We just raised a $30M Series A: Read our story

Palo Alto Networks VM-Series Competitors and Alternatives

Get our free report covering Microsoft, Fortinet, Cisco, and other competitors of Palo Alto Networks VM-Series. Updated: November 2021.
554,529 professionals have used our research since 2012.

Read reviews of Palo Alto Networks VM-Series competitors and alternatives

TonyMoore
President at www.virtualtechsolutionsusa.com
Real User
Top 5Leaderboard
Prevent unauthorized use of network resources and integrate branch offices with reliability

Pros and Cons

  • "Completely integrates branch offices with perimeter security."
  • "The capabilities for scalability with this product are huge"
  • "Cisco is head-and-shoulders above all of the competition when it comes to technical support."
  • "The pricing is the only con for this product."

What is our primary use case?

Some of our uses for this product are on-premise-based and then some are cloud-based. Mostly, we are cloud-based right now because we are getting away from physical architecture moving forward into the cloud as is Cisco. It allows going from considering CapEx (Capital Expenditure) to OpEx (Operating Expense, Operating Expenditure). That is one of the important things that it allows us to do. It is easier to have solutions cloud-based when it makes sense. All the updates and maintenance get taken care of on their side which is a benefit.  

On the cloud, we have both public and private services. It depends on what we are doing. If we have a client that is a hospital, they have got to be HIPAA (Health Insurance Portability and Accountability Act) compliant. We also recommend private cloud services for some huge retailers that have to be PCI (Payment Card Industry) compliant.  

We use it mostly just for prevention. Basically to prevent unauthorized use of network resources. They use it for routing capabilities, threat mitigation, worms, and viruses. A lot of times, it is used for the network application layer threat.  

How has it helped my organization?

The solution does not do anything for us directly as we use it with other clients. We are a large IT company. We hear from clients who tell us what they want. We just find solutions for what they tell us they need. Everyone has a different flavor of what they are looking for and what they are looking to fix.  

The Cisco IOS (Internetwork Operating System) firewalls are mostly set up for branch offices in small to medium business environments or for managed services. Those are the clients we usually use this solution for. It is usually only used for a specific thing to fill a specific need. It might be NAT (Network Address Translation), it might be a guideline or restrictions, it might be that they can have the option to make a solution work on cloud or on-premises. It could be deployed so they have the option to either use CapEx or OpEx. It helps to create options for those types of things.  

What is most valuable?

I would say that the most valuable thing is probably the Application Visibility and Control which is how it controls the application traffic on the network. I like the IPS (Intrusion Prevention System), the IOS content filtering, and the NAT network translation. I like the way it completely integrates branch offices in our perimeter security.  

What needs improvement?

A few things have room for improvement in your opinion. That would start with cost. Cisco products are more expensive than the competition, but the additional cost usually gets absorbed by the name recognition. Most people have Cisco or have familiarity with it, so they go with it. If they want the top quality product, they immediately feel comfortable with the Cisco name brand. That is where we come in as consultants. We bend over backward to make product comparisons and framing for solving the needs posed by an organization. I see something is a better fit for them that they could use. It would reduce their CapEx, their expenses, and it would fit them better all at the same time. The client may still want Cisco despite the recommendation that we make. But usually, that is what it is. Cisco fits, and if they want to spend the money, we make sure that it is within their budget. They feel more comfortable with Cisco, and they have had Cisco in the past, so we go with Cisco then.  

Cisco is great. A lot of the tech companies are doing really well. But Cisco is still in the forefront. They are on top of this category of products. I can not think of anything else they could do because they cover pretty much everything that you would need a firewall for. Then you get Cisco's support behind the products.  

I would think it would be a lot better for us and we could make more money if we try to recommend that clients put drop-in boxes at every location. But we do not choose to do that unless there is a purpose for it. In most cases, we would prefer clients to go the OpEx route. It takes a lot to offset the cost of Cisco so if they are going to do a cloud solution, their costs are metered per month by whatever solution they have. That is a lot better for projecting costs, and then there is the benefit of everything being upgraded in the cloud for them. They do not have to worry about anything. It just works.  

