Sophos XG vs UTM

DP230
DP230 used Ask the Experts™
on
What are the differences between Sophos XG and Sophos UTM? Do we have an iso file of Sophos XG? Many thanks!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Both products are being developed in parallel, so it is not as though if you stick with UTM you will lose out, but personally as a long time UTM user I don't think XG is where it needs to be yet. I am used to the UTM interface, I find it quite simple, whereas the XG interface is while pretty, too fiddly. About a year ago I went from UTM to XG and straight back to UTM. This was a year or so ago, maybe things have changed now, but XG was just missing too many features that UTM had. There is a good comparison write up on this blog which I think reflects similarly to my experience.

People who have never used UTM seem to prefer XG over UTM after trying both, and people who have used UTM prefer it over XG.

XG in terms of big differences contains a next gen firewall (its all the rage from security vendors right now).

Yes ISO's are available for XG, XG home edition can be downloaded from here.
btanExec Consultant
Distinguished Expert 2018
Commented:
XG is the newer firewall firmware. In fact, the former is a superset of UTM. in particular, XG Firewall v16 closed most significant gaps with UTM 9. Around 35 UTM features added to XG and there are a lot of features unique to XG as well. Some examples of the features are mentioned in https://news.sophos.com/en-us/2016/10/04/xg-firewall-v16-has-arrived/
UTM 9 features added to XG v16:

Core and Networking:
Two-Factor Auth (OTP) Support
Rule and object cloning
Country and continent objects
Policy-based Routing
Per-Rule Routing

Web and WAF:
Warn Action
Google Apps Enforcement
Unscannable content handling
Creative Commons
3rd Party URL Lists
Cookie based Auth Caching

Email:
Full MTA / Store & Forward
SPX Reply Portal
SPX Cover Page & Header/Footer
SMTP Profiles
Domain / MX routing

Other:
Site-to-site RED Tunnels
RED 15w Support
AP 15C Support
HA support for dynamic interfaces
SH Key Access to Shell
A more detailed listing is found in  http://www.internalit.ca/blog/post/sf-os

Sophos XG Firewall runs perfectly on all Sophos SG Series hardware appliances, as well as the same Intel compatible hardware and the same virtual environments as UTM 9. But it is noted that XG Firewall is not currently compatible with Amazon Web Services, but we plan to add support for AWS and Azure cloud deployments soon. https://news.sophos.com/en-us/2015/11/09/xg-firewall-faq/

Check out the ISO in https://community.sophos.com/products/xg-firewall/f/sophos-xg-firewall-general-discussion/84996/xg-firewall-16-05-0-release
v15 was the last version I used and it looks like in v16 they took community feedback on board and changed the UI to be inline with the UTM UI; huge improvement because the pre v16 UI was a horror show. I've just updated my virtual appliance, everything is now much more intuitive, except DNAT/SNAT rules, which seems to be hidden under Business Application rules possibly in the Firewall. I still prefer Sophos UTM based on the last 10 minutes of using XG, but I'll give it more of a play.
btanExec Consultant
Distinguished Expert 2018

Commented:
For author advice

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial