Sophos XG vs SonicWall NSA: Top NGFWs Compared

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Next-generation firewalls (NGFWs) are central to any IT security strategy, adding a wide range of functionality beyond the basic protection afforded by a traditional network security firewall. There’s a real need for that additional functionality. A recent Sophos survey of 2,700 IT managers in 10 countries found that on average, IT managers can’t identify 45 percent of their organization’s network traffic, and 85 percent of respondents said they want their firewalls to deliver better visibility into traffic and applications. Both Sophos XG and SonicWall NSA made eSecurity Planet’s list of 10 top NGFW vendors. What follows is a look at each solution’s key features, as well as their strengths and weaknesses.

Key takeaways

Sophos provides good value and security for the SMB market. The XG firewalls are something of a Swiss army knife for SMB security, also offering a web application firewall, a secure web gateway, email protection, ransomware protection, and phishing prevention, all while blocking 97.82% of live, active exploits in NSS Labs tests. One downside is lack of integration with third-party endpoint detection and response (EDR) tools. With 99.76% of exploits stopped in NSS Labs tests, SonicWall NSA firewalls are near the top in firewall security performance. Some users have reported difficulty setting up and running SonicWall firewalls, while others report easy setup and solid value. Command line interface (CLI) scripting and technical support have been issues for some users. NSA is the midrange of SonicWall’s offerings; at the high end is the SuperMassive series, and there’s also the entry-level TZ series.

Sophos and SonicWall features and options

Sophos XG Firewall provides intrusion prevention, advanced threat protection, cloud sandboxing, dual AV, Web and app control, email protection and a full-featured Web application firewall. Sophos’ Synchronized Security links endpoints and firewalls to enable them to communicate and share information, identify compromised systems, and isolate them until cleaned up. XG Firewall includes reporting at no extra charge, with the option to add Sophos iView for centralized reporting across multiple firewalls. Hundreds of reports can be generated automatically, with customizable parameters such as traffic activity, security, applications, Web, networking, threats, VPN, email and compliance. The SonicWall Network Security Appliance (NSA) next-generation firewall series integrates the company’s multi-engine Capture Advanced Threat Protection (ATP) service and Real-Time Deep Memory Inspection (RTDMI) technology to detect and block threats by inspecting deeply in memory. Sonicwall’s Reassembly-Free Deep Packet Inspection (RFDPI) engine examines every byte of every packet. Ongoing management, monitoring and reporting are handled centrally through the firewall or through the SonicWall Capture Security Center, which provides network admins with a single pane of glass to manage all aspects of the network.

Recent NGFW product improvements

The newest version of the Sophos XG Firewall adds Synchronized App Control, which identifies, classifies and enables the control of all previously unknown applications active on the network. “Synchronized App Control on XG Firewall can reduce the security risks introduced by unidentified traffic by allowing administrators to holistically see what is on their network,” Sophos senior product marketing manager Chris McCormack told eSecurity Planet by email. Sonicwall recently enhanced its NSA firewalls by more than doubling the number of SPI connections (up to 4 million) and quadrupling the number of DPI-SSL connections. The company also added Real-Time Deep Memory Inspection to its ATP service, and added more than 50 new features to its SonicOS, including advanced networking and connectivity capabilities to optimize system availability.

Strengths and weaknesses: Sophos

Sophos’ customer retention rate is higher than the market average, according to Gartner, which notes that the company regularly adds to its intellectual property with acquisitions of technology-driven companies. The management interface requires only a short learning curve, and customers say Sophos’ good price for value is a key factor in selecting the company as a vendor. Still, the research firm warns that the product may not be a good fit for very large enterprises, since Sophos’ business strategy focuses on companies with 5,000 employees or less. “Several clients and surveyed channel partners would like to see substantial improvements in vendor support, especially in providing enterprise-class responsiveness for first direct contact with the vendor,” Gartner notes, adding that clients have also expressed a desire for Sophos to provide integration with other endpoint protection platforms than Sophos’ own solutions.

Strengths and weaknesses: SonicWall

Customers say the SonicWall firewalls are good at meeting budget and performance requirements, Gartner reports, and they consistently get good scores for ease of management. The firewalls do a very good job of handling SSL/TLS decryption on-box with minimal performance degradation, and early feedback on the cloud-based Capture Advanced Theatre Protection service is positive. Still, the research firm says it’s seeing SonicWall being shortlisted less frequently by enterprise clients, and that the company has recently experienced a decline in revenue. “SonicWall cloud security is less mature than its leading competitors, especially in its ability to inspect JavaScript to provide visibility on SaaS usage,” Gartner reports, adding that SonicWall has been slow to provide differentiating new features and in enhancing its existing functionality.

NSS Labs test results

In recent testing, NSS Labs found that the SonicWall NSA 6600 blocked 99.76 percent of live, active exploits, while the Sophos XG-750 blocked 97.82 percent. Still, the company determined that SonicWall’s TCO per protected Mbps was $39, compared to just $6 for Sophos – due largely to the NSA 6600’s failure to detect some key evasion techniques. NSS Labs found that Sophos outperformed in throughput, while SonicWall was superior in maximum TCP connections per second. NSS notes: “Performance is not just about raw throughput. Connection dynamics are also important and will often provide an indication of the inspection engine’s effectiveness.”

User reviews

users give Sophos XG an average rating of 8.0 out of 10, with SonicWall NSA following close behind at 7.7 out of 10. Gartner Peer Insights users give SonicWall an average rating of 4.3 out of 5, and Sophos an average of 4.2 out of 5. Sophos XG reviewers called the solution an “excellent product” that “meets most of the security needs of companies of various sizes,” “protecting against attacks from malware such as ransomware and hackers attacks” and offering “efficient Internet access control and full visibility of ports, applications and websites.” SonicWall NSA reviewers said the solution’s scalability and resilience are key, with one reviewer claiming, “We have had zero downtime since the deployment of NSA 4600.” Another noted, “We bought this device for security and to filter traffic on our network,” adding that those are the most important features, and the NSA handles them well. Danyllo Cabral, IT project consultant at Brazil’s Aldax, wrote that Sophos XG has an intuitive and easy-to-use “interface crammed with the most vital information like security issues, appliance performance, and Internet link status,” which has made it much easier to set up access and business rules, and to identify security and connectivity issues. The initial setup, according to Cabral, was very straightforward, which he credits to the interface “hiding some of the complexities of a firewall system and deploying it with many pre-built policies, objects and rules that for most of the environments makes it unnecessary to spend hours tuning the system.” The main issues that Cabral has come across are that Sophos could stand to improve the RAM of some of the appliances, “since there are processes that are very memory intensive,” and that the XG is missing some link load balancing options that could be helpful. Regarding SonicWall NSA, Michael D’Antignac, network systems specialist at California’s Westminster School District, wrote that “having a single pane of glass for a firewall, content filtering, and IPS/IDS services” is a great benefit, making the solution both cheaper and easier to manage. The main benefits his organization has seen from the solution, D’Antignac said, include “uptime and the ability to quickly effect security changes,” as well as “the ability to improve throughput during peak traffic hours.” D’Antignac’s main concern regarding SonicWall lies with the cloud-based database it uses for content filtering. “If the NSA cannot contact that online DB, filtering is handled one of two ways,” he wrote. “Traffic is either halted completely or it is passed through totally unfiltered.” It would be better, D’Antignac wrote, to have a backup database residing on the NSA.


Sophos XG Firewall is offered in a variety of hardware models, for popular virtualization platforms, as a software appliance for x86 hardware, and in Microsoft Azure. SonicWall’s NGFWs are sold as either a hardware or virtual appliance, and security services are delivered automatically from the SonicWall Capture Cloud Platform.

Pricing structure

Pricing for Sophos XG Firewall starts at $249 per year for complete protection on the entry-level XG 85 appliance. Additional pricing is based on the performance and features required, and a 30-day free trial is available. SonicWall’s NGFWs are sold with one-, two- or three-year Advanced Gateway Security Suite subscriptions (after a 30-day free trial) that provide a continuously updated sandbox, gateway anti-virus, intrusion prevention, content filtering, application control and technical support.

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Jeff Goldman Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis