Sophos XG vs Fortinet Fortigate: 2024 Firewall Comparison

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Sophos Firewall and Fortinet FortiGate are high-quality firewalls that help businesses protect their networks from threat actors. Sophos is a strong choice for teams with limited budgets or any businesses needing a particularly easy-to-use interface. Fortinet is great for organizations of all sizes, especially those looking for advanced capabilities. I’ve evaluated each firewall’s features, pricing, and usability to help you decide which is better for your business.

  • Sophos Firewall: Better for cost, support, and small-team needs (smallest appliances start around $400-$1,000)
  • Fortinet FortiGate: Better for features, usability, and administration (smallest appliances start around $300-$1,000)

Sophos vs Fortinet at a Glance

The following table covers some similarities and differences between Sophos Firewall and FortiGate, including key features, pricing, and deployment options.

Sophos logoFortinet logo
Average Starting Prices for SMB Firewalls$400-$1,500$200-$1,600
Average Starting Prices for Mid-Sized Firewalls$2,300-$13,000$2,000-$20,000
Average Starting Prices for Enterprise Firewalls$19,000-$99,000$40,000-$300,000
Deployment MethodsHardware, virtual, cloud, software image deployed on serversHardware, virtual, cloud
Key FeaturesURL filtering, deep packet inspection, dynamic routing, log management, advanced threat protectionURL filtering, deep packet inspection, dynamic routing, log management, anti-malware, privilege access management
Visit SophosVisit Fortinet

Based on my evaluation, FortiGate is the better overall firewall solution because of its strong enterprise features and administrative capabilities. However, Sophos is also a great product and is very popular with customers, particularly in the small business realm. Continue reading for my analysis of Sophos Firewall’s and FortiGate’s features, pricing, and ideal use cases, or jump down to see my methods of scoring both.

Sophos icon.

Sophos Firewall Overview

Better for Cost, Support & Small-Team Needs

Overall Rating: 4/5

  • Core features: 4.3/5
  • Pricing: 4.8/5
  • Ease of use: 3.9/5
  • Administration: 3.3/5
  • Customer support: 3.8/5
  • Advanced features: 2.9/5

Network and endpoint security vendor Sophos offers both hardware and software-based firewalls. It provides cloud and virtual machine deployments, as well as the choice to deploy Sophos as a software image on your business’s own servers. Sophos’ features include URL filtering and log management. It’s ideal for small and mid-sized organizations because of its easy-to-use management console and prices, but it’s a strong choice for larger teams as well.

Pros & Cons

ProsCons
Excellent user reviews for usabilitySome user complaints about reporting options
Large range of core firewall featuresNo full managed service option
Multiple support channels, including phoneLacks some policy enforcement specifications

Key Features

  • Log management: Admins can view reports generated using Sophos log files and view device events and audit logs, depending on their company’s license.
  • Threat intelligence add-on: Intelix, a threat intel product integrated into Sophos’ other products, helps protect customers from zero-day attacks.
  • Deep packet inspection: Sophos Firewall uses a DPI engine to examine and block bad traffic without significantly slowing overall traffic rates.
  • Firewall groups: Admins can assign multiple firewalls to specific groups and then apply changes to the entire group rather than each individual firewall.
  • Advanced threat protection: More detailed criteria, like IP- and host-based threat scanning exemptions, help you specify which traffic to accept or drop.

To learn more, read our in-depth review of Sophos Firewall and its features and pricing.

Fortinet icon.

Fortinet FortiGate Overview

Better for Features, Usability, Administration & Enterprise Needs

Overall Rating: 4.3/5

  • Core features: 4.3/5
  • Pricing: 4.5/5
  • Ease of use: 4.5/5
  • Administration: 5/5
  • Customer support: 3.4/5
  • Advanced features: 3/5

FortiGate is network security vendor Fortinet’s firewall product, with multiple deployment options โ€” including virtual machines โ€” and multi-firewall management through FortiManager. It provides one year of log retention and redundancy options, like clustering and life support protocols. Admins can view charts and dashboards of their firewall environment in the FortiManager portal, their main management console for all their FortiGate products.

Pros & Cons

ProsCons
Plenty of network security featuresNo email or live chat support 
Option to use FortiGuard Lab servicesLacks some policy enforcement specifications
Available as a managed serviceSome appliances can be expensive

Key Features

  • Reports: Fortinet admins are able to generate reports both locally and through FortiGate Cloud and schedule them as well.
  • Routing options: Dynamic and policy-based routing helps businesses optimize their network performance and direct traffic more efficiently.
  • URL filtering: Through a FortiGuard service, you’re able to filter web URLs for potential malware, phishing, or credential theft.
  • Sandboxing: With FortiSandbox, customers can analyze traffic samples, URLs, and computer files for suspicious activity or active threats.
  • Anti-malware: FortiGuard Labs’ anti-malware service helps customers find threats like viruses.

