Which would you recommend to your boss, Fortinet FortiGate or Sophos UTM?


One of the most popular comparisons on IT Central Station is Fortinet FortiGate vs Sophos UTM.

One of the users on our site says about Fortinet FortiGate, "A strong point of FortiGate is that the graphical interface is complete and easy to use, especially if we think there is a list of operations that we are able to perform inside."

Another user says about Sophos UTM, "Brings greater visibility into the network traffic coming inside and passing away from the company."

In your opinion, which is better and why?

Thanks!

Guest
As seen in
42 Answers
Reuven ElkabetzReal User

Hi.
I would recommend Palo Alto but from the two I would recommend FortiGate.

11 May 18
Ales CiberReal UserTOP 20

Both vendors have nice useful web UI.

Fortinet wins because, for it's dedicated ASIC hardware.

But I don't know the prices.

04 May 18
UserUser

I would like to strongly recommend for Fortinet products because of the following reasons:
1. if you go to Gartner Magic Quadrant for comparing the Security firewalls, you can easy get Fortinet is among leaders for maintaining network security features. Sophos does not come in picture.
2. there are multiple flavors of Fortinet products in the market available.
3. Fortinet TAC support is good and having experienced TAC engineers to resolve issues.
4. Fortinet firewall comes with nextgen firewall features which can amplify security posture.
5. Security updates received from Fortinet much better and they release as soon as any outbreak noticed.

04 May 18
UserUser

I would like to strongly recommend for Fortinet products because of following reason.
1. if you go on Gartner Magic Quadrant for comparing the Security firewalls, you can easy get Fortinet is among leaders for maintaining network security features. Sophos does not come in picture.
2. there are multiple flavours of Fortinet products in market available.
3. Fortinet TAC support is good and having experienced TAC engineers to resolve issues.
4. Fortinet firewall comes with nextgen firewall features which can amplify security posture.
5. Security updates received from Fortinet much better and they release as soon as any outbreak noticed.

04 May 18
Gerardo DiazUser

I just can comment on Fortigate, don´t have experience on Sophos.

Fortinet has a central point of visibility and full integration with other Fortinet security products (security fabric) and there are different flavors too...as VMs, UTM box or in the Cloud (Advanced Technologies like Fortimail,FortiSandbox, etc)

03 May 18
Valentin ReynaUser

Both solutions are good, I prefer Fortinet FortiGate (great performance), but consider that the better answer only you know, It all depends on your requirements and budget.

03 May 18
Luis ApodacaUser

100 % Sophos

Like I always said, you should take care of how many devices you need to connect, and then compare! After that, I know Sophos is a better solution they do almost the same in the 99 % of the cases but Sophos is a cheaper solution per device plugged into the network!

02 May 18
Luca AstoriReal UserTOP 20LEADERBOARD

I agree with the sentence for all concern the GUI interface and his capability., but a very important strong point is the concept of “Security Fabric” that allows you to bind, manage, monitor and define security policies through a single firewall GUI environment, for different Fortinet Security devices as Forti Switch, FortiAP WIFI, FortiWIFI controller, mobile device/laptop with FortiClient APP and so on. This allows an IT admin to have a close-up picture in a single GUI of his entire environment, even if the real devices are far away from the firewall or the main site, and define security policies for groups of device/class/OS, switches, AP, etc.

I think that Sophos UTM is a quite good product, but, can't provide the same IT admin/operator experience thought a fully & easy to use GUI, and all the capabilities of the Fortinet product with latest FortiOS releases. Definitely, if I can choose a solution and budget is not an “impossible obstacle” I will blindly choose Fortigate firewalls.

02 May 18
Idalia MartinezUser

For me, Sophos UTM is better in everything.

02 May 18
Teri RadichelUser

When evaluating security vendors check out their free trial and evaluate the two products based on the specific needs of your organization. Make sure they are deployable from configurations stored in source control in an automated fashion, meet your scalability requirements, and don’t have a lot of CVE’s or fix them quickly. Ask where the device and software are manufactured and tested if you have those type of concerns or compliance requirements. Ask if they have pen testing or bug bounty reports from crowd source, hacker one, etc. If you need help putting together your requirements or testing process IANS (iansresearch dot com) is a good source for some consulting help.

02 May 18
Tejashvini PatelUser

FortiGate is better than Sophos UTM.

User 1 - "A strong point of FortiGate is that the graphical interface is complete and easy to use, especially if we think there is a list of operations that we are able to perform inside." - Which is true.

User -2 - "Brings greater visibility into the network traffic coming inside and passing away from the company." - This is also true.

But my opinion is FortiGate is having better features and performance than Sophos UTM. FortiGate is Easy to use as well as easy to manage.