For how long have I used the solution?

We have been using Cisco for as long as Cisco has been around. It is hard to answer the question of when, exactly, we started using this product because they have been upgrading or changing the product as it evolved over the years. It is basically the same foundation and they build upon that over time. I can just say that we have been either using this product or something very similar for a long time.  

What do I think about the stability of the solution?

Cisco IOS Security is stable, very stable.  

What do I think about the scalability of the solution?

The capabilities for scalability with this product are huge. It is very scalable.  

A lot of our clients have a small main office with accounting and human resources that are headquarter-based. Most of them have other remote sites and branch offices. Whether it is a bank or a finance company, it is easy for employees in those particular roles to be able to pull applications down. It takes a lot of stuff off what would have to be handled by the network firewall. They do not have to worry about so many threats when they are bringing up applications to use and if there are compliance or regulating issues that they have to be aligned with. But that is the type of environment where this product can be used to scale effectively.  

How are customer service and technical support?

Cisco's technical support is very good. There are a couple of competing products that I know do not have support that is as good. Palo Alto does not have particularly good technical support, for example, but most of the rest of them do. Even so, Cisco is head-and-shoulders above all of them.  

For tech support, independent of the cost of the product, I would definitely give Cisco a ten-out-of-ten.  

Which solution did I use previously and why did I switch?

We just had a client go with Cisco Meraki and we put a couple of those in. Then we had a Cisco Nexus installation and they topped that by integrating it with perimeter firewalls for their remote locations or branches.  

We currently use really any brand of product in consideration for our consultations. There is not any particular brand we are married to, and we have used them all, pretty much. We do not use all the solutions ourselves. We get feedback from our clients and the companies we do work for. All the clients that we get give us pretty good feedback on the recommendations and the products that they end up using. Otherwise, they would be angry with us. What we recommend has to fit their particular niche and that is what we have to be good at identifying.  

For instance, if a client comes to me and describes how their organization is set up, we react to that. If they say they are a finance company and they have accounting and finance concerns, there are some pain points that they are going to have solved. One of those is application-specific. Then you have to layer that with your regulatory concerns. HIPAA compliance is something I encounter with finance companies, banks, and medical facilities. Those types of companies do very well with CloudGenix because CloudGenix is application-specific. If you put their firewalls in place, those would be a good fit for that type of client. For everything else — manufacturing and all the others and things like that — Cisco would be number one. They outweigh the competition in terms of different companies that they fit niches for better because of the range and flexibility of the solutions.  

If the client's needs are application-based, then we start looking at another way with another solution. But Cisco does great with being PCI and HIPAA compliant and all that, but if you only consider Cisco for every installation, that means you are pulling everything from one pool. You are not looking closely at the specifics.  

How was the initial setup?

I think that the initial setup is very straightforward. Most of the firewalls are straightforward and not too complex. When you are setting up a network with something like Merakis, or if you are looking at working with CloudGenix, then that is where you start to get a separation of difficulty in installation and will notice that it becomes a little bit harder to set up.  

What other advice do I have?

My advice to people and companies considering this solution is to just do the research. Do compatibility research to compare with the other solutions that are out there. Definitely make sure that the firewall you choose is designed for your network architecture, application-layer attacks, and virus and worm protection. If that coverage is what you are looking for and you have an analog phone system. You might not be ready to go to VoIP (Voice over Internet Protocol) yet because you do not want to lose the phones that you have got. Some people add to that base as they scale. We can use something called SIPs (Session Initiation Protocol), for connecting all those analog phones to the VoIP. That is a good indicator that a Cisco firewall will be a good solution for you because it protects the unified communication and guards the SIPs, endpoints, and call-control resources.  

On a scale from one to ten (where one is the worst and ten is the best), I would rate this product overall as a ten, for sure, if you consider its advantages over the competition. If you add in pricing, I would have to lower that to a nine-out-of-ten. Price is the only place that I figure Cisco could do something. Or if they could offset the cost of their boxes using a cloud solution. We had a client do that. They had boxes, but they were trying to figure a better way to scale. I suggested to them that they just move the areas that they were scaling to the cloud. They did it with the new branches they have added, and now they are waiting to phase out their boxes. They will eventually move over to a complete cloud-based firewall solution.  

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Bojan Oremuz
CEO at In.sist d.o.o.
Real User
Top 5
Feature-rich, well documented, and there is good support available online

Pros and Cons

  • "The classic features such as content inspection, content protection, and the application-level firewall, are the most important."
  • "Ease of use is a problem for a user who is unfamiliar with this product because, in the interface, everything has to be set manually."

What is our primary use case?

We are solution providers and this is one of the products that we deploy for our customers. This is not a product that we use ourselves.

How has it helped my organization?

pfSense prevents unwanted access. If you configured things properly then you'll be protected to some level. There is still a need for products like a SIEM, but the UTMs like pfSense or Sophos, prevent most of the problems.

What is most valuable?

The classic features such as content inspection, content protection, and the application-level firewall, are the most important.

This is a feature-rich product.

The documentation is good.

What needs improvement?

Ease of use is a problem for a user who is unfamiliar with this product because, in the interface, everything has to be set manually. It would be more user-friendly if things were set automatically. 

The drop in performance can be drastic when you use more advanced techniques. There is some trade-off between having a certain level of security and maintaining acceptable performance.

One of the things that are usually outside of the UTM, or system on the gateway, is the SIEM. It is an advanced system for managing the possibility of threats. It is not normally part of such devices but it would be nice if the pfSense interface were integrated with it.

For how long have I used the solution?

We have more than a year of experience with pfSense.

What do I think about the stability of the solution?

The stability of pfSense is standard. It is rated as one of the good solutions in this area.

What do I think about the scalability of the solution?

This product is scalable to some point, although we have never used it for large companies. We use it for small to medium-sized organizations. For big companies, we more often implement Palo Alto.

In our company, we have a data center and some of our clients are hooked to it. This is something that we have on-premises for our customers.

We have plans to increase our usage with pfSense because we have had good feedback from our customers. In fact, with the good experience we have had, our sales have been slightly increasing. Our sales are shifting from Sophos to pfSense.

How are customer service and technical support?

The technical support is organized well. We do most of the technical support for our customers in-house but there is a second level of outside support available. It is okay. 

Which solution did I use previously and why did I switch?

We currently resell products from both pfSense and Sophos. In some areas, pfSense is better than Sophos. I have been a bit disappointed with Sophos because I know their history, and I don't think that they have advanced as well as they should have in that time. Also, they have two different products, being XG and UTM. This is another reason that I prefer pfSense, at least a little bit, over Sophos.

In the past, we were the developers of a product called Network Defender, but it has reached end-of-life. We were pioneers in the area and were one of the first who was making UTMs. The name "UTM" didn't exist at that point. We were partners with Cobalt, who was the first appliance creator. Their appliances include web servers and email servers. When Cobalt was bought by Sun, we made our first Network Defender line. That became the first appliance, which had firewall content inspection, content protection, intrusion prevention, intrusion detection, antivirus, and email and web servers at that time, all in one box.

From that point on, we had our line, which was distributed all over the Middle East, Asia, and some parts of Europe. We then worked with Palo Alto, we were a Cisco partner the entire time, and we worked with both Sophos and pfSense.

In our organization, with have Cisco ASA for certain things, and we have a firewall by Palo Alto.

How was the initial setup?

The initial setup is complex. If you have a straightforward setup then you will have straightforward, basic protection and nothing else.

It takes a few months to adjust where you start by setting it up, and then you have to monitor it and see what's happening. It's ongoing work because, after this, you have to keep monitoring and adjusting to the situation. This is part of the service that we perform for our customers.

What about the implementation team?

We are the integrators for our customers and deploy with our in-house team. We have people in the company who are specialized in this area.

What was our ROI?

The return on investment depends on the predicted cost of failures of the system, or intrusion of the system, which is hard to give a straight answer on. In part, this is because different companies put a different value on their data.

For example, with medicine, if somebody were to steal the data related to the latest CORONA vaccine then the cost would be tremendous. On the other hand, if there is a company that is making chairs, stealing the design of the chair probably wouldn't be as high when compared to an application in medicine. So, there is not a straight answer for that.

