We performed a comparison between Sophos UTM and Sophos XG based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is easy to use and performs very well."
"Mainly the FortiGate reporting system is very good. It guides us through all the expectations of security. Fortinet provides us all that we need for security. Also, Fortinet FortiGate is a next-generation firewall. It is much more advanced than others."
"The SD-WAN function is very developed. It has SD-WAN functionality with security features in one device. We can manage from one single console SD-WAN and the security policy."
"The most valuable feature is the VDOM, which allows the customer to have multiple firewalls in a single campus."
"Fortinet has a very good solution for Secure SD-WAN. One very good feature is that they have robust and simple FortiOS through which they provide all solutions. That's their strength. There's not much complexity involved with the Secure SD-WAN solution of Fortinet as compared to Cisco's solution, which has a lot of flexibility but complexity also comes with that flexibility."
"Their interface is very easy to use, it is without bugs."
"The tool is a nice product and easy to handle. The software's user interface is also good. You can easily implement remote access in the solution."
"We can use our devices to check all of the perimeters. It secures email websites."
"It does not take much effort or thinking to understand how it works."
"The isolation of infected machines is a big feature. Also, the ability to detect external sources that change files on a file server is really big."
"The most valuable feature is the IPS. It also protects us from malware."
"It is a stable product... I rate the solution's technical support a nine out of ten...The initial setup is quite easy because they have all the information on their website."
"What I like about Sophos UTM is that it improves my company's security. The solution is easy to set up, which I like, and it's very stable."
"The three most important features for us are web protection, web server protection, and network protection."
"The solution's sandboxing, application center, and database engine are good."
"The solution is scalable."
"We have found that the simplicity of the XG 210 is its most valuable feature."
"It has a very friendly interface like the Cyberoam iNG units, it has customizable policies, it has proper templates that you can even modify, and you can customize the rules, down to each single user."
"I like the firewall, inbound, and outbound modules the most. The VPN feature also works well. It is very easy to configure rules in Sophos XG. We have got local service here in Zimbabwe from Sophos, which is something that I like a lot. We have got good local support, and they come on-site when we have any challenges. Sophos provides a lot of good training all around Zimbabwe. They are quite dominant here, similar to other solutions like Fortinet or WatchGuard."
"I have found the solution easy to use and fully integrated."
"The solution has all the security features you would need for any type of environment."
"We created and configured a VPN for connecting our remote sites and also to make it more secure and reliable. We also like its two-factor authentication features."
"Sophos began with a basic version and evolved into something more efficient in terms of performance."
"Some of the most valuable features are filtering and application control. The DDoS detection also shows traffic jamming and traffic shaping."
"Price, of course, can always be more competitive or better."
"Technical support for this solution can be improved."
"The solution lacks multi-language support."
"When we cluster the two Fortinet FortiGate boxes together we have some issues."
"The UI could be improved."
"I think they need to improve more in order to be a competitor with the leaders of the field."
"The price of FortiGate should be reduced because there are some other leading products that are cheaper."
"It would be a benefit if Fortinet would release a one-stop solution that is better integrated with other products and an automated emergency response system."
"With Sophos UTM, there is a general rule in the firewall when the country blocking can block some countries from accessing your data. In the current version, you still need to add it by putting in the IP range. This feature would be helpful for administrators and it gives them the advantage to block stuff in less time."
"We'd like to see them offer their services on mobile devices like tablets. I'm not sure if that's an option or not."
"The lack of import/export functions for network and service options drives me mad."
"I would like to see Sophos UTM add support for all the new threat-detection technologies and the ability to respond to novel security threats that come along every day."
"I would like to see the SD-WAN feature improved."
"I think that additional metrics features are needed to be able to monitor other areas or to monitor as much as you can, at a fine-grain resolution."
"This product could use some improvement with web filtering. It takes a lot of time and effort to set up and maintain."
"Sophos should improve its ability to check something like bandwidth consumption for users or something more real-time."
"The solution’s reporting could be improved."
"We feel that the GUI can be improved a bit because it has a lot of information and looks a bit outdated."
"The vendor doesn’t publish the price on the website."
"In the product, the area revolving around SD-WAN has certain shortcomings where improvements are required."
"I would like to have remote access to clients using a static IP for a certain period of time."
"One area where Sophos XG could improve is in its patch management system."
"There is an area that is very specific to our setup, where working tools you cannot easily establish a VPN between two internal networks."
"They need to do more quality checks before they release firmware upgrades. Currently, a few Cyberoam firewall customers are facing some issues while upgrading the Cyberoam firmware to Sophos. After the new firmware is installed, they are seeing some performance issues, which require some bug fixes. The performance is fine after getting the required support. Customers who are already using Sophos hardware are quite satisfied with this solution. Their support should also be improved. We are facing difficulties getting support on time through email or phone."
