Sophos XG Review

Email security features are good, but the technical support needs improvement

What is our primary use case?

Our primary use case for this solution is to act as the main broadband device in our data center. The XG 210 model is being used for a hospitality solution.

How has it helped my organization?

The main improvement for us is with our email. The email options and email security features are good. 

What is most valuable?

We have found that the simplicity of the XG 210 is its most valuable feature. There are a lot of options available for the default firewall rules, such as email and web, that are used to secure the network.

I like all of the options, but the most important thing is that it is easy to understand how to configure everything, compared to other firewalls.

What needs improvement?

We are having a lot of issues with conflicts and user sessions, and Sophos has suggested that we change the device to the XG 400.

Aside from these issues with scalability, the email security features are good, but there are not many options. We would like to know why an email is being blocked, and how we can allow delivery. It does not keep emails in the queue for delivery. It can only log whether it is delivered or not delivered. If I need more details then I have to log in using SSH to get that information.

When an email comes in from the outside it is detected. When we check the log it only tells us that it is not delivered. We would like to create an exception, but there are not many options available for this. For example, a domain space is not allowed. Only the user name can be used to do that. We need a domain-based exception for email.

Next, the XG 210 is easy to configure, but when we are looking for more details then we can only get this information through SSH. It is quite difficult. If we can get all of those details then it would help us to understand, so this needs to be improved.

There are a lot of options and it gets confusing sometimes. If they can give limited options, with more information, then it would be good for the large sites.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

The product is stable, but by stable, I mean that we still have issues. The issues are more technical, which is why they suggest that we change the device to fix the problems.

What do I think about the scalability of the solution?

Our main data center has more than seventy servers that host a web server and internal applications. This is where we use the XG 400.

We have installed the XG 210 model at a smaller data center. We have between three and four hundred users at the most. However, because we have more than three hundred sessions, the vendor has suggested that we change to the XG 400. We do not yet know if this will fix our problem.

At our remote sites, we use the XG 135 model, and we do not have many issues.

How are customer service and technical support?

I am not sure why Sophos suggested using the XG 210 model after doing a site check, but we are facing issues and they suggested that we replace the model.

When I call, I have to wait for at least one to two hours to reach them. Sometimes they will pick up the call immediately, but most of the time they will not. I usually have to wait one hour before they pick up the phone.

When a ticket is created we have to wait three days before getting a reply from them. When they create a ticket for a critical issue, the response is delayed. This is a new device, and we expect support from Sophos. At least the partner should support the product, but the partners are always looking for money. Even if they deploy the device, for example, the XG 450, then they only offer support for one day. After that, there is no support.

Which solution did I use previously and why did I switch?

We have been using the Sophos XG 135 model at our remote sites and it works.

This year we deployed the XG 210 model at our data center, but prior to this we used Barracuda. We switched because Barracuda is too expensive. The options are very limited because you have to pay for each additional option. Each one represents a different service, like ADP (Active DDoS Prevention) or firewall. In contrast, Sophos is only a single payment, so we switched even though we lost some options that we liked.

How was the initial setup?

The initial setup is very easy.

Our deployment took only two to three days. The problem is that we had a lot of issues, especially with the email. The SMTP did not work, so I could not continue with the deployment. It took between fifteen and twenty days to resolve this. I do not know what they did to fix it, but we were delayed between twenty-five days and a month.

We had contacted the Sophos partner for help, but they were not able to fix our issue. After the problem was resolved I re-initiated the deployment. Only one staff member is required to maintain the solution.

What's my experience with pricing, setup cost, and licensing?

Even when you purchase the product from Sophos, they ask for a separate contract for support which is on an hourly basis.

For licensing the XG 210, we paid approximately $3000 for three years. There are no additional fees on top of this.

Which other solutions did I evaluate?

Other than the Barracuda and the Sophos models, I did not evaluate other solutions.

What other advice do I have?

Because of the problems that we are having, I cannot recommend this solution to anyone at this time.

I would rate this solution five out of ten.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Sophos XG reviews from users
...who work at a Financial Services Firm
...who compared it with Fortinet FortiGate
Learn what your peers think about Sophos XG. Get advice and tips from experienced pros sharing their opinions. Updated: May 2021.
511,773 professionals have used our research since 2012.
Add a Comment
ITCS user