Sophos XG Reviews

We are using it at a gateway level. We are using Sophos XG Series 135. 

We find it easy to use. Its internal configuration is very easy. It is not complicated in terms of use and configuration.

It has been fairly stable, and it is also scalable.

They can simplify its interface so that it is mostly drag-and-drop. There was an SQL injection attack on some Sophos devices. They just need to harden their devices a little bit so that they can't be hacked very easily.

I have been using this solution for three years. 

It has been fairly stable.

It is scalable. We had scaled it for the number of users that we have, and it has worked fine for us. We have around 40 users.

We rarely contact their technical support. There was a time when our head office contacted their technical support. It was an issue in 2008, and they provided a patch.

We used Cisco ASA five or six years ago.

We found it easy to install. Its installation took around one to one and a half hours.

I did it myself. I have had some training on the product. In terms of support, we have just two guys who handle the support. Two people are enough for its deployment and maintenance.

I would recommend this solution. It is a fairly stable and good solution. We will keep on using it.

I would rate Sophos XG a seven out of ten.

We use the solution for application control and web filtering. We also use it as a VPN point, and we use it on other occasions for tracing and reporting about usage and high application rates.

We are able to trace any user and pinpoint any vulnerability or any malicious software. We are able to synchronize between the local and active directories so we can catch users easily through their login names and IDs.

The reporting on the solution is excellent.

There needs to be a way that we can distinguish between educational institutions on Youtube and other Youtube videos. You can do this on Fortinet. Basically, they can block all other Youtube videos besides those that are from educational institutions. With Sophos, you either allow for all Youtube videos or none at all. They need to allow for more specification on different websites.

They only have one single location for training videos. They must offer them elsewhere as well. When the site goes down, everything stops, and you can't access the videos when you need them, so they need to diversify that. It's limiting.  

The stability of the solution is excellent.

The scalability is good. We could only handle around 5,000 users but even when we reached 3,000 users, Sophos only consumed around 24% and 40% of Prime usage. 

The solution's technical support is not the best. When I take a step to open a case with Sophos support I can't understand them at all; I can't understand their accent. I always appreciate if they can communicate with me through e-mail instead, which makes it much easier. 

Many cases take a long time to be resolved. Some cases they seem to ignore or don't reply to for a long time so I have to remind them that the case is still open before they will respond. 

The initial setup was straightforward. The implementation took about a day. There were only two people needed for deployment.

We had a consultant assist with the setup. They were very good.

We use the on-premises deployment model.

I would rate the solution nine out of ten. It's a very good firewall. It helps a lot with protection, and every organization needs a firewall to ensure they are protected.

Our primary use case of this program is for antivirus and security purposes.  

What I like about this program is that it is easy to use and easy to manage.

Sometimes we experience difficulties with our server and that is usually due to a bug. Somehow bugs seem to find their way through Sophos' security. The issue is usually resolved when we contact technical support. In the next version, I would like to see an improvement in this. The developers should test everything after any update to ensure that bugs don't come though with the update.

I've used FortiGate before and I would say that Sophos is just as stable, both being around 70% as stable as other products on the market.

The scalability is good. We have 300 to 400 antivirus end users, and our company has around 1,000 users. We do have plans to increase usage because we are growing our projects around the world to countries like the US, Germany, Pakistan, India, UAE (Dubai) and Egypt.

The technical support is okay. Whenever we call them with an issue, they come to us and resolve the issue. Sometimes they take time, but I still think it's good. I will rate the technical support eight out of ten.

We only use Sophos because it can integrate with other product like FortiGate and we can easily connect the two programs. This makes the program scalable and easy to use. Many other products on the market are not compatible with each other and that is why we chose Sophos. 

The initial setup was rather complex but we had no issues with the deployment.

We bought a license for three years and we will renew it but I think the price is too high. If it could be less expensive, more end-users or partners will be able to afford it.

