We performed a comparison between Cisco Secure Firewall and Sophos XG based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The two solutions are very comparable. The only major difference between the two is that some users of Cisco Secure Firewall consider the deployment to be somewhat complex.
"Web filtering and two-factor authentication are great features."
"The integration with Active Directory is one of the good features. Most of the customers are now looking for the Single Sign-on feature. So, being able to integrate Active Directory with the firewall is useful. It is also easy."
"The inspection and web security features are most valuable."
"Anti-Spam web content filterinG."
"The solution is scalable."
"The most valuable feature is the VDOM, which allows the customer to have multiple firewalls in a single campus."
"Whenever I need something, Fortinet improves and updates the software for me."
"Good load balancing feature."
"Its security and filtering are most valuable. Every layer of data that comes into the organization goes through it. After setting up the criteria, it automatically filters the traffic. We don't have to check it often."
"It is a very user-friendly product."
"The feature my customers find the most valuable is the exportability."
"The most important point is the detection engine which is now part of the next-generation firewalls and which is supported by Cisco Talos."
"The most valuable feature is that it has the ability to divide the network into three parts; internal, external, and DMZ."
"It's pretty reliable and allows for isolation capabilities within the network."
"We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government."
"URL filtering is valuable."
"The antivirus features are valuable."
"The most valuable feature of this solution is the flexibility of it, it's pretty versatile."
"What I like about his program, is that it is easy to use and easy to manage."
"The cloud-based interface makes it easy to manage."
"The solution seems pretty stable. We've had no issues so far."
"The solution comes with a common bundle which comprises all the feature."
"Great interface and in-built help is very intuitive."
"The product has a console that is based in the cloud for all their products. In this console, they have email security, firewall security, endpoint security, et cetera. All of the products on offer in the console are very useful for us."
"The price of FortiGate should be reduced because there are some other leading products that are cheaper."
"It would be ideal if they had some sort of GUI interface for troubleshooting and diagnostics."
"We'd like more management across other integrations."
"One issue that I have had is that sometimes I need to monitor the traffic, so I need to filter it according to the user and which user is using it the most. I experience a bottleneck most of the time, particularly at the peak time when the number of contracts and users are at maximum."
"Fortinet FortiGate could improve by adding enhancements to FortiMail, FortiSOAR, and FortiDeceptor."
"They can do more tests before they release new versions because I would like to be more assured. We had some experiences where they release something new and great, but some of the old features are disabled or they don't work well, which impacts the product satisfaction. The manufacturer should be able to prove that everything works or not only that it might work. This is applicable to most of the other services, software, and hardware companies. They all should work on this. We cannot trust every new release, such as a beta release, on the first day. We wait for some comments on the forums and from other companies that we know. We always wait a few weeks before we use the updated version. They should also extend the VPN client application, especially for Linux versions. Currently, it has an application for Linux devices, but it doesn't work the way we want to connect to the VPN. They use only the old connection, not the new one. They have VPN client applications for Windows and Mac, but they can add more useful features to better manage the devices and monitor the current health of each device. Such features would be helpful for our company."
"The visibility of the network can be better. The GUI can be improved for better visibility of the network flow. Other solutions have better GUI in terms of network visibility."
"As far as wanting more scalability or things in the network diagram, it's going to cost you."
"It is slowly not supported and other vendors are a few years ahead of Cisco in development."
"If you need to reschedule a call with the support team when you face a new issue with the product, then it may get a bit of a problem to get a hold of someone from the support team of Cisco."
"VPNs are weak as this product still does not support route-based VPNs."
"I don't have to see all the object groups that have been created on that firewall. That's just something that I would really appreciate on the CLA, even though it already exists on the GUI."
"The user interface isn't as good as it could be. They should work to improve it. It would make it easier for customer management if it was easier to use."
"The product would be improved if the GUI could be brought into the 21st Century."
"Its configuration through GUI as well as CLI can be improved and made easier."
"It could use a web-based portal for VPN. Earlier they had it in the ASA model, but currently they don't have it."
"It is performing well. However, the only challenges that we are facing are the effectiveness with blocking the proxy and tuneling applications, aside from proxy and similar applications. So the application filter on the product is not really performing 100%. Every now and then there are some updates that are happening on such applications, and it takes time until it gets the appropriate updates and becomes capable of capturing such applications and blocking them. A new feature I would really like to see would be some sort of an enhanced application filter with greater efficiency when it comes to the applications that can bypass firewall policies. These applications are really a nightmare. Once they are on the network and not detected, or the appliance is not really successful in capturing them and unblocking them, the bandwidth gets wasted all the time."
"Sophos needs improvements made to the console, such as host entry or defining rules directly from it."
"The solution is tied to the US dollar. You need to pay whatever the equivalent is in your own currency, and, if the exchange is bad, it can really add to the cost."
"There needs to be a way that we can distinguish between educational institutions on Youtube and other Youtube videos. You can do this on Fortinet. Basically, they can block all other Youtube videos besides those that are from educational institutions. With Sophos, you either allow for all Youtube videos or none at all. They need to allow for more specification on different websites."
"This solution could be improved with more effective bandwidth. I found that when I enable DDoS detection for our clients, bandwidth is reduced. If DDoS detection is disabled, the bandwidth will be high, but it isn't secure. We recommend that customers enable DDoS detection, but if they need high bandwidth, we recommend Palo Alto and FortiGate instead of Sophos."
"We are not very happy with the customer support they provide — it's quite slow."
"When you are using it as a controller for the wireless access points, it doesn't perform well. It is not suitable for the public cloud. It is more suitable for enterprise data. It is not really the equipment for cloud data centers. I am looking for a data center firewall."
"The main problem with Sophos XG today is that it doesn't have a feature where you actually know the quality of an international link, which would allow us to we know if the link is operational or not. We need more information. It's losing packets on the network. It's high latency. So, we need more information to know if the link is really bad or really good, and today, we will only know if it's working and this just isn't enough."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Sophos XG is ranked 7th in Firewalls with 192 reviews. Cisco Secure Firewall is rated 8.2, while Sophos XG is rated 8.2. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Sophos XG writes "Easy to use and deploy with an improved pricing structure in place". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Meraki MX, Palo Alto Networks NG Firewalls and Juniper SRX Series Firewall, whereas Sophos XG is most compared with Netgate pfSense, OPNsense, Sophos XGS, Palo Alto Networks NG Firewalls and SonicWall NSa. See our Cisco Secure Firewall vs. Sophos XG report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
My preference is the Sophos XGS, particularly when you team it up with the Sophos Endpoint Protection client and configure it for synchronized security.
Both can be managed through Sophos Central and are available at a decent price for the power they offer the SMB.
I recommend Sophos XGS firewall. It will offer the best solution for malware protection.
Also, I recomend Sophos CIXA with XDR (Sophos Endpoint), so you can use Syncronized Security.