Show
Wireless Model Available!
Our Desktop appliances offer the perfect balance between price and performance for your small business or branch offices. All models offer a range of built-in and add-on connectivity options. A ‘w’ at the end of the model name indicates that the appliance has built-in Wi-Fi. XG 106, XG 106w Wireless, XG 115 and XG 115w Wireless These desktop firewall appliances offer an excellent price-to-performance ratio making them ideal for small businesses or branch offices. These models come equipped with 4 GbE copper ports built-in and 1 shared SFP interface, e.g. for use with our optional DSL modem or an SFP Fiber transceiver to connect the device to a server or switch. An optional second power supply provides an unmatched redundancy option in this product segment.
Note: The XG 86 and 86w do not support some advanced features like on-box reporting, dual AV scanning, WAF AV scanning and the email message transfer agent (MTA) functionality. If you need these capabilities, the XG 106(w) is recommended. Sophos XG FirewallSophos XG Firewall provides comprehensive next-generation firewall protection that exposes hidden risks, blocks unknown threats, and automatically responds to incidents.
Sophos XG Firewall provides unprecedented visibility into top risk users, unknown apps, advanced threats, suspicious payloads and much more. You also get rich on-box reporting included at no extra charge and the option to add Sophos iView for centralized reporting across multiple firewalls. Blocks unknown threatsSophos XG Firewall provides all the latest advanced technology you need to protect your network from ransomware and advanced threats including top-rated IPS, Advanced Threat Protection, Cloud Sandboxing, Dual AV, Web and App Control, Email Protection and a fullfeatured Web Application Firewall. And it’s easy to setup and manage. Automatically responds to incidentsXG Firewall is the only network security solution that is able to fully identify the source of an infection on your network and automatically limit access to other network resources in response. This is made possible with our unique Sophos Security Heartbeat™ that shares telemetry and health status between Sophos endpoints and your firewall.
We’ve engineered XG Firewall to deliver outstanding performance and security efficiency for the best return on your investment. Our appliances are built using Intel multi-core technology, solid-state drives, and accelerated in-memory content scanning. In addition, Sophos FastPath packet optimization technology ensures you’ll always get maximum throughput. Simply manage multiple firewallsSophos Central is the ultimate cloud-management platform – for all your Sophos products. It makes day-to-day setup, monitoring, and management of your XG Firewall easy. It also provides helpful features such as alerting, backup management, one-click firmware updates and rapid provisioning of new firewalls. Optionally, Sophos Firewall Manager (SFM) provides powerful multi-device management tools for easy provisioning of consistent policies across your entire estate. And if you also want to consolidate reporting across multiple XG, SG, and Cyberoam appliances you can easily do that with Sophos iView. Security features you can’t get anywhere elseXG Firewall includes a number of innovations that not only make your job a lot easier, but also ensure your network is more secure.
An industry first, Synchronized Security links your endpoints and your firewall to enable unique insights and coordination. Security Heartbeat™ relays Endpoint health status and enables your firewall to immediately identify and respond to a compromised system on your network. The firewall can isolate systems until they can be investigated and cleaned up. Another Synchronized Security feature, Synchronized App Control, also enables the firewall to query the endpoint to determine the source of unknown traffic on the network. Unified Firewall RulesUser identity takes enforcement to a whole new layer with our identity based policy technology enabling user level controls over applications, bandwidth and other network resources regardless of IP-address, location, network or device. It literally takes firewall policy to a whole new layer.
Pre-defined policy templates let you protect common applications like Microsoft Exchange or SharePoint quickly and easily. Simply select them from a list, provide some basic information and the template takes care of the rest. It sets all the inbound/outbound firewall rules and security settings for you automatically – displaying the final policy in a statement in plain English. Insights into Top Risk UsersThe Sophos User Threat Quotient (UTQ) indicator is a unique feature which provides actionable intelligence on user behavior. Our firewall correlates each user’s surfing habits and activity with advanced threat triggers and history to identify users with risk-prone behavior. Flexible deployment, no compromiseUnlike our competitors, whether you choose hardware, software, virtual or Microsoft Azure, we don’t make you compromise – every feature is available on every model and form-factor. The Xstream AdvantageThe XG Firewall Xstream architecture is engineered to deliver extreme levels of visibility, protection, and performance to help address some of the greatest challenges facing network administrators today. Xstream SSL InspectionAccording to the latest statistics, approximately 80% of web traffic is encrypted, making it invisible to most firewalls. An increasing amount of malware and potentially unwanted apps exploit the fact that organizations are simply not using SSL inspection. Network administrators’ main fears are that SSL inspection will have a performance impact or cause something to break, impacting the user experience. XG Firewall removes the blind spots caused by encrypted traffic by allowing you to use SSL inspection whilst maintaining performance efficiency. Xstream DPI EngineWe believe you should never have to decide between security and performance. XG Firewall includes a highspeed Deep Packet Inspection (DPI) engine to scan your traffic for threats without a proxy slowing down the process. The firewall stack can completely offload the processing to the DPI engine, significantly reducing latency and so improving overall efficiency. XG Firewall provides robust deep packet threat protection in a single streaming engine for AV, IPS, Web, App Control and SSL inspection. Xstream Network Flow FastPathTraffic which is known to be secure can be offloaded to the Xstream Network Flow FastPath. This accelerated path for trusted traffic boosts performance dramatically by freeing up resources from unnecessary traffic inspection tasks. This is particularly important for voice and video applications which are very sensitive to latency and so can quickly lead to a degradation of the user experience. XG Firewall includes automatic and policy-based intelligent offloading for trusted traffic processing at wire speed. Sophos CentralSophos Central is at the heart of everything we do. Our cloud management platform provides a single pane of glass to not only manage your firewalls, but also your full portfolio of Sophos security solutions.
Simply manage multiple firewallsSophos Central is the ultimate cloud-management platform – for all your Sophos products. It makes day-to-day setup, monitoring, and management of your XG Firewall easy. It also provides helpful features such as alerting, backup management, one-click firmware updates and rapid provisioning of new firewalls.
Note: Central Management is available at no extra cost
Firewall Reporting in the cloudSophos Central includes powerful reporting tools that enable you to visualize your network, web, application activity, and security over time. You get a flexible reporting experience that combines a variety of built-in reports with powerful tools to create your own custom reports – enabling you to report what you want, how you want.
Note: Central Reporting is available at no extra cost for the storage of up to 7 days of report data. Premium options with longer data retention are available for optional purchase.
Sophos is pleased to introduce the new Xstream Architecture for XG Firewall, a new streaming packet processing architecture that provides extreme levels of protection and performance. The new architecture includes:
XG Firewall gains an added layer of artificial intelligence protection. All suspicious files are now subject to threat intelligence analysis in parallel with full sandbox analysis. Files are checked against SophosLabs’ massive threat intelligence database and subjected to our industry-leading deep learning, which identifies new and unknown malware quickly and efficiently – often rendering a verdict in seconds – to stop the latest zero-day threats before they get on the network. Threat Intelligence Analysis is a new feature that is included as part of the Sandstorm Protection license (all PLUS bundles) at no extra charge. Threat Intelligence ReportingThreat Intelligence Reporting adds a new Control Center widget to highlight all suspicious file downloads. The widget enables one-click drill-down to detailed forensics reports on all suspicious file activity. A quick summary view for each file provides a traffic-light style (red, yellow, green) indication of the analysis after antivirus scanning, threat intelligence analysis, and sandboxing. Detailed reports provide an-depth view of the verdict, including illustrated analysis by multiple machine learning models, details and screenshots of behaviors seen during Sandstorm analysis, and an in-depth breakdown of the file’s features and attributes, together with malware scan results and insight from VirusTotal. Sophos Central Firewall Reporting and ManagementThis release includes support for new firewall reporting and management capabilities being launched simultaneously on Sophos Central, including a rich, powerful new reporting suite and group firewall management tools. NAT Enhancements – Decoupled NAT Rules and Linked NAT RuleXG Firewall’s NAT configuration receives some major updates. NAT rules are now decoupled from firewall rules, enabling more powerful and flexible configuration options, including Source (SNAT) and Destination (DNAT) in a single rule. A new NAT rule wizard enables you to quickly and easily create complex NAT rules with just a few clicks. In addition, a new linked NAT rule feature follows the matching criteria of the Firewall Rule. Linked NAT Rule can also be added and edited in place while creating/editing firewall rules. Only the source translation configuration needs to be selected for Linked NAT Rule. Firewall Rules Management ImprovementsFirewall rules management includes a new ‘Add Filter’ option with several fields/ conditions from which to choose. Adding a filter makes it easier to find firewall rules based on the selected filter criteria. Once selected, filters stay selected even when the administrator moves to other configuration screens. Administrators can manage multiple firewall rules at the same time (e.g. select multiple rules to delete, enable/ disable, attach to a group, etc.). Movement of rules across screens is possible, providing ease of use and management for larger rule sets. Within the firewall rule there is an exclusion feature that provides a “negate” option in the matching criteria to reduce the management and ordering overhead of multiple rules. There’s also a UI option to reset the data transfer counter for a firewall rule to improve troubleshooting. Enhanced DDNS SupportProvides support for enhanced DDC service HTTPS-based DDNS by adding five more DDNS providers – No-IP, DNS-O-Static, Google DNS, Namecheap, and FreeDNS. SD-WAN Application Routing and Synchronized SD-WANOptimized application routing and path selection is often an important objective in SD-WAN implementations – to ensure important business applications are routed over preferred WAN links. This release adds user and group application-based traffic selection criteria to XG Firewall’s SD-WAN routing configuration. Synchronized SD-WAN, a new Sophos Synchronized Security feature, offers additional benefits with SD-WAN application routing. Synchronized SD-WAN leverages the added clarity and reliability of application identification that comes with the sharing of Synchronized Application Control information between Sophos-managed endpoints and XG Firewall. Synchronized Application Control can positively identify 100% of all networked applications, including evasive, encrypted, obscure, and custom applications and now these previously unidentified applications can also be added to SD-WAN routing policies. This provides a level of application routing control and reliability that other firewalls can’t match. Alerts and NotificationsThere is a new option to choose from dozens of system- and threatrelated alerts, and have notifications sent via email or SNMP. Intelligent IPS Signature Selection XG Firewall will receive IPS signatures based on a number of intelligent filtering criteria such as age, vendor, vulnerability type, and CVSS (Common Vulnerability Scoring System) to optimize protection and performance. DKIM and BATV Anti-Spam ProtectionAnti-spam protection is improved with support for DomainKeys Identified Mail (DKIM) which detects forged sender addresses and Bounce Address Tag Validation (BATV) to determine whether the bounce address specified in the received email is valid, and reject backscatter spam. Kerberos Authentication and NTLMThis release adds Kerberos authentication alongside the existing NTLM support for Microsoft Active Directory SSO, extending the range of authentication tools available for customers. Radius Timeout with Two-Factor Authentication (2FA)For customers using 2FA with Radius Server Authentication, the timeout value is now configurable, allowing additional time to finish the authentication flow when necessary. SNMPv3Support for SNMPv3 is added providing more flexibility and security over SNMPv2. Interface RenamingInterfaces can be renamed, making networking configuration easier and more intuitive. Improved Synchronized Application Control VerdictIn the event of a pattern-based match conflict, Synchronized Application Control Verdict will be adhered to for more accurate application control. DHCP Relay Enhancements for Dynamic RoutingSynchronizes dynamic routing updates (learned routes from OSPF) to DHCP relay, eliminating the need for manual reconfiguration. Secure Syslog and Logs in the Standard Syslog FormatProvides the option to fetch logs in the standard syslog format using secure TLS. Dynamic GeoIP (IP to Country Mapping) DatabaseThe GeoIP database is now updated dynamically in real time from Up2Date. Be sure to always use the appropriate country-specific filters and policies. VMware Tools Upgrade and Integration with VMware Site Recovery Manager (SRM)Supports virtual device integration of the latest VMware Tools version (v10.3.10) with reboot, shutdown, and clone-like functionalities. The release also supports integration with Site Recovery Manager (SRM), the disaster recovery and business continuity solution from VMware which automates the transfer of virtual machines to a local or remote recovery site. Jumbo Frame SupportJumbo frames with more than 1500 byte payloads are now supported for added networking flexibility in high-bandwidth environments. Wildcard Domain Support in WAFXG Firewall now supports wildcard domains for WAF (Web Application Firewall). Administrators can configure wildcard subdomains, (e.g. *.example.com) for both HTTP and HTTPS. Log Viewer EnhancementsThe log viewer gets several enhancements with one-click actions available right from the logs to narrow search results, filter log entries, or create or modify policies on the fly. Options include the choice to disable signatures, block a source IP address, edit interfaces, and modify IPS, App Control, or web filtering policies. Web Policy EnhancementsBrowsing quotas have been added to web policies, allowing administrators to set time quotas for browsing selected website categories. Users can choose how and when to consume their daily time quota. High Availability (HA) EnhancementsNew enhancements enable plug-and-play high availability deployments with greater flexibility and business redundancy. A preconfigured HA port on every device enables quick and easy HA deployments by simply connecting the two ports together and then acknowledging and activating HA. HA configurations also include a configurable failback strategy, ideal for remote-site HA deployments, with options for manual synchronization and time out tuning. It is now possible to perform firmware updates, rollbacks, and other tasks such as port monitoring lists and assigning multiple IP addresses to primary and auxiliary appliances while HA is active. In addition, deploying more than one HA pair in a single network is easier due to the elimination of conflicts arising from any dependency on a virtual MAC address HA architecture.
All the protection you need to stop sophisticated attacks and advanced threats while providing secure network access to those you trust.
Next-gen Intrusion Prevention System Provides advanced protection from all types of modern attacks. It goes beyond traditional server and network resources to protect users and apps on the network as well. Advanced Threat Protection Instant identification and immediate response to today’s most sophisticated attacks. Multi-layered protection identifies threats instantly and Security Heartbeat™ provides an emergency response.
Security Heartbeat Creates a link between your Sophos Central protected endpoints and your firewall to identify threats faster, simplify investigation and minimize impact from attacks. Easily incorporate Heartbeat status into firewall policies to automatically isolate compromised systems. Advanced VPN technologies Adds unique and simple VPN technologies including our clientless HTML5 self-service portal that makes remote access incredibly simple or utilize our exclusive light-weight secure RED (Remote Ethernet Device) VPN technology. Web ProtectionUnmatched visibility and control over all your user’s web and application activity.
Powerful user and group web policy Provides enterprise-level Secure Web Gateway policy controls to easily manage sophisticated user and group web controls. Apply policies based upon uploaded web keywords indicating inappropriate use or behavior. Advanced Web Threat Protection Backed by SophosLabs, our advanced engine provides the ultimate protection from today’s polymorphic and obfuscated web threats. Innovative techniques like JavaScript emulation, behavioral analysis, and origin reputation help keep your network safe.
High performance transparent proxy Optimized for top performance, our transparent proxy technology provides ultra-low latency inspection and HTTPS scanning of all traffic for threats and compliance. Application Control and QoS Enables user-aware visibility and control over thousands of applications with granular policy and traffic-shaping (QoS) options based on application category, risk, and other characteristics. Synchronized Application Control automatically identifies all the unknown, evasive, and custom application on your network. Email ProtectionConsolidate your email protection with anti-spam, DLP, and encryption.
Integrated Message Transfer Agent Ensures always-on business continuity for your email, allowing the firewall to automatically queue mail in the event servers become unavailable. Live Anti-Spam Provides protection from the latest spam campaigns, phishing attacks, and malicious attachments. Self-serve Quarantine Gives employees direct control over their spam quarantine, saving you time and effort.
SPX Email Encryption Unique to Sophos, SPX makes it easy to send encrypted email to anyone, even those without any kind of trust infrastructure using our patent-pending password-based encryption technology. Data Loss Prevention Policy-based DLP can automatically trigger encryption or block/notify based on the presence of sensitive data in emails leaving the organization. Web Server ProtectionHarden your web servers and business applications against hacking attempts while providing secure access.
