Sophos Firewall Reviews

We primarily use the solution as a firewall.

Sophos XGS is okay. It’s excellent for firewall purposes.

For me, the platform is stable. It's very stable. It works when it's configured. Also, when you're checking, the logs, the graph, and the graphs are easy to read.

I can also use it for other purposes. For example, it's got a DSCP from there. It can be a distribution. I can have other functions work there, so I can do a lot more than just the firewall components.

It gets easier and easier to set up.

It works. However, Sophos configurations are a bit complex. It's not very user-friendly. I don't find it user-friendly when it comes to setting up the firewalls.

The user interface for the technical admin can be better. It should be set forward to configure a firewall. if a firewall has complexities. I don't know why they did that. However, you should be able to quickly set up a rule to minimize the mistakes that a security administrator or a firewall administrator can make and configure. If not, that becomes an issue. One mistake on a firewall could result in a bridge.

It should be more straightforward. If you compare it with GFI Carrier Control Firewall, which is very straightforward, you can see why it’s helpful when it's easier.

I’ve used the solution for about three years now.

The solution is stable. There are no bugs or glitches. It doesn’t crash or freeze. It’s reliable and the performance is good.

The solution is scalable. However, it depends on the model of the physical appliance. There are virtual and physical appliances, so it depends on which one you use. Obviously, there could be a limitation on the number of interfaces you need to use since you may want to have additional services plugged in. Then, the number of ports available may only be two, and yet you actually need to have 10. Maybe you need to buy a module that plugs in; however, there could be a challenge there.

In our organization, we have three to four security administrators.

I've never spoken to technical support directly the way I've been talking to the Fortinet team. I was working with a local partner to get it set up.

In our case, since we were doing it for the first time, we took about a week to complete everything. We were doing a lot of other things and learning as we went. If I had to redo it now, it wouldn't take me a week as I know exactly what I need to do after learning over a period of time. Also, I have backups that allow me to back up and restore, so I just restore the configuration. It’s much more manageable. The first time there’s a learning curve.

We work with a partner and distributor. We are working with the sales party since it was the first time we used them. They offer us professional services.

I found the solution to be expensive. I pay close to $10,000 per year, which I find to be expensive compared to the other similar solution or equivalent solutions.

It's just that one cost, and it's an annual license. As long as my appliance is working okay, I don't need to replace it. However, it's just that. Of course, within that, there are also support services. You might have technical support costs depending on which one of the tiers you pick.

I'm a customer of Sophos.

We’re using the most up-to-date version of the solution. It’s around version 18.

A new user needs to get trained on the appliance to understand how to implement rules and fully appreciate how to work with it. It's not that straightforward. You need to understand what the different areas are. It's complex in the way the rules are set up. My colleagues in the industry have similar comments about Sophos. It’s more complicated than it looks.

I’d rate the solution a seven out of ten, mainly due to the complexity. If I make a mistake, then that firewall is of no use. It needs to be easier to set up so that it provides me or guarantees me that what I want to set up is what I've set up to secure my environment.

Sophos helps us set public restrictions and add category filtering to secure the network. It provides ATS and IPS scanning for further protection.

I like the Sophos UI. It interface has a more comfortable feel than the competitors.

I recommend Sophos increase the user capacity of the firewall by 1.5 times. For example, say the firewall can accommodate 1,000 users now, then it should handle a load of 1,500 users.

We've been using Sophos XGS for seven years.

Sophos is a stable product.

Sophos XGS is scalable. My company has almost 6,000 users.

We've contacted Sophos support multiple times for help troubleshooting.

We used a Cisco firewall for four years before Sophos. My company has multiple locations, and some had Sophos, but others used Cisco. After we had a good experience with Sophos, we moved the entire company to Sophos.

Installation is pretty straightforward compared to Juniper and Cisco products. The Sophos installation offers better guidance. 

We handled the installation and configuration with our in-house team.

Sophos isn't expensive. It's a mid-range solution that's cheap but not too much cheaper than competitors. It's a good price that meets all our compliance requirements. 

I rate Sophos XGS eight out of 10. 