Better for Pricing: Sophos

Sophos logoFortinet logo
Desktop & SMB FirewallsModels start between $400-$1,500Models start between $200-$1,600
Mid-Sized FirewallsModels start between $2,300-$13,000Models start between $2,000-$20,000
Enterprise & Data Center FirewallsModels start between $19,000-$99,000Models start between $40,000-$300,000
Visit SophosVisit Fortinet

Winner: Both Sophos and Fortinet are generally considered good firewall solutions for SMBs, but Sophos takes the lead here for having more affordable enterprise models.

Fortinet offers entry-level branch firewalls, mid-range or campus models, and data center appliances, as well as FortiGate-as-a-Service deployments. Its least expensive model, the 40F, starts around $360. Midrange FortiGate models range from the 100F, starting around $2,000, to the 900G, which starts around $20,000. Prices for the enterprise models start at around $40,000 and run into the hundreds of thousands.

Sophos Firewall deployment options.

Sophos’ firewalls are similarly priced, with desktop models, the midsized XGS 1U, and the larger-scale XGS 2U. The smallest units’ base prices start between $400 and $600, while mid-sized appliances range from $2,000 to $20,000. Enterprise customers can expect to pay a starting price of $19,000-$99,000 for 2U models. Keep in mind that starting prices typically don’t include the additional protection modules, like Xstream, but only the appliance.

FortiGate models.

Better for Core Features: Tie

Sophos logoFortinet logo
Reporting ToolsYesYes
Support for SD-WANYesYes
Zero Trust Network AccessAvailable through another Sophos productAvailable through another Fortinet product
Deep Packet InspectionYesYes
URL FilteringYesYes
Dynamic or Policy-Based RoutingBothBoth
Visit SophosVisit Fortinet

Winner: Both Sophos and Fortinet stand out for their wide range of network protection and management features.

Sophos offers standard next-generation firewall features like filtering URLs for malicious addresses and closely inspecting traffic packets. It allows admins to base traffic routing on dynamic situations, for improved flexibility, and also on predefined policies. Through Sophos Central, the management console for all Sophos products, admins can use prepackaged report templates or customize their own.

Sophos Firewall traffic routing.

FortiGate has plenty of basic firewall features, including SD-WAN connectivity and IPSec virtual private network (VPN) tunneling. With a FortiGuard Labs security subscription, you can turn on intrusion prevention features for your network infrastructure. Fortinet customers also benefit from dynamic and policy-based routing. Fortinet also offers threat intelligence functionality through FortiGuard Labs, which can send threat alerts to your email if you so choose.

FortiGate IPsec configuration.

Better for Advanced Features: Fortinet

Sophos logoFortinet logo
Built-In RAIDYesYes
SandboxingThrough XStream bundleThrough FortiSandbox
Advanced Threat ProtectionYesPart of another Fortinet solution
Operational Technology SecurityNoThrough FortiGuard Labs
Privilege Access ManagementNoAvailable as separate product
Anti-MalwareNoThrough FortiGuard Labs
Visit SophosVisit Fortinet

Winner: Fortinet’s range of advanced features make it a great choice for large enterprises, though Sophos has plenty to offer, too.

Sophos’ enterprise firewalls, the 2U series, have built-in RAID for improved performance after potential hardware or network failures. This redundancy decreases the chances that you’ll lose data in an outage. Other advanced capabilities include advanced threat protection, which allows teams to significantly customize the traffic they want to block or permit, and sandboxing, which is available through the Sophos Xstream bundle.

Sophos Firewall advanced threat protection.

Fortinet receives the edge here for having more features for large enterprise needs. Its FortiGuard Labs services are available to FortiGate users, whether free or through a subscription, so customers benefit from features like DNS security and zero-day prevention. FortiGuard Labs also performs virtual patching for operational technology (OT) devices. Fortinet offers sandboxing through its FortiSandbox product.

FortiSandbox dashboard.

Better for Ease of Use: Fortinet

Sophos logoFortinet logo
Knowledge Base / Documentation PortalYesYes
Single Pane of Glass Management ConsoleYesYes
Available as Managed ServiceNoYes
Deployment OptionsCloud, hardware, virtual, software installed on business serversCloud, hardware, virtual
Visit SophosVisit Fortinet

Winner: Fortinet has the edge here for its managed service option, though both firewalls are known for their usability.

Sophos is widely considered an easy-to-use firewall product and is extremely popular with smaller teams. While customers ran into some snags with earlier iterations of the XG firewall series, it looks like the XGS has become much more successful and stable. Admins can manage all Sophos firewalls from a single console, Sophos Central, which has plenty of administrative options like dashboards and analytics.

Sophos knowledge base.

Fortinet gives customers the option to have FortiGate vendor-managed, which is helpful for teams with a limited network infrastructure. But customers can also deploy FortiGate as a physical appliance, in the cloud, or on virtual machines. FortiGate’s documentation includes admin guides, release notes, and reference manuals. Fortinet’s network security products are generally considered easy to use in the overall firewall market.

Read more about different types of network security solutions aside from firewalls, including cloud security and virtual private networks.

Better for Administration: Fortinet

Sophos logoFortinet logo
Multi-Firewall ManagementYes โ€” Sophos CentralYes โ€” FortiManager
Role-Based Access ControlsUnclearThrough identity and access management features
DashboardsYesYes
High Availability / RAIDYesYes
One Year Log RetentionNoYes
Visit SophosVisit Fortinet

Winner: Fortinet has the advantage here for its year of log retention, plus security features like role-based access controls.

Sophos users have the ability to set high availability by synchronizing two grouped firewalls’ configuration so the firewall fails over in case of an outage or attack. This helps maintain performance for overall security and traffic processing. Sophos’ main portal, Sophos Central, allows customers to manage all firewalls from one location. Log retention is limited compared to Fortinet’s, with actual numbers not clearly specified.

Sophos Firewall management through Sophos Central.

FortiGate’s advanced capabilities make it one of the top enterprise firewalls in the world, and its administrative features are no different. Through FortiManager, network and security admins can set security policies, facilitate tech integrations with any of Fortinet’s relevant partners, and use REST APIs and scripts. Fortinet allows customers to retain firewall-related logs for a year, and they also have high availability options like clustering.

FortiManager interface.

Better for Customer Support: Sophos

Sophos logoFortinet logo
Support Team Hours24/724/7
PhoneYesYes
EmailNoNo
Live ChatYesNo
Scheduled Demo and YouTube Demo OptionsScheduled onlyScheduled only
Technical Account Manager AvailableYesYes
Visit SophosVisit Fortinet

Winner: Both have standard support options for the industry, but Sophos offers a bit more channel flexibility.

Sophos has multiple support plans, including a plan designed specifically for teams that want a technical account manager. Support channel options include phone and live chat. Sophos requires all critical or high severity incidents to be submitted via telephone for adequate prioritization. Scheduled demos are available to all potential customers; however, Sophos doesn’t have great options for self-service demos, like YouTube walkthroughs.

Sophos Firewall demo.

Like Sophos, Fortinet offers phone support, with multiple phone numbers cited for the vendor online. There’s no email or live chat options mentioned, but customers have access to 24/7 service as needed. Customers also have the option to work with a technical account manager if they wish through FortiCare services. These services are per-device, and support for those devices is also offered 24/7. Fortinet also doesn’t have self-service demo options like YouTube.

Fortinet FortiGate demo.

Who Shouldnโ€™t Use Sophos Firewall or Fortinet FortiGate

Sophos and Fortinet have outstanding next-gen firewall products, but they won’t be the best fit for every business’s or security team’s needs.

Who Shouldnโ€™t Use Sophos Firewall

You may want to look elsewhere if your business is one of the following:

  • Businesses looking for fully managed firewall services: Sophos doesn’t have a managed service option strictly for its firewalls.
  • Larger teams that want lots of enterprise features: While Sophos offers next-gen firewall capabilities, it has fewer than some competitors, including Fortinet.
  • Admins that want extensive log retention: Sophos isn’t clear on how long it stores firewall logs, and admins may run into trouble if they want a year’s worth.

Who Shouldnโ€™t Use Fortinet FortiGate

I recommend considering other firewalls if you fit any of these categories:

  • Startups looking for the most affordable firewall: Fortinet offers plenty of low-cost firewall options, but it may be too expensive for some startups and SMBs.
  • Teams that need tag or attribute-based policies: Fortinet doesn’t provide much information on policy enforcement based on specific tags or attributes.
  • Admins that want email or live chat support: Fortinet does offer phone support, but if you’d like email or live chat, you’ll need to look elsewhere.

3 Best Alternatives to Sophos Firewall & Fortinet FortiGate

While Sophos Firewall and Fortinet FortiGate are some of the best enterprise firewall options in the industry, they won’t be a perfect fit for every team. If your business would benefit better from another product, check out Palo Alto NGFW, Check Point Quantum, and Juniper Networks’ SRX Series.

Palo Alto NGFW

Network security giant Palo Alto offers multiple next-gen firewall models for branch, campus, data center, cloud, and mobile 5G environments. Firewall deployment options include cloud, container, virtual, and hardware. The hardware firewalls are Palo Alto’s PA Series, with features like traffic decryption, user-based access policies, and machine-learning-based threat detection.

Palo Alto is generally on the more expensive side and is a great option for large enterprises that can afford its excellent security and advanced features. Contact Palo Alto’s sales team for specific prices for the PA-Series, VM-Series, and CN-Series.

Palo Alto NGFW management.

Check Point Quantum

Check Point Software Technologies offers the Quantum Gateway series of firewalls to businesses in all types of environments, including rugged ones like power plants and construction zones. Key capabilities include threat prevention tools, APIs for third-party SOC integrations, and the option to cluster firewalls and hyperscale.

If your business wants to sandbox malware, you can add Check Point SandBlast, a sandboxing and zero-day protection product, to your Quantum Gateway. Contact Check Point for pricing information specific to your organization. Reseller pricing for the Check Point Quantum 16200 starts around $117,000, including a SandBlast subscription.

Check Point firewall management.

Juniper Networks SRX Series

Juniper Networks’ SRX Series of firewalls offers features like WAN connectivity, intrusion prevention, antivirus, and role-based firewall controls. Juniper also has its own operating system, Junos, which powers all the firewalls. Admins can create and deploy security policies using Juniper Security Director Cloud, a single-UI product that also helps teams stop network threats and attacks.

The SRX Series is ideal for virtualized and containerized environments, offering the vSRX virtual firewall. You can purchase the vSRX through cloud providers like AWS, which prices the vSRX software at $0.65 per hour. Pricing for the SRX300 appliance starts between $600-$800.

Juniper SRX syslog server configuration.
Image credit: ManageEngine

If none of these solutions sound like a good choice for your business, check out our guide to the best NGFWs next. This list also includes Forcepoint and Cisco.

How I Compared Sophos Firewall & Fortinet FortiGate

I developed a rubric to score both firewalls, which included six major categories that firewall buyers should take into consideration. Each category received its own weighting based on importance, and each had multiple subcriteria. I evaluated how well Sophos and Fortinet met the subcriteria. The six categories included the most important firewall features, appliance pricing, usability, administrative features, support options, and nice-to-have advanced features.

Core Features โ€“ 25%

I considered whether Sophos and Fortinet offered a wide variety of core features, including deep packet inspection, URL filtering, and support for SD-WAN. Additionally, I evaluated whether the vendors offered a dedicated operating system for the firewalls.

Pricing โ€“ 20%

I compared pricing of hardware appliances, including desktop units, mid-sized firewalls, and enterprise-grade appliances. I also looked at free trial availability and length.

Ease of Use โ€“ 20%

I evaluated Sophos Firewall and FortiGate’s general usability, including availability of documentation, firewall rules and policies, and number and type of deployment options. I looked at whether the firewalls were available as a managed service.

Administration โ€“ 15%

To analyze administrative capabilities, I looked at tools like log retention, role-based access controls, and high availability options. Then I considered whether the firewall management system allowed teams to view all vendor firewall instances from one console.

Customer Support โ€“ 10%

I evaluated customer support team availability and channels like phone, email, and live chat. I analyzed demo options and whether each vendor offered the option of a technical account manager.

Advanced Features โ€“ 10%

I considered advanced firewall capabilities like built-in RAID, access to sandboxes, and advanced threat protection. Additionally, I evaluated types of policy enforcement and privilege access management features.

Bottom Line: Sophos Firewall vs Fortinet FortiGate

Both Sophos and Fortinet offer outstanding firewall products that are popular within the network security industry. Each is famous for being a good choice for smaller businesses, but I’d recommend Sophos overall for the smallest and least experienced teams. Likewise, while each has plenty of features to offer large enterprises, I’d suggest FortiGate for the most advanced business needs.

Firewalls, particularly next-gen solutions, are a great start to protecting your network, but they are only one component. Check out our guide to securing your business network for more tips, including regularly auditing your network.

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Jenna Phipps Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.




Top Cybersecurity Companies

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis