Sophos XG Firewall
Sophos XG FirewallThe world’s best visibility, protection, and response.Sophos XG Firewall brings a fresh new approach to the way youmanage your firewall, respond to threats, and monitor what’shappening on your network.
Sophos XG FirewallSophos XG FirewallSophos XG Firewall introduces an innovative approach to the way that youmanage your firewall, and how you can detect and respond to threats on yournetwork.See it. Stop it. Secure it.Our comprehensive next-generation firewall protection has been built to expose hidden risks, block both known andunknown threats, and automatically respond to incidents.Exposes hidden risksBlocks unknown threatsAutomatically responds to incidentsSophos XG Firewall provides unrivaledvisibility into risky users, unknown andunwanted apps, advanced threats,suspicious payloads, encryptedtraffic and much more. Rich on-boxreporting is built-in and powerfulcentralized reporting for multiplefirewalls is available in the cloud.Sophos XG Firewall provides all thelatest advanced technology you need toprotect your network from ransomwareand advanced threats including toprated IPS, Advanced Threat Protection,Cloud Sandboxing and full AI-poweredthreat analysis, Dual AV, Web and AppControl, Email Protection and a fullfeatured Web Application Firewall.And it’s easy to setup and manage.XG Firewall is the only network securitysolution that is able to fully identify thesource of an infection on your networkand automatically limit access toother network resources in response.This is made possible with our uniqueSophos Security Heartbeat that sharestelemetry and health status betweenSophos endpoints and your firewall.1
Sophos XG FirewallThe Xstream AdvantageThe XG Firewall Xstream architecture is engineered to deliver extreme levelsof visibility, protection, and performance to help address some of the greatestchallenges facing network administrators today.Xstream SSL InspectionXstream Network Flow FastPathAccording to the latest statistics, approximately 80% of webtraffic is encrypted, making it invisible to most firewalls. Anincreasing amount of malware and potentially unwantedapps exploit the fact that organizations are simply not usingSSL inspection. Network administrators' main fears are thatSSL inspection will have a performance impact or causesomething to break, impacting the user experience.Traffic which is known to be secure can be offloaded to theXstream Network Flow FastPath. This accelerated pathfor trusted traffic boosts performance dramatically byfreeing up resources from unnecessary traffic inspectiontasks. This is particularly important for voice and videoapplications which are very sensitive to latency and so canquickly lead to a degradation of the user experience. XGFirewall includes automatic and policy-based intelligentoffloading for trusted traffic processing at wire speed.XG Firewall removes the blind spots caused by encryptedtraffic by allowing you to use SSL inspection whilstmaintaining performance efficiency.Xstream DPI EngineWe believe you should never have to decide betweensecurity and performance. XG Firewall includes a highspeed Deep Packet Inspection (DPI) engine to scan yourtraffic for threats without a proxy slowing down the process.The firewall stack can completely offload the processingto the DPI engine, significantly reducing latency and soimproving overall efficiency.XG Firewall provides robust deep packet threat protection ina single streaming engine for AV, IPS, Web, App Control andSSL inspection.2
Sophos XG FirewallSophos CentralSophos Central is at the heart of everything we do. Our cloud managementplatform provides a single pane of glass to not only manage your firewalls, butalso your full portfolio of Sophos security solutions.Central ManagementCentral ReportingSimply manage multiple firewallsFirewall Reporting in the cloudSophos Central is the ultimate cloud-managementplatform - for all your Sophos products. It makes day-to-daysetup, monitoring, and management of your XG Firewalleasy. It also provides helpful features such as alerting,backup management, one-click firmware updates and rapidprovisioning of new firewalls.Sophos Central includes powerful reporting tools thatenable you to visualize your network, web, applicationactivity, and security over time. You get a flexible reportingexperience that combines a variety of built-in reportswith powerful tools to create your own custom reports –enabling you to report what you want, how you want.Ì Manage all your XG Firewalls and otherSophos products from a single consoleÌ Increase your visibility into networkactivity through analyticsÌ Configure changes and apply them to a group offirewalls or manage each firewall individuallyÌ Analyze data to identify security gaps, suspicious userbehavior or other events requiring policy changesÌ Create a backup schedule and storeup to 5 backups in the cloudÌ Use the pre-defined modules or customizeeach report for specific use casesNote: Central Management is available at no extra cost.Note: Central Reporting is available at no extra cost for the storage of up to 7 daysof report data. Premium options with longer data retention are available for optionalpurchase.Zero-touch DeploymentUsing Sophos Central, you can create a configuration for an XG firewall which you can then deploy at yourconvenience, for example, at a remote site. There is no need for technical staff on-site, simply providethe configuration file, store it on a USB key and boot the appliance with the USB key connected.Learn more about the Sophos Central Ecosystem at sophos.com/firewall-central.3
Sophos XG FirewallSynchronized SecuritySecurity Heartbeat - Your firewall and yourendpoints are finally talkingSophos XG Firewall is the only network security solutionthat is able to fully identify the user and source of aninfection on your network and automatically limit access toother network resources in response. This is made possiblewith our unique Sophos Security Heartbeat that sharestelemetry and health status between Sophos endpointsand your firewall and integrates endpoint health into firewallrules to control access and isolate compromised systems.Synchronized Application ControlUsing Security Heartbeat, we can do much more thanjust see the health status of an endpoint. We also havea solution to one of the biggest problems most networkadministrators face today - lack of visibility into networktraffic.Synchronized Application Control automatically identifies,classifies and controls encrypted, custom, evasive, andgeneric HTTP or HTTPS applications which are currentlygoing unidentified.The good news is, this all happens automatically, andis successfully helping numerous businesses andorganizations to save time and money in protecting theirenvironments today.What Next-Gen Firewalls See TodayYou can’t control what you can’t see. All firewalls todaydepend on static application signatures to identify appsBut those don’t work for most custom, obscure, evasive,or any apps using generic HTTP or HTTPS.What XG Firewall SeesXG Firewall utilizes Synchronized Security to automaticallyidentify, classify, and control all unknown applicationseasily blocking the apps you don’t want and prioritizingthe ones you do.Lateral Movement ProtectionSynchronized User IDLateral Movement Protection automatically isolatescompromised systems at every point in the network tostop attacks dead in their tracks. Healthy endpoints assistby ignoring all traffic from unhealthy endpoints, enablingcomplete isolation, even on the same network segment, toprevent threats and active adversaries from spreading orstealing data.User authentication is critically important in a nextgeneration firewall but often challenging to implementin a seamless and transparent way. Synchronized UserID eliminates the need for client or server authenticationagents by sharing user identity between the endpointand the firewall through Security Heartbeat. It’s justanother great benefit of having your firewall and endpointsintegrated and sharing information.Synchronized SD-WAN - Powerful, reliable application routingSynchronized SD-WAN harnesses the power of Synchronized Security to optimizeWAN path selection for your important business applications.With Synchronized Application Control, discovered applications, which would otherwise beunknown, can be used for traffic matching criteria in SD-WAN routing policies. This is yetanother way that Synchronized Security can improve the efficiency of your network.4
