Sophos XG Review

An easy to manage solution that streamlines processes and management

What is our primary use case?

We use the solution as an internet firewall, and a VPN concentrator.

How has it helped my organization?

It streamlines the process of creating VPN access for users. Because of the AD integration, it makes it very easy to manage these users from different locations from a central source. It also helps us to get a good idea of what our risks are, or if there's any risky activity going on with the users. 

What is most valuable?

The SSL VPNs are the most valuable feature for me. I have a lot of systems out of the head office that need to connect to the local networks, and they all connect via the Sophos VPN client.

What needs improvement?

The initial set up process can be a little tricky, especially when you are registering with Sophos and you have a poor internet connection. Setup is not necessarily complex, but it's not trouble-free. You do have connectivity issues at the initial setup with registering the device on the Sophos platform to access the advanced features. It doesn't always go through the first time around. That may be an issue with the quality of our connection. I'm not sure exactly what it is. 

The single sign-on client I get maybe a 60% success rate on. There are times when it will use single sign-on for verification of users to access Internet resources. It still doesn't always catch the user. The user gets sent to the web login. Even though the single sign-on is helping, it doesn't always work. 

I would like to see a better single sign-on performance. I'd like to see a more streamlined way of managing your licensing as well.

For how long have I used the solution?

I've been using the solution for eight months.

What do I think about the stability of the solution?

There are no issues with stability. It's a very stable system and you almost never have serious problems for any reason. It's only when you do an upgrade that you have to restart. Stability-wise, for the on-premise solution, I'd give it 4 stars.

What do I think about the scalability of the solution?

Once you've bought the specific version, you are locked into the limitations of that plan. You can't exceed the number of VPNs, connections, etc. There's no way to increase that capacity, per se. You do have options where you can increase the port count and so on. However, in terms of scalability, you have to buy the capacity you require.

On the system I have now, it's not fully populated, but we have about 100 users. The plan is to eventually support about 1,400 users.

How are customer service and technical support?

I don't use the solution's technical support. I typically just use the documentation. There are lots of guides and videos available. In most cases, I search the guide. There's a step-by-step guide to deploy so I don't have to contact technical support.

How was the initial setup?

The initial setup isn't hard, but it can be tricky. Since I've been using several Sophos devices, I now find it's fairly simple. I get the deployment done in two hours, including integration. For others, it may take about a day to get everything done. 

There's almost no maintenance. There's really only the requirements of adding users and populating VPN connections. One person does that on a part-time basis.

What about the implementation team?

I handled the implementation myself.

What was our ROI?

We do see an ROI. It would be the cost of the support. If I had to hire a CCNP in Nigeria, I would be paying about $10,000 per annum for a CCNP minimum. For a less experienced person, I can get for about $6,000. I am probably saving about $4,000 a year in personnel costs from going with the XG rather than the ASA.

What's my experience with pricing, setup cost, and licensing?

We are paying about $1,500 yearly for the Enterprise Plus. As far as I know, there aren't costs above this standard fee.

Which other solutions did I evaluate?

We evaluated Cisco ASA as well as the FortiGate before ultimately choosing Sophos.

I chose Sophos over FortiGate because I'd already had experience with Cyberoam and it was a fairly similar migration in terms of configuration from the UTM over. But in terms of features and capabilities, I think FortiGate is pretty similar to the Sophos. Cisco ASA I choose not to go with because it's much harder to configure. I also needed to be able to have someone other than myself manage it and not need to have someone with CCNP sitting down just to add VPN users etc. I felt that the Sophos solution was a better option because it gave me all the functionality of the ASA, but it's much easier to manage.

What other advice do I have?

We use the on-premises deployment model.

We definitely plan to increase the usage and also add high variability too. Right now, it is the main internet gateway and firewall for my network.

We're using both Sophos XG and Sophos UTM.

I would warn those considering implementation that, once you've got it, you're stuck with it. You can't really increase the capacity very much beyond what you have. It's always good to have the expertise available to take care of the box because even though it's a lot easier than the Cisco ASA, you still need someone that has a little expertise in managing it.

You can get very good performance without spending all of your money and without having to send a lot of high-end techs in-house to monitor processes.

I would rate the solution nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.

Add a Comment