Return on investment, in any case, I think for every company, this is a must. Put in a straightforward way, they can count just the possibilities of having an attack on their system with a cryptovirus. If they can save their data from attackers then it would save them at least two days of not working plus the cost of recovery, which would be much more than the cost of the system and maintenance.

What's my experience with pricing, setup cost, and licensing?

The price of the licensing depends on the size of the deployment. pfSense is open-source, but the support is something that the customer pays for. We charge them for the first line of support and if they want, they can purchase the second line of support. Typically, they take the first-line option.

The term of licensing also depends on the contract. The firewall doesn't always have a contract but rather, there is a contract in place for the network, which includes UTM.

In addition to the licensing fees, there are costs for hardware, installation, and maintenance. We use HPE servers, and the cost depends on how large the installation is. The price of setup is approximately €500 to €800, which also includes the initial monitoring.

The maintenance cost isn't really included in the network fees.

For smaller companies, we charge them a few hours a month for monitoring. It takes longer if the client is bigger.

What other advice do I have?

It is important to remember that you can't just leave the device to do everything. You still have to know what you're doing.

I recommend the product. It's well-balanced and one with a long history, so it doesn't have child's diseases. There is a lot of online support available online, which they can consult themselves. But, in the case that they need support, they can hire a professional support line and that is highly recommended.

I say this because usually, people look at the UTM as something that should be put in the system, set up, and left alone. But, this is not the case with this type of solution. Therefore, I strongly suggest making an outside agreement with a specialized company that will take care of their security from that point on.

The biggest lesson that I have learned from using this kind of product is that you can't assume that the internet is a big place and nobody will find you. There is always a good possibility that robots will search your system for holes, and they are probably doing so this instant. This means that users should be aware and have decent protection.

In summary, this is a good product but there is always room for improvement.

I would rate this solution a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Oscar Bashford
Network Operations Support at EOS IT Management Solutions Ltd
MSP
Top 10
Fast with good usability and fairly scalable

Pros and Cons

  • "I'm told the solution is the fastest, and, so far, I do find that to be the case."
  • "It could use more tutorials."

What is our primary use case?

I primarily use the solution for experimentation. I just wanted to create a site to site VPN. I was hoping that you can make the SRX like a hub, so if I had a site here and then I had a new site, I could just create another VPN from that new site to the virtual X in the cloud. I don't know if it works like that. I'm skeptical if it can. Maybe there is a roundabout with the actual Azure AWS, however, I'm not so sure about that part. That's why I'm learning about Azure, and how that works in connecting to the cloud.

What is most valuable?

I'm told the solution is the fastest, and, so far, I do find that to be the case. 

I'm familiar with the solution, so I'm pretty comfortable with the processes. There's pretty good usability.

What needs improvement?

Largely the solution seems fine to me.

It could use more tutorials.

I think there's a step missing or the use cases are missing information. I'm not sure why you have to connect from the descendant to another SRX. The why part, why would I do that and what's practical, is not really answered in any documentation I have access to. At my last job, we used to hook up a VPN to the data center, and then at each site we would have a device connecting to that data center. Now that project is not 100% right now, I'm still wondering if I were to go and do that project, how would I do it? Should I make it cloud-based?

If I want to use it virtually in the cloud as a hub, I want to see if that's possible, and, if it's possible, they should have documentation on that.

I looked at the config. I played around with the config and then I say, "Okay, I see what they're doing, with the actual Azure part, and yet, on AWS, I'm having the same problem." It's something to do with the public IP. It's only functioning on the management side, on the virtual firewall. I can't get the other side, the other network interface to connect out. I don't have a connection out technically. I could ping, but through management and that's not how it's supposed to work. It's just through the management. I'm not seeing the departments.

For how long have I used the solution?

I haven't been using the solution for that long. Basically it's just this year. I've been tinkering with it since March.

What do I think about the stability of the solution?

The solution is stable. It seemed very good. I'm just trying to learn everything right now, however, from what I've experienced, I'd say it's reliable.

What do I think about the scalability of the solution?

