We just raised a $30M Series A: Read our story

Sophos XG OverviewUNIXBusinessApplication

Sophos XG is the #6 ranked solution in our list of best firewalls. It is most often compared to Fortinet FortiGate: Sophos XG vs Fortinet FortiGate

What is Sophos XG?

Sophos XG Firewall is next gen firewall that is optimized for today’s business, delivering all the protection and insights you need in a single, powerful appliance that’s easy to manage.

Sophos XG Buyer's Guide

Download the Sophos XG Buyer's Guide including reviews and more. Updated: October 2021

Sophos XG Video

Pricing Advice

What users are saying about Sophos XG pricing:
  • "It comes at a fair price as compared to some of the other products out there. Its price is in the middle. It is not the cheapest, and it is also not as expensive as Juniper, Check Point, and definitely Cisco. Nowadays, everybody is very cost-sensitive, and people don't want to spend unnecessary money, but even before that, it was a fairly priced product. You've got your choice of what license you want. There are basically two types of licenses, and it depends on what you need to do, and everything is included in that license. There is no cost for VPN and DMZ. You purchase the license, and you know upfront what you're getting or what you're not getting, and that's it. It is one license fee and done and dusted."
  • "Sophos XG isn't expensive compared to Check Point."
  • "When compared to other products, Sophos licensing is very affordable."
  • "When comparing with Palo Alto and Cisco, Sophos is cheaper."

Sophos XG Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Marco-VIVALDELLI
CEO at MARVIV SRLS
Real User
Top 5
Light and stable with excellent real-time control

Pros and Cons

  • "It's a product that is in continuous improvement and is following what the customer is asking for. They are taking inputs and designing new releases specifically according to the client and their needs."
  • "The solution could offer a bit more integration with other systems, with other platforms - just to be able to extend the capability and to interface with other kinds of platforms or systems that I can find on the market as it gives the possibility to improve the level of integration."

What is our primary use case?

I'm using the solution mainly for its firewall application and to prevent intrusion in the system. The XG platform is very powerful from the perspective of identification and to prevent potential attacks on the system due to its the capacity to predict and to anticipate the potential damage on the system.

It's integrated inside the system, meaning that it can control all the endpoints in the system and talk with them and identify any potential situation. It can also isolate one area inside the system without compromising the entire system. This allows you to isolate the initial problem without involving the entire infrastructure. 

You have real-time control of all your infrastructure. It is integrated with the hardware and offers good performance alongside the hardware and by the firmware, and these work together to control the entire infrastructure.

What is most valuable?

The real-time control on offer is excellent.

We really appreciate that you can segment and quarantine certain sections of your system without having to shut down the entire operation.

The product has artificial intelligence that has the capability to quickly identify which could be the potential risk mainly for intrusions like ransomware or a new kind of typology of attacks that are in place right now. 

The idea is to mainly prevent the condition and not to manage the situation, as, if that happens, in many ways, it's already too late. It's to identify the condition that can help the company to prevent or mainly to reduce the risk of an intrusion. In that sense, its performance is excellent. 

The product is doing it job without affecting the system with a heavy load. The activity on offer is very light in terms of resources that are required by the system. It does not require a lot of resources in terms of memory, et cetera. There is no performance impact on the system. The customer doesn't detect its presence on the system when it's working, and yet they still get all of the great benefits of protection.

The solution has been quite stable. 

It's a product that is in continuous improvement and is following what the customer is asking. They are taking inputs and designing new releases specifically according to the client and their needs.

It's one of the best products on the market as it really understands where the market is moving and iterates based on the future. It's constantly improving. It does a great job at keeping confidentiality while guaranteeing security.

The solution doesn't just offer theoretical security, it really does offer very good, real-time security and delivers on its promise to the client.

What needs improvement?

There is no specific features request right now really. I see that all the features that Sophos is implementing and is proposing on the market follow exactly what the market is asking. It's difficult to identify something that is missing compared with what the market can ask as one of the most important things that Sophos does is have the capability to anticipate in a certain way what the market expects. As a leader on the market, they tend to have the solution just before the market is asking them for it. 

The solution could offer a bit more integration with other systems, with other platforms - just to be able to extend the capability and to interface with other kinds of platforms or systems that I can find on the market as it gives the possibility to improve the level of integration.

What do I think about the stability of the solution?

The solution is very stable. There are no bugs or glitches. It doesn't crash or freeze. It's very reliable.

What do I think about the scalability of the solution?

The solution is quite scalable. You have to consider that all Sophos products are scalable. This is one of the main characteristics of the system. It means that you can start with a base solution that is very simple and improve this step by step without losing what you have done in the past. It's scalable in the sense that you have a different layout that you can cover, however, you don't have to dismiss what you have done in the past. You have just to integrate. In this way, if you consider the cost of implementation for the company, it has the possibility to optimize the cost because the company has the possibility to appreciate the system initially, and then improve the system step by step without losing what has been done in the past.

This means the company has the possibility to distribute the cost if you're in a certain period of growth. Normally some companies start to say, "I want to guarantee to control to the outside with a certificate and give the possibility to access my data in a controlled way. After that, I want to extend the security on the email that is managed by the company. I want to encrypt the data on the server and so on." All these features can be approached in a step-by-step manner instead of all at once, and you can implement them on the system in different ways and at different times.

We normally have about 50 users and around five technicians.

Which solution did I use previously and why did I switch?

I also currently use Cisco products alongside Sophos.

However, we did not previously use a solution that was different from Sophos.

How was the initial setup?

The initial setup is not so complicated. The system is not complicated to understand and also in can be installed without a very high level of expertise. Of course, if you have this kind of expertise, you can obtain from the system the maximum performance that the system can do, however, it means that you are not obliged to be a guru to be able to use these kinds of products. You can use these kinds of products just as an IT manager inside the company without having or needing special knowledge. 

Otherwise, you can leave to Sophos with the capability of doing something like a close box. You are sure that Sophos is able to guarantee the level of security that you are expecting. You can have it be automatic, or you can choose to go more manual in its operations. For example, if you were a professional photographer, you'd probably like a manual experience, as it would allow you more leeway with your craft, and if you were an amateur, you 'ld likely prefer an automatic camera that handles the heavy lifting for you. Sophos, in that sense, is the same. If you want, you can configure single parameters, or you can leave it to Sophos to give you something out-of-the-box.

In any case, if you stay on the automatic configuration, you are guaranteed that the system can provide the correct level of service that you want. It means that it's not required to have an expert. That said, you need of course to have a minimum level of knowledge, as it's clear that you need to know what you are managing. Starting from that, you can obtain what you need without moving into an advanced configuration.

Typically, a configuration takes about half a day or so, if you go that route. It doesn't take long, as those who would handle it would know what they are doing.

What about the implementation team?

We handled the implementation ourselves, in-house. We did not need the assistance of an implementor or consultant. I have enough knowledge on the solution to manage it myself.

What other advice do I have?

I'm mainly a user. Sometimes I handle installations.

I'm using the latest version of the solution. I don't have the version number on-hand.

We do plan on continuing to use the solution. I've been quite please with it overall.

I would recommend the solution to others. It's worked quite well so far and really leads the market.

I would rate the solution at a ten out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Chris Booyens
IT Manager at Thyme IT
Real User
Top 20
A rock-solid and sensible product that works very well, comes at a fair price, and requires minimal handling

Pros and Cons

  • "There are many features. VPN, firewalling, and intrusion detection are the main features that are most useful for us at this time."
  • "Their support is fairly good, and they come back to me. I've had an issue once or twice where I couldn't understand what the support person was saying because those calls were probably routed to India. They were a bit difficult to understand, but it is generally not an issue."

What is our primary use case?

We use it for firewalling. Lately, we are also using it for remote access or VPN access for the users to the firewall and then onto the local network for people working from home. We've seen a huge jump in work from home. Everybody is working from home, so we need a secure connection to the office.

I am not using its latest version. I normally wait for a couple of months before upgrading the unit to make sure there are no bugs or issues. I check on the forums to see what other people are saying and whether there are any issues. 

What is most valuable?

There are many features. VPN, firewalling, and intrusion detection are the main features that are most useful for us at this time.

What needs improvement?

Their support is fairly good, and they come back to me. I've had an issue once or twice where I couldn't understand what the support person was saying because those calls were probably routed to India. They were a bit difficult to understand, but it is generally not an issue.

For how long have I used the solution?

I have been using this solution for seven years.

What do I think about the stability of the solution?

It is stable. We've been dealing with it for such a long time. We know exactly how to set it up. Sometimes, clients have got funny ideas, and I just say to them, "You tell me what you need, and I'll do the config and set it up." I've got two clients who have got technical skills. One of them is fairly proficient on Sophos, so he does the work as well, but for most of our other clients, we set it up, and there are no issues. It just works.

What do I think about the scalability of the solution?

It is scalable provided you purchase the correct product. We do a bit of homework. We don't just sell you the first device on the list because that's not always suitable. We do a scope of the client's business. They may be a startup with just five users, but they might have a plan to have 100 or 200 users. We need to just size according to what they anticipate to be. It is no good if we sell them an entry-level device now, and two months later, it is too small. We purchase according to a client's requirements.

We've got clients with four users, and the number can go up to hundreds. I'm currently busy setting one up for 150 users, and obviously, there is much more work involved in doing the remote VPN setups.

How are customer service and technical support?

I use the local support in South Africa. If they can't help me, then I log a case with their international support. They're fairly good, and they come back to me. 

I've had an issue once or twice where I couldn't understand what the support person was saying because those calls were probably routed to India. They were a bit difficult to understand. They spoke so fast, and I could not hear what they were saying, but it is generally not an issue. It is not a showstopper, and we manage to work. If I don't understand, I say to them, "Can we rather chat by email?", which makes it a lot easier.

Which solution did I use previously and why did I switch?

