Live Chat

Is there something I can help you find?

Solving Top Problems with Existing Firewalls

With features you just can’t get anywhere else.

  • Unified policies and streamlined workflows make it easy to manage
  • Control Center and rich on-box reporting provide unprecedented visibility
  • Layer-8 user identity across all areas provides invaluable insights & control
  • Synchronized Security links your endpoints for advanced protection
  • XG hardware appliances with FastPath provides lightning performance
  • Full suite of network, wireless, IPS, VPN, web, app control, email and web application firewall technologies provides complete protection

Instant Visibility

Sophos XG Firewall provides unprecedented visibility into your network, users, and applications right from the all-new control center. You also get rich, on-box reporting and the option to add Sophos Firewall Manager and iView for centralized management and reporting across multiple firewalls.

Click the items on the control center for more information.

Synchronized Security

Advanced attacks are more coordinated than ever before. Now your defenses can be, too. Our revolutionary Security Heartbeat™ ensures your endpoint protection and firewall are talking to each other. It’s a simple yet effective idea that means you get better protection against advanced threats and spend less time responding to incidents.

Security Heartbeat™

XG Firewall monitors the Security Heartbeat™ status of all your Sophos Endpoints, enabling you to quickly identify compromised systems and automatically limit network access for these systems until they can be cleaned up.

Destination Heartbeat Protection

New in XG Firewall v16. You can now control access to endpoints and servers based on the status of their Heartbeat – further bolstering protection from potentially compromised systems until they are completely safe.

Real-time Application Visibility

An industry first, XG Firewall can utilize Synchronized Security to solicit information from an endpoint to determine the application responsible for generating unknown traffic on your network.

Next-Generation Network Protection

Our all-new Sophos Firewall OS integrates all the advanced networking, protection, user and app controls you need to stay secure and compliant.

  • Firewall Management

    Sophos Firewall OS provides an elegant and effective web-based management console that provides quick access to all the features you need without unnecessary complexity.

    Control Center provides at-a-glance feeds of system performance, traffic patterns, alerts and policies.

    Unified Policy Model enables convenient management of all your user, network, and business app policies in one place for apps, web, QoS, and IPS, reducing redundancy and overall rule count.

    Policy Templates for networks, users, and business applications dramatically streamlines configuration.

    Role-based Admin provides flexible granular access control for different functional areas.

  • Centralized Management

    Sophos Firewall Manager provides centralized management, monitoring, and control of all your XG Firewalls from a single console using a common user-interface that makes it easy to learn and use.

    Full-featured control and management of all firewall features centrally.

    Re-usable Templates makes it easy to apply consistent policy and setup new devices or branch offices.

    Flexible device grouping by region or model makes it easy to work with just the Firewalls you want.

    Real-time Monitoring at-a-glance status of device health including unique NOC view with instant drill-down.

    Role-based Admin with change control tracking and audit logging makes it easy to identify past changes and roll back if necessary.

    Firmware Update Management enables quick and easy updates to all your Firewalls with just a few clicks

  • Status and Alerts

    The all-new carefully crafted Control Center analyzes extensive back-end data sources to surface just the information you need to respond quickly to changes in your network.

    Instant Insights at a glance for all your important system, security and network status indicators from the all-new control center

    Automated Report Analysis highlights reports in the control center featuring data of interest or that may need attention with one-click access to the full report.

    Quick Drill-down interaction with any control center widget to get more detailed information, access relevant tools, or quickly take action.

    Email Notifications are automatically sent for important system status events.

    SNMP with a custom MIB and support for IPSec VPN tunnels to manage remote office firewall devices.

  • Reporting and Logging

    Take advantage of the XG Firewall’s extensive on-box reporting or utilize Sophos iView for comprehensive centralized reporting across your all your firewall devices.

    On-box Reporting comes standard with every XG Firewall for all your local firewall reporting needs.

    Centralized Reporting aggregates log data across all your firewall devices (including XG Firewall, UTM 9, and Cyberoam devices) to provide comprehensive consolidated reporting from a single screen.

    User and App Risk Analysis reports such as our unique User Threat Quotient or App Risk Score identify top risk users and applications respectively.

    Live Log Viewer accessible from any screen provides a real-time view into activity in your firewall across multiple separate windows with color-coded log lines.

    Change Control and Audit Logging are provided to ensure compliance.

    Syslog Support enables safe backup, archival, and analysis of system logs.

  • User Identity

    Layer-8 identity-based policies and unique user risk analysis give you the knowledge and power to regain control of your users before they become a serious threat to your network.

    Layer-8 Identity powers all firewall polices and reporting, enabling unprecedented next-gen control over applications, web surfing, bandwidth quotas, and other network resources.

    User-based Policy Control over applications, websites, categories, and traffic shaping (QoS).