It is a good product and I will definitely recommend it. I rate this product a seven out of ten. In the next version I would like to see an advanced level and not only a basic level. Nowadays it is a very useful feature to be able to upgrade.

For one, its ease of use is the most valuable feature. It's very easy to look at the logs and troubleshoot issues as they arise. Things just make sense and it is a very intuitive interface.

It is easier to use than Cisco ASA, so it has reduced our SLAs by a considerable margin.

The VPN and central management need to be improved, but that's being nit-picky.

The IPsec VPNs are a little on the buggy side and you sometimes have to jump through hoops to get it to work. When I looked at them last, they were still in development for the centralized management of the firewalls, so when I saw it, it was very much in its infancy.

One more thing to add to what they can improve is the firewall policy presentation, they have their own special way of doing it which takes time for some to get used to, especially if you’re used to Cisco ASA.

I have used this solution for about a year.

There were no stability issues.

There were no scalability issues, it is very scalable.

I would rate the technical support a 10/10; they are very professional. I know a couple of those guys over there on a first name basis.

Previously, we were using another solution. However, we switched as we needed to upgrade our infrastructure.

The setup was pretty straightforward. They had someone come in, walk us through it and train us on the platform.

Get the professional support contract; it is well-worth it and those guys know their product very very well.

It is a very solid product, easy to use and implement.

We use and implement Sophos XG for our customers for border security, just to make sure that nobody gets in and that everybody who tries to get out will have some kind of filter or protection.

I can say that it has not exactly improved how our the organization functions, but on the security side it makes everything much more secure, especially for the users. They can't surf the web without some kind of protection for safety and control, and we are alerted if somebody is trying to access some strange websites or trying to access something the company does not allow.

The features that I have found most valuable are first the Web Filter and the Web Application Firewall SD-Wan on Version 18. Additionally, RED Tunnels allows a Sophos vital to speak to another Sophos vital in headquarters.

The main problem with Sophos XG today is that it doesn't have a feature where you actually know the quality of an international link, which would allow us to we know if the link is operational or not. We need more information. It's losing packets on the network. It's high latency. So, we need more information to know if the link is really bad or really good, and today, we only know if it's working and this just isn't enough.

I have been using Sophos XG for about six, seven years.

Sophos XG is really robust because of all the implementations you currently have active. We don't have problems on the hardware or a bug on the software or anything like that. It's really, really rare. Most of the problems are from requests for our customers asking to make a particular website available for some parts of the company and things like this. Just some little configurations on the web filter.

We actually do studies to already know before implementation which firewall will be able to handle all the operations. It is really rare to need to change the firewall or to miss a configuration and put in equipment that can't handle the network. We have never had a case where we had to replace a hardware because it couldn't handle the network. It has always been easy to make a survey to get the right equipment for the right amount of people, and every time we need to make a new implementation we have the study making scalability easy, because each hardware is for a specific customer.

If I were to rate support from zero to 10, I would say about six or seven. The Portuguese Support is really bad. It's really not good. Every time you have an issue that's a little bit more complex, it's better to speak to the Global Support than the Latin American Support.

Today the initial setup is simple since we have been using it for a long time and have implemented it for several customers. So now it is really easy for us.

We are the resellers.

My advice to anyone considering Sophos XG is that it has a good cost-benefit. Let's just put it that it does the job right.

On a scale of one to ten, I would say Sophos XG is a nine.

We provide Sophos XG to customers. We work at deploying this solution from scratch to the customer, from unboxing, racking, or stacking, and doing licensing and upgrades for the box. Then we establish the process and security profiles that the customer requires. 

This solution is deployed on-prem. 

Some of the most valuable features are filtering and application control. The DDoS detection also shows traffic jamming and traffic shaping. 

This solution could be improved with more effective bandwidth. I found that when I enable DDoS detection for our clients, bandwidth is reduced. If DDoS detection is disabled, the bandwidth will be high, but it isn't secure. We recommend that customers enable DDoS detection, but if they need high bandwidth, we recommend Palo Alto and FortiGate instead of Sophos. 