We use Sophos XGS for web security and web policies, it's our primary solution. authentication VPN site to site, SSL VPNs installations. Sophos Firewall designed its extreme protection IT Rules and policies security level Authentication is good sometimes it's tricky and very helpful. Sophos Firewall delivers advanced threat protection to instantly identify bots and other advanced threats while defending your network from today's sophisticated attacks. current live user activities diagnostics to generate logs and objectionable site restrictions, daily reports are a great solution for the work environment.

With the increase in cybersecurity threats, this solution has helped us at an organizational level. We have always been hit by someone at the end of our desk or hidden somewhere ex:- spoofing attacks, a man in the middle attacks, and ransomware new era of cybersecurity pain full concept, Mail spoof attacks, all these have to improve DMZ and secure the firewall policies and server-client Antivirus solutions. Daily monitoring manually or trusted third-party vendors monitoring tools. finally, we are worried about how strong we are at the cybersecurity level.

This is a great solution for security, authentication, hashing, and encryption level. Sophos is good at ACL rules, Port forwarding, SDWAN route policies, IT Rules and policies as well as Natting rules. It's a reliable product to secure web securities. whenever we want we switch to the ports securely Heartbeat monitoring live user activities is great to execute on a production level. Bandwidth control sometimes referred to as traffic shaping is one of the best firewall features. Link aggregation and SD-WAN (Software-defined Wide Area Network) are great features for businesses that need multiple links to the internet. thank you

There are occasional issues when we update an operating firmware there's some lag time. Updating requires us to reboot the firewall, in this scenario 24/7 organization will be the most effective. In addition, I'd like to see more focus on customer support calls we were waiting for hours to connect with them. In some cases, Sophos's team is extraordinarily helpful to solve any issues in the firewall. Sophos needs to focus on customer support through a chatbot or call management quickly so we can find some help on the client side. Thank you

I've been using this solution for five years. 

The solution is stable despite having to restart when we update. 

The solution is very scalable and we're able to handle all the pressure in our organization. We have over 100 VPNs and it all works well, Authentications, port forwarding, and all kind of security levels are much appreciated. 

Customer support needs to be improved. They're very helpful once you get them on the line but sometimes take up to an hour before we can speak to someone who can fix a problem. when a problem occurs at the production level we freeze and everything goes blank so a faster customer support call is much more appreciated.

Positive

The initial setup is complex. Sophos has some features like rules and policies, NATing, and PATing so deployment might take more time than if we were using an alternate solution. Deployment can take up to two weeks because every policy and VPN requires checking and that takes time. I've been working for the past 10+ years experience in network engineering and firewall configuration so we deployed in-house but we contacted Sophos for assistance when we needed it.

The Sophos or any kind of firewall is worthy to buy when we have dedicated servers and switches to implementation.

There are some very good features in this firewall and also some areas that need improving. I rate this product seven out of 10. 

We are using the Sophos XG in a different manner than the typical use case. We have the physical box, and we are using Sophos XG on the cloud.

We have two different types. We have two different Sophos XG we're running. We're running one on the Microsoft Azure cloud which mostly all security on the cloud goes through the Sophos XG. The second Sophos XG is running on our own physical local data center.

We are doing something similar to an IPsec between Azure and the local data center. So we are doing an IPsec between the two. We connected all our resources and we mostly run the applications on Microsoft Azure. Were now are doing IPsec between the two data centers.

Most of the features Sophos XG has are valuable. However, if I have two different  ISP, I'm able to create an automatic switch between the two ISPs. I can do the same thing for the cloud as well. If I have two subnets coming from the cloud, I'm able to create a type of switch between both of them where if there is traffic on one and has the traffic drop, I'm able to switch to the other ISP without any problems. It's a normal feature and I get to enjoy the ability to switch between services with no issues.

Security is one of the major reasons we are deploying Sophos XG in our process.

We recently did an upgrade on the Sophos XG firmware and we were surprised that after the upgrade,  the automatic switch actually we were using did not work anymore.

We try to understand exactly why it wasn't working with the new 18.5 firmware, but we could not figure it out. I realized that I was stuck with the main ISP. If there's an outage, it was not reliable on the network any longer.