Scalability is very good. I'm not an expert yet, however, I would recommend it to anybody who needs to expand.

There's hundreds, if not thousands, or users on the solution currently.

How are customer service and technical support?

I believe there is something on Amazon and you can ask questions about the solution. I was trying to go through something like that, and maybe they can help. I didn't really follow through, due to the fact that I didn't get an email, so I don't know who could contact me. With Azure, I didn't really go that far in depth.

Mostly I just do my own research and try to troubleshoot issues on my own. I'm figuring out everything from scratch.

Which solution did I use previously and why did I switch?

I'm kind of familiar with ASA firewalls from Cisco. I've worked with SonicWall a lot and Pablo Alto a little bit, however, I'm not 100% familiar with it. I've worked on it, but not every day. For Palo Alto, I just worked on it once. I know the interface. I know some other firewalls as well, however, I don't think they need to be mentioned, as they're not that popular. ASA firewall, I would say, is the most popular one.

How was the initial setup?

At first the implementation was straightforward. I got around quickly. I was able to, after a week, feel like I had the hang of everything. I can move around in Azure and AWS. That said, it's just the part with the elastic IP. I don't know if it's a Juniper issue or it's on there and there's another connection, and that's the part I'm not getting.

I was able to deploy the solution in days. It's just getting it to work properly, however. In that sense, it took weeks, or, at least a week and a half. I had to say "Okay, let me give up this for now" before I really got anywhere.

There isn't really maintenance per se. It's just running. There's 24/7 support. When it goes down, I guess, we're there.

What about the implementation team?

I did the implementation myself, however, I have a lot of tutorials and documentation on hand. I use YouTube as well. I even got Pluralsight the other day. I have IME. I have CBT Nuggets. Anything I can use to find out more about the product I will look at. What has really helped me was I got a lot of PDF files from Juniper and it had some stuff about AWS.

Which other solutions did I evaluate?

I would say this solution was the default selection, however, I know that ASA is up there too. That said, the virtual SRX is what's most popular now.

What other advice do I have?

Our organization is partners with Juniper. We have a business relationship with them.

At work I see it a lot, however, a lot of tasks are automated at work. It's not like you have hands-on from scratch experience. In my position, I'm doing more support or some automation to build the VRX or the virtuals needed for lab equipment. At home and in the labs I am able to learn from scratch, and I'm trying to connect VPNs, etc. I am hoping to get into the cloud in the future.

The version of the solution we use should be the latest. I downloaded it a couple of months ago. It should be the latest, due to the fact that I have a virtual that's a trial. I get it through the partnership through my job. The virtual that I've got is on AWS. Azure is the recommended platform.

I'd recommend the solution. I'd rate it ten out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
reviewer1692963
User
User
Top 20
Scalable with seamless failover capabilities and excellent logging functionality

Pros and Cons

  • "The failover from one device to the other has been seamless and we find that we do not lose ongoing SIP calls or Teams chats."
  • "We find the GUI to be wrong and the CLI doesn't always show all of the connections."

What is our primary use case?

We needed to replace our external firewall solution as we were having issues with the HTTPS inspection on our previous solution and the level of support being provided was terrible, leaving us with an issue that could not be fixed for over six months. 

We had already deployed a new internal firewall solution but needed something that would protect that from external factors. We also needed a new solution to replace our client VPN solution. The Check Point solution gave us that as one whole solution instead of having to manage multiple services.

How has it helped my organization?

Our policy is to deny all outbound traffic unless we allow it, which can generate a lot of work to build a rule base that allows everything we need to get out. 

This solution has made managing connections out to the web much better due to the categorisation and app control that is available. Being able to say certain apps and services are allowed out, instead of finding all the relevant IPs, has massively reduced the workload. The ability to manage the Client VPN and relevant rules for that in the same location has also improved the way we work. Having links into AD for group membership recognition and having rules based around this has been very useful in improving the way remote users can access the network.

What is most valuable?

Logging has been excellent. Being able to see all logs from all the various firewalls at different sites in one window has made fault finding much easier. We can see how the traffic is moving through the sites and on which firewall. 