    User Threat Quotient (UTQ) identifies the top risk users on your network based on their recent network behavior.

    Flexible Authentication Options including directory services (AD, eDirectory, LDAP), NTLM, RADIUS, TACACS+, RSA, client agents, or captive portal.

    Two-Factor Authentication (2FA) one-time-password support for access to key system areas including IPsec and SSL VPN, the user portal, and the web administration console.

  • Application Control

    Complete application visibility and control over all applications on your network with deep-packet scanning technology.

    Visibility and Control over thousands of applications via customizable policy templates with granular controls based on category, risk, technology, or other undesirable characteristics .

    User-based Application Policies enables custom-tailored application control to be added to any user, group, or network policy with the option to also apply traffic shaping.

    Traffic Shaping (QoS) prioritizes bandwidth allocation to critical applications and limits bandwidth for non-business applications.

    HTTPS Scanning deep scans encrypted application traffic for browsers and related micro-apps to control chat, messaging, posts, file transfers, and other web and social media apps.

  • Web Control

    Full visibility and control over all your web traffic with flexible enforcement tools that work the way you need with options for user and group enforcement of activity, quotas, schedules, and traffic shaping.

    Enterprise Secure Web Gateway (SWG) policy model with hierarchical inheritance enables sophisticated group and user based web filtering policies to be defined quickly and easily, dramatically reducing firewall rule count.

    Template driven activity control with predefined workplace and compliance policies utilize over 90 predefined website categories covering billions of pages maintained by SophosLabs with the option to import custom URL lists.

    Traffic Shaping (QoS) prioritizes bandwidth allocation to critical web applications and limits bandwidth for non-business websites.

    Comprehensive enforcement monitors HTTPS encrypted traffic, blocks anonymizing proxies, and can enforce Google Apps domains and enforce SafeSearch to ensure your policies are always enforced.

  • Content Control

    Flexible, user-based policy control of downloadable content including files types and dynamic content via FTP, HTTP, or HTTPS.

    Content Filtering Templates let you control hundreds of different files, executable, and dynamic content types simply as part of any user or network web control policy.

    Create Custom Content Type Definitions easily by adding them to existing content filtering categories or your own custom categories.

    Content Scanning Options let you customize when and how content is scanned with size options and real-time or batch-mode scanning.

    Outbound Email DLP that's policy based can automatically trigger encryption or block/notify based on the presence of sensitive data in emails leaving the organization.

    Web Caching reduces bandwidth consumption by caching supported web content and downloads, including Sophos Endpoint updates.

Previous
Next
  • Firewall

    Stateful and deep-packet inspection for network and application traffic with advanced networking and perimeter defenses.

    Zone-based Security enables profile-based networking and security rules with multiple security zones built-in (LAN, WAN, DMZ, VPN, Wi-Fi) or create your own custom zones.

    Perimeter Defenses stops attacks on your network including reconnaissance detection, spoofing, flood protection (DoS, DDoS), and packet-based attacks (ICMP).

    Access Control Criteria based on user-identity, source and destination zone, MAC or IP address, Service, etc.

    Country-based Policy blocks Geo IP ranges for entire countries or regions.

  • IPS

    XG Firewall incorporates next-generation IPS (NGIPS) advanced protection from hacks and attacks while maintaining top performance.

    Next-Gen IPS goes beyond traditional servers and network resources to identify and protect users and applications on the network as well.

    Advanced Protection from all types of modern hacks and attacks using a uniform signature format backed by SophosLabs.

    FastPath Packet Optimization provides transparent (layer-2), single-scan performance with up to 200% better performance than conventional scanning technology, so IPS won’t slow you down.

    Country-based Policy blocks Geo IP ranges for entire countries or regions.

  • Anti-malware

    Sophos' award-winning, high-performance anti-malware engine is backed by SophosLabs and a 30-year history of protecting enterprises from the latest threats.

    Advanced Malware Protection that goes beyond signature-based detection to include advanced, proprietary techniques like code emulation and behavioral analysis to detect obfuscated or polymorphic threats.

    Live Protection is exclusive to Sophos and closes the gap between regular updates through real-time cloud lookups.

    Dual-engine Scanning offers the option of scanning traffic with the Sophos engine for excellent performance and protection, or adding a second engine scan for even more protection.

    SophosLabs 24/7 global threat research operation is one of few in the world with the breadth and depth necessary to stay ahead of the latest threats.

  • Web Protection

    Sophos' Web Protection engine is backed by SophosLabs and includes innovative technologies required to identify and block the latest web threats.

    Advanced Web Protection combines advanced analysis capabilities such as JavaScript emulation, behavioral analysis, and origin reputation to protect against modern, multi-stage web attacks.

    Pharming Protection guards against phishing and pharming attacks by overriding corrupt host file or DNS lookups.

