Compare Fortinet FortiGate vs. Sophos XG
Sponsored | ||
Quotes From Members
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
Pros | ||
"This solution has good security, and it's a good product. You can trust Cisco, and there's support as well, which is really good." "The greatest benefit for the organization is the confidence that we are secured." "Its ability to discover attacks is a valuable feature. All of the other features that have to do with security are good." "I haven't had any major problems so I haven't had to open a ticket with technical support." "The IPS (In-plane switching) is the most valuable feature." "I like the user interface because the navigation is very easy, straightforward on your left side pane you have all the sites that you need to browse. Unlike any other firewalls, it's pretty straightforward." "We have multiple secure internal networks linked with our plants. We are from a oil company, so we have multiple plant areas which need to have restricted network access. Therefore, we are using it for restricting access to the plant area." "The initial setup was completely straightforward." | "It's a firewall that secures our internal network. I have been using it since 2013, and I find that most of the features are advanced, and very user friendly." "The most valuable feature is the bundled subscription, which is IPS, TV and web filtering." "It is easy to use and performs very well." "We use a southern institution that's audited for IT security and the reporting that automatically comes off the unit makes it much easier to meet compliance standards and makes it easier as far as the amount of time that has to be spent to compile that information. If you get your reporting set up correctly when you initially set it up, you just select the one you want and hit print. The auditing trail on it is the best feature." "We can use our devices to check all of the perimeters. It secures email websites." "I really like the captive portal feature for our guest network. It has nice VLAN features in terms of separating our network. The anti-virus is also good." "The ability to set up remote systems is the most valuable feature." "Customers want to load balance more than eight lines or six internet lines. FortiGate is the only solution that can accomplish this." | "We have found that the simplicity of the XG 210 is its most valuable feature." "Sophos XG has cybersecurity. It integrates with the antivirus software." "It gives me a very good, stable connection in all tunnels." "The SL VPNs are the most valuable feature. I have a lot of systems out of the head office that need to connect to the local networks, and they all connect wirelessly via the Sophos VPN client." "What I like about his program, is that it is easy to use and easy to manage." "The filtering is very easy to do. You can segment and create profiles for usage very easily." "The solution seems pretty stable. We've had no issues so far." "I like the fact that it can self remove malware and do updates on the cloud via Sophos Central." |
Cons | ||
"The phishing emails could be improved." "There may have been one or two incidences of malicious threats." "Some of the features, like the stability, need to be improved." "In the past though, colleagues have had issues during the upgrade process. The failover didn't work and production was down." "At times the product is sluggish and slow" "If I need to download AnyConnect in a rush, it will prompt me for my Cisco login account. Nobody wants to download a client to a firewall that they don't own." "Most of the time, when I try to run Java, it is not compatible with ASA's current operating systems." "We have to rely on Cisco ASDM to access the firewall interface. This needs improvement. Because we have a web-based interface, and it is a lot more user-friendly." | "The web-cache feature which was previously on the FortiGate device, but was deleted with the recent upgrade should be returned. It was a very valuable feature for us." "I think they need to improve more in order to be a competitor with the leaders of the field." "There could be more integration between the logging and analytical platforms to make it more seamless and integrated." "They should make the rule sets more understandable for the end user. When you're trying to explain to somebody how a computer network is secured, sometimes it's difficult for an end user or customer to understand. If there was a way to make the terminology more accessible to the end user, the set up could be easier. They should translate the technical jargon to an easily relatable and understandable conversation for the end user, the customer, that would be brilliant. Particularly in an environment where the IT structure is audited regularly, there's always pressure from the auditor to up the standards and up the security and you get your USCERT's that come out and there's a warning about this and the customer will want to lock out so much and when you apply it they run into issue where they can't search the internet or print to their remote office. Of course they can't print to your remote office, they just locked it up. They should make the language more understandable for the customer. If there's a product out there that made the jargon understandable to John Q. Public, I would buy that." "They need to improve their