What do you like best about the product?

Sophos XG Firewall is easy to configure and use, but extremely flexible and powerful. Sophos provides excellent training on their products (including the XG firewall), and their support is very helpful. You can download a free trial at any point and setup a test virtual firewall on spare hardware (or as a VM) to become familiar with the firewall and features without any type of commitment or limitation. They also provide a free version of their virtual firewall for home use.

What do you dislike about the product?

There have been some bugs in the XG / SFOS firewall versions, and some feature parity discrepancies between the older firewall OS (UTM) and the XG firewall OS (SFOS), but Sophos has made excellent strides in resolving those issues. The latest major release (SFOS v18) has added an impressive level of flexibility and customization to adapt to modern requirements for firewalls.

What problems is the product solving and how is that benefiting you?

Sophos XG firewalls work excellently as a one stop solution for routing, firewalling, webserver protection, email gateway, VPN appliance, and more. Sized properly, the firewalls provide more than adequate capacity and throughput. The reporting and Sophos Central integration are excellent, and allow for secure remote administration and great scheduled reporting. The Synchronized Security with Sophos InterceptX for servers and workstations is fantastic, and lets you easily view the applications running in your environment, as well as enforce greater levels of security when an endpoint is compromised.

Recommendations to others considering the product:

Sophos XG firewall is an excellent choice for a cost effective, feature packed, and security focused firewall. Their training is top notch, and easily accessible on demand. I have seen the Sophos XG firewall operating system and appliance features grow and mature over the years, and they are one of the best firewalls that I have had the pleasure of using.

What do you like best about the product?

I'd have to say the comprehensive security features and Sophos Central.

What do you dislike about the product?

No complaints at this time. Wish we chose Sophos earlier.

What problems is the product solving and how is that benefiting you?

Cybersecurity needs

What do you like best about the product?

I love that I can log in to sophos Central to manage and view status on all my firewalls at different sites. Easy to use, for the most part. I am a novice with firewall management, and was still able to figure things out.

What do you dislike about the product?

I dislike that I don't have a better understanding of how effective my firewall rules are... It would be nice to see logs that were a bit more intuitive to help firewall managers that aren't experts in how firewalls and sophos are supposed to work.

What problems is the product solving and how is that benefiting you?

I have sites spread all over my state, and it is incredibly helpful to have the web interface where I can log into the firewall from anywhere, without relying on a local computer that I have to use remote software to log into. I also have peace of mind with the sophos advanced threat monitoring.

Recommendations to others considering the product:

Solid unit, great performance and features, don't hesitate!

What do you like best about the product?

The capabilities, along with being able to pair it with your Sophos end point.

What do you dislike about the product?

The logs are somewhat difficult to navigate/understand.

What problems is the product solving and how is that benefiting you?

VPN connectivity is awesome, being able to monitor/lock down PCs via the firewall.

What do you like best about the product?

The layout and description of items in the XG firewall interface make it easy to understand and navigate saving time and reducing the headache factor of trying to figure out how to get the system to do things. The time it takes to implement a new function, website, network, etc... is greatly reduced by the ease of operation and understanding of the system.

What do you dislike about the product?

Major firmware changes have released some very big changes in the way the device operates. In one case going from one version to another completely broke some of the functionality we had implemented and took a lot of sorting out as the new firmware had auto populated many rules that didn't work. The patch notes said that the upgrade would take into account the current state and migrate it to the new method of operation which it clearly did not do properly.
The ssl vpn product could also be improved for usability in scenarios where multiple profiles are needed.

What problems is the product solving and how is that benefiting you?

The XG firewall easily allowed us to implement VLAN's in our environment. For smaller sites we have been able to improve reliability over VPN and with RED functionality. The SSL VPN allows us an easy on demand way to remote in to branch office and external networks. Reports and diagnostics available in the system help us keep track of any threats. All of the features have led to a general increase in our security posture.

What do you like best about the product?

