We performed a comparison between Palo Alto Networks and Sophos XG based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Palo Alto Networks comes out on top in this comparison. It is robust, performs well, and has good support. Sophos XG does, however, do better in the Pricing and Ease of Deployment categories.
"The Fortinet FortiGate local partners were good. I did not have direct contact with Fortinet support."
"The SD-WAN feature is the most valuable. This feature evolved from link load balancing. It has helped us in terms of our uptime and privatizing applications whenever we experience an outage. The SD-WAN feature has been a plus for us. Two-factor authentication has allowed us to add more users in terms of remote working. We have two-factor authentication for remote workers to authenticate them before they get on the network."
"FortiGate has a very strong unified threat management system."
"I'm pretty happy with its reliability. It is also very scalable."
"The most valuable features of Fortinet FortiGate are it is one of the most mature firewalls in the UTM bundle."
"The most valuable features are simplicity, management, and that it's constantly evolving."
"One of the valuable features is a standardized OS."
"FortiGate has a strong security topic which allows all of the Fortinet devices to communicate and share information which makes their security more powerful."
"There are plenty of features available in this solution, such as attack blocker and spam blocker. Additionally, it is very robust and in-depth."
"The strengths of Palo Alto Networks NG Firewalls are application visibility and application awareness. Their strong point is identifying applications for traffic. So all of the policies that are configured are related to the application and not to a port."
"The interface is very nice. We generally like the UI the product offers."
"The most important feature is the firewall. We can make rules to filter the application layer of traffic. It's a very helpful feature."
"The most important part of this solution is its reliability, as it just works without any fancy features."
"The feature that I like the most is its IPS model, the WildFire model. I really like how the whole threat protection model functions, including the vulnerability and anti-spyware aspects. That is really awesome."
"Overall, it is a good solution. It is stable. We use URL filtering, which is useful for blocking undesired URLs."
"The ease of use and the ease of configuration of our policies are the most valuable features."
"Content filtering and intrusion prevention are most valuable. Our customers are fully satisfied with the performance of Sophos. It has all the features that they require in a firewall."
"The solution is a next generation firewall and we have gotten good customer feedback."
"The multifactor authentication is helpful because whenever the user wants to connect to the firewall, they have to use the authenticator before they can access it."
"The most valuable features are its nice interfaces and configuration. The endpoint is also very good."
"What I like about his program, is that it is easy to use and easy to manage."
"The security of the solution, thanks to the built-in unified threat management, is one of its most valuable features. Plus, one single pane of glass is all you need to manage the whole solution, and web management can be done from anywhere."
"It is a scalable solution."
"The solution seems to be very easy to use."
"At first glance, the interface for the device is very confusing."
"I don't like that anything more than very basic reporting is not included."
"The Web-filter in this solution is not very good."
"The solution can have more features in a single box that can be multi-applied to integrate everything."
"Application management can be improved."
"Some features of Fortinet FortiGate are actually fee enabled that are inconvenient for deploying in production. Other issues relate to isolation with Cisco products and your server."
"It's my understanding that more of the current generation features could be brought in. There could be more integration with EDRs, for example."
"If I had any criticism that I would give FortiGate, it would be that they need to stop changing their logging format. Every time we do a firmware upgrade, it is a massive issue on the SIM. Parsers have to be rebuilt. Even the FortiGate guys came in and said that they don't play well in the sandbox."
"The solution is very expensive. There are cheaper options on the market."
"There is room for improvement in the area of customer service."
"The solution needs some management tool enhancements. It could also use more reporting tools."
"I would like to see better third-party orchestration so that it is easier for the team to work with different products."
"The solution could be simplified."
"I would like the option to be able to block the traffic from a specific country in a few clicks."
"In the future, I would like to see more OTP features."
"Based on the features that I have seen so far, I do not see any room for improvement, but they can improve their CLI documentation. I haven't really seen much when it comes to CLI documentation."
"In the next release, I would like to see improvements made to the policy and simplify the policy-making, as the complexity of it makes it really tough."
"Sophos XG could improve by coming out with more innovative feature developments."
"In the product, the area revolving around SD-WAN has certain shortcomings where improvements are required."
"Sometimes when you roll out a new firmware, you find that the rules you already have in place are broken, so it's difficult to migrate to a new firmware. That's the only downside I've experienced in Sophos."
"Some businesses require Dynamic IP. This feature would be useful if it worked."
"Technical support can be slow to respond, which is something that should be improved."
"The first area that needs to be improved is customer support."
"The current bandwidth consumption is no longer shown in the XG and XGS."
More Palo Alto Networks NG Firewalls Pricing and Cost Advice →
Palo Alto Networks NG Firewalls is ranked 6th in Firewalls with 69 reviews while Sophos XG is ranked 7th in Firewalls with 25 reviews. Palo Alto Networks NG Firewalls is rated 8.6, while Sophos XG is rated 8.2. The top reviewer of Palo Alto Networks NG Firewalls writes "Provides zero trust implementation, more visibility, and eliminated security holes". On the other hand, the top reviewer of Sophos XG writes "Fined tuned web proxy, feature rich, and beneficial VPN technology". Palo Alto Networks NG Firewalls is most compared with Check Point NGFW, Azure Firewall, Meraki MX, Netgate pfSense and Cisco Secure Firewall, whereas Sophos XG is most compared with Netgate pfSense, OPNsense, Sophos XGS, Sophos UTM and SonicWall TZ. See our Palo Alto Networks NG Firewalls vs. Sophos XG report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat signatures and updates. I also appreciate that I can just import addresses and URL objects from the external server. Palo Alto has a dedicated management interface, which makes it easy to manage the device and handle the initial configuration. It has fantastic throughput and its connection speed is pretty fair, even when dealing with a high traffic load. With Palo Alto I can configure and manage with REST API integration. And Palo Alto provides deep visibility into your network activity via Application and Command Control.
Although Palo Alto has great things going for it, there are a few things I dislike about it. For example, when the CPU is 100%, the GUI can take a very long time to respond. Booting time is also time-consuming, and committing the configuration takes more time than I would like it to.
Like Palo Alto, Sophos XG is quick and easy to configure. It is compact in size, and therefore does not weigh a lot either. Similar to Palo Alto as well, it can handle heavy traffic and has a solid performance. A good thing about Sophos XG is that it supports IPsec connection with multiple vendor firewalls. However, I am not impressed with the CLI which is not so useful, and I don’t like that there is no option to import bulk address objects.
Conclusion:
Palo Alto Networks NG Firewalls and Sophos XG are both good products. However, Palo Alto has certain features I really like and that’s why I chose it. For me, Palo Alto’s dynamic address group option is a big advantage because it is a huge time saver instead of having to create address groups manually. Another biggie for me was its DNS Sinkhole feature because it is something I rely on a lot and it is very effective in blocking C2 command control traffic.