It has also been easy to see machines that may have had infections as we can report easily on devices trying to talk out to sites and services that are known to be dangerous. We have these set up as an HA pair on our main site and we have a lot of audio and video services that go out over the web. 

The failover from one device to the other has been seamless and we find that we do not lose ongoing SIP calls or Teams chats. 

What needs improvement?

The functionality of the S2S VPN service has been temperamental for us at times and is not always simple to manage or check the state of. 

We find the GUI to be wrong and the CLI doesn't always show all of the connections. 

From a general usability point of view, if you have not used Check Point before, the learning curve is steep. Perhaps managing and configuring the devices could be streamlined for people with less experience so that they can pick it up quicker. There needs to be extra wizards for the out-of-the-box builds.

For how long have I used the solution?

I've used the solution for six months.

What do I think about the stability of the solution?

On the firewall side and content filtering side of the solution, it has been faultless. There has been no real downtime to note and the access to the web via relevant rules has always worked as expected.

What do I think about the scalability of the solution?

We have a fairly small setup in the grand scheme of things, however, from what we have seen, the ability to add in new firewalls or increase the hardware spec seems very good and it would be easy to transition from older to newer hardware when the time comes.

How are customer service and support?

Due to the support model we signed up for, we don't deal directly with Check Point support. We deal with the vendor first and they will deal with any 1st/2nd and even most 3rd priority issues. They would then go to Check Point if they need more assistance on our behalf. The level of support and responsiveness of their support has been excellent. We're always getting at least a response within a few hours, even on a P3/P4 issue.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We did have another solution, but due to an issue with the HTTPS inspection that the manufacturer was not able to properly rectify or fix for 6 months, we lost faith in their ability to provide adequate support going forward for any issues we might come across. 

How was the initial setup?

The setup was complex due to the nature of the Check Point firewalls and us having to make some config setup in one portal and others on the CLI. We also had to arrange the rule base via the management console. There could be 3 different places you need to make various changes. We also used private microwave links as redundancy for VPN connections and that had caused significant issues in getting set up as the link selection did not cooperate at first.

What about the implementation team?

We implemented via a vendor and I have to say their level of expertise was brilliant. Every question we threw at them, they were able to provide an answer to. 

What was our ROI?

It was not the cheapest solution to go for, but the amount of admin time that has been saved by the use of Check Point firewalls has definitely given us a great return, giving us more time to work on other aspects of our network. Also, being able to consolidate 2 solutions (Firewall and Client VPN) into one solution has saved more money and admin time. 

What's my experience with pricing, setup cost, and licensing?

We found that Check Point was very flexible with its pricing. We were looking at a spec of hardware in other solutions. We found that Check Point did not have a direct competitor, but to help with the bid, they managed to reduce the costs of their higher-spec hardware to make it competitive with the other solutions we were looking at. It's not our fault they did not produce the hardware of a similar spec. It's up to them to try and provide a solution that would make it a competitive solution. 

Which other solutions did I evaluate?

We looked at several other solutions in including Palo Alto at the top of the market and Sophos XG further down.

What other advice do I have?

I would say as good as the solution is, if you are looking to get the most out of it, you should look to get a company or consultant who knows the Check Point solution inside out to assist with the setup. We found a partner who specialized in Check Point and we would not have been able to get it to the stage we have without them.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Manuel Gellida
Owner at Dinamica en Microsistemas de Informatica, S.A. de C.V.
Reseller
Top 5
Easy to use and deploy with an improved pricing structure in place

Pros and Cons

  • "The initial setup is pretty easy."
  • "They need to allow their solution to integrate with other products and not just other Sophos solutions."

What is our primary use case?

My clients are mostly based in the government. They are my core clients. I install the solution for my clients.

What is most valuable?

The solution is very easy to use. 

Of course, we have the skills, however, it's very easy for us to deploy the solution. That's one of the valuable features. 

They have a communication between the endpoint and the firewall which is very, very useful for security purposes.

Pricing is now pretty good. They changed the pricing structure a few months ago.

The initial setup is pretty easy.

What needs improvement?

The integration could be a bit better. They need to allow their solution to integrate with other products and not just other Sophos solutions.

