We performed a comparison between Meraki MX and Sophos XG based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, Sophos XG received better user ratings. Although the two solutions are comparable in most areas, Meraki MX lacks a lot of features in comparison with Sophos XG.
"The response is very quick and they can visually resolve our problems in a short period."
"The simplicity of the configuration and the stability of the product are most valuable. The VPN concentrator is very useful."
"I think that the UTM features are the most value, as it truly protects my infrastructure."
"The network security and cloud security are most valuable."
"The web tutor and automatic rules by schedule are good features."
"We are very happy with the general bandwidth agility we have seen from one website to another website."
"The solution can scale well."
"Its stability is the most valuable."
"The cloud management system is really valuable."
"I love the simplicity of Meraki MX — specifically, the simplicity of the dashboard."
"Since it has an integrated dashboard for all the products, customers can get complete network analytics regarding what the user is doing, monitoring, and observing."
"Managed centrally over the web: You can manages all your Meraki devices in a single account."
"I think cloud management is key. The cloud management and support are the two things that make the product great."
"It prevents us from being hacked and delivers information about who and where the attack came from."
"The solution's most valuable feature is the Meraki dashboard, which is a single pane of glass."
"It is a robust SD-WAN solution."
"The firewall functionality and unified threat management are the most useful features."
"The two most valuable feature of Sophos XG is, one the option to filter according to different applications and two, the integration with the Active Directory."
"We recommend Sophos XG as a priority as it is much more reliable and has efficient technical assistance."
"I like the web filter, application filter, and VBA."
"The product offers many great features."
"It's a complete firewall solution that has everything."
"What I have found most valuable with the Sophos XG is it's a key component of the Intercept X EDR environment. You have to have it to receive the full benefit. If you've you are using Sophos SG firewalls, they're great firewalls and in many ways, I prefer them to the Sophos XG. Since I have set them up, programmed them, and manipulate firewall rules, et cetera, the Sophos SG's a better interface. However, the Sophos XG's very powerful. I prefer it over other solutions I have used, such as Cisco Meraki and SupportNet, I don't like them. They're not very friendly to people who have to set them up and implement them."
"The installation is easy. There is a wizard that can be used for a single connection making it simple and if you have multiple connections you can configure it manually."
"MTBF: Hardware failure is more common when compared to SonicWall or Cisco ASA."
"FortiLink is the interface on the firewall that allows you to extend switch management across all of your switches in the network. The problem with it is that you can't use multiple interfaces unless you set them up in a lag. Only then you can run them. So, it forces you to use a core type of switch to propagate that management out to the rest of the switches, and then it is running the case at 200. It leaves you with 18 ports on the firewall because it is also a layer-three router that could also be used as a switch, but as soon as you do that, you can't really use them. They could do a little bit more clean up in the way the stacking interface works. Some use cases and the documentation on the FortiLink checking interface are a little outdated. I can find stuff on version 5 or more, but it is hard to find information on some of the newer firmware. The biggest thing I would like to see is some improvement in the switch management feature. I would like to be able to relegate some of the ports, which are on the firewall itself, to act as a switch to take advantage of those ports. Some of these firewalls have clarity ports on them. If I can use those, it would mean that I need to buy two less switches, which saves time. I get why they don't, but I would still like to see it because it would save a little bit of space in the server rack."
"Fortinet FortiGate needs to improve the logging and reporting. Additionally, the next-generation application's policies should be improved. When they were released they had bugs."
"Usually, we sell the bundle with the UTM or threat management piece with IPS, IDS. Other providers, such as Palo Alto, are ahead in terms of safe functionality. So, for me, delivering truly safe service is probably something that still needs to be improved."
"Its reporting capabilities can be improved. It should have some out-of-the-box reporting capabilities and some degree of customization. The basic reporting that it currently has is not sufficient to create more usable reports. It needs some sort of out-of-the-box reporting. They try to make customers purchase FortiAnalyzer for this kind of reporting, which is an additional cost. Other firewall vendors, such as SonicWall and Sophos, provide this sort of reporting without any additional cost."
"They should improve high CPU and memory usage that occurs."
"There are just some services that aren't available. For example, the Ethernet or point-to-point protocols. They could add these services to their product offering - especially services for ISPs."
"There are mainly two areas of improvement in Fortinet FortiGate— the licensing cost and the timing of upgrading licenses for boxes."
"When we do API integrations with Meraki, they have always been hard as well as tedious to build. The data that we want out of the API integrations has been only recently available. Six months ago, it was hard to get someone to build something correctly or useful with Meraki APIs. Recently, they have made more data available on the API, but it is just a start. They need to do more."
"They need to improve the link between Meraki and Active Directory."
"As far as what needs to be improved — nothing really comes to mind. It does what we need it to do."
"Pricing is an area where the solution lacks since it is an expensive tool."
"It would be nice to get detailed logging information without third-party software."
"Could possibly use deeper configurations."
"The product doesn't support route summarization and BGP dynamic routing protocol."
"What I would like to see in the next version is to have more interfaces for WAN links."
"Sophos XG should improve on the GDPR features involving data protection and encryption. Security regarding data protection is important."
"Lacking network access control, user profiling and analytics dashboards."
"The pricing can be high unless you choose a longer contract."
"The VPN has been a persistent problem for us. It's not straightforward to configure."
"We are having challenges when using Zoom with Sophos XG deployed."
"It would be beneficial if the platform provided more flexible support for a variety of devices."
"The program is rather expensive."
"I would like to have better SSL decryption and HTTP decryption. There should be filtering of SSL and HTTP traffic. Sophos XG consumes a lot of endpoint resources. It consumes a lot of RAM and CPU resources, and they should look into this."
Meraki MX is ranked 2nd in Unified Threat Management (UTM) with 58 reviews while Sophos XG is ranked 7th in Firewalls with 192 reviews. Meraki MX is rated 8.2, while Sophos XG is rated 8.2. The top reviewer of Meraki MX writes "Cost-effective, simplified, easy to manage, and reliable with advanced security features and granular visibility". On the other hand, the top reviewer of Sophos XG writes "Easy to use and deploy with an improved pricing structure in place". Meraki MX is most compared with Palo Alto Networks NG Firewalls, Cisco Secure Firewall, SonicWall TZ, Netgate pfSense and SonicWall NSa, whereas Sophos XG is most compared with Netgate pfSense, OPNsense, Sophos XGS, SonicWall TZ and Sophos UTM. See our Meraki MX vs. Sophos XG report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Meraki is designed for zero deployments and no in-house firewall specialist personnel. Best to secure Networks like remote offices, branches or home offices. Also to protect Internet Access (your computer accesses the internet).
Sophos is more of a professional firewall, not only protecting internet access but also providing security for publishing services like web servers, data centers, central services. They will need a specialist to install and support them. Therefore offer much more sophisticated protection features.
So, you can't really compare these solutions as they are targeting different markets.
Meraki MX is a small business product and lacks a lot of features compared to Sophos XG/XGS.
- IPsec IKEv2 does not work (it is in the menu, but does not work and can only be enabled by meraki support)
- no SSLVPN or IPsec VPN client. AnyConnect can only be tested with beta firmware.
Cisco Client VPN (L2TP) is a total joke - not sure for who it is meant for?
- no user based firewall rules (for VPN)
- no firewall rule grouping
- no masquerade option for DNAT (sometimes it is very useful if I can do a DNAT with masquerade to another subnet)
- no VLAN tagging support on WAN port (would be usable for IPTV - solvable if WAN is bypassed through a managed switch)
- no multiple IP support on WAN port (Sophos has alias support on every interface, which means that multiple IP addresses can be added on the same LAN or WAN port)
- no LAG or LACP support (would be usable to connect aggregation switch to firewall to bypass more traffic through the MX)
- no DAC cable support for SFP port (why I do have to use optical cable to connect aswitch?)
- no custom IPS policies - only on/off button
- no e-mail protection option (Sophos has it with extra license)
- no web server protection (Sophos has it with extra license)
- no sandstorm option (most firewalls have it with extra license)
- hardware may probably too weak compared to the user count
- no BGP, OSPF routing
- no multiple VPN user groups and LDAP servers
Cisco mx64, for example, has 2 WANs, is very practical and simple for the two services, has a balancing for two internet services and bandwidth control (by groups and users).