We had to reverse, back to the old firmware even though we were still trying to fix the new version. It is a very efficient feature for our operation. If it was not there, it could make the workings of our operation inefficient. It is one of the best features of Sophos XG. It makes operations very efficient. You don't have to worry about anything at all. We are using the entire Sophos package, such as Sophos endpoint, Sophos XGR, Sophos ZGR.

The documentation can improve with Sophos XG. This will allow our network engineer to work better with the solution. Additionally, they can improve the ability to filter down devices. Recently we were faced with a challenge where we needed to restrict mobile phone users on the network but we realized that we couldn't do this with the solution. 

Recently I was looking at the Cisco Meraki solution, to see what it can do in terms of capacity. There's one feature that stood out to me, and that feature has the ability to implement some policies. Organizations need to have security policies in place. I would like the ability to create policies.

I have been using Sophos XG for approximately two and a half years.

We have approximately 60 people that are working on Sophos XG. However, the number is higher because Microsoft Azure routes every customer through the firewall. We have multiple layers and the traffic passes through Cloudflare and then gets directed to the Sophos XG on Microsoft Azure. The Sophos XG on Azure does all the filtering and routing to the private IP, allowing us not to use the public IP.

The DMs are private, and approximately 14,000 customers  pass through the Sophos XG and Microsoft Azure

The support from Sophos XG is very good. We can easily relate to the support.

I would rate the support from Sophos XG a two out of five. You cannot have good support without good documentation.

If you look at the software environment now, anywhere you go, you see the documentation for everything that has been done. Sophos XG has documentation, however, you should not need to have a certification to be able to understand it.

I have used Sophos Cyberoam previously.

If we had better documentation we would be able to implement Sophos XG better for the organization's exact specifications. When you have already come up with your networking strategy, presented it to the company, then you find out the new framework doesn't conform with the organizational strategy. You have to start going back and receiving approval for a new strategy. However, you are not even sure what the strategy is going to be with the new framework, because everything has changed. Most of the automatic resources stop working.

There is a high chance I do not even know why it is not working or what the major issue is. We have realized the package wasn't switching and we did a lot of troubleshooting for almost a week to understand why. We switch over to our old firewall, then we finally understood that it was something that has to do with the new 18.5 firmware in Sophos XG. Immediately we switch back to the old firmware, this fixed out problems we were having at that point.

I would rate the implementation of Sophos XG a two out of five.

The initial deployment was done approximately three years ago and it was done by a third party because of some complex considerations, such as the VOIP Gateway.

However, since the initial implementation, we have been managing it by our own in-house network engineers and every modification to the network has been done in-house.

We have three network engineers, that work on the solution and the network. They can manage all the features and securities. The amount of people needed to maintain the solution depends on the organization's architecture. 

In information security, the only way you rate ROI is by the level of information you're securing. I will ask myself how much is the information I'm securing is worth? The worth of what I'm securing will determine the amount of cost that I'm spending on the information secured. If I were to judge it that way, the ROI is high. 

I would rate the ROI of Sophos XG a five out of five.

We pay for two licenses for the use of Sophos XG annually and it is a flat fee. We do not have everyone going through both of the Sophos XG firewalls a the same time and the Sophos XG on Microsoft Azure is only accessible from the VPN.

Sophos XG has changed its pricing model for extreme protection.

I rate the price of Sophos XG a two out of five.

When we were evaluating other solutions we looked at Barracuda and it had an old GUI. This was an issue when we were making decisions between Barracuda and Sophos XG.

The solution has served its purpose in my organization.

I rate Sophos XG a nine out of ten.

This product is our firewall that protects our connections from the internet. It controls access for our employees when they want to access streaming media websites such as YouTube.

It controls the connection to our resources that originate from outside of our infrastructure.

We use it to monitor users and their activity including which websites they visit and what portals they use.

This product is compatible with my business and our market.

This Sophos product has a lot of features included.

This product does load-balancing between our connections. This is helpful because our infrastructure in Egypt is not stable and it requires several connections to achieve the required performance.

Sophos Control Center is a good feature. We can monitor everything from the control panel.

It can be used to create a VPN connection between users and our server. 

The performance and speed of the appliance are good. I have also tried the software deployment, without the appliance, and it was also good.

The VPN features can be improved. Due to covid-19, we have a lot of employees that work from home and we need better VPN capabilities.

We would like to be able to override policies set by the country. For example, VPN is banned in Egypt. If we could bypass this then it would be helpful because it would allow us to distribute our connections, or services, to other sites. 

After upgrading from version 17 to 18, not everything is in the same place in the interface. For example, the firewall rules are in a different place. Consequently, my IT team department cannot understand the portal and find it not user-friendly. They were used to the previous version.

Better training should be available because there is nothing on the Sophos website to assist with setting up VPN connections or VPN SSL certificates. For instance, there is nothing to explain how to configure the DDNS.

We have been using Sophos XG for between six and seven years, since 2015.

This product is usually stable. In the past few days, I have found problems where some services are not stable. This is something that I have used the portal to submit a ticket for.

We have 90 people working on the network concurrently. Combined, they have between 300 and 350 open sessions.

When the size of our staff increased, we purchase another appliance to expand our infrastructure. Beyond that, I haven't been able to test scalability.

In addition to the recent ticket I created for technical support, I keep in touch with them. The support is okay.

Previously, we used the Microsoft TMG firewall, and I have also used Cisco ASA.

I already had some experience with Sophos and firewalls. The first time I attended a Sophos event, I made a deal with Sophos and they helped me learn how to transition from TMG.

The user interface with Sophos is easier to use. For example, Sophos makes it is easier to create firewall rules for a VPN connection to the outside. With the other vendors such as Cisco, the process is more complex. 

Fortinet is also a top firewall provider but I recommend Sophos because it is more stable. I have limited experience with FortiGate.

The initial setup was easy. It was not complex for our IT department but you need some technical knowledge to do things such as creating a VPN connection between two endpoints, either site-to-site or site-to-client. You should also be familiar with SSL certificates.

The setup took between two and three hours, and after that, we had to prepare our network connections. It took two days in total.

No maintenance is required for the appliance.

We used a system integrator to assist us with the transition from TMG to Sophos.

We pay licensing fees of approximately $2,000. We have a contract for three years.

The vendor is very professional when it comes to firewall products. Aside from the issues with the VPN, It has all of the features that we need.

My advice for anybody considering this product is that the result depends on your country. In my country, there are a lot of problems with ransomware and viruses. Sophos has already helped to mitigate and stop issues such as these on our network. It is the best firewall on the market.

I would rate this solution a ten out of ten.

I primarily use the solution for managing my firewall. I'm managing my internet and my laptops in my company. I'm a personal domain controller. I'm tasked with blocking some websites with it and I'm managing my updates through it. I'm basically controlling the flow of the internet through it.

I block a lot of sites. I'm controlling the flow of the internet directed to Office 365 so that people can use it easily and fluently. They can upload and send emails easily without hassle and without accessing the internet. I'm also controlling Teams, Zoom, and other stuff for chatting online. Without this solution, I would have no control.

Content blocking for websites is the most valuable aspect of the solution. A lot of employees always want to use Facebook and other non-work-related sites. I'm always blocking that.

The initial setup is easy.

The stability is good.

Scaling is not an issue. 

The reporting needs to be much better. Sometimes I have a lot of trouble understanding what they mean.

Sometimes it misses websites. For example, websites the users shouldn't be able to enter, or sometimes these websites are not shown in this log viewer. It's just occasional misses here and there. 

Technical support could be more responsive and quicker in getting to a solution. 

I've been using the solution for at least three years now.

I have found the stability to be very good. There have been no hiccups, no restarts, nothing like that. It doesn't hang and there are barely any bugs. 

It's my understanding that they have a solution called RED, and I can upgrade it with another one to make a VPN between them. I haven't tried it yet. I'm looking at it as I have another office. I want to research scaling and have the offices together. From what I have seen, it will be easy.

Right now, we have about 50 users and 10 VPNs. That includes everyone from financial and procurement managers to the CEO, chairman, and HR department, and other operations staff.

We don't have any plans to increase users right now as we haven't increased in population, in employees number. That said, I use it a lot every day. I have to manage my firewalls through it.

In my experience, technical support takes a while to get things done. In the past, I stuck with them for a while. It took about three weeks to serve us up a solution. I don't remember what the problem was as it was a long time ago. It might have been something about the subscription or something like that. What I do remember is it took a very long time. 

I had a previous firewall, and I just swapped it out. I didn't have to change anything about my network. We previously used a firewall called MikroTik.

With MikroTik, its GUI was very bad. It's very old. Everything was manual. There were no tutorials and it was open-source. You had to search for yourself and do everything yourself. There was no support even from the company.

It was really easy for me, to be honest. The initial setup is very straightforward and simple. It's not overly complex. I had a firewall before that, so I knew what to expect. The implementation was done by a company that I bought this from. They installed it for me. It took about an hour and a half, or something like that. 

I can't recall how many staff covered deployment. The deployment happened three years ago now. 

I didn't need the assistance of an integrator or reseller. 

The solution has saved me a lot of time and enhanced my workflow for my company. It enhanced employees' work time and enhanced the internet connectivity for emails. On top of that, there was no downtime with the internet. That was the basic ROI we've seen.

The subscription for this product is yearly. The last time I bought it two years ago it was about $2,000. There's just a subscription fee. There aren't any other costs. 

I also looked at Fortinet, however, from my research, I was told that Sophos had better reporting. With Fortinet, you have to buy a server to handle reporting. With Sophos, this is unnecessary. 

I'm a customer and an end-user.

I'd rate the solution at an eight out of ten. 

We primarily use the solution as our firewall.

I'm able to have very granular control over my organization's input and output data that goes in and out of our networks.

The firewall portion of the solution is the best part The rest is really just fluff. 

The initial setup is straightforward.

We have found the stability to be quite good.

User management is the area that, by far, needs the most work. The way that they try to transparently utilize user groups from the active directory to the Sophos firewall is outdated.

I'd like to see them do a little bit better of a job with the content filtering. It has content filtering, however, it rarely works. Sometimes it just fails altogether. I'd like to see a better job done. 

I'd like to see better reporting. While the logs are great, the reports are not.

I've been using the solution for six years at this point. 

The stability is great. There are no bugs or glitches and it doesn't crash or freeze. It's a reliable firewall. 

The product is super scalable. If I had a giant organization, I'd have no problem putting the Sophos firewall in.

Right now, we have 155 on the solution. That's everyone from support to upper-level management. 

We use it every day.

We just recently upgraded. I have no reason or need to upgrade for years to come and therefore don't plan on scaling anytime soon.

Technical support is fairly good. It's a pain to get ahold of them, however, once you get them, they're very thorough.

The only thing that s not so great is that sometimes they try to force me down to my reseller, whoever their partner is. I always have to make up a lie and say I already tried and only then will they help me. Besides that, it's not bad.

I previously used Cyberoam. We really switched as Cyberoam was bought out by Sophos.

The implementation process was pretty straightforward. Learning the ins and outs was a little complex. How, in terms of just getting it set up, I was able to get it set up in a couple of days.

Overall, the deployment took about three days. My strategy was, basically, going from my old Cyberoam to my new Sophos. I just copied each rule individually and tested them. Then I ran them in sync with each other for a couple of weeks. When I realized there were no problems, I pulled the Cyberoam out.

We have three people on staff that can handle deployment and maintenance responsibilities. I've got a system admin, myself, and a help desk/content specialist.

I did not use an integrator, reseller, or consultant for deployment. I handled the process myself. 

From an ROI standpoint, the product I had before, even though they were basically the same thing, I found I was spending a lot of man-hours with it and calling support a lot and actually having to pay for support on the previous model. 

With this firewall, I rarely have to call support. When I do, it's free of charge. The ROI is 100% there. It might be a little more expensive up front, however, the quality is there for a medium-sized business.

The licensing is based on a multi-year contract. It's a bit higher, in terms of price than other options. The billing process is pretty simple and straightforward. they don't have a complex licensing setup. 

I evaluated all the big players out there before choosing Sophos. I likely evaluated seven different options.

I'm a customer and an end-user.

I'd advise those considering this product to stick with it and stay away from the fluff. For example, the Sophos Anti-Virus is not worth it. 

The firewall is fantastic. Definitely take their firewall courses, as there are going to be a lot of tasks that you feel should be easy and they're not. There's going to be a lot of troubleshooting. I've been working on it for five years and I still catch myself sometimes trying to figure out why a certain rule doesn't work doing this or that. Definitely take the training. I would highly recommend staying away from the other products.

I'd give the product an eight out of ten for a score. It does everything I need it to do. The user interface is very modern. It works. I was able to figure out some very advanced things. Even though it has a modern interface, I like the fact that I can always go into the console and it's a Linux box behind the scene - which is very nice for when you're trying to do very advanced tasks. For the most part, it was plug-and-play. The setup was really easy. The support is fantastic.

I enjoy synchronized security, where you have to synchronize both the firewall and the endpoint. When I deploy a firewall, I integrate it with the endpoint so that they can send the security heartbeat from the endpoint to the firewall. In the Sophos firewall, there's deep inspection, which works quite well. Sophos has the web application firewall inbuilt. This is unlike other firewalls, where you have to integrate with another standalone web application firewall. Being inbuilt in Sophos, you just have to configure an application so that it's more of a policy, and you're good to go. It's pretty simple in terms of the user. 

We've deployed quite a number for our users and our customers, and the feedback is quite positive in terms of management and also administration.

The technical support is pretty good. 

The initial setup is easy.

There's quite a number of items on offer. When you look at Gartner, it's doing well. The uptake in the market has been wonderful and currently, it's competing with other top firewalls such as Check Point, Fortinet, and Palo Alto.

XG is at its end of life. People are moving to XGS. With those changes on the horizon, a client might end up in, maybe 10 years, having four or five appliances, which they might not use. I don't know what Sophos is doing to maybe change this. Right now, we've moved from XG to XGS.

Another feature, which might be good and which other vendors are maybe exploring is the NAC. Sophos doesn't have a NAC solution. 

Maybe they can improve on their WAF. Currently, they have the inbuilt. 

They could work on their SD-WAN solution. I have seen it. It's not that competitive compared to other vendors. We've had some device issues.

I've been dealing with the solution for the last four years.

In terms of when it's in the network, it's stable compared to other firewalls, where I have had some issues. I had a case with another firewall, which the client changed to Sophos and it was not that stable as the client had to go and actually restart the firewall. The challenge comes in terms of stability when, let's say, the engineer doing the scoping does the round-sizing for the firewall. This causes the IPS to become overloaded or overworked, so it disconnects the traffic at the port level. In terms of stability, I might say sometimes we might experience challenges maybe when the sizing is not done correctly. That's why we might experience that disconnect at the interface level where the internet gets disconnected, however, that's the case of sizing, not the product itself. In terms of stability, it's stable in the network.

In terms of Sophos' support, they have been wonderful. I had a device issue and I found the return policy to be quite simple. 

Their technical support is pretty straightforward. When you raise a ticket, the feedback is immediate, and you are assigned a support person. It's been a wonderful experience.

Even to the end-user, it's a pretty straightforward system that they have. A user would just log into support.id, then key in their credentials and raise a support ticket. It's pretty simple.

I'm also familiar with Check Point, FortiGate, and Palo Alto. We also used to use Sonic Wall, however, we've moved to Sophos.

The initial setup is pretty straightforward. It's not overly complex.

I've compared Check Point, CloudGen Network Security, and Sophos XG previously for clients. Not being biased to any vendor, normally, in this region, what normally happens is the budget. You might recommend Check Point to a customer, however, Check Point is a bit expensive, so you might end up losing the deal. What you would recommend, is Check Point as the Quantum, as the firewall. Sophos is doing quite well in terms of the endpoint for the workstations and the servers, the physical and the virtual. Likely it would be a good idea to recommend Sophos Security. That said, if the client has the budget, you'd recommend Check Point as a firewall. It's always good to do a bit of comparison and advise the client as to what is best for them.

We've actually deployed and supported quite a number of the products, from XG105 to XG3430.

Sophos is on-prem mostly, however, now there's another product for Sophos, for the endpoints, which is cloud-based.

I'd rate the solution at a ten out of ten. It's one of the best products. We have deployed quite a number of them - almost 20 - and I've not seen any of my clients complain.