Sophos Firewall and Fortinet FortiGate are high-quality firewalls that help businesses protect their networks from threat actors. Sophos is a strong choice for teams with limited budgets or any businesses needing a particularly easy-to-use interface. Fortinet is great for organizations of all sizes, especially those looking for advanced capabilities. I’ve evaluated each firewall’s features, pricing, and usability to help you decide which is better for your business.
- Sophos Firewall: Better for cost, support, and small-team needs (smallest appliances start around $400-$1,000)
- Fortinet FortiGate: Better for features, usability, and administration (smallest appliances start around $300-$1,000)
Table of Contents
Sophos vs Fortinet at a Glance
The following table covers some similarities and differences between Sophos Firewall and FortiGate, including key features, pricing, and deployment options.
Average Starting Prices for SMB Firewalls | $400-$1,500 | $200-$1,600 |
Average Starting Prices for Mid-Sized Firewalls | $2,300-$13,000 | $2,000-$20,000 |
Average Starting Prices for Enterprise Firewalls | $19,000-$99,000 | $40,000-$300,000 |
Deployment Methods | Hardware, virtual, cloud, software image deployed on servers | Hardware, virtual, cloud |
Key Features | URL filtering, deep packet inspection, dynamic routing, log management, advanced threat protection | URL filtering, deep packet inspection, dynamic routing, log management, anti-malware, privilege access management |
Visit Sophos | Visit Fortinet |
Based on my evaluation, FortiGate is the better overall firewall solution because of its strong enterprise features and administrative capabilities. However, Sophos is also a great product and is very popular with customers, particularly in the small business realm. Continue reading for my analysis of Sophos Firewall’s and FortiGate’s features, pricing, and ideal use cases, or jump down to see my methods of scoring both.
Sophos Firewall Overview
Better for Cost, Support & Small-Team Needs
Overall Rating: 4/5
- Core features: 4.3/5
- Pricing: 4.8/5
- Ease of use: 3.9/5
- Administration: 3.3/5
- Customer support: 3.8/5
- Advanced features: 2.9/5
Network and endpoint security vendor Sophos offers both hardware and software-based firewalls. It provides cloud and virtual machine deployments, as well as the choice to deploy Sophos as a software image on your business’s own servers. Sophos’ features include URL filtering and log management. It’s ideal for small and mid-sized organizations because of its easy-to-use management console and prices, but it’s a strong choice for larger teams as well.
Pros & Cons
Pros | Cons |
---|---|
Excellent user reviews for usability | Some user complaints about reporting options |
Large range of core firewall features | No full managed service option |
Multiple support channels, including phone | Lacks some policy enforcement specifications |
Key Features
- Log management: Admins can view reports generated using Sophos log files and view device events and audit logs, depending on their company’s license.
- Threat intelligence add-on: Intelix, a threat intel product integrated into Sophos’ other products, helps protect customers from zero-day attacks.
- Deep packet inspection: Sophos Firewall uses a DPI engine to examine and block bad traffic without significantly slowing overall traffic rates.
- Firewall groups: Admins can assign multiple firewalls to specific groups and then apply changes to the entire group rather than each individual firewall.
- Advanced threat protection: More detailed criteria, like IP- and host-based threat scanning exemptions, help you specify which traffic to accept or drop.
To learn more, read our in-depth review of Sophos Firewall and its features and pricing.
Fortinet FortiGate Overview
Better for Features, Usability, Administration & Enterprise Needs
Overall Rating: 4.3/5
- Core features: 4.3/5
- Pricing: 4.5/5
- Ease of use: 4.5/5
- Administration: 5/5
- Customer support: 3.4/5
- Advanced features: 3/5
FortiGate is network security vendor Fortinet’s firewall product, with multiple deployment options โ including virtual machines โ and multi-firewall management through FortiManager. It provides one year of log retention and redundancy options, like clustering and life support protocols. Admins can view charts and dashboards of their firewall environment in the FortiManager portal, their main management console for all their FortiGate products.
Pros & Cons
Pros | Cons |
---|---|
Plenty of network security features | No email or live chat support |
Option to use FortiGuard Lab services | Lacks some policy enforcement specifications |
Available as a managed service | Some appliances can be expensive |
Key Features
- Reports: Fortinet admins are able to generate reports both locally and through FortiGate Cloud and schedule them as well.
