We just raised a $30M Series A: Read our story
2019-02-04T12:09:00Z

What Is The Biggest Difference Between Sophos UTM and Sophos XG?

3300

One of the most popular comparisons on IT Central Station is Sophos UTM vs Sophos XG.

People like you are trying to decide which one is best for their company. Can you help them out?

What is the biggest difference between Sophos UTM and Sophos XG? Which of these two solutions would you recommend to a colleague evaluating firewalls and why?

Thanks for helping your peers make the best decision!

ITCS user
Guest
1313 Answers

author avatar
Real User

The biggest difference between Sophos SG and Sophos XG is performance. 


Now, there's even a newer Hardware Platform (same OS as Sophos XG, which is called SFOS) - the Sophos XGS which has different chipset architecture, to attend each security module, with its newest feature called XStream Technology. 


Besides that, the GUI is very different. Nevertheless, it's worth trying the Sophos XG or XGS, since its GUI is getting overhauled for better performance and easier management, by each new release.

2021-07-28T17:21:59Z
author avatar
Top 5LeaderboardReal User

Sophos UTM is no longer being developed, according to our reseller. All the development effort is going into XG. So XG will be the only Sophos firewall going forward, UTM will eventually be end of life.

2021-07-29T07:23:42Z
author avatar
Top 5Real User

Hi,


The new appliances XGS have a dedicated streaming CPU (Xstream), in addition to the main CPU.


I have personally tested the differences between the XG and XGS similar appliances. The result is spectacular. 30% more perf minimum:


https://www.sophos.com/en-us/p...


The UTM-9 is soon end-life. Sophos security staff is now focused on SFOS 18, XG, XGS.


To respond to the question "the biggest difference", I think is the "Synchronized Security":


https://www.sophos.com/en-us/l...


The firewall is one of the full security solutions centralized in Sophos Central:


https://www.sophos.com/en-us/p...


At most of our customers, we implement a Sophos Endpoint locally on servers and workstations and firewall XGS. The synchronized security interact between firewall and endpoints. This can resolve the problem with the "lateral movement" of an infected computer. It can isolate a computer from the network when detected as infected:


https://news.sophos.com/en-us/...


It can be extended to secure cloud systems with Sophos ClouOptix:


https://www.sophos.com/en-us/p...


Tested with VM in AWS and Azure, work 5*!


Another big difference is the Webserver Application Firewall. All my customers with an internal webserver to be published in the net are protected with this "reverse proxy" (WAF). It really does the job of protecting IIS, Apache, etc. from externals attacks.


Another trick is the SSL VPN sites to sites. When a branch office is implemented with a front ISP router, sometimes the NAT traversal is not possible, for IPSEC VPN connections (UDP 500). With this SSL VPN,  Simple NAT works and gives an SSL 128-bit AES encryption.


Finally, I have a lot of experience in implementing UTM and, now, XG(S). No way, the log is a big difference, easier to use as in Fortigates! It is similar to CheckPoint firewalls.


For my experience, no way: -> Sophos XG(S)


Here is an interesting link on differences between UTM and XG:


https://www.avanet.com/en/blog...


Regards,


A.Rastello

2021-07-27T11:48:03Z
author avatar
Top 5Real User

There are several differences since there are 2 versions, 


XG firewall has integrations with other products like intercept X and admin from Sophos central. 


SG UTM has less integration since it's a separate product. It was formerly Astaro firewall, but the most advanced features have been only set to the XG. 


There are appliance and software versions of both products. Depending on your need you might choose one or another. But basically, look at them as 2 different firewalls.

2021-07-26T15:30:57Z
author avatar
Top 5LeaderboardReal User

My understanding is that UTM is the software; SG is the hardware. You can buy Sophos UTM running on SG hardware and then later upgrade to the XG running on the same hardware.

2019-11-28T13:47:49Z
author avatar
Top 5LeaderboardReal User

I've been told by our Sophos reseller that Sophos are pushing the XG as next generation firewall, and developing it to at least as good as UTM. So XG will be the firewall of choice moving forward. UTM will not be developed further, according to him.

2019-11-28T13:46:14Z
author avatar
Real User

To my understanding, UTM and XG are from different legacy companies that
are now owned my Sophos. During my time researching anti-virus, UTM makes
more sense for our needs seeing as XG is primarily a firewall. From the
information I was able to find during the time of research, it seemed most
of the community felt XG had feature gaps from UTM.

2019-02-26T13:29:33Z
author avatar
User

UTM specifically SG series is a very mature and stable platform. It lacks some of the new features of XG; however has a very strong feature set. If you are looking for stability, ease of use and something well documented and understood than I suggest going this way. If however you are looking for a strong level of integration and have a greater than 3 year horizon then I suggest XG.

Wifi integration for example works better on the new platform.

2019-02-26T02:41:39Z
author avatar
User

In my company, we use UTM Sophos and I am satisfied with it, but I didn’t use Sophos XG series (but as I heard it is great too).

2019-02-26T05:48:24Z
author avatar
Real User

Sophos UTM is the universal threat manager, XG is just the hardware firewall. In other words, UTM is the full package: A/V, application control, security heartbeat, IDS/IPS, etc. It's been a couple years since I've seriously used them, but I liked them at the time and I'm sure it's only gotten better since then.

2019-02-25T16:32:43Z
author avatar
Top 10Real User

What is the biggest difference between Sophos UTM and Sophos XG? UTM will die and XG will live.

Which of these two solutions would you recommend to a colleague evaluating firewalls and why? XG. SG is obsolete solution. No more development as it is on XG.

2019-02-25T13:26:43Z
author avatar
User

If you don't need waf and email protection .. XG/SFOS is the best, but if you need email protection and WAF... SG/UTM 9 is the best.

2019-02-25T13:17:35Z
author avatar
Real User

Please Select Sophos, it will make your internet speed is perfectly, and
outstanding protection for your network

2019-02-25T10:04:00Z
Find out what your peers are saying about Sophos UTM vs. Sophos XG and other solutions. Updated: March 2020.
553,954 professionals have used our research since 2012.