technical support." "Some of the filtering is not robust, you can escape it with a VPN. Some of the users bypass some of the filters. It catches some but it also misses some, that area could be improved. It's functioning reasonably but there's room for improvement in that area." "They should improve the interface to make it more user-friendly." "The monitor and the visibility, in this proxy, is very weak." | "When I call, I have to wait at least one to two hours to reach them." "The only issue that Sophos XG now needs to improve is the product's reporting capability." "I would like to have remote access to clients using a static IP for a certain period of time." "The initial set up process can be a little tricky, especially when you are registering with Sophos using your registration number. Setup is not necessarily complex, but it's not trouble-free. You do have connectivity issues at the initial setup with registering the device on the Sophos platform to access the advanced features. It doesn't always go through the first time around. That may be an issue with the quality of our automation. I'm not sure exactly what it is." "The program is rather expensive." "The UTM itself needs improvement. When you're navigating it seems like it takes forever to load anything. The hardware is okay. It's just the software that could be more responsive." "It's easy to use, but it's hard to configure exact settings. They need to make it easier to access advanced features." "On reports, they sometimes give a summary, but it lists different users as unknown. There are times that I really want to know which user or which IP is causing a problem." |
Pricing and Cost Advice | ||
"Pricing is high, but it is essentially a corporate decision." "Licensing is expensive compared to other solutions." "The cost is a big factor for us. This is why we are using it only in our restricted area. They are very much higher than their competitors in the market." "We paid about $7,000 for the Cisco firewall, plus another small Cisco router and the lead switch. It was under the combined license. It's a final agreement." "Watch out for hidden licensing and incredibly high annual maintenance costs." "I bought a license for three years and it was really affordable." "With AnyConnect, it depends on your license. It depends on the number of concurrent users you want to connect." "This solution might be expensive, but it is economical in the long run." | "It is cost-effective, and provides a good value for your money. The pricing, and license renewal, is very reasonable for us." "They need to be competitive with other solutions." "It is a good product from a price perspective versus functionality." "Price-wise, it's at a good price point for our market." "The initial setup is super straight forward and as far as the licensing goes for the small product that we have, the pricing was pretty competitive. It wasn't as simple and as cheap as a SonicWall but for the service we would get it was a good price." "Compared to Palo Alto, which we have used in the past, pricing and licensing are okay." "Our licensing costs are on a yearly basis." "Fortinet is reasonable in pricing and licensing. Overall, FortiGate is affordable. The licensing fee can be a little high, depending on the budget for your project." | "For licensing the XG 210, we paid approximately $3000 for three years. There are no additional fees on top of this." "It's a suitable price and license." "We are paying about $1,500 yearly for the Enterprise Plus. As far as I know, there aren't costs above this standard fee." "The Sophos pricing, in general, is better than SonicWall, Fortinet, WatchGuard, or anybody else." "We paid for our licensing for three years, upfront, and there are no costs in addition to the standard fees." "The price is cheaper than that of some competing vendors." "The pricing is flexible. Sophos looks at a country's economy and offers flexible pricing. This is how they have managed to penetrate the market." "It's approximately $6,000 for each device." |
 Use our free recommendation engine to learn which Firewalls solutions are best for your needs. 455,301 professionals have used our research since 2012. | ||||
Answers from the Community | ||||
See all 13 answers » | ||||
Questions from the Community | ||||
Top Answer: Cisco FW for peace of mind Top Answer: They provide DDoS protection and multi-factor authentication. That is a good option as it enables work-from-home… more » Top Answer: In terms of costs, other solutions are more expensive than Cisco. Palo Alto is more expensive than Cisco. | Top Answer: From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know… more » Top Answer: In my opinion and as a result of years of experience:
- Both are great firewalls with excellent performance and a… more » Top Answer: The difference is the poor performance that Fortigate has when it has all its services in use. Compare which customers… more » | Top Answer: The simplicity of the setup is the most valuable feature. Top Answer: The BGP engine is very limited. Top Answer: If you pay for the premium support, you'll get better support from Sophos. I would rate Sophos XG an eight out of ten… more » | ||
Popular Comparisons | ||||
