Does any one know if XG is roughly at feature parity with the UTM yet?

Does any one know if XG is roughly at feature parity with the UTM yet?



  • no, it isn't.
    Do you need some special features?


    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Not sure this question makes total sense in a general way. You can have a general "feature parity" that fails spectacularly because of one noe-quite-there feature. For example, XG still does not have IPv6 PD, though if you have a static IPv6 for the XG it works fine. So there might be a sort of "parity" but if you have an ISP that gives you your IPv6 via PD, the XG won't work for you.

    Similarly, the UTM has historically. had a more polished and user-friendly interface, but I've read about some things lately where it's apparently not superior. But then, does UI count or do you mean operational features (IPv6 PD, SD-WAN rules including QoS) or performance (XGS acceleration), or something else? There are probably some features of XG that would be worth putting up with downgrades in other areas from UTM... for some use cases.

    Personally, I'm a happy XG user who never used UTM, and have only used XG since 18.0 or so, and it's had a fairly good development momentum now that working with the Fastpath acceleration (XGS hardware) is behind them. I'm sure the preparation for the new mechanism bottlenecked a lot of other feature work during the pre-18.5 era.

  • Thanks Wayne. We are a UTM customer that's been advised to move to XG/XGS instead of renewing our UTM license in 2023. So i'm wondering what features XG does not have that UTM does. So far I found that XG does not support forward proxy, which we are using, but that's probably not a show-stopper. Also logging seems to better in UTM, logs are kept until the disk fills up, but XG only seems to keep the logs for 24 hours.

  • That is correct. SFOS is far ahead of the feature set of UTM (from a security perspective). But it is based on the perspective, you are looking at. 

    SFOS has plenty of next generation features and security features, which UTM does not have.

    There are certainly some features, SFOS does not offer (yet) but UTM has. Some are explained here: IPv6 DHCPv6-PD, LetsEncrypt, some UI features. But for most of those scenarios, you could build some (better?) solutions with SFOS. For example LetsEncrypt could be usable with Wildcard Certificate integration with DNS providers. 

    But if Security and next generation features are interesting, SFOS is pulling ahead. MTR Integration, TLS1.3 Decryption, IPS Integration, Web Integration, Unified Firewall Rule set, Sync-Sec Security etc. 

    There are other features like XML Import/Export, which are one of the most powerful settings in SFOS. SD-WAN Routing, Central Integration etc. 


  • Both points are not correct. 

    SFOS supports logging for Logviewer and an external Log module. Logviewer is a database on the firewall - (from my perspective the better approach to live log on UTM). Logviewer saved data based on the available storage. But its not a Reporting tool. If you want reporting - SFOS saves reporting on the firewall itself and can do it in Central as well. In Central you can build your own reports. It is free for 7 Days log retention. 

    Forward Proxy - SFOS does support a WAF, if you mean this by using a forward proxy. 


  • The logging in the free version of cm does not allow for email or export of the reports. You have to view and analyse all reports on line.


    XG115W - v19.5 GA - Home

    Test machine - Asus P10S-i E3-1225v5, 6gb, 4 intel NICs, v19.5 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Thanks LuCar. We don't need reporting, but we do need to see 7 days of logs.

  • Thanks Ian. I didn't know that. I am using the free test version, that's why I guess.

  • Logs or Report? What is the specific use case you want to address? 


  • With the default annual XG license, I get 30 days log retention on Sophos Central. (Currently there's a bug where my XGS87 stops logging to SC after 4-5 weeks, and Sophos is looking into it, but in theory I get 30 days.) And I think you can pay for more.

    I switched from XG control of my AP to Sophos Central control of the AP and I think that's a better solution, so there are issues where maybe UTM is better (though maybe not) that are essentially moot, too. So specific features and use cases really make the difference at this point.

    Reading about UTM, I've felt that XG is way behind UI-friendliness-wise, but I've read a few UTM release notes and it seems to be behind XG in several areas. So the specific features and use case matters a lot. XG is the future (hardware acceleration), and they keep moving UTM features to the XG over time.