Sophos XG Reviews

I was using the Sophos XG firewall in my last job, where it was part of our security solution.

We had multiple locations with the internet being provided from a central location. Each of our locations was connected point-to-point using MPLS lines. Using Sophos meant that we didn't need to have a router.

The default templates are helpful because if you want to create new policies, they make it easy to do anything you want.

Sophos XG is a very robust technology.

This solution is very user-friendly and even a non-professional can configure the policies.

There are unlimited SSL VPN clients and it is free with Sophos.

The cloud support needs to be improved. As it is, they only have support for Microsoft Azure. They should expand it to include providers like Amazon and Alibaba.

I have not heard complaints of bugs or glitches occurring.

Sophos is a scalable technology that is being regularly updated.

I have been in contact with technical support many times and they are very good.

Currently, in my new company, I am using Fortinet. This is a very basic firewall and ultimately, I would like to update them.

The initial setup is not complicated. For somebody with an intermediate level of knowledge, it will take between three and four hours to deploy. For a more experienced person, it may take two or three.

I am currently in the process of evaluating the different firewalls that are available in India.  One of the options is Sophos, and I am also considering others such as SonicWall and Palo Alto.

With Fortinet and SonicWall, there is a limit of 10 people who can simultaneously connect using the VPN.

Sophos XG is a firewall that I would recommend for people who are looking for good security in a medium-scale organization.

I would rate this solution a nine out of ten.

We use the solution for application control and web filtering. We also use it as a VPN point, and we use it on other occasions for tracing and reporting about usage and high application rates.

We are able to trace any user and pinpoint any vulnerability or any malicious software. We are able to synchronize between the local and active directories so we can catch users easily through their login names and IDs.

The reporting on the solution is excellent.

There needs to be a way that we can distinguish between educational institutions on Youtube and other Youtube videos. You can do this on Fortinet. Basically, they can block all other Youtube videos besides those that are from educational institutions. With Sophos, you either allow for all Youtube videos or none at all. They need to allow for more specification on different websites.

They only have one single location for training videos. They must offer them elsewhere as well. When the site goes down, everything stops, and you can't access the videos when you need them, so they need to diversify that. It's limiting.  

The stability of the solution is excellent.

The scalability is good. We could only handle around 5,000 users but even when we reached 3,000 users, Sophos only consumed around 24% and 40% of Prime usage. 

The solution's technical support is not the best. When I take a step to open a case with Sophos support I can't understand them at all; I can't understand their accent. I always appreciate if they can communicate with me through e-mail instead, which makes it much easier. 

Many cases take a long time to be resolved. Some cases they seem to ignore or don't reply to for a long time so I have to remind them that the case is still open before they will respond. 

The initial setup was straightforward. The implementation took about a day. There were only two people needed for deployment.

We had a consultant assist with the setup. They were very good.

We use the on-premises deployment model.

I would rate the solution nine out of ten. It's a very good firewall. It helps a lot with protection, and every organization needs a firewall to ensure they are protected.

We primarily use the solution internally in our company and we also deploy it for our customers.

We have many Sophos solutions that we use together. We use Sophos UPM and Sophos XG. Next, there are just firewalls. The Sophos UPM is the basic firewall; Sophos XG is a mix of Cyberoam and Surface (Sophos acquired Cyberoam three years ago). We use all the features within these solutions and we have a full set of licenses. They offer IPS, IBS, BPM, web publishing, web protection, etc. We're using everything. 

They should expand their DDoS feature. It's basic. They need to enhance it.

Technical support needs to be improved.

The solution needs a mobile application for the administrator. Today, as an administrator, you cannot manage the solution from your tablet or from your mobile. You can only go through a web console. Other vendors have mobile apps. Some vendors also have the ability to manage and check the chart report and change some settings from a mobile application. This would be an excellent add-on for administrators who are traveling. It could help a lot. 

For the past seven years, we haven't had any issues with the hardware or software. It's stable. If a customer misconfigured it, they might face issues. Out of the box, however, it's stable; it is an appliance that customers can depend on.

The solution is scalable. Sophos has plans for customers who want to upgrade or add another appliance in the same environment. As a customer, I've deployed to as many as 300 users or as few as 30.