    HTTPS Scanning deep scans encrypted traffic for threats and compliance.

    SophosLabs, the global, round-the-clock threat research operation, identifies thousands of newly infected websites and instances of web malware, ensuring you have the best malicious site database protecting your network and users.

  • Synchronized Security

    Our revolutionary Security Heartbeat links your endpoints with your firewall to deliver unparalleled protection from advanced threats while significantly reducing the time and complexity of responding to security incidents.

    Security Heartbeat™ XG Firewall monitors the Security Heartbeat™ status of all your Sophos Endpoints enabling you to quickly identify compromised systems and automatically limit network access for these systems until they can be cleaned up

    Destination Heartbeat Protection, new in XG Firewall v16. You can now control access to endpoints and servers based on the status of their Heartbeat – further bolstering protection from potentially compromised systems until they are completely safe.

    Real-time Application Visibility. An industry first, XG Firewall can utilize Synchronized security to solicit information from an Endpoint to determine the application responsible for generating unknown traffic on your network.

  • Advanced Threat Protection

    Sophos Firewall OS delivers advanced threat protection to defend your network from today’s sophisticated attacks.

    Security Heartbeat links your endpoints and your firewall, combining their intelligence to identify and isolate systems compromised by advanced and previously unknown threats

    Multi-layered, Call-home Protection combines analysis from DNS, IPS, web, and traffic filters to identify and block bot-net and command-and-control (C&C) call-home attempts

    Intelligent Firewall Policies account for endpoint behavior to automatically isolate or limit access to infected systems that may be compromised by an advanced threat

  • Business Applications

    Combine next-gen firewall capabilities with our enterprise-class web application firewall to protect your critical business applications from hacks and attacks while still enabling authorized access.

    Next-Generation IPS provides advanced protection from hacks and attacks while maintaining top performance

    Web Application Firewall integrates seamlessly with your next-gen firewall, combining industrial-strength protection like URL and form hardening with the ease of template-driven policy configuration

    Granular, User-based Protection with a rich set of configuration options and multiple authentication options, ensuring easy access for those you want and powerful protection from those you don't

  • Email and Data

    Protect your email from spam, phishing, and data loss with our unique all-in-one protection that combines policy-based email encryption with DLP and anti-spam.

    Full MTA Store and forward support enables business continuity, allowing the firewall to store mail when target servers are unavailable.

    Live Anti-spam provides protection from the latest spam campaigns, phishing attacks, and malicious attachments

    SPX Encryption is unique to Sophos, making it easy to send encrypted email to anyone, even those without any kind of trust infrastructure

    DLP that's policy based can automatically trigger encryption or block/notify based on the presence of sensitive data in emails leaving the organization

    Self-serve quarantine gives employees direct control over their spam quarantine, saving you time and effort

Previous
Next
  • Routing and Bridging

    Sophos XG Firewall offers the most advanced high-performance networking technology available.

    Flexible NAT and Bridging Options ensures compatibility with nearly any network topology or segmentation strategy.

    Access Control Criteria is based on user-identity, source and destination zone, MAC or IP address, Service, etc.

    Advanced Routing uses Static, OSPF, BGP, and RIP with full 802.1Q VLAN support and multicast with support for per-rule routing and policy based routes based on source, service or destination.

    WAN Link Balancing provides load balancing and high availability with weighting options and fail-over rules.

    Discover Mode allows deployment without any network changes to monitor network traffic in either bridge mode or while connected to a switch mirror port.

    IPv6 Support throughout for interfaces, routing, and tunneling, including 6-in-4, 6-to-4, 4-in-6, IPv6 rapid deployment (6rd), and IPv6 through IPSec tunneling.

  • Zone Segmentation

    Zones rise above the traditional interface-based configuration model to provide a more intuitive, powerful, and simple way to secure and segment your network and create policy.

    Default Zones for LAN, WAN, DMZ, LOCAL, VPN, and Wi-Fi make it easy to get up and running quickly and easily

    Custom Zones are easily created on the LAN or DMZ with a variety of options for admin service access, as well as authentication and various network services

    Zone Isolation ensures zones are isolated until firewall rules are explicitly created to enable secure exchange of application, user, and network traffic to pass between them

    Zone-based Policies enable simple but powerful firewall rules that anyone can immediately interpret and understand

  • Traffic Shaping (QoS)

    Flexible, powerful, but easy-to-use traffic shaping (also known as quality of service or QoS) controls enable configuration by application, category, user, group, or policy rule.