- Routing options: Dynamic and policy-based routing helps businesses optimize their network performance and direct traffic more efficiently.
- URL filtering: Through a FortiGuard service, you’re able to filter web URLs for potential malware, phishing, or credential theft.
- Sandboxing: With FortiSandbox, customers can analyze traffic samples, URLs, and computer files for suspicious activity or active threats.
- Anti-malware: FortiGuard Labs’ anti-malware service helps customers find threats like viruses.
Better for Pricing: Sophos
Desktop & SMB Firewalls | Models start between $400-$1,500 | Models start between $200-$1,600 |
Mid-Sized Firewalls | Models start between $2,300-$13,000 | Models start between $2,000-$20,000 |
Enterprise & Data Center Firewalls | Models start between $19,000-$99,000 | Models start between $40,000-$300,000 |
Visit Sophos | Visit Fortinet |
Winner: Both Sophos and Fortinet are generally considered good firewall solutions for SMBs, but Sophos takes the lead here for having more affordable enterprise models.
Fortinet offers entry-level branch firewalls, mid-range or campus models, and data center appliances, as well as FortiGate-as-a-Service deployments. Its least expensive model, the 40F, starts around $360. Midrange FortiGate models range from the 100F, starting around $2,000, to the 900G, which starts around $20,000. Prices for the enterprise models start at around $40,000 and run into the hundreds of thousands.
Sophos’ firewalls are similarly priced, with desktop models, the midsized XGS 1U, and the larger-scale XGS 2U. The smallest units’ base prices start between $400 and $600, while mid-sized appliances range from $2,000 to $20,000. Enterprise customers can expect to pay a starting price of $19,000-$99,000 for 2U models. Keep in mind that starting prices typically don’t include the additional protection modules, like Xstream, but only the appliance.
Better for Core Features: Tie
Reporting Tools | Yes | Yes |
Support for SD-WAN | Yes | Yes |
Zero Trust Network Access | Available through another Sophos product | Available through another Fortinet product |
Deep Packet Inspection | Yes | Yes |
URL Filtering | Yes | Yes |
Dynamic or Policy-Based Routing | Both | Both |
Visit Sophos | Visit Fortinet |
Winner: Both Sophos and Fortinet stand out for their wide range of network protection and management features.
Sophos offers standard next-generation firewall features like filtering URLs for malicious addresses and closely inspecting traffic packets. It allows admins to base traffic routing on dynamic situations, for improved flexibility, and also on predefined policies. Through Sophos Central, the management console for all Sophos products, admins can use prepackaged report templates or customize their own.
FortiGate has plenty of basic firewall features, including SD-WAN connectivity and IPSec virtual private network (VPN) tunneling. With a FortiGuard Labs security subscription, you can turn on intrusion prevention features for your network infrastructure. Fortinet customers also benefit from dynamic and policy-based routing. Fortinet also offers threat intelligence functionality through FortiGuard Labs, which can send threat alerts to your email if you so choose.
Better for Advanced Features: Fortinet
Built-In RAID | Yes | Yes |
Sandboxing | Through XStream bundle | Through FortiSandbox |
Advanced Threat Protection | Yes | Part of another Fortinet solution |
Operational Technology Security | No | Through FortiGuard Labs |
Privilege Access Management | No | Available as separate product |
Anti-Malware | No | Through FortiGuard Labs |
Visit Sophos | Visit Fortinet |
Winner: Fortinet’s range of advanced features make it a great choice for large enterprises, though Sophos has plenty to offer, too.
Sophos’ enterprise firewalls, the 2U series, have built-in RAID for improved performance after potential hardware or network failures. This redundancy decreases the chances that you’ll lose data in an outage. Other advanced capabilities include advanced threat protection, which allows teams to significantly customize the traffic they want to block or permit, and sandboxing, which is available through the Sophos Xstream bundle.
Fortinet receives the edge here for having more features for large enterprise needs. Its FortiGuard Labs services are available to FortiGate users, whether free or through a subscription, so customers benefit from features like DNS security and zero-day prevention. FortiGuard Labs also performs virtual patching for operational technology (OT) devices. Fortinet offers sandboxing through its FortiSandbox product.
Better for Ease of Use: Fortinet
Knowledge Base / Documentation Portal | Yes | Yes |
Single Pane of Glass Management Console | Yes | Yes |
Available as Managed Service | No | Yes |
Deployment Options | Cloud, hardware, virtual, software installed on business servers | Cloud, hardware, virtual |
Visit Sophos | Visit Fortinet |
Winner: Fortinet has the edge here for its managed service option, though both firewalls are known for their usability.
Sophos is widely considered an easy-to-use firewall product and is extremely popular with smaller teams. While customers ran into some snags with earlier iterations of the XG firewall series, it looks like the XGS has become much more successful and stable. Admins can manage all Sophos firewalls from a single console, Sophos Central, which has plenty of administrative options like dashboards and analytics.
Fortinet gives customers the option to have FortiGate vendor-managed, which is helpful for teams with a limited network infrastructure. But customers can also deploy FortiGate as a physical appliance, in the cloud, or on virtual machines. FortiGate’s documentation includes admin guides, release notes, and reference manuals. Fortinet’s network security products are generally considered easy to use in the overall firewall market.
Read more about different types of network security solutions aside from firewalls, including cloud security and virtual private networks.
Better for Administration: Fortinet
Multi-Firewall Management | Yes โ Sophos Central | Yes โ FortiManager |
Role-Based Access Controls | Unclear | Through identity and access management features |
Dashboards | Yes | Yes |
High Availability / RAID | Yes | Yes |
One Year Log Retention | No | Yes |
Visit Sophos | Visit Fortinet |
Winner: Fortinet has the advantage here for its year of log retention, plus security features like role-based access controls.
Sophos users have the ability to set high availability by synchronizing two grouped firewalls’ configuration so the firewall fails over in case of an outage or attack. This helps maintain performance for overall security and traffic processing. Sophos’ main portal, Sophos Central, allows customers to manage all firewalls from one location. Log retention is limited compared to Fortinet’s, with actual numbers not clearly specified.
FortiGate’s advanced capabilities make it one of the top enterprise firewalls in the world, and its administrative features are no different. Through FortiManager, network and security admins can set security policies, facilitate tech integrations with any of Fortinet’s relevant partners, and use REST APIs and scripts. Fortinet allows customers to retain firewall-related logs for a year, and they also have high availability options like clustering.
Better for Customer Support: Sophos
Support Team Hours | 24/7 | 24/7 |
Phone | Yes | Yes |
No | No | |
Live Chat | Yes | No |
Scheduled Demo and YouTube Demo Options | Scheduled only | Scheduled only |
Technical Account Manager Available | Yes | Yes |
Visit Sophos | Visit Fortinet |
Winner: Both have standard support options for the industry, but Sophos offers a bit more channel flexibility.
Sophos has multiple support plans, including a plan designed specifically for teams that want a technical account manager. Support channel options include phone and live chat. Sophos requires all critical or high severity incidents to be submitted via telephone for adequate prioritization. Scheduled demos are available to all potential customers; however, Sophos doesn’t have great options for self-service demos, like YouTube walkthroughs.
Like Sophos, Fortinet offers phone support, with multiple phone numbers cited for the vendor online. There’s no email or live chat options mentioned, but customers have access to 24/7 service as needed. Customers also have the option to work with a technical account manager if they wish through FortiCare services. These services are per-device, and support for those devices is also offered 24/7. Fortinet also doesn’t have self-service demo options like YouTube.
Who Shouldnโt Use Sophos Firewall or Fortinet FortiGate
Sophos and Fortinet have outstanding next-gen firewall products, but they won’t be the best fit for every business’s or security team’s needs.
Who Shouldnโt Use Sophos Firewall
You may want to look elsewhere if your business is one of the following:
- Businesses looking for fully managed firewall services: Sophos doesn’t have a managed service option strictly for its firewalls.
- Larger teams that want lots of enterprise features: While Sophos offers next-gen firewall capabilities, it has fewer than some competitors, including Fortinet.
- Admins that want extensive log retention: Sophos isn’t clear on how long it stores firewall logs, and admins may run into trouble if they want a year’s worth.
Who Shouldnโt Use Fortinet FortiGate
I recommend considering other firewalls if you fit any of these categories:
- Startups looking for the most affordable firewall: Fortinet offers plenty of low-cost firewall options, but it may be too expensive for some startups and SMBs.
- Teams that need tag or attribute-based policies: Fortinet doesn’t provide much information on policy enforcement based on specific tags or attributes.