Technical support isn't as good as it needs to be. In most cases, these days, the partner has to work hard to support the customer. The response time and the experience of the support team are not as expected. As a partner, we've never opened a case. Our customers, however, have told us they have had issues.

The solution is straightforward. Deployment took about 30 minutes.

Price-wise the solution offers acceptable rates. You can find cheaper solutions on the market, but when you go cheaper you have fewer features. Today, based on iQuate market the price is very reasonable and affordable, and it's good if you get a good discount. Discounts can be offered by the vendor. If it's a competitive upgrade which means the customer is upgrading from another vendor, Sophos provides extra discounts so they can win the deal. In general, it is a good price.

We are a Sophos partner. We both use the solution and recommend it to clients.

Compared to other competitors, I'd rate the solution nine out of ten. However, for very large enterprises, the largest firewall appliance from Sophos might not be enough for thousands of users. If I was rating the solution for enterprises, I would rate it eight out of ten because of this. 

I would recommend the solution, however. We often recommend the solution to our clients and it works very well for them.

I use the solution as my endpoint firewall and at the same time, I use it for load balancing and spillover.

What I like the most is the reporting. 

The integration with the Sophos firewall is brilliant. I don't need to be physically present in the office. I can monitor everything from Sophos Central. That is a great feature and it's one thing that I really appreciate about the solution.

I like the fact that it can self remove malware and do updates on the cloud via Sophos Central.

The interface is good.

Although I enjoy the reporting elements of the solution, it can still be improved. I still can't drill down. There is some information that I would really, really like to see, but I still can't access it.

On reports, they sometimes give a summary, but it lists different users as unknown. There are times that I really want to know which user or which IP is causing a problem. 

There is something that have observed and I don't know what exactly the problem is. Right now, from my ISP I'm supposed to have unlimited bandwidth, but I observed behind the firewall my bandwidth seems low. I'm not exhausting what I have from my ISP. I've checked the TOS and there's no limit. When I spoke with one of the resellers they said that they too had experienced it before and that probably I should restart the device.

That they observed that the clients that restarted had their internet service improve. I don't think that is a good solution. I don't want to have to restart my device to have the internet service improved.

I've checked the setup. I even checked with the reseller, who told me everything is okay. I've gone for XG training. Even after the XG training, I've gone back to look at my setup. I can't see anywhere the bandwidth is being shared. I'm not sure if it's the device itself, but I've checked everything.

The scalability is okay. We have about 200-250 users.

Technical support can be improved upon. There are times that I've had some issues that I've tried escalating in technical support and it takes a while before we really get it resolved. 

Once I was getting a particular malware from an unknown source on one of my servers which was behind the firewall. I asked their support why. Later they advised that I should install Intercept X for servers on that particular device. I was confused about how it was behind a firewall; the firewall should be able to detect which system is getting infected. The system doesn't really go to the internet and nobody browses on it. The only thing I could imagine that could cause it was a Windows update. If it was from an update they least it should have been able to say, "Okay, it was from this particular update that this malware was filtered in."

Out of ten, I would give their service a five.

The solution we were using previously was Cyberoam.

The Cyberoam device was about five years old and had started malfunctioning. It wasn't giving us the output it had previously provided. At that time, Sophos had already bought Cyberoam. We had the option to either upgrade the OS to a Sophos OS or to a Sophos device.

We decided to go for a Sophos device since the Cyberoam device was already problematic.

The initial setup is straightforward.

I used a reseller to assist with implementation.

We pay on a yearly basis. 

We have Sophos XG, but we also have Intercept X for our endpoint and recently we just deployed Intercept X for the servers. I've not done a calculation of the costs of all three to know what my yearly maintenance costs would be.

Once you have basic networking skills and firewall management it's easy to set up. With Sophos Central, I think it's a good solution for any IT department.

I would rate the solution eight out of ten.

As it is now, the solution is good, but I believe that there's still room for more improvement. I still believe the reporting could be improved. Sophos, from my experience, seems to affect my bandwidth. I didn't set any limit, so I don't know where that is coming from, but it's something that we've noticed with the XG.

We use the solution as an internet firewall, and a VPN concentrator.

It streamlines the process of creating VPN access for users. Because of the AD integration, it makes it very easy to manage these users from different locations from a central source. It also helps us to get a good idea of what our risks are, or if there's any risky activity going on with the users. 

