We performed a comparison between Palo Alto Networks and Sophos XG based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Palo Alto Networks comes out on top in this comparison. It is robust, performs well, and has good support. Sophos XG does, however, do better in the Pricing and Ease of Deployment categories.
"One of the nice things about FortiGate is that it can be deployed on the cloud or on-premises. You can actually do both. That's the biggest reason why I stick with this solution as opposed to something like Cisco Meraki. Another nice thing is that I can log directly into a FortiGate or get to it through their FortiCloud access products. They're pretty reliable and consistent. One of the reasons why I started using the product was their single pane of management. I can deploy their line of firewalls in conjunction with their switching and access points, and I can manage the entire network from one interface. I don't have to log into one interface for the firewall, another one for the access points, and another one for the switches. These firewalls have access point controller functionality built right into the system, so I don't even have to purchase additional devices to manage them."
"Reliability is the best feature. We faced some issues when we were setting it up, but the service, portal, and administration are good."
"It's a firewall that secures our internal network. I have been using it since 2013, and I find that most of the features are advanced, and very user friendly."
"I am "headache free" that I don't have to categorize all the websites and that security has been pre categorized by the people, and that the services are getting updated. At least one part of my problem is over."
"The usage in general is pretty good."
"This product is definitely scalable."
"It is user friendly, and has all the features you need."
"It enables our organization to become more productive. Also, it protects our NEtWare from viruses and malware."
"Identifying applications is very easy with this solution."
"Its flexibility is the most valuable."
"In my opinion, Palo Alto has consistently been one of the best firewalls for enterprise security."
"The stability of the product has been good over the years."
"The most valuable feature is advanced URL filtering. Its prevention capabilities and DNS security are also valuable. It pinpoints any suspicious activities and also prevents the users from doing certain things."
"Flexible and integrates well with apps and other security tools."
"All the features are valuable, but my main one is the straightforward and well-designed GUI. I'm over 50 and have been in this business since the internet started. I'm not a GUI guy; I prefer using the command line. The product's GUI is excellent, and so is the threat intelligence. It's also straightforward to configure and flexible. The solution even has good networking, such as VLAN and subinterfaces, which is great because, in my experience, if the firewall is good, then the router usually isn't and vice-versa, but Palo Alto has both."
"The packet level inspection is the most valuable feature. The traffic restriction features allow us to restrict the sub-features of any platform."
"The valuable features of this solution are the VPN, load balancer, and the QoS for splitting the ISP band."
"Easy to deploy and user friendly."
"I like their firewall and the intrusion detection feature"
"It is a very stable solution."
"The initial setup is pretty simple."
"I have found the feature allowing you to manage everything from a centralized location beneficial."
"Most of the features Sophos XG has are valuable. However, if I have two different ISP, I'm able to create an automatic switch between the two ISPs. I can do the same thing for the cloud as well. If I have two subnets coming from the cloud, I'm able to create a type of switch between both of them where if there is traffic on one and has the traffic drop, I'm able to switch to the other ISP without any problems. It's a normal feature and I get to enjoy the ability to switch between services with no issues."
"Definitely, its usability is very good, and it's a very robust firewall."
"We were not able to build a full-mesh VPN; however, I am not sure if this was the fault of Fortinet FortiGate."
"Compared to some other products, the DLP is not at par for the moment."
"To some degree, it's almost a question as to why some of this stuff isn't simpler. For example, for an AP deployment, while it's integrated, the number of steps that you have to go through in order to get the AP up, seems like a lot."
"If I had any criticism that I would give FortiGate, it would be that they need to stop changing their logging format. Every time we do a firmware upgrade, it is a massive issue on the SIM. Parsers have to be rebuilt. Even the FortiGate guys came in and said that they don't play well in the sandbox."
"Technical support could be better. You don't always get the level of help you need right away."
"The captive portal could be improved."
"I would like to see improvements made to the dashboard and UI, as well as to the reporting."
"Fortinet FortiGate can improve the integration with Active Directory. Additionally, I would like to have a Cloud Controller, such as they do in the Cisco Meraki solution."
"I would like integration with Evident.io and RedLock."
"They can improve the handling and management of User-ID. They should also improve its price. Their technical support can also be improved."
"There is a bit of limitation with its next-generation capabilities. They could be better. In terms of logs, I feel like I am a bit limited as an administrator. While I see a lot of logs, and that is good, it could be better."
"Palo Alto Networks NG Firewalls do not provide a unified platform that natively integrates all security capabilities."
"I would like to see more in terms of reporting tools and the threat analysis capabilities."
"Maybe they could add some tools and more competing services, like servers, but that would increase the cost of the solution."
"The VPN has room for improvement."
"Over the past one or two years, Palo Alto Networks has added a lot of features into the NG Firewall products. I think this is becoming more complicated for our customers. Therefore, we could use some best practices, best practice tools, and implementation guides for some of the complicated features."
"It's easy to use, but it's hard to configure exact settings. They need to make it easier to access advanced features."
"I wish to see an antivirus feature added to the solution."
"Data traffic analysis could be better. I think Fortinet products like FortiAnalyzer are very effective in analyzing data traffic. I think it's better than Sophos. It could also be more stable."
"When you are using it as a controller for the wireless access points, it doesn't perform well. It is not suitable for the public cloud. It is more suitable for enterprise data. It is not really the equipment for cloud data centers. I am looking for a data center firewall."
"The user interface could be better."
"The logging side of it could definitely be better. Some of the logging lacks, and the information that they provide you, especially in the spam filtering section, could be better."
"Since Sophos took over Cyberoam, the online technical library and support library have become super messy. To get a piece of information is becoming a nightmare. They need to reorganize the online technical support and technical library."
"Having a web portal where you could make requests for the categorization of non-categorized items, would be beneficial."
More Palo Alto Networks NG Firewalls Pricing and Cost Advice →
Palo Alto Networks NG Firewalls is ranked 6th in Firewalls with 161 reviews while Sophos XG is ranked 7th in Firewalls with 192 reviews. Palo Alto Networks NG Firewalls is rated 8.6, while Sophos XG is rated 8.2. The top reviewer of Palo Alto Networks NG Firewalls writes "We get reports back from WildFire on a minute-by-minute basis". On the other hand, the top reviewer of Sophos XG writes "Easy to use and deploy with an improved pricing structure in place". Palo Alto Networks NG Firewalls is most compared with Check Point NGFW, Azure Firewall, Meraki MX, Netgate pfSense and Cisco Secure Firewall, whereas Sophos XG is most compared with Netgate pfSense, OPNsense, Sophos XGS, SonicWall TZ and Meraki MX. See our Palo Alto Networks NG Firewalls vs. Sophos XG report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat signatures and updates. I also appreciate that I can just import addresses and URL objects from the external server. Palo Alto has a dedicated management interface, which makes it easy to manage the device and handle the initial configuration. It has fantastic throughput and its connection speed is pretty fair, even when dealing with a high traffic load. With Palo Alto I can configure and manage with REST API integration. And Palo Alto provides deep visibility into your network activity via Application and Command Control.
Although Palo Alto has great things going for it, there are a few things I dislike about it. For example, when the CPU is 100%, the GUI can take a very long time to respond. Booting time is also time-consuming, and committing the configuration takes more time than I would like it to.
Like Palo Alto, Sophos XG is quick and easy to configure. It is compact in size, and therefore does not weigh a lot either. Similar to Palo Alto as well, it can handle heavy traffic and has a solid performance. A good thing about Sophos XG is that it supports IPsec connection with multiple vendor firewalls. However, I am not impressed with the CLI which is not so useful, and I don’t like that there is no option to import bulk address objects.
Conclusion:
Palo Alto Networks NG Firewalls and Sophos XG are both good products. However, Palo Alto has certain features I really like and that’s why I chose it. For me, Palo Alto’s dynamic address group option is a big advantage because it is a huge time saver instead of having to create address groups manually. Another biggie for me was its DNS Sinkhole feature because it is something I rely on a lot and it is very effective in blocking C2 command control traffic.