    Network or User-based Traffic Shaping prioritizes bandwidth allocation to critical applications and limits bandwidth for non-business applications on any network or user-based policy

    Web Category Traffic Shaping prioritizes bandwidth allocation and/or limits based on website category

    Network Traffic Quotas allow unlimited customization for total or individual network traffic quotas

    Real-time VoIP Optimization ensures real-time traffic for Voice over IP and other communications are given prioritization

  • Wireless Controller

    Integrated wireless controllers in XG Firewalls enables easy secure wireless deployments managed from a single console.

    Plug-and-play deployment enables quick installation and configuration with just a few clicks since the firewall automatically recognizes the Sophos Wireless Access Point as soon as it’s connected

    High Performance with the latest 802.11ac and powerful radios, offering maximum coverage and throughput

    Flexible Configuration with options for isolation, bridging, zones, hotspots, and multiple SSIDs per radio

    Secure Encryption with support for all the latest standards including WPA2 Personal and Enterprise

  • Performance

    Sophos combines performance optimized technologies at every point in the firewall processing chain that leverage Intel’s multi-core processing platform.

    FastPath Packet Optimization improves firewall scanning performance by 200% or more by automatically putting secure traffic on the fast path after the initial content is identified, scanned, and determined to be safe and compliant

    High-performance Proxy supporting thousands of simultaneous connections, enforces web policy with millisecond latency

    High-speed Interfaces and Switches come with plenty of GigE ports on every appliance and optional FlexiPort expansion modules for 10GbE copper or fiber connectivity

    High Availability with active-active load balancing or active-passive fail-over and WAN Link balancing lets you easily double your performance when you need it

  • VPN

    Select from a full range of VPN technologies for secure site-to-site and remote access.

    Full Standards-based VPN support includes IPSec, SSL, PPTP, L2TP, Cisco VPN (iOS), and OpenVPN (iOS and Android)

    Clientless Portal using Sophos unique encrypted HTML5 self-service portal provides support for RDP, HTTP, HTTPS, SSH, Telnet, and VNC for quick access to essential business applications

    RED VPN, a Sophos exclusive, uses an affordable Remote Ethernet Device (RED) at the remote site to easily establish a secure VPN connection

    Firewall-to-Firewall RED Tunnels offer a high performance VPN alternative to connect your Firewalls, exclusive to Sophos

  • RED VPN

    A unique Sophos Remote Ethernet Devices (RED) makes extending your secure network to other locations as easy as plugging in a box.

    Plug-and-play VPN. Simply enter the RED ID into your firewall and ship it.

    No Technical Skills Required. As soon as it’s plugged in, the device will automatically establish the VPN connection with the Firewall.

    Traffic Routing allows you to direct all network traffic from the remote location back to your firewall for complete protection or to only route inter-office network traffic via RED

    Secure Encryption All traffic between the RED and your firewall is encrypted to provide a secure private connection

  • Encrypted Traffic

    Ensure encrypted traffic is not a blind spot in your network with fully transparent SSL scanning, enforcement, and protocol validation.

    SSL Decryption securely intercepts and decrypts SSL traffic to allow deep scanning for security, compliance, and policy checks with policy-driven opt-outs, allowing privacy for sensitive traffic

    SSL Inspection ensures enforcement and compliance even without full man-in-the-middle decryption

    Certificate Validation protects your network from malformed or spoofed certificates

    Protocol Enforcement for encrypted traffic connections identifies and blocks unwanted traffic trying to bypass filtering or traffic shaping

Unified User, Application, and Network Control

We’ve rethought the way policies are managed. Sophos XG offers an all-new unified policy model that enables you to see and manage all your user, application, and network policies in a single place.

Most firewall products make you set up and manage policies across multiple modules or screens. Not Sophos. We provide a powerful unified policy model that allows you to view, filter, and sort all your policies on a single screen.

Policy types for users, business applications, and networking make it easy to view just the policies you need while providing a single convenient screen for management
At-a-glance Indicators provide important information about policies such as their type, status, heartbeat requirements, and much more
Natural Language Descriptions are built for humans, so you can understand what a policy is doing in plain language long after you’ve configured it

Powerful Management and Scalability

Sophos XG Firewall provides unprecedented visibility into your network, users, and applications right from the all-new control center. You also get rich, on-box reporting and the option to add Sophos iView for centralized reporting across multiple firewalls.

Sophos Firewall Manager Centralized Management

Use Sophos Firewall Manager to monitor, configure, and administer all your firewalls conveniently from a single console.

Sophos iView Centralized Reporting

Provides full visibility across your entire estate of firewalls with consolidated reporting and off-box storage management for important log data.

Clustering and Redundancy

Active-active clustering and active-passive failover provide scalability and business continuity.

Flexible Deployment Options

Choose from a variety of different hardware appliance models, virtual environments, or even deploy it on your Intel server hardware platform of choice.

What Are You Waiting For?

For any additional questions, visit our How to Buy page or give one of our Sales Agents a call.

Live Chat

Is there something I can help you find?