The appliance itself is rock solid and I've not had any issues with it. They issue regular firmware updates and add features over time. The functionality is what you expect from a firewall, but it also has additional features including Wi-Fi, basic e-mail filtering, VPN functionality, and integration with the endpoint software. Overall, I've found it to work well consistently. I like the direction, added features, and the stability.

What do you dislike about the product?

Since Sophos was acquired, the quality of support has tanked. They farmed support out for cheaper labor without much knowledge transfer, apparently, so it's sort of a mess to get consistently good help without needing to constantly escalate cases. In my cases, I have found that first response consistently takes too long, and

I also feel that the company direction is unclear for users. There was, at least at one point in time, a perception that the firewall should be the ultimate gatekeeper that stops all threats before it goes further into an organization. There's certainly value in that approach, but it orients the thinking toward making the appliance as robust as it can be in terms of firewall rules, filtering, etc. There seems to be a push to move some of that functionality toward the endpoint software, however. A good example of this is web-filtering, where policies within Sophos Central/Cloud would define what users have access to and perform the blocking. In my mind, that means that a potential threat is getting PAST the firewall and the software on the endpoint is what's stopping the threat. The two should obviously work together, but as a user, it's not really clear how they want this to integrate and play off each other for best practices, protection, and performance.

What problems is the product solving and how is that benefiting you?

I find the XG to be a good overall security appliance that does firewall tasks well. In my use case, it has also worked well for VPN functionality.

Recommendations to others considering the product:

I feel the value of the product is greatly improved with the integrations with Sophos Endpoint software, through Sophos Cloud/Cendtral.

What do you like best about the product?

I like how easy the interface is from start to finish. It has some really nice out of the box default deployment solutions that seem the fit most if not all SMB environments. I work at a place that doesn't have a fulltime network staff, security team, etc...and in my opinion this hardware along with its interface not only bring the tools you need for securing your network but also the ease to follow up and monitor there after...all without needing a dedicated resource. The default firewall policy and out of the box set up is plenty to get going, quite frankly when compared to the ProSafe firewall/router i was used to , getting this going to the same state was much faster. I'm a huge fan of SSL VPN and how unbelievably easy that was to deploy, it really took our network form that "home " feel to that "corporate" one. With ease, I'm able to quickly set up a disclaimer for anyone hopping onto my guest wifi, and I'm able to set up soo many rules and policies that are configurable down to the endpoint. While i could have done that with MAC rules on my Prosafe, i can do it much easier with my XG125W and i can get it down to the app level if i want. Our firewall was set up by a professional partner, and i would consider my self the "local admin". I know enough to get things going, i'm more the guy that IT professionals want on the other end of the phone as you can walk me through anything...i really like the "info" that SOPHOS makes available in certain fields that let you know what you are messing with. Above all that, another thing I'm impressed with is how much teaching and educating the Sophos team wants to do, since then i've had an opportunity to sit through 7 webinars, info is available on demand and the sophos community is very involved. So if you run into an issue, not due to the product but rather unfamiliarity with it, there is definitely a resource out there to help. One last thing, i also really like how easy it is to identify what AP my devices are connected to, this helped identify a deadspot that occurred as a result of someone causing it when dropping new taps. I just realized that i ranted quite a bit, to summarize...i like how clean easy to follow interface, the default policies and configurations you can use, the reports that are available, SSL VPN and how specific you can get with your firewall rules.

What do you dislike about the product?

This is a tough question because we've only had the firewall for about 1.5 months, since then we upgraded from 18.4 firmware to 18.5 ...I'm told that i wasn't supposed to lose settings, and i lost some of my configuration when the system applied the new firmware (lost my guest wifi, and certain firewall rules). In Sophos, defense, I do not know if this is a result of me being unfamiliar with certain things and something i should have left to the Sophos Partner to handle. Another downside, is that if you want to do business with Sophos, it HAS to be handled through a partner. I recently discovered that i need sophos intercept x endpoint protection to leverage this wonderful "heartbeat" feature of the firewall. Reaching out to get a quote was hard, once i was able to connect with some they told me that i had to work with a partner. As you can imagine, this then lead me to the concern that i would be paying less or more with one partner vs the other. Last, is that i wish it was very very clear that if you want the "heart beat" feature, that it is a paid license feature. I understand why it is the way it is, it really should be a licensed product, but having a really really great feature with the firewall not available unless you buy another license is something i did not like personally. But that is just me personally, I'm the type of person that doesn't like dealing with subscriptions and just wants to pay upfront and be done ( i realize that is no longer the age we live in).

What problems is the product solving and how is that benefiting you?

Problems I'm solving: feeling like i have extra protection on my network i have a centralized solution where i can monitor my network and to an extent my endpoints, i can monitor my network (more below)

Benefits I'm realizing: I knew i could monitor my network but did not know to what extent and ease. I can now monitor how much staff and WHO is wasting time on websites that are not business appropriate. i can look at apps or endpoints that are bandwidth hogs and find out why without needing to deploy another network monitoring too.

Recommendations to others considering the product:

I highly recommend the firewall and the access points they sale. Especially if you are in the small to mid capacity, if you are a small business that wants a one time set up and want someone else to manage it, this does it for you, if you want to manage it, this does it for you, if you want a one time set up and just leave as is you can pretty much do that to (as long as someone is staying on top of any updates, this applies to any technology you own) then this does it for you. The biggest recommendation i can give, is make sure that you CHOSE a partner that you want to work with, and that will be there to support you if something comes up. Because THEY or a Sophos partner will be the ones that will actually dealing with support should an issue arise. I wish i would have better researched that in the beginning, but its not a deal breaker it just means that i would still have gotten this device but instead researched my area for support response times, etc. In short, i think you will be very happy with the product, the person that is going to make it or break it for you in my opinion, is who you decide to partner with.

What do you like best about the product?

We have been a Sophos user for over 8 years, any time that we have had any type of problem or concern they are there to help quickly and they know how to support their products without getting bounced from person to person.
anyone will sell you a product, Sophos really cares and supports there customers1 that's money in the bank

What do you dislike about the product?

nothing at this time, why do i have to dislike something?

What problems is the product solving and how is that benefiting you?

Safer more stable network, that says it all

What do you like best about the product?

The strong web protection and the easy-to-use interface without compromising security.

What do you dislike about the product?

The NAT rule section. It was previously integrated within every firewall rule. Now it has its own section so it takes a bit longer to configure new firewall rules but I a, getting used to it

What problems is the product solving and how is that benefiting you?

I don't feel the need for extra endpoints protection and that saves our medium size business a lot of time and money. The Sophos does really good work at protecting the network from attacks and viruses. It also blocks the users from installing any applications that are not white-listed by Sophos.

What do you like best about the product?

I think that the base firewall features are able to be established by just about any user. More complex tools are available, as is a CLI for those who want to script a deployment. There are additional licensed features that help increase security for things like email scanning and web filtering as needed.

One feature that was useful was exporting partial configurations. This allowed us to upgrade models from smaller units by simply taking the configs to a different Sophos XG device through a relative simple process. It was less than 15 minutes to replace the smaller unit with a newer one.

An added bonus is the Sophos Community. The knowledge-base and discussions are deep which means being able to look up just about any configuration question or concern.

What do you dislike about the product?

Some features are buried a few layers deeper than needed in the web interface. This results in having to drill down a couple of levels to make changes, then going back to the base layer to enact them. Sophos should develop linked actions, like a wizard, to help complete tasks such as enabling VPN. This would help more basic users through setup faster.

Another problem is licensing and ownership change. After purchasing a firewall through secondary markets to test with, it was discovered the previous owner had to sign and file a release with Sophos. It took us over a month to get ownership changed and and another month to finally get a proper license assigned to the unit.

What problems is the product solving and how is that benefiting you?

The Sophos provides secure VPN access, something the business was doing by exposing a remote desktop server. Much tighter security has also prevented users through licensed web site filtering has reduced bandwidth overhead, allowing the business to hold off on ordering a larger circuit.