Sophos has a feature that in my opinion is very limited. They don't have enough VPNs on their models. They have the XG 750, which is a sizeable appliance. On those models, they used to have not enough VPNs. They always were short on that area. 

Pricing used to be very bad, however, they've adjusted their strategy recently. 

The product needs to improve its marketing in Mexico. It's not a well-recognized product in our country.

The solution's technical support is very bad.

There is an overall lack of documentation in relation to features and capabilities. We need these to help explain aspects of the solution to our clients. 

For how long have I used the solution?

I've used the solution since around 2014. I have about six years of experience at this point. It's been a while. I've definitely worked with the product in the last 12 months.

What do I think about the stability of the solution?

The solution is quite stable. There are no bugs and glitches. It doesn't crash and freeze. It's quite reliable. We don't have problems with it.

What do I think about the scalability of the solution?

The solution is very scalable. It is not a problem. Sometimes we have issues when we are trying to do something with a different traditional version of hardware as sometimes the new hardware has more ports. However, if we are talking about scalability in a huge customer, we can do it very easily. 

Mexico is very different than other countries and continents as here, when we say it's a big customer, we are talking about 2,000 to maybe 3,000 users. There aren't too many large-scale operations in the country. However, in general, for our area, we tend to deal with large-scale companies.

For a company that has maybe 1,000 users, Sophos seems to work very well. We have one operation with 10,000 endpoints and it is working quite well.

How are customer service and technical support?

Technical support from Sophos is very bad.

Sometimes we lose a project due to the fact that we need to solve some issues or answer questions. Things that may be technical but also involve the administrative side. I'm talking about licensing and the capabilities of the feature. We need some documentation, something we can show clients. They can better in those cases. They can either help us or supply us with what we need. 

In response time, they are terrible. In the area of technical knowledge, they are getting better, however, they aren't where they need to be. Right now, we are not satisfied with the level of support provided.

How was the initial setup?

The initial setup is not complex. However, here in Mexico, it's very complex to sell the product. The brand is not as well known.

That said, the process is pretty straightforward. 

The deployment times vary. It depends on the end-user and what they need. Sometimes, it's easy as they don't have too many policies. The more policies they have, the longer it takes.

In other cases, clients may have a lot of VPNs. We have to work on those VPNs, and we have to do a lot of routing. However, that depends on the customer. Not all are like that.

For one appliance, you just need one person for deployment and maintenance. If we are working a lot of VPNs, we would have to use more people. We need to involve maybe two or three individuals and re-apply the configuration in that case. 

What about the implementation team?

We handle the installation process ourselves. We do not need the assistance of consultants.

What's my experience with pricing, setup cost, and licensing?

The pricing has recently changed on Sophos. Their licensing and cost structures are much more clear now. It's much better than it was.

Which other solutions did I evaluate?

Clients, in many cases, evaluate for Check Point, Forcepoint, and sometimes Fortinet. Occasionally, they may look at SonicWall, or Palo Alto however, the others are the main big competitors. 

Palo Alto is very expensive as are Check Point and Forcepoint. That's why we sometimes win the projects. We find Fortinet, is very, very hard to beat as they have a lot of market share, have a lot of marketing. Sophos doesn't have that presence, that marketing. Also, when you have to think about prices, Fortinet gives customers everything and it's hard to beat.

The biggest issue I've found with Sophos is the small number of VPNs that we can do compared to a similar appliance with Fortinet or in the same level center. In fact, many other brands offer more VPNs than Sophos.

What other advice do I have?

I'm a Sophos reseller.

We use multiple versions. We have worked with XG 460 and XG 135 and some others -such as XG 230. In those cases, sometimes it has been Rev 1 and in other cases Rev 2 in terms of the hardware versions.

I mostly work with on-premise deployments. The only item I have installed in the cloud is an email solution by Sophos.

I'd recommend the solution to other organizations. Overall, I would rate it at a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Get our free report covering Microsoft, Fortinet, Cisco, and other competitors of Palo Alto Networks VM-Series. Updated: November 2021.
554,529 professionals have used our research since 2012.