We performed a comparison between Palo Alto Networks and Sophos XG based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Palo Alto Networks comes out on top in this comparison. It is robust, performs well, and has good support. Sophos XG does, however, do better in the Pricing and Ease of Deployment categories.
"The most valuable features are the possibility of having one fabric for switching on security."
"Virtual Domains (VDOMs) are a feature that we found valuable."
"It's very easy to set up, it's very easy to make policies and, for an organization, that means you don't need IT expert in firewalls. You just need to have somebody who knows a little bit of IT, and that's it. With other products, you need someone with a "Masters" degree in firewalls."
"I like Fortinet's cloud management. It allows me to manage all my devices in different branches for three cloud accounts. Even though I use on-prem devices, I can manage everything on the cloud."
"The main benefit is the grouping of our security monitoring."
"FortiGate has a very strong unified threat management system."
"Overall security features and performance routing is good."
"FortiGate's web and URL filtering are unlike any other firewall I've used. The functionality of URL filtering in those solutions is problematic because everything is encrypted, and firewalls can't break that encryption protocol. Fortinet has an SSL proxy, so the encryption is done before the packet ever leaves the FortiGate. The URL filter is definitely one of the most helpful features."
"The structure is much faster and more sophisticated than Cisco."
"The most important feature is the firewall. We can make rules to filter the application layer of traffic. It's a very helpful feature."
"In my opinion, Palo Alto has consistently been one of the best firewalls for enterprise security."
"The ease of use and the ease of configuration of our policies are the most valuable features."
"The solution is very stable."
"The WildFire reporting and Cortex XDR platform have huge infrastructures in the cloud that secures the network against threats. So, we have the potential on the system, specifically for users, where we take care of this since the user is the most dangerous. We get reports back from WildFire on a minute-by-minute basis, rather than a daily or weekly update like I used to with different AV vendors. These features can detect viruses and malware more quickly, which is super important."
"The solution's most valuable feature is the robust firewall, which we can also use as a UTM device."
"I like to install Palo Alto mainly on the data center side to have visibility into all VLANs. That gives full visibility into the core."
"My clients gain efficiency in protecting against attacks from malware such as ransomware and hacker attacks. It also provides them efficient internet access control, and full visibility of ports, applications, and websites."
"It's a product that is in continuous improvement and is following what the customer is asking for. They are taking inputs and designing new releases specifically according to the client and their needs."
"The product’s most valuable feature is the user management system."
"The features that I have found most valuable are first the Web Filter and the Web Application Firewall SD-Wan on Version 18. Additionally, RED Tunnels allows a Sophos vital to speak to another Sophos vital in headquarters."
"The multifactor authentication is helpful because whenever the user wants to connect to the firewall, they have to use the authenticator before they can access it."
"It is a scalable solution."
"I've tried out Sophos XG a little. It has a good interface that's very user-friendly, but I haven't used all of its functions because I'm only configuring and running the system."
"The solution has good performance and is easy to use."
"The solution is very expensive."
"It can be a little bit more user-friendly in terms of policy definition and implementation. It seems a little bit complicated, and it could be simplified."
"Fortinet FortiGate could improve by adding enhancements to FortiMail, FortiSOAR, and FortiDeceptor."
"They should improve high CPU and memory usage that occurs."
"There is one big configuration file with no separations for the unique VDOMs. Maybe they could separate individual VDOM configuration files with the root VDOM configuration file referencing the individual VDOM config files."
"The updates Fortinet provides are sometimes unstable."
"There can be more security in hybrid implementations. When a customer has a hybrid environment where some parts are in the cloud, we need a consistent security solution for such scenarios."
"The platform's interface could improve."
"There is room for improvement in the area of customer service."
"Overall it is good. It is reliable and easy to understand. However, the monitoring feature could be improved."
"The tool's central management system is complicated, making it challenging to manage multiple devices centrally. Individually, the firewalls are easy to use and manage. I'd like to see better central management features in the next release. They've introduced some, but I haven't tried them yet, so I can't say how effective they are. However, having a single management interface would be a big improvement."
"In the future, I would like to see more OTP features."
"The support could be improved."
"The initial configuration is complicated to set up."
"The data loss prevention (DLP) capabilities need to be beefed up."
"I would like the option to be able to block the traffic from a specific country in a few clicks."
"Their updates can be faster and more regular."
"The interface of Sophos XG could be improved. I would prefer the Sophos XG to have an interface for the technician who is setting it up similar to the Sophos SG. I felt the Sophos SG user interface was superior. however, in terms of the functionality of the product, Sophos XG is in many ways more powerful than the Sophos SG. I have no complaints about the quality of the product or the end result. For someone who has used both, I preferred the old interface to the new one."
"The solution should have the ability to be up to date with the most recent threats."
"Recently, I've had a problem with updating things."
"Technical support is difficult to access."
"I can't use the product's application control feature, making it a disadvantage of the solution where improvements are required."
"We are facing some problems on this firmware version, version 18, that require improvement. We want to improve the email security because it doesn't give proper security with the data protection. Also, our clients are facing some problems where most of the sites which they're accessing are getting blocked. I want to improve those sites, that email security, and the data protection on the Firmware version 18."
"The management console could be improved and the solution lacks good technical support."
More Palo Alto Networks NG Firewalls Pricing and Cost Advice →
Palo Alto Networks NG Firewalls is ranked 6th in Firewalls with 162 reviews while Sophos XG is ranked 7th in Firewalls with 192 reviews. Palo Alto Networks NG Firewalls is rated 8.6, while Sophos XG is rated 8.2. The top reviewer of Palo Alto Networks NG Firewalls writes "We get reports back from WildFire on a minute-by-minute basis". On the other hand, the top reviewer of Sophos XG writes "Easy to use and deploy with an improved pricing structure in place". Palo Alto Networks NG Firewalls is most compared with Check Point NGFW, Azure Firewall, Meraki MX, Netgate pfSense and Cisco Secure Firewall, whereas Sophos XG is most compared with Netgate pfSense, OPNsense, Sophos XGS, SonicWall TZ and WatchGuard Firebox. See our Palo Alto Networks NG Firewalls vs. Sophos XG report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat signatures and updates. I also appreciate that I can just import addresses and URL objects from the external server. Palo Alto has a dedicated management interface, which makes it easy to manage the device and handle the initial configuration. It has fantastic throughput and its connection speed is pretty fair, even when dealing with a high traffic load. With Palo Alto I can configure and manage with REST API integration. And Palo Alto provides deep visibility into your network activity via Application and Command Control.
Although Palo Alto has great things going for it, there are a few things I dislike about it. For example, when the CPU is 100%, the GUI can take a very long time to respond. Booting time is also time-consuming, and committing the configuration takes more time than I would like it to.
Like Palo Alto, Sophos XG is quick and easy to configure. It is compact in size, and therefore does not weigh a lot either. Similar to Palo Alto as well, it can handle heavy traffic and has a solid performance. A good thing about Sophos XG is that it supports IPsec connection with multiple vendor firewalls. However, I am not impressed with the CLI which is not so useful, and I don’t like that there is no option to import bulk address objects.
Conclusion:
Palo Alto Networks NG Firewalls and Sophos XG are both good products. However, Palo Alto has certain features I really like and that’s why I chose it. For me, Palo Alto’s dynamic address group option is a big advantage because it is a huge time saver instead of having to create address groups manually. Another biggie for me was its DNS Sinkhole feature because it is something I rely on a lot and it is very effective in blocking C2 command control traffic.