Sophos UTM is ranked 1st in Unified Threat Management (UTM) with 110 reviews while Sophos XG is ranked 7th in Firewalls with 192 reviews. Sophos UTM is rated 8.4, while Sophos XG is rated 8.2. The top reviewer of Sophos UTM writes "It's a highly stable platform with very few hardware issues". On the other hand, the top reviewer of Sophos XG writes "Easy to use and deploy with an improved pricing structure in place". Sophos UTM is most compared with Netgate pfSense, OPNsense, Palo Alto Networks NG Firewalls, Cisco Secure Firewall and Untangle NG Firewall, whereas Sophos XG is most compared with Netgate pfSense, OPNsense, Sophos XGS, SonicWall TZ and Palo Alto Networks NG Firewalls. See our Sophos UTM vs. Sophos XG report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
The biggest difference between Sophos SG and Sophos XG is performance.
Now, there's even a newer Hardware Platform (same OS as Sophos XG, which is called SFOS) - the Sophos XGS which has different chipset architecture, to attend each security module, with its newest feature called XStream Technology.
Besides that, the GUI is very different. Nevertheless, it's worth trying the Sophos XG or XGS, since its GUI is getting overhauled for better performance and easier management, by each new release.
Sophos UTM is no longer being developed, according to our reseller. All the development effort is going into XG. So XG will be the only Sophos firewall going forward, UTM will eventually be end of life.
Hi,
The new appliances XGS have a dedicated streaming CPU (Xstream), in addition to the main CPU.
I have personally tested the differences between the XG and XGS similar appliances. The result is spectacular. 30% more perf minimum:
https://www.sophos.com/en-us/p...
The UTM-9 is soon end-life. Sophos security staff is now focused on SFOS 18, XG, XGS.
To respond to the question "the biggest difference", I think is the "Synchronized Security":
https://www.sophos.com/en-us/l...
The firewall is one of the full security solutions centralized in Sophos Central:
https://www.sophos.com/en-us/p...
At most of our customers, we implement a Sophos Endpoint locally on servers and workstations and firewall XGS. The synchronized security interact between firewall and endpoints. This can resolve the problem with the "lateral movement" of an infected computer. It can isolate a computer from the network when detected as infected:
https://news.sophos.com/en-us/...
It can be extended to secure cloud systems with Sophos ClouOptix:
https://www.sophos.com/en-us/p...
Tested with VM in AWS and Azure, work 5*!
Another big difference is the Webserver Application Firewall. All my customers with an internal webserver to be published in the net are protected with this "reverse proxy" (WAF). It really does the job of protecting IIS, Apache, etc. from externals attacks.
Another trick is the SSL VPN sites to sites. When a branch office is implemented with a front ISP router, sometimes the NAT traversal is not possible, for IPSEC VPN connections (UDP 500). With this SSL VPN, Simple NAT works and gives an SSL 128-bit AES encryption.
Finally, I have a lot of experience in implementing UTM and, now, XG(S). No way, the log is a big difference, easier to use as in Fortigates! It is similar to CheckPoint firewalls.
For my experience, no way: -> Sophos XG(S)
Here is an interesting link on differences between UTM and XG:
https://www.avanet.com/en/blog...
Regards,
A.Rastello
My understanding is that UTM is the software; SG is the hardware. You can buy Sophos UTM running on SG hardware and then later upgrade to the XG running on the same hardware.
I've been told by our Sophos reseller that Sophos are pushing the XG as next generation firewall, and developing it to at least as good as UTM. So XG will be the firewall of choice moving forward. UTM will not be developed further, according to him.
To my understanding, UTM and XG are from different legacy companies that
are now owned my Sophos. During my time researching anti-virus, UTM makes
more sense for our needs seeing as XG is primarily a firewall. From the
information I was able to find during the time of research, it seemed most
of the community felt XG had feature gaps from UTM.
UTM specifically SG series is a very mature and stable platform. It lacks some of the new features of XG; however has a very strong feature set. If you are looking for stability, ease of use and something well documented and understood than I suggest going this way. If however you are looking for a strong level of integration and have a greater than 3 year horizon then I suggest XG.
Wifi integration for example works better on the new platform.
There are several differences since there are 2 versions,
XG firewall has integrations with other products like intercept X and admin from Sophos central.
SG UTM has less integration since it's a separate product. It was formerly Astaro firewall, but the most advanced features have been only set to the XG.
There are appliance and software versions of both products. Depending on your need you might choose one or another. But basically, look at them as 2 different firewalls.