02 May 18
Juan C. Sanchez PignalosaReal UserTOP 5

I would definitely recommend for ease of use, Sophos UTM with the UTM/XG Series (any of those). They have included graphic reporting and really easy GUI. Hope this helps.

02 May 18
Hesham SakrReal User

Sophos is much better, stable, easy, flexible. Go for Sophos XG series.

02 May 18
PengWuConsultant

so far we have PaloAlto and Firepower

02 May 18
Sabyasachi SenReal UserTOP 10

UTMs are being used by people, who wants to lead a simple life without any hassles. Therefore Sophos are simple to use with better visibility over fortigate. We have both at our campus and hence comparison was easy to do.

02 May 18
Ian CowleyUser

I use a Sophos XG for my home office. Its more than powerful enough for my requirements but I wouldn't deploy it for my client base as I don't like slow webGUI front ends. I have used big Enterprise Fortinet products with FortiManager (FortiMangler!) and I'm not a fan. Then again the Netscreen based approach to NAT and Zones was never my preferred method. I still hold that The Checkpoint SmartDashboard is the best firewall management GUI out there and that swings my decision as less skilled staff can operate the firewall once installed. Palo Alto is also very good. Unfortunately these latter two are more expensive than Sophos, Soniwall, Watchguard and Fortinet. Please always remember anything is better than nothing. However a well managed average device is better than an unmanaged brilliant device. Also PS Only use Cisco ASAs in conjunction with something else. ie use them for advanced internal access control or VPN termination IMHO

02 May 18
Cody MartinUser

Fortinet FortiGate is the superior next-generation firewall. FortiGuard Labs has discovered over 500 zero-day exploits https://fortiguard.com/zeroday and has more devices deployed globally than any other vendor, while also outperforming every other competing product due to its ASIC (Application Specific Integrated Circuit) technology, as verified by 3rd party validation by NSS Labs

https://www.fortinet.com/content/dam/fortinet/assets/analyst-reports/Brochure-NSS-Lab-Independent-Validation.pdf

02 May 18
Cesar NievesReal UserPOPULAR

Our experience with the Fortigate products, firewall included, has been very successful and reliable. We have a low to medium volume closed network for an education setting and the ability to flexibly adjust responses to our needs and threats has been powerful for our needs.
Let me know your questions

02 May 18
Cesar NievesReal UserPOPULAR

Fortinet has three major fronts; Real world performance (not only in papers), security effectiveness, and end-to-end security fabric protection.

While Sophos does have firewall, endpoint, SWG, wireless and Mail protection, only the endpoints share threat data with the firewall. Fortinet’s Security delivers full visibility into every viable network segment and the devices and endpoints behind them. It can seamlessly integrate with third-party solutions, enabling users to ubiquitously collect, share and correlate threat intelligence. It also features a far wider reach - includes a far wider reach (NGFW, switching, wireless, endpoint, SWG, mail, management, IPS, WAF…etc).

By the way, Sophos has no SD-WAN support. If you are looking for the benefits SD-WAN brings will need to bring in an SD-WAN vendor and all the costs associated with it. FortiGate firewalls feature full SD-WAN support with dynamic SLA based WAN path selection and application awareness.

If you want to make a good comparison, make a total cost of ownership based on typical deployments as compared to Sophos.

Features that include FW, IPS, Web Filtering, AV, AC, SSL Inspection, Sandboxing, IPsec tunnels = 20% of users, SSL VPN tunnels = 20% of users, 24 x 7 Support, and Cloud management.


In the TCO is not included endpoint licensing costs which is $0 for Fortinet and ranges from $580 - $11250 for Sophos depending on user count (10-50 users) and length (1-5 years)

02 May 18
Arshad Mohammad KhanConsultant

I Never worked on Sophos, But I was using Fortinet FortiGate as my internet facing firewall, it is a great user-friendly interface and feature set

02 May 18
Reza SayadiUser

The recommendation should not only be based on the Firewall brand and
technical aspects of it. But the organization that is going to use it.
Therefore, things such as manageability - self-managed or outsourced -,
functional requirements of having a heavyweight in the decision. E.g.
What are logging requirements of such firewall? Does logging need to
be share? (Splunk) Fortigate and Sophos handle this in a different
way. What is the current PAM process of the organization? etc...

My advice would be to do a proper requirements assessment to find the
best brand for the job.

02 May 18
Daina KarklinaUser

I suggest Fortinet FortiGate!

· Fortinet – market leader (Leader at the Gartner Magic Quadrant for Enterprise Network Firewalls);

· Great performance and hardware quality;
· FortiGate delivers good visibility and accelerated security, which provide efficient operations;
· Ease of deployment.

02 May 18
KennethWongUser

Sophos UTM SG series is awesome, in the industry, Security solutions is already complex enough. Sophos addresses this by "Security Made Simple" which addresses most of the complex security and rendering them easy to manage on the UTM 9 SG Series. In the XG Series it is better.

02 May 18
Prijan KurupUserTOP 20

I would prefer Sophos UTM as in my organization.

02 May 18
Manoj PrakashUser

Fortinet will be always better compare to Sophos,

Fortinet with 5.6 Fortios really stands high with Internet Services(approach to SAAS application)

SD-wan features and Security Fabric Integration are really cool.

02 May 18
Athar MuhammadUser

Sophos XG Firewall provides protection for the network , web , cloud , email , web server, reverse proxy , wireless. I have never used Fortigate next generation firewall some say that it has performance issues on load.

02 May 18
Mohamad Zulkifli HanafiUser

It all depends on your requirements and budget. Been using Fortigate Firewalls in our IDC network without much issues. Met our requirements. Easily configured with Web-based GUI or CLI.

particularly like the VDOM capability. Easily Integrated into the VM network. Reporting wise, you will need to get another module for this. SSLVPN & IPsec vpn are quite easily setup.

FYI

02 May 18
Kalpesh PanchalUser

I have no any experience about Forti Gate, so can’t say anything about it.

But yes I have much work on SonicWALL UTM and SOPHOS UTM / XG.

SOPHOS UTM Series is So Better in against XG Platform as per the Configuration level and Diagnostic level.

SonicWALL Is Much Better then Sophos UTM / XG.
. SonicWALL is using especially Security Designed Processer
. SonicWALL is Work in RFDPI Mode in Gateway mode and other UTM work as a proxy architect,
. SonicWALL is Using Sonic O.S they are not Share the Any Root Privileges, another product kernel us I open you can do anything.

This my opinion if I am wrong on any points please help to correct me.

02 May 18
Engr. Omer MasoodReal UserTOP 20

Sophos brings all the features required to end-user within a box. FortiGate is a forward proxy, it does not provide server protection or reporting features. You have to procure separate boxes and licenses. Moreover, Sophos provides better end-point security as well.

02 May 18
Roger JacquesUser

My vote goes to Fortinet. They use a custom chipset on their products.

02 May 18
Kareem KareemUser

Fortinet provides a comprehensive solution for nowadays threats through security fabric. Hence, it's not only about the FortiGate firewall they provide, but it’s about the vision they provide on all integrated security components.
Using Fortigate UTM Bundle where it easy to manage all Routing, Natting, and UTM feature from one place with excellent visibility on all traffic passing for each policy, bandwidth utilized, number of sessions, and last time active session time.
Forti Analyzer for security alerts, analytics, and reports.
Forti-Manager: GUI facilitates the management of all firewalls policy from one console.

02 May 18
KeeratiUser

Hi

I'm used product of Sophos UTM320 for 4 years. I can say this product is very simple to configuration by yourself.(I'm setup this firewall by myself) But for select UTM model please select model is bigger than total user in your company have. Because UTM is use a lots of resource in case you turn on all filter function. But now I'm already replace to Sophos XG330 because UTM320 is EOL. (They have new model UTM SG)

However , for judge which brand is suitable for your company. I'm suggest to request vendor for test product in your system. This will help to see the real result for each product.

PS. Please compare about distributor in same product. You can find cheap product and best service. (In Thailand I'm found famous distributor but they sold will high price and after sales service isn't impress but another distributor isn't famous but their price is friendly and service is good)

02 May 18
Roger BascomUser

I only have an opinion on FortiGate and only from a 3rd party's perspective.

It was pervasive enough for them that they replaced over 1000 Cisco routers nationwide with Fortinet FortiGate firewalls.

02 May 18
Brian JUser

Make sure that the admin knows that the Sophos is somewhat underpowered for full use of the security subscription. IPS is a resource hog as is AV. Basically, the CPU is too underpowered to accommodate high-speed connections. I can run all subscriptions on a 100 Mbps symmetrical circuit with no issues, but that’s about the max throughput. Also, all throughput figures in their literature should be divided by 2.

That being said, its user interface is just as friendly and the only truly taxing job is getting the security certificates to work properly IF you insist on using them. I like the Sophos a lot and will be replacing my current UTM with another one.

01 May 18
Director with 11-50 employeesUser

Both types of equipment are good but the configuration on SOPHOS is very simple and clean but if you are more technical FortiGate is for you

01 May 18
Delete Me PleaseUser

Those are not bad, however, we have standardized on Meraki from Cisco. We recommend Meraki.

01 May 18
Cesar NievesReal UserPOPULAR

Hi:

Fortinet has three major fronts; Real world performance (not only in papers), security effectiveness, and end-to-end security fabric protection.

While Sophos does have firewall, end point, SWG, wireless and Mail protection, only the end points share threat data with the firewall. Fortinet’s Security delivers full visibility into every viable network segment and the devices and endpoints behind them. It can seamlessly integrate with third-party solutions, enabling users to ubiquitously collect, share and correlate threat intelligence. It also features a far wider reach - includes a far wider reach (NGFW, switching, wireless, end point, SWG, mail, management, IPS, WAF…etc).

By the way, Sophos has no SD-WAN support. If you are looking for the benefits SD-WAN brings will need to bring in an SD-WAN vendor and all the costs associated with it. FortiGate firewalls feature full SD-WAN support with dynamic SLA based WAN path selection and application awareness.

If you want to make a good comparison, make a total cost of ownership based on a typical deployments as compared to Sophos. Features that include FW, IPS, Web Filtering, AV, AC, SSL Inspection, Sandboxing, IPsec tunnels = 20% of users, SSL VPN tunnels = 20% of users, 24 x 7 Support, and Cloud management.

By far, Fortinet.

01 May 18
Information Security Officer at a government with 501-1,000 employeesReal UserTOP 5LEADERBOARD

Is Palo an option? Their small firewalls come with the same features as their $100k ones. The UI is amazing with great drill down options and easy to configure and maintain. My experience with Fortigate wouldn't be fair because we have an aged model. However, make sure you look at what analysis and reporting features you get with it. If it's the same as the FortiCloud service we have, it's ridiculously horrible to use, making it not very useful, whereas the Palo is so simple, you can do all sorts of stuff within 5 minutes of logging in the first time!

01 May 18
Jeff StutzmanUser

I have no real experience with Sophos, but can comment on Fortigate.

I'm a huge fan of both Meraki and Fortigate. Meraki is used for more hands-off approaches while Fortigate is used for those times when I need greater granularity in control. The boxes are priced out about the same, but while both machines are packed with features, the Fortigates offer more control.

01 May 18
Lillian IsacksUser

I can’t compare the two because I’ve only worked on the Fortinet FortiGate, not the Sophos UTM.

What I do know about the Fortinet FortiGate is that it is imperative to keep the hardware on a regular patching/upgrade process and to keep the firmware flashed to the latest as well. Must have test appliances because success is not always guaranteed. ?

01 May 18
Maher AbdelshkourReal UserTOP 20

Sophos and FortiGate are good solutions, but you need to know the advantages and disadvantages for each.

Sophos is great as a visionary company, keeping up with IT Managers' requests for features within their products (specially Sophos SG Appliances and XG NGFWs). Their hardware addresses a constant situation where many competitors fail; they are scalable, and tough (SSDs Hard Drives, and Intel latest generation processors is about it). Sophos offers HIGH AVAILABILITY with just 1 license. While other vendors, try to squeeze the companies for every penny, Sophos address that issue, and is honest about it: They deliver High Availability in Active/Passive mode, with two identical hardware options, with just one license.

((Pros.))

1 • Scalability, if you needed HA in Active/Passive Mode, but need more throughput during certain

periods when the parameters change (i.e. number of users, or Internet bandwidth growth) you
can always license the second one and it will behave as a Cluster in Active/Active mode in just
2 minutes, with no downtime.

2 • Delivers great WebGUI management, which is easily understandable by every IT Professional

3 • Worldwide RMA, gosh! If you have any kind of issue with your hardware, Sophos will deliver it

to your business door, at no cost, with a return label for you to ship the damaged or faulty
device back. No questions asked.

4 • Constant visionary technology, with out of this world new features.

((Cons.))

1• Better standard support, it used to be great, now, not so much (for paying customers, that only
aquired the Hardware)
2• Better wireless solution, there is always room for that, now that everybody needs robust wifi,
even at home!
3• Faster and more robust wireless Access Points, or different vendor-like compatibility.

Fortinet FortiGate needs a very low maintenance and easy to upgrade and its rich feature set and robust monitoring have made this product almost fun to use.

((Pros.))

1 • VPN client is easy to use and can be customized for your organization.
2 • All features are enabled on the firewall with little to no impact on performance.
3• Easy to configure interface on the firewall but also has a command line available for high level
admins.
4• Excellent technical support department - very quick response time.
5• Pricing was amazing compared to peers.

((Cons.))
1 • Prepare for terrible support, hour long hold time for Level 1, and next-day call backs for Level
2 • Sales team is lacking information (type of licensing, hardware model, etc). Make sure you ask
lots of questions.

Now you have better information about both solutions and you decide which one is better for your needs.

01 May 18
Edwin NalailaReal UserTOP 20

on my side i have no experience with fortigate, there fore i recommend Sophos UTM since it is easy to use, its GUI provide everything you need to do without involving command,and it has many features in on package no addition purchase of hardware is required to accomplish certain feature.

01 May 18
Find out what your peers are saying about Fortinet FortiGate vs. Sophos UTM and other solutions. Updated: July 2019.
354,290 professionals have used our research since 2012.
Sign Up with Email