 Compared 15% of the time. Compared 7% of the time.  Compared 5% of the time.  Compared 5% of the time.  Compared 3% of the time. | Compared 9% of the time.  Compared 9% of the time. Compared 7% of the time. Compared 6% of the time. Compared 5% of the time. | Compared 13% of the time. Compared 10% of the time.  Compared 7% of the time. Compared 6% of the time.  Compared 4% of the time. | ||
Also Known As | ||||
| Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAv | FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate | |||
Learn | ||||
| Cisco | Fortinet | Sophos | ||
Overview  | ||||
Cisco ASA firewalls deliver enterprise-class firewall functionality with highly scalable and flexible VPN capabilities to meet diverse needs, from small/branch offices to high performance data centers and service providers. Available in a wide range of models, Cisco ASA can be deployed as a physical or virtual appliance. Flexible VPN capabilities include support for remote access, site-to-site, and clientless VPN. Also, select appliances support clustering for increased performance, VPN load balancing to optimize available resources, advanced high availability configurations, and more. Cisco ASAv is the virtualized version of the Cisco ASA firewall. Widely deployed in leading private and public clouds, Cisco ASAv is ideal for remote worker and multi-tenant environments. The solution scales up/down to meet performance requirements and high availability provides resilience. Also, Cisco ASAv can deliver micro-segmentation to protect east-west network traffic. Cisco firewalls provide consistent security policies, enforcement, and protection across all your environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables greater simplicity, visibility, and efficiency. Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud. | The FortiGate family of NG firewalls provides proven protection with unmatched performance across the network, from internal segments, to data centers, to cloud environments. FortiGates are available in a large range of sizes and form factors and are key components of the Fortinet Security Fabric, which enables immediate, intelligent defense against known and new threats throughout the entire network. | Sophos XG Firewall is next gen firewall that is optimized for today’s business, delivering all the protection and insights you need in a single, powerful appliance that’s easy to manage. | ||
Offer | ||||
Learn more about Cisco ASA Firewall | Learn more about Fortinet FortiGate | Learn more about Sophos XG | ||
Sample Customers | ||||
| There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow. | Pittsburgh Steelers, LUSH Cosmetics, NASDAQ, Verizon, Arizona State University, Levi Strauss & Co. Whitepaper and case studies here | Information Not Available | ||
Top Industries | ||||
Financial Services Firm17% Comms Service Provider14% Manufacturing Company10% Computer Software Company7% Comms Service Provider34% Computer Software Company22% Media Company5% Government5% | Comms Service Provider14% Financial Services Firm8% Computer Software Company8% Energy/Utilities Company7% Comms Service Provider34% Computer Software Company22% Media Company5% Government5% | Financial Services Firm15% Healthcare Company15% Manufacturing Company12% Comms Service Provider9% Comms Service Provider39% Computer Software Company20% Media Company5% Government4% | ||
Company Size | ||||
Small Business36% Midsize Enterprise25% Large Enterprise39% Small Business28% Midsize Enterprise21% Large Enterprise51% | Small Business47% Midsize Enterprise24% Large Enterprise29% Small Business43% Midsize Enterprise22% Large Enterprise36% | Small Business62% Midsize Enterprise27% Large Enterprise11% Small Business50% Midsize Enterprise27% Large Enterprise23% | ||
Find out what your peers are saying about Fortinet FortiGate vs. Sophos XG and other solutions. Updated: January 2021.
455,301 professionals have used our research since 2012.
Fortinet FortiGate is ranked 1st in Firewalls with 107 reviews while Sophos XG is ranked 7th in Firewalls with 44 reviews. Fortinet FortiGate is rated 8.4, while Sophos XG is rated 7.8. The top reviewer of Fortinet FortiGate writes "Stable, easy to set up, and offers good ROI". On the other hand, the top reviewer of Sophos XG writes "Offers a high level of visibility of what's happening on your network or on your client machines". Fortinet FortiGate is most compared with Meraki MX, pfSense, Sophos UTM, Cisco Firepower NGFW Firewall and Palo Alto Networks WildFire, whereas Sophos XG is most compared with pfSense, Sophos UTM, WatchGuard Firebox, Palo Alto Networks NG Firewalls and OPNsense. See our Fortinet FortiGate vs. Sophos XG report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know the firewalls change every 5 to 7 years as stated but you really do need to upgrade any firewall due to hardware at least every 5 years. You haven't specified your environment so it's not easy to scale which firewall will be best.
Here are my reasons for choosing FortiGate:
1. Sophos firewall has limited capability when it comes to security. FortiGate has much more security and web filtering options to really bring control to a granular level.
2. FortiGate is easier to manage and in my experience much more stable and reliable.
3. Sophos is trying to go to cloud the same as Cisco Meraki does but with a lot of bugs and issues on their cloud platform. We have endless issues at one of our clients regarding this.
4. FortiGate has limited reporting but you can keep 7 days worth of reporting for free on FortiCloud.
Again most of the comments are for smaller networks. You will have to scope each individual company or site to make a decision. Sophos is a small to medium company for me (we would rather use Cisco than Sophos). FortiGate is for large to enterprise size companies who need more granular security and IPSec tunnels. We manage over 40 clients on one FortiGate for internet breakout and have had no issues what so ever. We would not be able to do it with a Sophos device.
And on the point of WiFi access points, it doesn't matter what firewall you use, FortiGate will only manage Fortinet and Sophos will only manage Sophos (Via Web portal or on device)
On SD-WAN I would really prefer FortiGate's as well. Tried and tested and breaks with Sophos.
My current UTM is FortiGate 1200D and I have finished a POC for Sophos XG450 trying to deduct the cost of the license renewal of the UTM
There is big difference between FortiGate and Sophos. There are some features of FortiGate that Sophos doesn’t provide, and the visibility of network, internet lines, and devices is very poor with Sophos but it’s excellent with FortiGate. Also, the "Traffic Shaping" for bandwidth doesn’t work correctly at all with Sophos but works perfectly with FortiGate.
I strongly don't recommend at all to replace FortiGate with Sophos. Maybe Sophos would be good for a kind of customers who hasn't used UTM appliance before.
I do not know more about Sophos but I would like to highlight some FortiGate features:
- Number of IP-sec and SSL VPN user clients. (Minimum 100 with lowest Model FG30E)
- Fortisandbox and Forticloud Free with some good features for managing firewalls from FortiCloud.
- FortiTocken (Dual Authentication) - Two Token Free with every FortiGate device.
- FortiAP (Guest Network without Any L2 and L3 Switch over Wi-Fi and you can also manage FortiAP using FortiCloud too.)
- Secure SD-wan, not only useful for multiple WAN but also useful for MPLS and VPN connectivity fail-over between multiple locations.
- More application list and inbuilt SLA for SD-Wan.
- Web-filter is common in All UTM but google domain-specific feature in FortiGate is awesome.
- Internet-Service-Database list is also very helpful and an advanced feature.
- The Fortiswitch controller is also a good feature.
For comparison purpose i.e. Sophos XG 310 & Fortinet FortiGate FG-200E, to my understanding, Fortinet appliance has an upper hand if you are looking for IPSec or VPN Tunnelling and FortiGate has the capability for High Availability configuration options i.e. Active/Active, Active/Passive and clustering.
Also Note Sophos XG 310 has a higher firewall throughput as 28Gbps. Fortinet FG 200E has multi Ethernet fixed port, but only 2 WAN interface while Sophos XG 310 can add up to 8 WAN ports.
I have extensively used Sophos (previously Cyberoam) and FortiGate also. The biggest differences are as below:
1. For FortiGate, it is required to use a Fortinet wifi access point only.
2. In case of expiry of the license in FortiGate, the entire service goes kaput except basic firewall services. The other UTM only updates and support ceases to work.
3. Every 5 - 7 years FortiGate changes its model and the old device becomes trash.
4. Any changes in the policies will need to wait for total version changes and you need to wait till then
Because of the above reasons, presently we are trying our hands with WiJungle UTM. However, the bottleneck is Fortinet WiFi access points which are denied to work in tandem with any UTM other than FortiGate.
We have around 700 Fortinet WiFi access points and it is ridiculous that going away from FortiGate costs a fortune.
In one sentence, the biggest difference between Sophos and FortiGate is the “RED” option in Sophos XG.
The main points between both are Sophos hardware in all of its models except the smallest one, XG 86, have SSD hard desk. It has a total security solution especially when you get the benefits of synchronized security with its Endpoint interceptX as it is amazing when it works with the XG firewall. You can also have benefits if you got the encryption solution and the Wireless.
The reporting on the XG firewall is an amazing feature that does not exist on one box with Fortinet.
The DLP solution on the XG firewall is impressive.
Fortinet in performance is better than Sophos.
For the small and medium businesses, I recommend XG firewall but for large data centers, I recommend Fortinet.
I hope it is informative, please feel free to contact me with any further queries.
I evaluated both and in the end, I decided to go with Sophos. It has a good application filter & Web filter, WAF is included, report integrated, has a VPN of any kind, and synchronized security with the endpoint.