There some other firewalls that my company is using, but they're way below in terms of specs and what they can do. Sophos XG is a layer 7 firewall, and most of the others are only layer 2 firewalls. Sophos is far superior. 

I do not have any knowledge about Cisco, Juniper, or other firewalls. I don't really use them. I use some open-source firewalls, but they're also a lot lighter. I've got one or two very small clients or non-profits where we run an open-source firewall, but the feature set is way limited compared to Sophos.

Sophos XG comes in at a fair price as compared to some of the other products out there. Its learning curve wasn't that steep. It makes sense, and it is a sensible product. It is not like some of the other products.

How was the initial setup?

It is simple for me. I've done so many setups. I can probably do these things in my sleep. In fact, I have got one in front of me now that I need to configure and install. I'm fairly proficient in the use of these devices. I'm happy with it.

The deployment duration depends on the setup. Some simple setups can be up and running within two hours. Complex ones most probably will take four to six hours. It also depends on the client's needs. Some of them have simple requirements, and they just want firewalling and one or two remote-access VPNs. Others have got a complex setup where we need to set up cameras and VoIP telephone systems. It all depends on a client's requirements.

It doesn't require any maintenance because the definitions are auto-updated. I've got a dashboard where I can manage all of the firewall devices from one dashboard. If I want to upgrade the software on 20 of them, I'll log onto the dashboard and upgrade the software just by selecting it and saying upgrade the software, and it is done. It requires very minimal handling on a day-to-day basis. Antivirus definitions, scanning definitions, and all those things are auto-updated anyway.

What's my experience with pricing, setup cost, and licensing?

It comes at a fair price as compared to some of the other products out there. Its price is in the middle. It is not the cheapest, and it is also not as expensive as Juniper, Check Point, and definitely Cisco. Nowadays, everybody is very cost-sensitive, and people don't want to spend unnecessary money, but even before that, it was a fairly priced product.

You've got your choice of what license you want. There are basically two types of licenses, and it depends on what you need to do, and everything is included in that license. There is no cost for VPN and DMZ. You purchase the license, and you know upfront what you're getting or what you're not getting, and that's it. It is one license fee and done and dusted.

What other advice do I have?

I would definitely recommend this solution to others. I recommend it to all my clients. I'm using it at home as well, and it works great. I'm fairly proficient in it, so I'm very confident. I can recommend it to anybody and everybody. It is a great product, and I've got no issue with it.

I would rate Sophos XG a ten out of ten. It is a rock-solid product that works. We've so many deployments of this solution. I'm just happy with it. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Learn what your peers think about Sophos XG. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,721 professionals have used our research since 2012.
Alexandre RASTELLO
Senior IT Consultant - Sophos Architect at ARENTIA S.A.
Real User
Top 5
A powerful and cost-effective web application firewall solution

Pros and Cons

  • "The web application firewall reverse proxy is very good."
  • "Sophos can improve the debugging of the WAPS function."

What is our primary use case?

We essentially use Sophos XG to protect our customers. Most of our customers use remote VPN connections. They also use the WAF protection for exposed internet WEB servers.

What is most valuable?

The web application firewall or WAF is very useful. Web application firewalls help keep your servers safe from hackers by scanning activity and identifying probes and attacks.
Using the Web Application Firewall (WAF), also known as reverse proxy, Sophos
UTM lets you protect your webservers from attacks and malicious
behavior like cross-site scripting (XSS), SQL injection, directory
traversal, and other potent attacks against your servers.
You can define external addresses (virtual webservers) which should be
translated into the "real" machines in place of using the DNAT rule(s).
From there, servers can be protected using a variety of patterns and
detection methods.

This function has been completely re-developed in XG, relatively of the UTM-9 version, and it works fine. I protect many internet web servers (IIS) for my customers with this function, due to of a lot of attempted attacks. It's a very useful and relatively simple to implement in Sophos XG.

Obviously, like all security systems, it is not a "fire and forget" configuration. It is necessary to properly analyze the system to be protected, create an appropriate policy and monitor its behavior once activated.

https://support.sophos.com/sup...

What needs improvement?

I think Sophos XG can improve some annex features. Like in DHCP, we can't make IP reservations in the range. We must reserve out of the range, which is not good. It will not be the same as the DHCP function in a Windows Server. We can't make an IP reservation in the range of the DHCP in the Sophos.

Better in the next release? I hope...

Sophos can also improve the debugging of the WAF function and provide a better resolution in the log, in the attached WEB log. The initial error doesn't appear. You must tail the console log to find the source pattern, cause of the error.

For how long have I used the solution?

I have been using Sophos XG for about tree years.

What do I think about the stability of the solution?

Sophos XG is stable. I don't encounter problems that are typical with broken systems. But bugs in the system exists. Last example, I discovered a bug is in the asymmetric routing implementation. In a specific network configuration, asymmetric routing, with sub-net 25 doesn't work, but mask 24 and mask 26 works!!

But this is just a bug, and Sophos' support is very good to correct quickly, ASAP.

I only had a break function once because of the appliance BIOS. The Sophos support send me a new BIOS very quickly, and the problem was resolved.

How are customer service and technical support?

I have a lot of issues with Sophos technical support. I still have some pending issues that need to be resolved. It's very odd in the beginning because your first contact is with the sub-part of another sub-part of Sophos based in India or Pakistan. It's very odd to have a quick connection with the second level or third level engineer at Sophos in UK.

I have personal contact with some security managers and the sub-part manager of Sophos support. When they don't resolve a problem quickly, I send an email, or I call my contacts Sophos UK, and it happens! They have good reactivity.

Which solution did I use previously and why did I switch?

We start with Sophos UTM-9, the old version of Sophos firewalls, and then we switched to the XG.

How was the initial setup?

The initial setup of the last version of Sophos XG is good. The initialization is very simple, but you must prepare it. You need an Sophos customer account , on the web cell, to declare easy a firewall.

It'll ask for an account, and you can create it in the interface, but it's better to prepare it before in the Sophos site, to have the account ready, for the first initialization of the firewall.

The deployment time depends on the system's complexity, the number of ISPs, the number of sub-nets, WAF functions and VPNs. 

It's normally very easy for a little company. A retail company with 20-30 computer-users, and a simple connection to the internet, it'll take about four to six-hours to deploy. If you need to fine-tune it, maybe two hours more. So like eight hours or a day to deploy.

What's my experience with pricing, setup cost, and licensing?

Sophos XG isn't expensive compared to Check Point. Sure, Check Point is the Rolls-Royce of firewalls: It's great, it's fun, technically good tunned, but it's very expensive. 

But the specs and technical side of Sophos XG are close to Check Point, and the price is lower. It's better for our customers. I can do the same complex configurations with Sophos XG that I used to do on Check Point firewalls.

Which other solutions did I evaluate?

The main difference between Sophos XG and Check Point is keylogging and working with clouds. Both FortiGate and Watchguard doesn't have  in log packet analyzer to do so deeply. 

For me personally, Check Point firewall is the best firewall, because the log console is the power key of the firewalls. But Sophos XG is the main challenger of Check Point, I think. You can open the debugging packet analyzer, like a Wireshark, directly in the WEB log console. This function is a powerful tool and must be discovered, because it's very useful for quick debugging.

If I had to rank them, it's Check Point first, second, Sophos XG, and in third with FortiGate and Watchguard. We chose Sophos XG because it's much cheaper than Check Point.

What other advice do I have?

I think it's very important to choose the right appliance first. Implementing a lot of things like VPN, IPS strong protection and WAF functions will stress more the appliance CPU. It depend also with the number of connections and number of users too.

Sophos XG is a lot of fun because you can change the appliance model without changing the configuration. You can back-up the configuration of the old appliance and import into the new appliance without spending hour for migration. It's powerful, and the new system is quickly operational.

Another key is VPN LAN to LAN in SSL, allowing connections to be set up much faster. Is this the end of the old IPSEC protocol? No, but it is a function which increases the versatility of the Sophos XG firewall.

Last, but not least, the virtual appliance works perfectly, in private or public clouds. Very simple to implement, work perfectly.

On a scale from one to ten, I would give Sophos XG a nine. 

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company has a business relationship with this vendor other than being a customer: ARENTIA S.A. - Sophos Gold Partner Av. Francisco Sá Carneiro 380 2415-376 Leiria - Portugal
Manuel Gellida
Owner at Dinamica en Microsistemas de Informatica, S.A. de C.V.
Reseller
Top 20
Easy to use and deploy with an improved pricing structure in place

Pros and Cons

  • "The initial setup is pretty easy."
  • "They need to allow their solution to integrate with other products and not just other Sophos solutions."

What is our primary use case?

My clients are mostly based in the government. They are my core clients. I install the solution for my clients.

What is most valuable?

The solution is very easy to use. 

Of course, we have the skills, however, it's very easy for us to deploy the solution. That's one of the valuable features. 

They have a communication between the endpoint and the firewall which is very, very useful for security purposes.

Pricing is now pretty good. They changed the pricing structure a few months ago.

The initial setup is pretty easy.

What needs improvement?

The integration could be a bit better. They need to allow their solution to integrate with other products and not just other Sophos solutions.

Sophos has a feature that in my opinion is very limited. They don't have enough VPNs on their models. They have the XG 750, which is a sizeable appliance. On those models, they used to have not enough VPNs. They always were short on that area. 

Pricing used to be very bad, however, they've adjusted their strategy recently. 

The product needs to improve its marketing in Mexico. It's not a well-recognized product in our country.

The solution's technical support is very bad.

There is an overall lack of documentation in relation to features and capabilities. We need these to help explain aspects of the solution to our clients. 

For how long have I used the solution?

I've used the solution since around 2014. I have about six years of experience at this point. It's been a while. I've definitely worked with the product in the last 12 months.

What do I think about the stability of the solution?

The solution is quite stable. There are no bugs and glitches. It doesn't crash and freeze. It's quite reliable. We don't have problems with it.

What do I think about the scalability of the solution?

The solution is very scalable. It is not a problem. Sometimes we have issues when we are trying to do something with a different traditional version of hardware as sometimes the new hardware has more ports. However, if we are talking about scalability in a huge customer, we can do it very easily. 

Mexico is very different than other countries and continents as here, when we say it's a big customer, we are talking about 2,000 to maybe 3,000 users. There aren't too many large-scale operations in the country. However, in general, for our area, we tend to deal with large-scale companies.

For a company that has maybe 1,000 users, Sophos seems to work very well. We have one operation with 10,000 endpoints and it is working quite well.

How are customer service and technical support?

Technical support from Sophos is very bad.

Sometimes we lose a project due to the fact that we need to solve some issues or answer questions. Things that may be technical but also involve the administrative side. I'm talking about licensing and the capabilities of the feature. We need some documentation, something we can show clients. They can better in those cases. They can either help us or supply us with what we need. 

In response time, they are terrible. In the area of technical knowledge, they are getting better, however, they aren't where they need to be. Right now, we are not satisfied with the level of support provided.

How was the initial setup?

The initial setup is not complex. However, here in Mexico, it's very complex to sell the product. The brand is not as well known.

That said, the process is pretty straightforward. 

The deployment times vary. It depends on the end-user and what they need. Sometimes, it's easy as they don't have too many policies. The more policies they have, the longer it takes.

In other cases, clients may have a lot of VPNs. We have to work on those VPNs, and we have to do a lot of routing. However, that depends on the customer. Not all are like that.

For one appliance, you just need one person for deployment and maintenance. If we are working a lot of VPNs, we would have to use more people. We need to involve maybe two or three individuals and re-apply the configuration in that case. 

What about the implementation team?

We handle the installation process ourselves. We do not need the assistance of consultants.

What's my experience with pricing, setup cost, and licensing?

The pricing has recently changed on Sophos. Their licensing and cost structures are much more clear now. It's much better than it was.

Which other solutions did I evaluate?

Clients, in many cases, evaluate for Check Point, Forcepoint, and sometimes Fortinet. Occasionally, they may look at SonicWall, or Palo Alto however, the others are the main big competitors. 

Palo Alto is very expensive as are Check Point and Forcepoint. That's why we sometimes win the projects. We find Fortinet, is very, very hard to beat as they have a lot of market share, have a lot of marketing. Sophos doesn't have that presence, that marketing. Also, when you have to think about prices, Fortinet gives customers everything and it's hard to beat.

The biggest issue I've found with Sophos is the small number of VPNs that we can do compared to a similar appliance with Fortinet or in the same level center. In fact, many other brands offer more VPNs than Sophos.

What other advice do I have?

I'm a Sophos reseller.

We use multiple versions. We have worked with XG 460 and XG 135 and some others -such as XG 230. In those cases, sometimes it has been Rev 1 and in other cases Rev 2 in terms of the hardware versions.

I mostly work with on-premise deployments. The only item I have installed in the cloud is an email solution by Sophos.

I'd recommend the solution to other organizations. Overall, I would rate it at a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
ZE
Pre-sales manager at National Information Technology Company
Real User
Top 10
Affordably priced, helpful, stable, and simple to set up

Pros and Cons

  • "It's a complete firewall solution that has everything."
  • "The current bandwidth consumption is no longer shown in the XG and XGS."

What is our primary use case?

I am a system integrator. We integrate SG, XG, and XGS.

We are also deploying it on Azure on-premises for our clients.

Sophos XG is a firewall. It can protect your internal users if it is on-premises. It can publish applications such as websites, it can also protect your internal networks like IPS, and IDS. It provides you with VPN Access, and it gives you reports on the consumption of the internet.

If you have deployed the endpoint between the antivirus in Sophos, it can also communicate with your endpoint and protect your users if infected.

What is most valuable?

It's a complete firewall solution that has everything.

It is very useful.

It competes with the majority of the market's products, including Palo Alto and Fortinet.

What needs improvement?

We always strive for more features.

We could see the bandwidth use right away with the prior version, which was the SG version. The current bandwidth consumption is no longer shown in the XG and XGS.

They are nearly a complete solution. However, they are missing this feature with the ability to view the current bandwidth usage. We have requested this, but have not had a reply yet. It was in SG before but it was removed in XG.

For how long have I used the solution?

We have been working with Sophos XG for six years. 

We started with SG, then XG, and now XGS nine years ago.

It can be deployed both on the cloud and on-premises. 

What do I think about the stability of the solution?

Sophos XG is very stable. We haven't had a single issue with stability in the nine years we have been using Sophos.

All electric appliances rely on a stable electric current, which requires the use of a UPS, and a backup power supply. The main issue is the stability of the power.

All Sophos appliances are SSD-based, which means the hard drive in the appliance is solid-state.

we have deployed more than 50, 60 for our customers in Kuwait and we haven't had an issue or, any RMA.

What do I think about the scalability of the solution?

