pfsense-vs-sophos-xg-firewall

pfSense, from Netgate and Sophos XG Firewall serve as entry level firewalls or options for small and midsize businesses. The Sophos XG Firewall is a full-featured firewall bundling Sophos’ security software and appliances. pfSense is an open source software solution based on the FreeBSD OS. It can run on Netgate’s own SG & XG appliances, as well as deploy virtually on AWS or Azure or on commodity computers, transforming the machine into a small or home office firewall, for an almost no-cost solution.

Sophos XG Firewall appears most in the middle-market, while pfSense appears most in budget constrained small businesses. They are competing solutions, however it is possible to use the Sophos XG Firewall for security with pfSense for other features like VPN, load balancing, etc.

Sophos XG Firewall has a free “home” edition which may be useful for single branch businesses or home offices as a basic firewall on commodity hardware; this option presents a direct alternative to the open source pfSense.

Features

There are some advantages to using pfSense and Sophos XG Firewall.

It is pfSense’s ease of use for ancillary firewall features where the solution shines. It has an effective and reliable VPN, and presents great NAT functionality. Its traffic control and load balancing are also excellent for the price point.

For the middle market Sophos XG Firewalls present little downside. They are easy to set up with antivirus to lockdown malware. The UI is attractive, clear, and easy to navigate. Product users describe Sophos as a security leader that frequently updates and supports its products well. These updates  make the Sophos XG Firewall an easy to use solution.

Limitations

pfSense and Sophos XG Firewall might not be the right choice for a network, as these are both mid-tier or entry level solutions.

Additionally, pfSense is almost DIY, which can leave the administrator struggling to configure the security product as needed. There is little support aside from the open source community, and without enterprise grade support users are stuck with trial and error for complex set up and tasks. A sophisticated, patient user is a requirement to get the most out of pfSense.

In contrast, Sophos XG Firewalls have complex licensing varying by feature and region, which may be difficult to track, but it may help keep overall costs down. Sophos XG Firewall users surface more specific complaints in complex use cases and deployments. For instance, reviewers cite  lack of clear diagnostics, confusing configuration workflows, inadequate bandwidth throttling, and other general breakdown of administrator confidence. There may be a network complexity ceiling beyond which the Sophos XG Firewall is not ideal.

Pricing

pfSense is open source and doesn’t cost anything on its own. The only related costs are from associated hardware, or paying a little extra to find a sophisticated admin to get it to do what is required.

Sophos provides pricing on request but their XG Firewalls are available from VARs and online resellers, and can run a small business about $300. Most models through the 200 and 300 product lines vary in cost from about $2k to $3k, while the high end XG 750 with 3-year fully featured UTM license (3-year) can be started now for about $90k. A license of some kind is required for NGFW features. Sophos’ associated EnterpriseGuard Plus license can be started for under $2000 (3-year license, XG135), to $21.5k (3-year, for the XG-430).

For a home office, Sophos XG Firewall software can be installed on an Intel-compatible machine at no cost (it will overwrite any existing Operating System). This may be an option for small, single branch locations that want to set up basic firewall capabilities on commodity hardware, and provides a free trial to familiarize users with the product.