- Admins that want email or live chat support: Fortinet does offer phone support, but if you’d like email or live chat, you’ll need to look elsewhere.
3 Best Alternatives to Sophos Firewall & Fortinet FortiGate
While Sophos Firewall and Fortinet FortiGate are some of the best enterprise firewall options in the industry, they won’t be a perfect fit for every team. If your business would benefit better from another product, check out Palo Alto NGFW, Check Point Quantum, and Juniper Networks’ SRX Series.
Palo Alto NGFW
Network security giant Palo Alto offers multiple next-gen firewall models for branch, campus, data center, cloud, and mobile 5G environments. Firewall deployment options include cloud, container, virtual, and hardware. The hardware firewalls are Palo Alto’s PA Series, with features like traffic decryption, user-based access policies, and machine-learning-based threat detection.
Palo Alto is generally on the more expensive side and is a great option for large enterprises that can afford its excellent security and advanced features. Contact Palo Alto’s sales team for specific prices for the PA-Series, VM-Series, and CN-Series.
Check Point Quantum
Check Point Software Technologies offers the Quantum Gateway series of firewalls to businesses in all types of environments, including rugged ones like power plants and construction zones. Key capabilities include threat prevention tools, APIs for third-party SOC integrations, and the option to cluster firewalls and hyperscale.
If your business wants to sandbox malware, you can add Check Point SandBlast, a sandboxing and zero-day protection product, to your Quantum Gateway. Contact Check Point for pricing information specific to your organization. Reseller pricing for the Check Point Quantum 16200 starts around $117,000, including a SandBlast subscription.
Juniper Networks SRX Series
Juniper Networks’ SRX Series of firewalls offers features like WAN connectivity, intrusion prevention, antivirus, and role-based firewall controls. Juniper also has its own operating system, Junos, which powers all the firewalls. Admins can create and deploy security policies using Juniper Security Director Cloud, a single-UI product that also helps teams stop network threats and attacks.
The SRX Series is ideal for virtualized and containerized environments, offering the vSRX virtual firewall. You can purchase the vSRX through cloud providers like AWS, which prices the vSRX software at $0.65 per hour. Pricing for the SRX300 appliance starts between $600-$800.
If none of these solutions sound like a good choice for your business, check out our guide to the best NGFWs next. This list also includes Forcepoint and Cisco.
How I Compared Sophos Firewall & Fortinet FortiGate
I developed a rubric to score both firewalls, which included six major categories that firewall buyers should take into consideration. Each category received its own weighting based on importance, and each had multiple subcriteria. I evaluated how well Sophos and Fortinet met the subcriteria. The six categories included the most important firewall features, appliance pricing, usability, administrative features, support options, and nice-to-have advanced features.
Core Features โ 25%
I considered whether Sophos and Fortinet offered a wide variety of core features, including deep packet inspection, URL filtering, and support for SD-WAN. Additionally, I evaluated whether the vendors offered a dedicated operating system for the firewalls.
Pricing โ 20%
I compared pricing of hardware appliances, including desktop units, mid-sized firewalls, and enterprise-grade appliances. I also looked at free trial availability and length.
Ease of Use โ 20%
I evaluated Sophos Firewall and FortiGate’s general usability, including availability of documentation, firewall rules and policies, and number and type of deployment options. I looked at whether the firewalls were available as a managed service.
Administration โ 15%
To analyze administrative capabilities, I looked at tools like log retention, role-based access controls, and high availability options. Then I considered whether the firewall management system allowed teams to view all vendor firewall instances from one console.
Customer Support โ 10%
I evaluated customer support team availability and channels like phone, email, and live chat. I analyzed demo options and whether each vendor offered the option of a technical account manager.
Advanced Features โ 10%
I considered advanced firewall capabilities like built-in RAID, access to sandboxes, and advanced threat protection. Additionally, I evaluated types of policy enforcement and privilege access management features.
Bottom Line: Sophos Firewall vs Fortinet FortiGate
Both Sophos and Fortinet offer outstanding firewall products that are popular within the network security industry. Each is famous for being a good choice for smaller businesses, but I’d recommend Sophos overall for the smallest and least experienced teams. Likewise, while each has plenty of features to offer large enterprises, I’d suggest FortiGate for the most advanced business needs.
Firewalls, particularly next-gen solutions, are a great start to protecting your network, but they are only one component. Check out our guide to securing your business network for more tips, including regularly auditing your network.