Secure Web Appliance VS XG Firewall for Web security

Anyone use XG firewall to replace the web appliance I was told the XG is the replacement for straight up web filtering . any feedback helps  

  • the SWA is a full featured industrial grade web proxy .. thats all it does in life.. the firewall products "can" filter web traffic.. but they do a bunch of other stuff.. 

    It totally depends on your use case .. if you have 10 users in a small buisness firewall filtering is fine in most cases .. if you have say 10-100 users, you could get a 200-300 series and be fine.


    If you have hundreds/thousands of users and need dedicated web filtering with all of the advanced filtering features, then the swa is king.


  • In reply to Red_Warrior:

    Few hundred users web-filter only is what we need.  I a being told the XG firewall has all the functions as the web appliance plus more.  Is it true they are planning to replace the web appliance with the XG ? 

    any updates would help. I am trying to convert from our current web appliance to the XG for web filtering it seems wrong ? 

  • In reply to Peter Bast:

    unfortuntally I can only offer a wishywashy oppinion.. 

    I think they are both great products... (with a couple hundred users, either will work fine)  if your already using swa and like it.. and dont need to replace it or upgrade/replace a firewall.. then I would probally stick with the swa..  as for EOL.. The swa has a roadmap and I am not aware of any plan to retire it.  However that been said the roadmap for XG is much more agressive and includes many features.. including webfiltering.


    best thing I could suggest is to contact your account manager and get a trial for the XG, set it up in proxy mode and test it out.. Then you can make the best decion for your usecase.

  • In reply to Red_Warrior:

    SWA - fewer knobs and dials.  More straightforward and powerful web policies.  Better clustering.  Single focus.  Very stable.  No new features.  More sites "just work" with no admin intervention.  Better AD authentication.  Target customers are large 500-2000. 
    XG - lots to configure.  More options.  Wider focus.  New features being introduced.  Changing, shifting, new things to play with.  More ability to set exceptions to make sites work (but need to do it more often then SWA).  Target customers are 10-1000.
    The underlying web proxy in both is the same, although the front end configuration is quite different.  However in XG v18 there will be an option to use a new high performance web proxy that can handle more throughput on same hardware, with a lot more SSL options.
    Ultimately, if you want a set-and-forget powerful web-only then choose SWA.  If you want to play with settings, try new things, have custom rules for different networks, then choose XG.  Hufflepuff or Ravenclaw.
    I assume you currently have a SWA and your license is up and you are considering whether to renew or switch.  I'd say if you are happy with the SWA, I would continue with it.  It is not EOL but there are no major features planned.  It just works.
  • In reply to Michael Dunn:

    Sophos XG Firewalls are good candidates for mid-sized and distributed enterprises and those already using Sophos' endpoint protection solution. Dedicated remote branch devices and an easy to learn management interface are also strengths.XG Firewall provides next-generation firewall protection that's relatively easy to set up and manage. It blocks unknown threats, automatically responds to security incidents by isolating compromised systems, and exposes hidden user, application and threat risks on the network. Sophos also includes synchronized security (links endpoints and firewalls to enable them to communicate and share information, identify compromised systems and isolate them until cleaned up), a web application firewall, email protection, ransomware protection, phishing prevention, all firewall rules unified on a single screen, and a secure web gateway.


    WordPress Security Expert @WP Hacked Help