The SSL VPNs are the most valuable feature for me. I have a lot of systems out of the head office that need to connect to the local networks, and they all connect via the Sophos VPN client.

The initial set up process can be a little tricky, especially when you are registering with Sophos and you have a poor internet connection. Setup is not necessarily complex, but it's not trouble-free. You do have connectivity issues at the initial setup with registering the device on the Sophos platform to access the advanced features. It doesn't always go through the first time around. That may be an issue with the quality of our connection. I'm not sure exactly what it is. 

The single sign-on client I get maybe a 60% success rate on. There are times when it will use single sign-on for verification of users to access Internet resources. It still doesn't always catch the user. The user gets sent to the web login. Even though the single sign-on is helping, it doesn't always work. 

I would like to see a better single sign-on performance. I'd like to see a more streamlined way of managing your licensing as well.

There are no issues with stability. It's a very stable system and you almost never have serious problems for any reason. It's only when you do an upgrade that you have to restart. Stability-wise, for the on-premise solution, I'd give it 4 stars.

Once you've bought the specific version, you are locked into the limitations of that plan. You can't exceed the number of VPNs, connections, etc. There's no way to increase that capacity, per se. You do have options where you can increase the port count and so on. However, in terms of scalability, you have to buy the capacity you require.

On the system I have now, it's not fully populated, but we have about 100 users. The plan is to eventually support about 1,400 users.

I don't use the solution's technical support. I typically just use the documentation. There are lots of guides and videos available. In most cases, I search the guide. There's a step-by-step guide to deploy so I don't have to contact technical support.

The initial setup isn't hard, but it can be tricky. Since I've been using several Sophos devices, I now find it's fairly simple. I get the deployment done in two hours, including integration. For others, it may take about a day to get everything done. 

There's almost no maintenance. There's really only the requirements of adding users and populating VPN connections. One person does that on a part-time basis.

I handled the implementation myself.

We do see an ROI. It would be the cost of the support. If I had to hire a CCNP in Nigeria, I would be paying about $10,000 per annum for a CCNP minimum. For a less experienced person, I can get for about $6,000. I am probably saving about $4,000 a year in personnel costs from going with the XG rather than the ASA.

We are paying about $1,500 yearly for the Enterprise Plus. As far as I know, there aren't costs above this standard fee.

We evaluated Cisco ASA as well as the FortiGate before ultimately choosing Sophos.

I chose Sophos over FortiGate because I'd already had experience with Cyberoam and it was a fairly similar migration in terms of configuration from the UTM over. But in terms of features and capabilities, I think FortiGate is pretty similar to the Sophos. Cisco ASA I choose not to go with because it's much harder to configure. I also needed to be able to have someone other than myself manage it and not need to have someone with CCNP sitting down just to add VPN users etc. I felt that the Sophos solution was a better option because it gave me all the functionality of the ASA, but it's much easier to manage.

We use the on-premises deployment model.

We definitely plan to increase the usage and also add high variability too. Right now, it is the main internet gateway and firewall for my network.

We're using both Sophos XG and Sophos UTM.

I would warn those considering implementation that, once you've got it, you're stuck with it. You can't really increase the capacity very much beyond what you have. It's always good to have the expertise available to take care of the box because even though it's a lot easier than the Cisco ASA, you still need someone that has a little expertise in managing it.

You can get very good performance without spending all of your money and without having to send a lot of high-end techs in-house to monitor processes.

I would rate the solution nine out of ten.

I use Sophos XG as a content filtering, web filtering, and application filtering utility, as well as to integrate with the endpoint antivirus software. 

I have Sophos Endpoint Antivirus installed on the user machines as well, i.e. the Central Cloud Management version. That's our main use. 

Sophos XG has cybersecurity. It integrates with the antivirus software.

I have a serious problem because our offices are scattered around the world in very remote areas. We cannot deploy proper branch office guides, active directory sites, and software services. 

It is impossible to apply any sort of group policy on the user machines, which makes it very hard to control issues like USB ports, access to cameras, or access to any preferences on the user machines. 

With the integration between Sophos UTM and the installed endpoint antivirus, you can now manage all those features from your cloud subscription. You can allow and block whatever you want from the cloud. 

You can allow whatever USB ports you want for specific devices with specific IDs, serial numbers or modems. The machine gets updated online or updated from the antivirus settings, i.e. the UTM unit itself.

The UTM unit itself has a cache update on it. Once the clients behind the UTM get updated, they get access or they get denied access to the hardware resources they are applying for. This is a major benefit for us.

The application filters available with Sophos XG are brilliant. The sandboxing and the way the firewall or the UTM integrates with the installed endpoint antivirus clients on the user machines is brilliant. You get the chance to isolate network threats before they become active or become distributed on your network. 

With the cloud version of Sophos XG, you get the proper visibility of your network and the user machines. With the cloud versions of the antivirus, i.e. the cloud central management of the antivirus, you get high visibility.

With the application between the installed Sophos UTM, you get a high level of visibility of what's happening on your network or on your client machines. You get protected against threats. You get proper visibility. That solves a major issue.

There was a big issue with the Cyberoam and with the SG units as well, i.e. the previous Sophos UTM model. With Sophos XG, you get the chance to block what sites operate on SSL or that operate with HTTPS, without the need of extracting and distributing a certificate. 

On older Cyberoam and Sophos SG old versions, if you wanted to block something like YouTube or Facebook or any other websites that operate with HTTPS, you had to extract the certificate. Then you had to export that certificate. Then you had to re-import that certificate in all the user browsers. 

The only problem was if you needed to use an active directory where those certificates would be automatically thrown into the user browsers once they logged in to the domain. 

For a scenario like mine where you don't have a group policy, it is a disaster and ends up with you setting the rules to block certain websites with HTTPS on the firewall, even while they are not being blocked so that the user will still have access to them. This problem is now 100% sorted out with Sophos XG.

Now you can actually block whatever you want, whether it's using HTTPS or HTTP keys from the firewall without the need for extracting certificates. That's a major improvement. That problem with the HTTPS settings was a huge issue. 

I know other people must be enjoying that it's sorted out now. It was a serious and major issue for Sophos. The only issue that Sophos XG now needs to improve is the product's reporting capabilities.

Sophos XG is stable enough for our requirements.

We have about 450 Sophos XG users currently using this edition and 300 for the antivirus platform installed on the machines, plus in-service, around 310. We also have around 15 additional units deployed around the world.

I'll give Sophos XG technical support an eight out of ten for their service.

I used Cyberoam previously, although I always used it as a UTM only. What made me move to Sophos is that they were acquired, i.e. they acquired Cyberoam to start with the development. At that time the software had many features that were not available with FortiGate, in terms of content filtering, and it was an appliance when Websense was the software to be installed on a server. 

There was a problem with our operating system with some of the updates, i.e. with the operating system or the hardware. I moved from Websense to Cyberoam because it wasn't applying properly.

The initial setup is definitely something different than the old Cyberoam and it's a bit complex. If you've been dealing with UTMs and you understand the concept, it is still complex but then I find it enjoyable.

Sophos XG is not hard to configure. Too much detail is always good. 

I required three or four hours for the initial setup. One day for the testing, fine-tuning, optimizing, and categorizing. Three days for the first unit with the initial setup and the customization including testing. Finally, three days for testing all the rules, the QA, and then putting everything live. 

I used to work for an integrator myself years ago, as well as my team. We are all trained. We are all professional in what we are doing. No external help was used.

Our ROI is 100%. I've got the ransomware attacks being blocked. I've got the users' consumed bandwidth by using proxy bypasses and all sorts of applications being blocked now. 

It's saving on the companies and the employees working hours and time. It's saving on minimizing virus infections and applications that the users like to use on their machines in order to bypass blocking USB ports or cameras. 

It is saving the company money by saving bandwidth and saving employees time by not allowing them to access time-wasting websites.

We have the annual license for Sophos XG. It all depends on what you would like to have in the package that you are purchasing.

I evaluated FortiGate but wasn't happy with it. I evaluated another group called WatchGuard. WatchGuard has good features in it, but it's for a smaller business scale than the Sophos clients.

I evaluated Cisco ASA or PIX but now, I use Sophos XG as the firewall. I have confidence in their unit. Before Cyberoam and Sophos, I used FortiGate and Websense for our UTM requirements.

I recommend that everyone should have a proper understanding of new network requirements and then enjoy it. Sophos XG is definitely a good product.