Business Application Policy Templates Pre-defined policy templates let you protect common applications like Microsoft Exchange Outlook Anywhere or SharePoint quickly and easily. Protection from the latest hacks and attacks With a variety of advanced protection technologies including URL and form hardening, deep-linking and directory traversal prevention, SQL injection and cross-site scripting protection, cookie signing and more.
Reverse proxy With authentication options, SSL offloading, and server load balancing ensure maximum protection and performance for your servers being accessed from the internet. Sandstorm ProtectionAI-driven static and dynamic file analysis techniques combine to bring unprecedented threat intelligence to your firewall and so effectively identify and block ransomware, known and unknown threats.
Powered by SophosLabs Powered by the industry-leading SophosLabs, the Sandstorm Protection subscription includes a fully cloudbased threat intelligence and threat analysis platform. This provides deep learning-based file analysis, detailed analysis reporting and a threat meter to show the risk summary for a file. They use layers of analytics to identify known and potential threats, reduce unknowns and derive verdicts and intelligence reports for the most commonly used file types. Static File Analysis By harnessing the power of multiple machine learning models, global reputation, deep file scanning, and more, you can quickly identify threats without the need to execute the files in real time.
Dynamic File Analysis Execute a file in a secure cloud-based sandbox to observe its behavior and intent. Screenshots provide added insight into any key events during the analysis. Threat Intelligence Analysis Reporting Rich intelligence reports provide you with much more than just a ‘good’, ‘bad’, or ‘unknown’ verdict. Full insight into the nature and capabilities of a threat are delivered through the use of data science and SophosLabs research.
Every XG Firewall comes equipped with Base Firewall functionality including IPSec, SSL VPN, and Wireless Protection. You can extend protection with our bundles or by adding protection modules individually. Sophos XG Firewall Value BundlesFor the ultimate in protection, value, and peace-of-mind, get one of our convenient Value Bundles.
Sophos XG Firewall is the only network security solution that is able to fully identify the user and source of an infection on your network and automatically limit access to other network resources in response. This is made possible with our unique Sophos Security Heartbeat™ that shares telemetry and health status between Sophos endpoints and your firewall, and integrates endpoint health into firewall rules to control access and isolate compromised systems. The good news is, this all happens automatically, and is successfully helping numerous businesses and organizations to save time and money in protecting their environments today.
Using Security Heartbeat we can do much more than just see the health status of an endpoint. We also have a solution to one of the biggest problems most network administrators face today – lack of visibility into network traffic. Synchronized Application Control automatically identifies, classifies and controls encrypted, custom, evasive, and generic HTTP or HTTPS applications which are currently going unidentified.
Lateral Movement Protection automatically isolates compromised systems at every point in the network to stop attacks dead in their tracks. Healthy endpoints assist by ignoring all traffic from unhealthy endpoints, enabling complete isolation, even on the same network segment, to prevent threats and active adversaries from spreading or stealing data.
User authentication is critically important in a nextgeneration firewall but often challenging to implement in a seamless and transparent way. Synchronized User ID eliminates the need for client or server authentication agents by sharing user identity between the endpoint and the firewall through Security Heartbeat™. It’s just another great benefit of having your firewall and endpoints integrated and sharing information.
Our XG Series hardware appliances are purpose-built with the latest multi-core Intel technology, generous RAM provisioning, and solid-state storage. Whether you’re protecting a small business or a large datacenter, you’re getting industry leading performance. Product Matrix
What you get with every XG Series appliance
A simple approach to comprehensive supportWe build products that are simple yet comprehensive. And, we take the same approach with our support. With options ranging from basic technical support to those including direct access to senior support engineers and customized delivery.
These desktop firewall appliances offer an excellent price-to-performance ratio making them ideal for small businesses or branch offices. They are available with or without integrated 802.11ac wireless LAN, so you can even have an all-inone network security and hotspot solution without the need for additional hardware. Of course, you can also add external access points. With Intel multi-core technology designed for best performance and efficiency in a small form factor, these models come equipped with 4 GbE copper ports built-in and 1 shared SFP interface, e.g. for use with our optional DSL modem or an SFP Fiber transceiver to connect the device to a server or switch. An optional second power supply provides an unmatched redundancy option in this product segment.
Showing 1–12 of 74 results Grid view List view |