I have been using Sophos XG for about six months. 

This solution is not as stable as other products. In terms of stability, our number one recommendation is Palo Alto, number two is FortiGate, and number three is Sophos. 

Sophos is scalable, but not enough. 

Sophos technical support is effective. 

The installation takes two days. It is easy to deploy, and not as complicated as Palo Alto or FortiGate. We make it in our company labs and, for deployment and maintenance, we recommend one or two people. 

We provide and implement this solution for customers. 

The licensing for Sophos XG is based on the number of users, so I get the module from the sizing of the customer. 

We also recommend that customers use FortiGate and Palo Alto, since these solutions are more stable and have more effective bandwidth. 

I rate Sophos XG a seven out of ten. I would recommend it to others, based on their needs, but the stability could be better. 

We have five to seven customers who are using Sophos XG. 

The firewall is used to maintain security. Basically, it's used to make sure that our clients' corporate network is secure. We want to make sure that their email is scanned, protected, and so on.

In terms of the functionality, I think it's pretty straightforward. It's easy to pick up. It's also user-friendly.

Support could be improved.

I have been selling Sophos XG for two years. It is deployed on-premise. 

When it comes to scalability, of course we can upgrade. A lot of firewalls don't allow upgrades. An upgrade would mean changing the box. For our customers, a lot of the functions of the firewall don't reduce. We just need to make sure they enable the security, and then make sure it's giving the protection to the client.

For scalability when it comes to the server, I can add the RAM, the hard disc, and the CPU to boost up the performance. 

The principal tech support is not very present in Malaysia. We are relying on the distributor. Most of the technical things we can handle on our own, like when it comes to setup. When it comes to the issues related to product hardware or software bugs, we will reach out to them. But the response is from the distributor.

The support could be a bit better.

Installation for each version, like Fortinet and Next Generation Firewall, is simple. Based on how familiar we are with the client, it can take a day or two.

We only need one or two people for deployment.

For every firewall, you will need to pay the license for the following year. If they don't pay for the license renewal, they basically won't get the support from Sophos.

They do have their own integration, so I don't really have much to comment about Sophos because we basically just maintain the Sophos Firewall that we supply. We don't do a lot of fancy design work.

We are currently still evaluating the solution.

We generally deploy this solution for our clients for its basic functionality; our clients generally don't have sophisticated requirements. The solution is used for the firewall rules and the VPN rules, as well as the WAF functionality. We are silver resellers of this product and I'm head of the software department. 

The most useful aspect of the solution is the concept of integrated security which is why I use and recommended this firewall to clients. However, given that we never use endpoint protection, there is less incentive for us to continue using it. Initially it provided a specificity which enabled one kind of endpoint protection managed through the appliance together with the WIFI integrated within the firewall, managing all basic security aspects for TPD. However, because the endpoint protection is not that good and there are problems with malware and we can't prioritize facility management over security of the finances, we can't continue to work this way.

I think the management console could be improved. I also find the partner portal difficult to work with because it never functions correctly and it's exhausting to deal with. They should also improve the failover management and the reliability of failover, and there are sometimes issues with the WAF functionality, whereby a number of applications can't be used correctly. Finally, I think the support could be improved because when you open a ticket, there's a long wait time for a response. 

I've been using this solution for three years. 

The stability is quite good there are no major vulnerabilities. 

The technical support is a real weakness but that seems to always be the case. Sophos has improved over the last couple of years. It's better than before but it's still not good.  

I find the solution too expensive, to be honest. It's one of the reasons I'm looking for an alternative. It's overpriced for what they offer.  When you buy a commercial appliance, the only thing you really need is good support, and they don't provide that, so the cost for hardware and software is too expensive. If the support was responsive, I'd be happy to pay. Now I'd prefer to acquire my own hardware and install pfSense and spend the money helping technicians and engineers gain good skills and improve our own support. We'd have the same level of protection at a lower cost. 

I rate this solution a seven out of 10.