On a scale of 1 to 10, I would give Sophos XG an eight.

Our primary use case for this solution is to act as the main broadband device in our data center. The XG 210 model is being used for a hospitality solution.

The main improvement for us is with our email. The email options and email security features are good. 

We have found that the simplicity of the XG 210 is its most valuable feature. There are a lot of options available for the default firewall rules, such as email and web, that are used to secure the network.

I like all of the options, but the most important thing is that it is easy to understand how to configure everything, compared to other firewalls.

We are having a lot of issues with conflicts and user sessions, and Sophos has suggested that we change the device to the XG 400.

Aside from these issues with scalability, the email security features are good, but there are not many options. We would like to know why an email is being blocked, and how we can allow delivery. It does not keep emails in the queue for delivery. It can only log whether it is delivered or not delivered. If I need more details then I have to log in using SSH to get that information.

When an email comes in from the outside it is detected. When we check the log it only tells us that it is not delivered. We would like to create an exception, but there are not many options available for this. For example, a domain space is not allowed. Only the user name can be used to do that. We need a domain-based exception for email.

Next, the XG 210 is easy to configure, but when we are looking for more details then we can only get this information through SSH. It is quite difficult. If we can get all of those details then it would help us to understand, so this needs to be improved.

There are a lot of options and it gets confusing sometimes. If they can give limited options, with more information, then it would be good for the large sites.

The product is stable, but by stable, I mean that we still have issues. The issues are more technical, which is why they suggest that we change the device to fix the problems.

Our main data center has more than seventy servers that host a web server and internal applications. This is where we use the XG 400.

We have installed the XG 210 model at a smaller data center. We have between three and four hundred users at the most. However, because we have more than three hundred sessions, the vendor has suggested that we change to the XG 400. We do not yet know if this will fix our problem.

At our remote sites, we use the XG 135 model, and we do not have many issues.

I am not sure why Sophos suggested using the XG 210 model after doing a site check, but we are facing issues and they suggested that we replace the model.

When I call, I have to wait for at least one to two hours to reach them. Sometimes they will pick up the call immediately, but most of the time they will not. I usually have to wait one hour before they pick up the phone.

When a ticket is created we have to wait three days before getting a reply from them. When they create a ticket for a critical issue, the response is delayed. This is a new device, and we expect support from Sophos. At least the partner should support the product, but the partners are always looking for money. Even if they deploy the device, for example, the XG 450, then they only offer support for one day. After that, there is no support.

We have been using the Sophos XG 135 model at our remote sites and it works.

This year we deployed the XG 210 model at our data center, but prior to this we used Barracuda. We switched because Barracuda is too expensive. The options are very limited because you have to pay for each additional option. Each one represents a different service, like ADP (Active DDoS Prevention) or firewall. In contrast, Sophos is only a single payment, so we switched even though we lost some options that we liked.

The initial setup is very easy.

Our deployment took only two to three days. The problem is that we had a lot of issues, especially with the email. The SMTP did not work, so I could not continue with the deployment. It took between fifteen and twenty days to resolve this. I do not know what they did to fix it, but we were delayed between twenty-five days and a month.

We had contacted the Sophos partner for help, but they were not able to fix our issue. After the problem was resolved I re-initiated the deployment. Only one staff member is required to maintain the solution.

Even when you purchase the product from Sophos, they ask for a separate contract for support which is on an hourly basis.

For licensing the XG 210, we paid approximately $3000 for three years. There are no additional fees on top of this.

Other than the Barracuda and the Sophos models, I did not evaluate other solutions.

Because of the problems that we are having, I cannot recommend this solution to anyone at this time.

I would rate this solution five out of ten.

Sophos XG is an on-premise next-generation firewall with comprehensive features and the console is centralized on the cloud.

Sophos XG could improve Data Loss Prevention(DLP).

I have been using Sophos XG for approximately two years.

Sophos XG is a stable solution.

The scalability of Sophos XG is good.

We have approximately 20 users using the solution.

The support is a bit behind compared to other vendors.

The installation is straightforward and only took one and a half hours.

We have one or two people for the deployment and maintenance of the solution.

My customers pay a license for one or three years to use Sophos XG.

I would recommend this solution to others.

I rate Sophos XG a nine out of ten.