When purchasing a firewall, as a customer, you must first plan, consult with your partner(s), and decide on the sizing. If you buy an XGS 230, for example, it can support up to 200 users and 50 VPNs. If you buy the wrong product, you won't be able to scale it up.

You should always size upfront. If you have a hundred users, you buy an appliance that can support 150. The license is the license.

It's all about the hardware. If you purchase small hardware and you know that after one year you're going to have more employees then it is wrong.

It's not a server, where you can just add more drives, It only has expansion units for the network. If you need to add fiber, for example, you can. There are expansion units, but you can't expand the architecture of the firewall.

We have more than 50 customers.

How are customer service and support?

We haven't required any technical support. I have however heard from my peers that they have not had any issues with the customer support.

They have offices in India, Dubai, and even in the United Kingdom. As we are certified Gold partners in Kuwait, we haven't had any issues with the Sophos team. They are quite responsive when you have a tender to submit. I have no complaints at all.

Which solution did I use previously and why did I switch?

in the past, we also integrated Palo Alto.

How was the initial setup?

The initial setup is easy and straightforward. As certified partners, this is something that we do every week. If the customers provide you with the network details, you can have it up and running in 30 minutes with no issues.

It's a problem if you don't know your firewall, or how to deploy it, or know how to put the proper rule in place. It is very important that in any firewall if the customer doesn't know what rule should be in place, it is possible they will create the wrong rule and expose the network.

You have to have a certified person to maintain the solution. How many you will need depends on the number of customers. If you have a lot of customers, you will need two technical people. It also depends on the size of your business. One is fine but as you grow with more customers, you will need at least two to deploy and maintain the solution.

What's my experience with pricing, setup cost, and licensing?

I don't have any issues with the price. The price varies depending on the market. The price of Sophos in Europe differs from that in our region, GCG, and from that in the United States. You will notice that each region has a different pricing structure. 

Customers will always try to minimize the cost. When compared to other products, Sophos licensing is very affordable.

What other advice do I have?

They have already released the XGS. If you are referring to the previous version, XG. It is still in production and available for purchase. They have already released the XGS, which is the next generation of the XG. It has a more advanced architecture. Now that we have passed XG, there's XGS on the market.

Remember to size your customers. You'll need to know how many web applications you will be publishing, how many end customers the company has, and how many of them will need to connect to the VPN. It's a formula that, based on the data, that will determine which appliance you require. You can start with a little one, but it's best to understand the requirements first.

We are very happy with Sophos products.

I would rate Sophos XG a ten out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Flag as inappropriate
WilliamMugobogobo
Head of ICT Infrastructure and Security at City of Harare
Real User
Top 5Leaderboard
Easy to set up with great protection features and excellent documentation

Pros and Cons

  • "The initial setup is very straightforward and the solution is extremely user-friendly."
  • "I'd like the dashboard to be improved. It could be a bit more customizable."

What is our primary use case?

We use Sophos Firewall for our environment.

The Sophos Firewall, from our interaction and the way we are using it, is a very effective network security solution that basically protects our infrastructure, identifies any infections or any network security threats that actually may happen within our environment. We also are able to manage our users in terms of bandwidth usage and the allocation of bandwidth, whereby we give our users restricted access for use during working hours and they are supposed to utilize the bandwidth and make sure that we optimize and prioritize the applications able to get the necessary bandwidth. We do use it to manage our bandwidth. We do use it as well to make sure that our environment is secure against any possible threats.

What is most valuable?

In terms of the Sophos XG Firewall, what really excites us is basically the issue of intrusion detection and the intrusion prevention features. Those are both very, very good. 

The issue of sandboxing as well is something that is very useful. It's able to protect our environment quite well. 

Email protection is something that we are basically using all the time and it protects our environment which has more than 2000 users. 

All of the protection features are great in terms of securing our environment.

Sophos is way ahead of a number of other products in terms of the enhancements and upgrades they offer.

Sophos offers a great centralized dashboard that makes it easy to see what's happening on your network. 

The initial setup is very straightforward and the solution is extremely user-friendly.

The documentation is very, very good.

What needs improvement?

In terms of the product, from the way that we have been utilizing it, we have noticed that the vendor has been able to continuously upgrade and upgrade and update the product with new features. You'd find that all the time a new release has come out, and we're actually happy with that. We don't find it inconvenient that we are constantly upgrading. 

I can't think of any downsides in terms of the features on offer.

I'd like the dashboard to be improved. It could be a bit more customizable. 

For how long have I used the solution?

I have about five years of experience with the product.

What do I think about the stability of the solution?

We are very satisfied with the functionality. We are very satisfied with the way that it is securing our environment. The stability has been excellent.

What do I think about the scalability of the solution?

We have 2,000 users on the solution currently.

The solution is very scalable. We basically started with about 900 users. We went up to about 1,300. As we went up, as our users increased, we also scaled it up in terms of protection. Sophos was able to scale up easily and protect all our end users as well as our environment. It's been great overall.

We do plan to increase usage. Our employee base is about 10,000. We have 2,000 networked employees and we are planning to add another 1,000 users by the end of the year.

