo Alto has certain features I really like and that’s why I chose it. For me, Palo Alto’s dynamic address group option is a big advantage because it is a huge time saver instead of having to create address groups manually. Another biggie for me was its DNS Sinkhole feature because it is something I rely on a lot and it is very effective in blocking C2 command control traffic.