Sophos XG Firewall provides comprehensive next-generation firewall protection powered by deep learning and Synchronized Security. Sophos Firewall supplies insights and exposes hidden user, application, and threat risks on the network, and say the product is differentiated by its ability to respond automatically to security incidents by isolating compromised systems, with Security Heartbeat™.
N/A
Stonesoft Firewall (Discontinued)
Score 7.8 out of 10
N/A
Stonesoft firewalls were acquired and rebranded as McAfee Firewall Enterprise (MFE), then divested by McAfee and acquired by Forcepoint in 2016, and have reached end of life (EOL).
N/A
Pricing
Sophos Firewall
Stonesoft Firewall (Discontinued)
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Sophos Firewall
Stonesoft Firewall (Discontinued)
Free Trial
Yes
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
Sophos Firewall
Stonesoft Firewall (Discontinued)
Features
Sophos Firewall
Stonesoft Firewall (Discontinued)
Firewall
Comparison of Firewall features of Product A and Product B
Sophos Firewall
9.2
14 Ratings
6% above category average
Stonesoft Firewall (Discontinued)
-
Ratings
Identification Technologies
9.114 Ratings
00 Ratings
Visualization Tools
8.914 Ratings
00 Ratings
Content Inspection
9.114 Ratings
00 Ratings
Policy-based Controls
9.314 Ratings
00 Ratings
Active Directory and LDAP
9.213 Ratings
00 Ratings
Firewall Management Console
9.514 Ratings
00 Ratings
Reporting and Logging
8.914 Ratings
00 Ratings
VPN
8.814 Ratings
00 Ratings
High Availability
9.314 Ratings
00 Ratings
Stateful Inspection
9.114 Ratings
00 Ratings
Proxy Server
9.611 Ratings
00 Ratings
Best Alternatives
Sophos Firewall
Stonesoft Firewall (Discontinued)
Small Businesses
pfSense
Score 8.8 out of 10
pfSense
Score 8.8 out of 10
Medium-sized Companies
Quantum Firewalls and Security Gateways
Score 9.3 out of 10
Quantum Firewalls and Security Gateways
Score 9.3 out of 10
Enterprises
Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series
Score 9.2 out of 10
Palo Alto Networks Virtualized Next-Generation Firewalls - VM Series
It is well-suited for small, medium, and large organizations looking for comprehensive cybersecurity protection. It will not only safeguard their network from cyberattacks but also provide them with many advanced features like deep packet inspection, centralized management, web filtering, application control, etc. in one place. It will help them optimize bandwidth and ensure continued connectivity.
Any scenario where a dedicated firewall administrator is on staff and a secure firewall solution that requires high availability is needed will be a good solution for the McAfee Firewall Enterprise product. The McAfee Firewall Enterprise however comes with some of its own parlance that is different from other vendors and does require some comfort on the administrators side when it comes to working in the command line. Added knowledge of protocols and how they interact is a must for any firewall admin but particularly for the McAfee Firewall Enterprise product due to its flexible nature. If the environment is to be mostly hands off where a very limited rule set is to be configured and not likely to change often, I would defer to a different product
Web filtering. This allows us to monitor web usage and block certain categories from being access at the perimeter.
Application Control. With application control we can block certain applications that get categorized from working accessing the Internet.
Synchronized Security. When utilizing the Sophos Endpoint product you can use Synchronized Security to minimize Lateral Movement in a network. If a machine is shows a Red status you can auto-isolate it and it is unable to communicate with anything else on the network.
Based on the SecureComputing Sidewinder firewalls, the McAfee Firewall Enterprise does similar backend containerization of each service which provides for added security in the unlikely event of failures or breeches.
Tie in reporting services (if used by the admin) provide very granular details on rules accessed and the firewalls response to the requests.
Configurable options are plentiful. Unbound DNS can be configured on each "burb" (SecureComputing/McAfee parlance for interface), similar options for sendmail while rulesets can be configured at the application level down to simple IP-filter making options for enhancing security as well as troubleshooting equally as useful.
Full control over shell for scripting and/or scheduling (cron) purposes.
Solid HA and patching architecture.
Support was always helpful, knowledgeable and insightful (especially the staff that migrated from SecureComputing).
If using Endpoint security and the Firewall it would be nice to have an easier back and forth between the portals rather than have two separate tabs open. Especially if using more than one in multiple locations.
If dealing with different revisions options are moved around and sometimes in places that doesn't normally seem like they should be there.
For an application-layer firewall the applications supported (at the time I managed them) were too few and would need to be expanded and the application ruleset needed to be expanded as well.
The remote access VPN client configuration was overly complex for the average user and would need to be supplemented with a configuration file that had already been generated. Other solutions from CheckPoint or Cisco ASA are not as complex for end user remote access.
Enhancing the GUI with a builtin "packet capture" feature would be useful for administrators not familiar with tcpdump.
Because this is a user-friendly interface, and anyone can use it there are multiple articles and guidelines available, it has advanced-level security features. they provide VPN solutions all the features are very practical, SSID MAC-based authentications web control, Firewall rules segregation of the rules and policies, On-premises Active directory single sign-on feature is also available.
I was a big fan of Cisco ASA products, but when I saw all of the security feature differences between both firewalls, I moved to Sophos devices. Its sandbox, IPS, and many more features are really advanced. Cisco does not provide features like this.
Compared to other firewalls I've managed (Palo Alto, Cisco ASA & CheckPoint) I would say that McAfee Firewall Enterprise was probably at the time not the leader in its field however it is a product that proved its reliability and flexibility over the other vendors. The addition of many new features usually comes as a detriment to some other area (restricted CLI, decreased logging etc.). In my experience this product gave the flexibility and options that the organization needed.
In its highly available configuration the impact on any business objective has been positive given the fact that any downtime of the firewall would negatively impact all business objectives.
