We performed a comparison between Palo Alto Networks and Sophos XG based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Palo Alto Networks comes out on top in this comparison. It is robust, performs well, and has good support. Sophos XG does, however, do better in the Pricing and Ease of Deployment categories.
"You can create multiple Virtual Domains (VDOMs), which are treated as separate firewall instances."
"Fortinet FortiGate has many valuable features, such as IDS, and intrusion detection. It has security features that are in part with the technologies that are available in the market."
"We use a southern institution that's audited for IT security and the reporting that automatically comes off the unit makes it much easier to meet compliance standards and makes it easier as far as the amount of time that has to be spent to compile that information. If you get your reporting set up correctly when you initially set it up, you just select the one you want and hit print. The auditing trail on it is the best feature."
"Security solution with a straightforward and quick setup. It's a stable and scalable product."
"I appreciate FortiGate's flexibility, which allows for centralized management through FortiManager."
"The security on offer is very good."
"The scalability of Fortinet FortiGate is good."
"The most valuable feature of this solution is Quota."
"The application IDs, application controls, URL filtering, visibility, monitoring, and reporting are the most valuable features."
"Identifying applications is very easy with this solution."
"The WildFire reporting and Cortex XDR platform have huge infrastructures in the cloud that secures the network against threats. So, we have the potential on the system, specifically for users, where we take care of this since the user is the most dangerous. We get reports back from WildFire on a minute-by-minute basis, rather than a daily or weekly update like I used to with different AV vendors. These features can detect viruses and malware more quickly, which is super important."
"It is pretty important to have embedded machine learning in the core of the firewall to provide inline, real-time attack prevention, because all these different attacks and threats are constantly evolving. So, you want to have something beyond just hard pass rules. You want it to learn as it is going along. Its machine learning seems pretty good. It seems like it is catching quite a few things."
"The user ID, Wildfire, UI, and management configuration are all great features."
"Palo Alto Networks NG Firewalls enable efficient application search, viewing, and configuration access across various services for different user groups within our company."
"The most valuable features include the different security zones and the ability to identify applications not only by port numbers but by the applications themselves... And with the single-pass architecture, it provides a good trade-off between security and network performance. It provides good security and good network throughput."
"Most of the features in Palo Alto are very valuable."
"I like the dashboard, the interface, the management console, and the remote login."
"SD-WAN features should be added."
"The security of the solution, thanks to the built-in unified threat management, is one of its most valuable features. Plus, one single pane of glass is all you need to manage the whole solution, and web management can be done from anywhere."
"Sophos is a comrehensive solution which allows me to configure all the attendant products, such as Sophos' firewall, Endpoint and Encryption features."
"The product has a console that is based in the cloud for all their products. In this console, they have email security, firewall security, endpoint security, et cetera. All of the products on offer in the console are very useful for us."
"Sophos began with a basic version and evolved into something more efficient in terms of performance."
"The user authentication rules are very useful."
"Compared to other firewalls that I had looked at, I thought Sophos was the better solution. It just seems to be easier to manage versus Cisco, Fortinet, or one of the other options I was looking at."
"Price, of course, can always be more competitive or better."
"It is very expensive, and their support is not very good. I hope that their technical support will be better in the future."
"I use the FortiGate 60D model and realized the 300Mbps bandwidth limitation. Because it is a product that offers many services, I think it could have greater bandwidth capacity."
"The performance and speed are aspects of the solution that could always be improved upon."
"In terms of what could be improved, the SD-WAN is quite difficult, because if you install the new box, 15 is okay, but if you change from an old configuration, if there is already configuration and a policy when you change to SD-WAN, you must change the whole policy that you see in the interface."
"The support structure needs to be improved because every time we contact them, there is a delay in the response."
"The cloud management and automation capability could be improved."
"The solution is very expensive."
"Technical support is an area that could be improved."
"The performance of the Panorama interface needs to be improved. It tends to be very sluggish at times."
"Its price can be improved. It is expensive. Other vendors have pre-configured policies for the protection of web servers. Palo Alto has an official procedure for protecting the web servers. Many people prefer pre-configured policies, but for me, it is not an issue."
"The whole performance takes a long time. It takes a long time to configure."
"The cost of the device is very high."
"The only area I can see for improvement is that Palo Alto should do more marketing."
"I am in GCC in the Middle East. The support that we are getting from Palo Alto is disastrous. The problem is that the support ticket is opened through the distributor channel. Before opening a ticket, we already do a lot of troubleshooting, and when we open a ticket, it goes to a distributor channel. They end up wasting our time again doing what we have already done. They execute the same things and waste time. The distributor channel's engineer tries to troubleshoot, and after spending hours, they forward the ticket to Palo Alto. It is a very time-consuming process. The distributor channels also do not operate 24/7, and they are very lazy in responding to the calls."
"As things are evolving, we want to make sure that Palo Alto is able to keep up with what is going on outside. They should continue to do more intelligence-related enhancements and integrate with some of the other security tools. We want to have a more intelligent toolset down the road."
"One area where Sophos XG could improve is in its patch management system."
"We recently did an upgrade on the Sophos XG firmware and we were surprised that after the upgrade, the automatic switch actually we were using did not work anymore."
"The only area that requires improvement is scalability."
"They made some changes to the firmware update sometime last year, which moved some of the policies from where they were before. Some of the policies, such as NAS policies, were separated, which made it a bit hard for people to trace the policies they had configured."
"When it comes to improvements that the vendor can make, we see that the cloud integration for managing all the firewalls is essentially a replacement of the on-prem version we had and is not sufficiently mature."
"An area of improvement would be the reporting as diagnostic graphs take a long time to load and refresh. If there could be an option to show only select graphs, it may speed up the graphics."
"For the moment, managing the Sophos interface is a little bit challenging."
"The VPN has been a persistent problem for us. It's not straightforward to configure."
More Palo Alto Networks NG Firewalls Pricing and Cost Advice →
Palo Alto Networks NG Firewalls is ranked 6th in Firewalls with 161 reviews while Sophos XG is ranked 7th in Firewalls with 192 reviews. Palo Alto Networks NG Firewalls is rated 8.6, while Sophos XG is rated 8.2. The top reviewer of Palo Alto Networks NG Firewalls writes "We get reports back from WildFire on a minute-by-minute basis". On the other hand, the top reviewer of Sophos XG writes "Easy to use and deploy with an improved pricing structure in place". Palo Alto Networks NG Firewalls is most compared with Check Point NGFW, Azure Firewall, Meraki MX, Netgate pfSense and Cisco Secure Firewall, whereas Sophos XG is most compared with Netgate pfSense, OPNsense, Sophos XGS, SonicWall TZ and Meraki MX. See our Palo Alto Networks NG Firewalls vs. Sophos XG report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat signatures and updates. I also appreciate that I can just import addresses and URL objects from the external server. Palo Alto has a dedicated management interface, which makes it easy to manage the device and handle the initial configuration. It has fantastic throughput and its connection speed is pretty fair, even when dealing with a high traffic load. With Palo Alto I can configure and manage with REST API integration. And Palo Alto provides deep visibility into your network activity via Application and Command Control.
Although Palo Alto has great things going for it, there are a few things I dislike about it. For example, when the CPU is 100%, the GUI can take a very long time to respond. Booting time is also time-consuming, and committing the configuration takes more time than I would like it to.
Like Palo Alto, Sophos XG is quick and easy to configure. It is compact in size, and therefore does not weigh a lot either. Similar to Palo Alto as well, it can handle heavy traffic and has a solid performance. A good thing about Sophos XG is that it supports IPsec connection with multiple vendor firewalls. However, I am not impressed with the CLI which is not so useful, and I don’t like that there is no option to import bulk address objects.
Conclusion:
Palo Alto Networks NG Firewalls and Sophos XG are both good products. However, Palo Alto has certain features I really like and that’s why I chose it. For me, Palo Alto’s dynamic address group option is a big advantage because it is a huge time saver instead of having to create address groups manually. Another biggie for me was its DNS Sinkhole feature because it is something I rely on a lot and it is very effective in blocking C2 command control traffic.