Sophos XG Firewall on Microsoft Azure

Simplify Cloud Security

Security for the Azure Cloud

Sophos XG Firewall is a next-generation firewall you can select and launch from within the Microsoft Azure Marketplace. XG Firewall deploys as an all-in-one solution that combines advanced networking, protections such as Intrusion Prevention (IPS), and Web Application Firewalling (WAF), and user and application controls as well. XG Firewall is designed to help you protect your Azure-based workloads against advanced threats.

Benefits of Sophos XG Firewall on Microsoft Azure




All-in-One

Sophos XG Firewall integrates multiple best-of-breed security technologies into a single solution. This frees up the time it would take you to deploy and integrate multiple products from different vendors.

Deploy in Minutes

XG Firewall is available as a preconfigured virtual machine within the Azure Marketplace. You can use Azure Resource Manager templates to speed deployment or customize the configuration to meet the specific needs of your environment.

Centralized Policy Management

XG Firewall provides a unified policy model that allows you to manage, view, filter, sort, and apply all of your user, application, and network policies from a single console.

Flexible Pricing

Sophos offers two pricing options for XG Firewall on Azure. You can choose between pay-as-you-go (PAYG) or bring-your-own-license (BYOL). PAYG allows you to pay only for what you use, so you do not have to guess about capacity. There is no minimum commitment and you can stop at any time. BYOL allows you to use your existing investment in XG Firewall. When you purchase a 1-, 2-, or 3-year XG Firewall license, you can use that license in conjunction with Azure.

XG Firewall Features

Next-Gen Firewall

  • Stateful and deep-packet inspection for network and application traffic with advanced networking and perimeter defenses
  • Zone-based security enables profile-based networking and security rules with multiple security zones built-in (LAN, WAN, DMZ, VPN, Wi-Fi) – or create your own custom zones
  • Perimeter defenses stops attacks on your network, including reconnaissance detection, spoofing, flood protection (DoS, DDoS), and packet-based attacks (ICMP)
  • Access control criteria based on user identity, source and destination zone, MAC or IP address, Service, etc.
  • Country-based policy blocks geo IP ranges for entire countries or regions

Web Application Firewall (WAF)

  • Reverse proxy
  • URL hardening engine with deep linking and directory traversal prevention
  • Form hardening engine
  • SQL injection protection
  • Cross-site scripting protection
  • Dual antivirus engines (Sophos and Avira)
  • HTTPS (SSL) encryption offloading
  • Cookie signing with digital signatures
  • Path-based routing
  • Outlook anywhere protocol support

Web Content Filter

  • Flexible, user-based policy control of downloadable content including files types and dynamic content via FTP, HTTP, or HTTPS
  • Content filtering templates let you control hundreds of different files, executables, and dynamic content types simply as part of any user or network web control policy
  • Create custom content type definitions easily by adding them to existing content filtering categories or your own custom categories
  • Content scanning options let you customize when and how content is scanned with size options and real-time or batch-mode scanning
  • Web caching reduces bandwidth consumption by caching supported web content and downloads, including Sophos Endpoint updates

Virtual Private Networking

Select from a full range of VPN technologies for secure site-to-site and remote access.

  • Full standards-based VPN support includes IPSec, SSL, PPTP, L2TP, Cisco VPN (iOS), and OpenVPN (iOS and Android)
  • Clientless portal using Sophos' unique encrypted HTML5 self-service portal provides support for RDP, HTTP, HTTPS, SSH, Telnet, and VNC for quick access to essential business applications
  • RED VPN, a Sophos exclusive, uses an affordable Remote Ethernet Device (RED) at the remote site to easily establish a secure VPN connection

Intrusion Prevention

  • XG Firewall incorporates next-generation IPS (NGIPS) advanced protection from hacks and attacks while maintaining top-level performance
  • Next-gen IPS goes beyond traditional servers and network resources to identify and protect users and applications on the network as well
  • Advanced protection from all types of modern hacks and attacks using a uniform signature format backed by SophosLabs
  • FastPath packet optimization provides transparent (layer-2) single-scan performance with up to 200% better performance than conventional scanning technology, so IPS won’t slow you down
  • Country-based policy blocks geo IP ranges for entire countries or regions

Advanced Threat Protection

  • Sophos Firewall OS delivers advanced threat protection to defend your network from today’s sophisticated attacks.
  • Multi-layered, Call-home Protection combines analysis from DNS, IPS, web, and traffic filters to identify and block bot-net and command-and-control (C&C) call-home attempts
  • Intelligent Firewall Policies account for endpoint behavior to automatically isolate or limit access to infected systems that may be compromised by an advanced threat

Real-time and Historical Reporting

  • Out-of-the-box reports for visibility and action
  • Hundreds of built-in reports, so you’ll know exactly what’s happening with your users and your network
  • Detailed reports, stored locally with no separate tools required
  • Our unique User Threat Quotient reports so you'll be able to see which of your users are putting your security at risk

Shared Responsibilities for Cloud Computing

Microsoft Azure provides you with services that can help you meet your security, privacy and compliance needs. These include physical security, host infrastructure, and some network controls. You are responsible for the security and integrity of the applications and workloads you run in the cloud. These include but are not limited to application level controls, identity and access management, end-point protection, and data protection. You can use Sophos XG Firewall to help improve your security posture. Learn more by visiting the Azure shared responsibility website.

What Are You Waiting For?

Visit the Azure Marketplace to start your free trial, or contact us to learn more about Sophos XG Firewall on Microsoft Azure.