How are customer service and technical support?

The technical support has been great. All of our technical staff have been certified as Sophos administrators. They were able to offer us the training to make sure that all of the support staff are familiar with the functionality of the product. Then, in terms of technical support that we may need, when we call the Sophos team, they are usually very available and they are even able to support us remotely if there is a need to do that. We are extremely satisfied overall.

Which solution did I use previously and why did I switch?

I also often work with Cisco's ASA Firewall as well as Nagios. We bought Sophos to complement the ASA firewall.

How was the initial setup?

The initial setup was very, very straightforward. You find that we did not even require a lot of external help from the vendor. It's so straightforward. The documentation is quite comprehensive and it takes the user through a step-by-step process, It's very user-friendly.

For the firewall as well as deployment of the end-user, the email protection as well as the sandbox, and the like, it took us approximately three days to finalize everything for our entire environment. We had over a hundred network sites, which are dotted through the city of Harare, therefore, we knew that we had to make sure that deployment was done fully throughout the entire environment.

What about the implementation team?

There was very minimal, minimal assistance from the vendor. The vendor, here and there, would assist if we requested their help. However, you'd find that in most of the installations we did in-house, we didn't need the vendor to do anything. We knew that the installation process was very user-friendly.

What's my experience with pricing, setup cost, and licensing?

The cost of procuring this product is very reasonable and it's very affordable for most organizations.

What other advice do I have?

We're a customer and an end-user.

We use the latest version of the product.

I'd advise those considering the solution that Sophos' security solution is highly synchronized, very secure, and provides comprehensive security. I'd like them to know that it has enhanced and very detailed and sophisticated functionality, which is really easy to use, easy to deploy, and very user-friendly. It is a product that I would highly recommend for any organization that needs to comprehensively secure its infrastructure.

I'd rate the solution at a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Israel Caravantes
CIO LATAM at i-Track Systems Development, S.A. de C.V.
Reseller
Top 20Leaderboard
Great cost benefits, reliable, easy to set up, and scalable

Pros and Cons

  • "The most valuable feature of this solution is that the license offers everything."
  • "It is complicated to get the reports if you are not experienced with Sophos."

What is our primary use case?

We implement different security solutions. We also integrate the different environments and secure them, based on the customer's needs.

Our customers are from banking or financial institutions, insurance institutions, telecommunication companies, advocacy companies, construction companies, and retail companies.

What is most valuable?

The most valuable feature of this solution is that the license offers everything. You don't have to purchase a license for the VPN, or the mobile VPN, or for any other features that the firewall works with. That is the best thing about Sophos. 

They include everything on the firewall as a base and if you want other exclusive services or to add more security to your service, you would have to purchase the full license.

To me, the cost benefits are the best.

What needs improvement?

They can improve all indicators, all KPIs, all the scores, the consoles, and the monitors. These are all areas that need improvement.

These areas need to be more clear for the customers. You have to have good experience working with Sophos to know how to get to the forums and to get to the information that you want from the beginning.

It is complicated to get the reports if you are not experienced with Sophos. For example, if you want to get a report on what the firewall is doing, you have to be a very experienced engineer.

For how long have I used the solution?

We have been using Sophos XG for three years.

The version we use is up to the customer and their environment's needs. For example, if the customer has a small infrastructure, we implement a small firewall, which could be an XG 115 or an XG 125.

For larger companies, we implement an XG 450 or XG 500.

What do I think about the stability of the solution?

The stability is very good. Stability is the main reason we use Sophos.

We have no complaints about the reliability, performance, or stability. It's a very strong product.

We are currently building the security architecture and we are trying to build according to the customer's requirements. The plan is for 35% growth in the next three years.

Our clients are usually medium to large-sized businesses. 

We currently have 23 engineers to maintain this solution.

What do I think about the scalability of the solution?

Depending on the firewall that you are using, or that you purchase with the biggest supply end, you can add other cards that can grow with some other services.

How are customer service and technical support?

We provide technical support to the customers. We provide our own SOC to support the security solution and we complement the Sophos support plan.

Their technical support is fair, as well as the forums. Today there are only webinars, but we are trying to keep up with the latest technologies and trends.

We are also trying to keep up on how the hackers work because we are working with different associations of security worldwide that way we know the best way to protect our customers and what we need to sell to our customers.

Which solution did I use previously and why did I switch?

We work with several brands. Sophos is in the top sales.

Previous to Sophos XG, we were working with Sophos and Cyberoam.

How was the initial setup?

The initial setup is straightforward. It's easy, using the wizard.

If you go outside the wizard and you are not an experienced engineer, it could get a little tricky.

Our implementation strategy is to have clear communication with the customer. Implementation is based on 99% of the information that the customer is providing to your other anything else.

It can take five days to deploy.

What's my experience with pricing, setup cost, and licensing?

The license includes most of the features that are necessary, but the basis of the firewall does not include everything, which helps us to continue to sell.

When comparing with Palo Alto and Cisco, Sophos is cheaper.

Which other solutions did I evaluate?

The top three solutions that we sell and that the customers consider are Sophos, Palo Alto, and Cisco.

The main difference is the pricing.

What other advice do I have?

We try to sell some cloud services but in Mexico, customers are not familiar with the cloud services yet. We are starting to grow, but it is very common that customers prefer services on-premises.

We do not only plan for the sales, but we also plan with the customers and their growth, and how we are going to increase their services. We also consider what will be selling to the customers in the next three years. We plan with the customer, as well.

When we sell a firewall, it is not for sale for right now, it's for sale for long-term use. We build long-term relationships with our clients.

My suggestion to others who are interested in using this solution is to try it. The only way to know how well it works is to try it.

Sophos XG is an excellent solution and I would rate it an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Bernard Otieno
Technical Engineer at Harnssen Group Limited
Reseller
Top 20
Easy to set up with good technical support and good stability

Pros and Cons

  • "We've deployed quite a number for our users and our customers, and the feedback is quite positive in terms of management and also administration."
  • "XG is at its end of life. People are moving to XGS."

What is most valuable?

I enjoy synchronized security, where you have to synchronize both the firewall and the endpoint. When I deploy a firewall, I integrate it with the endpoint so that they can send the security heartbeat from the endpoint to the firewall. In the Sophos firewall, there's deep inspection, which works quite well. Sophos has the web application firewall inbuilt. This is unlike other firewalls, where you have to integrate with another standalone web application firewall. Being inbuilt in Sophos, you just have to configure an application so that it's more of a policy, and you're good to go. It's pretty simple in terms of the user. 

We've deployed quite a number for our users and our customers, and the feedback is quite positive in terms of management and also administration.

The technical support is pretty good. 

The initial setup is easy.

There's quite a number of items on offer. When you look at Gartner, it's doing well. The uptake in the market has been wonderful and currently, it's competing with other top firewalls such as Check Point, Fortinet, and Palo Alto.

What needs improvement?

XG is at its end of life. People are moving to XGS. With those changes on the horizon, a client might end up in, maybe 10 years, having four or five appliances, which they might not use. I don't know what Sophos is doing to maybe change this. Right now, we've moved from XG to XGS.

Another feature, which might be good and which other vendors are maybe exploring is the NAC. Sophos doesn't have a NAC solution. 

Maybe they can improve on their WAF. Currently, they have the inbuilt. 

They could work on their SD-WAN solution. I have seen it. It's not that competitive compared to other vendors. We've had some device issues.

For how long have I used the solution?

I've been dealing with the solution for the last four years.

What do I think about the stability of the solution?

In terms of when it's in the network, it's stable compared to other firewalls, where I have had some issues. I had a case with another firewall, which the client changed to Sophos and it was not that stable as the client had to go and actually restart the firewall. The challenge comes in terms of stability when, let's say, the engineer doing the scoping does the round-sizing for the firewall. This causes the IPS to become overloaded or overworked, so it disconnects the traffic at the port level. In terms of stability, I might say sometimes we might experience challenges maybe when the sizing is not done correctly. That's why we might experience that disconnect at the interface level where the internet gets disconnected, however, that's the case of sizing, not the product itself. In terms of stability, it's stable in the network.

How are customer service and support?

In terms of Sophos' support, they have been wonderful. I had a device issue and I found the return policy to be quite simple. 

Their technical support is pretty straightforward. When you raise a ticket, the feedback is immediate, and you are assigned a support person. It's been a wonderful experience.

Even to the end-user, it's a pretty straightforward system that they have. A user would just log into support.id, then key in their credentials and raise a support ticket. It's pretty simple.

Which solution did I use previously and why did I switch?

I'm also familiar with Check Point, FortiGate, and Palo Alto. We also used to use Sonic Wall, however, we've moved to Sophos.

How was the initial setup?

The initial setup is pretty straightforward. It's not overly complex.

Which other solutions did I evaluate?

I've compared Check Point, CloudGen Network Security, and Sophos XG previously for clients. Not being biased to any vendor, normally, in this region, what normally happens is the budget. You might recommend Check Point to a customer, however, Check Point is a bit expensive, so you might end up losing the deal. What you would recommend, is Check Point as the Quantum, as the firewall. Sophos is doing quite well in terms of the endpoint for the workstations and the servers, the physical and the virtual. Likely it would be a good idea to recommend Sophos Security. That said, if the client has the budget, you'd recommend Check Point as a firewall. It's always good to do a bit of comparison and advise the client as to what is best for them.

What other advice do I have?

We've actually deployed and supported quite a number of the products, from XG105 to XG3430.

Sophos is on-prem mostly, however, now there's another product for Sophos, for the endpoints, which is cloud-based.

I'd rate the solution at a ten out of ten. It's one of the best products. We have deployed quite a number of them - almost 20 - and I've not seen any of my clients complain.

Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
Flag as inappropriate
Product Categories
Firewalls
Buyer's Guide
Download our free Sophos XG Report and get advice and tips from experienced pros sharing their opinions.