Sophos XG FirewallProtection ModulesYou can choose from a number of modules to customize the protection offeredby your firewall to your individual needs and deployment scenario.Network ProtectionWeb ProtectionAll the protection you need to stop sophisticated attacksand advanced threats while providing secure networkaccess to those you trust.Unmatched visibility and control over all your user’s weband application activity.Next-gen Intrusion Prevention SystemProvides advanced protection from all types of modernattacks. It goes beyond traditional server and networkresources to protect users and apps on the network as well.Provides enterprise-level Secure Web Gateway policycontrols to easily manage sophisticated user and groupweb controls. Apply policies based upon uploaded webkeywords indicating inappropriate use or behavior.Security HeartbeatApplication Control and QoSCreates a link between your Sophos Central protectedendpoints and your firewall to identify threats faster,simplify investigation and minimize impact from attacks.Easily incorporate Heartbeat status into firewall policies toautomatically isolate compromised systems.Enables user-aware visibility and control over thousandsof applications with granular policy and traffic-shaping(QoS) options based on application category, risk, andother characteristics. Synchronized Application Controlautomatically identifies all the unknown, evasive, andcustom applications on your network.Advanced Threat ProtectionInstant identification and immediate response to today’smost sophisticated attacks. Multi-layered protectionidentifies threats instantly and Security Heartbeat providesan emergency response.Advanced VPN technologiesAdds unique and simple VPN technologies including ourclientless HTML5 self-service portal that makes remoteaccess incredibly simple or utilize our exclusive light-weightsecure SD-RED (Remote Ethernet Device) VPN technology.Powerful user and group web policyAdvanced Web Threat ProtectionBacked by SophosLabs, our advanced engine providesthe ultimate protection from today’s polymorphic andobfuscated web threats. Innovative techniques likeJavaScript emulation, behavioral analysis, and originreputation help keep your network safe.High-performance traffic scanningOptimized for top performance, our Xstream SSL inspectionprovides ultra-low latency inspection and HTTPS scanningwhilst maintaining performance.See the Licensing section at the end of this document for details of all purchase options.5
Sophos XG FirewallEmail ProtectionWeb Server ProtectionConsolidate your email protection with anti-spam, DLP, andencryption.Harden your web servers and business applications againsthacking attempts while providing secure access.Integrated Message Transfer AgentBusiness Application Policy TemplatesEnsures always-on business continuity for your email,allowing the firewall to automatically queue mail in theevent servers become unavailable.Pre-defined policy templates let you protect commonapplications like Microsoft Exchange Outlook Anywhere orSharePoint quickly and easily.Live Anti-SpamProtection from the latest hacks and attacksProvides protection from the latest spam campaigns,phishing attacks, and malicious attachments.Self-serve QuarantineWith a variety of advanced protection technologiesincluding URL and form hardening, deep-linking anddirectory traversal prevention, SQL injection and cross-sitescripting protection, cookie signing and more.Gives employees direct control over their spam quarantine,saving you time and effort.Reverse proxySPX Email EncryptionUnique to Sophos, SPX makes it easy to send encryptedemail to anyone, even those without any kind of trustinfrastructure, using our patent-pending password-basedencryption technology.Data Loss PreventionPolicy-based DLP can automatically trigger encryption orblock/notify based on the presence of sensitive data inemails leaving the organization.6With authentication options, SSL offloading, and server loadbalancing ensure maximum protection and performancefor your servers being accessed from the internet.
Sophos XG FirewallSandstorm ProtectionAI-driven static and dynamic file analysis techniques combine to bringunprecedented threat intelligence to your firewall and so effectively identifyand block ransomware, known and unknown threats.How to buy Sandstorm ProtectionSandstorm Protection is available as an add-on subscription and is also includedin our 'Plus' Bundles, e.g. EnterpriseGuard Plus, FullGuard Plus.Powered by SophosLabsDynamic File AnalysisPowered by the industry-leading SophosLabs, theSandstorm Protection subscription includes a fully cloudbased threat intelligence and threat analysis platform. Thisprovides deep learning-based file analysis, detailed analysisreporting and a threat meter to show the risk summary fora file.Execute a file in a secure cloud-based sandbox to observeits behavior and intent. Screenshots provide added insightinto any key events during the analysis.We use layers of analytics to identify known and potentialthreats, reduce unknowns and derive verdicts andintelligence reports for the most commonly used file types.Threat Intelligence Analysis ReportingRich intelligence reports provide you with much more thanjust a ‘good’, ‘bad’, or ‘unknown’ verdict. Full insight into thenature and capabilities of a threat are delivered through theuse of data science and SophosLabs research.Static File AnalysisBy harnessing the power of multiple machine learningmodels, global reputation, deep file scanning, and more, youcan quickly identify threats without the need to execute thefiles in real time.The Threat Meter provides an almost instant result, even whenfurther analysis is still ongoing.7
Sophos XG FirewallSophos XG Series Appliances – at a glanceOur XG Series hardware appliances are purpose-built with the latest multi-core technology, generous RAM provisioning, andsolid-state storage. Whether you’re protecting a small business or a larger distributed enterprise, you’re getting industryleading performance.Product MatrixModelTech. SpecsRevision #FormFactorPorts/Slotsw-model*(Max Ports)Throughput¹Swappable ComponentsFirewall(Mbps)IPsec VPN(Mbps)NGFW(Mbps)Threat Protection(Mbps)XstreamSSL (Mbps)75XG 86(w)1desktop4Wi-Fi 5n/a3,100225350145XG 106(w)1desktop4Wi-Fi 5opt. ext. Power3,55033040015075XG 115(w)3desktop4Wi-Fi 5opt. ext. Power4,0005601,000375130XG 125(w)3desktop9/1 (9)Wi-Fi 5opt. ext. Power, 3G/4G7,0001,5001,275400170XG 135(w)3desktop9/1 (9)Wi-Fi 5opt. ext. Power, 3G/4G, Wi-Fi**7,5001,7001,800600210XG 21031U8/1 (16)n/aopt. ext. Power29,0001,9203,200800230XG 23021U8/1 (16)n/aopt. ext. Power32,0002,1004,5001,000280XG 31021U12/1 (20)n/aopt. ext. Power35,0003,0505,3001,550370XG 33021U12/1 (20)n/aopt. ext. Power38,0003,9409,3002,100560XG 43021U10/2 (26)n/aopt. ext. Power55,0005,00010,0002,200600XG 45021U10/2 (26)n/aopt. int. Power65,0006,10013,9003,400770XG 55022U8/4 (32)n/aPower, SSD, Fan75,0008,50015,3006,0001,000XG 65022U8/6 (48)n/aPower, SSD, Fan85,0009,00018,0007,7001,350XG 75022U8/8 (64)n/aPower, SSD, Fan100,00012,50019,2009,4001,400* 802.11ac Wave 2** 2nd Wi-Fi module option on 135w only (requires XG v17 MR6 or higher)What you get with every XG Series applianceÌ Full Wireless Protection included in the Base LicenseÌ On-box reporting or reporting for 7 days via Sophos CentralÌ Free management via Sophos CentralÌ The flexibility to add optional connectivity modules to adapt your firewall to changes in your environmentNote: The latest XG Firewall (SFOS) version 18.x requires at least 4 GB of RAM.8
Sophos XG FirewallSophos XG Series Desktop: SMB and Branch OfficeOur Desktop appliances offer the perfect balance between price andperformance for your small business or branch offices. All models offer a rangeof built-in and add-on connectivity options. A ‘w’ at the end of the model nameindicates that the appliance has built-in Wi-Fi.XG 86 and XG 86wXG 125, XG 125w, XG 135, XG 135wThese entry-level desktop firewalls are the ideal choice forbudget-conscious small businesses, retail and small orhome offices.These powerful firewall appliances offer 1U performancewith a desktop form factor and price. If you have a smallbusiness or branch offices to protect and are working ona tight budget, these models are the ideal choice. Thesemodels come equipped with 8 GbE copper ports built-in,plus 1 SFP port, e.g. for use with our optional DSL modem oran SFP Fiber transceiver to connect the device to a serveror switch. An expansion bay provides the option to addadditional connectivity such as our 3G/4G module. A 2ndWi-Fi radio module is also available for the XG 135w. Anoptional second power supply ensures business continuityfor these models.Ì Optionally available with integrated 802.11ac WLANÌ FanlessNote: The XG 86 and 86w do not support some advancedfeatures like on-box reporting, dual AV scanning, WAF AVscanning and the email message transfer agent (MTA)functionality. If you need these capabilities, the XG 106(w) isrecommended.See detailed technical specificationsXG 106, XG 106w, XG 115, XG 115wThese desktop firewall appliances offer an excellentprice-to-performance ratio making them ideal for smallbusinesses or branch offices. These models come equippedwith 4 GbE copper ports built-in and 1 shared SFP interface,e.g. for use with our optional DSL modem or an SFP Fibertransceiver to connect the device to a server or switch.An optional second power supply provides an unmatchedredundancy option in this product segment.Ì Optionally available with integrated 802.11ac WLANÌ 8 GbE copper ports built-in, plus 1 SFP portÌ Expansion bay for optional 3G/4G moduleÌ 2nd Wi-Fi radio module option for XG 135wÌ Optional second power supplySee detailed technical specificationsÌ Optionally available with integrated 802.11ac WLANÌ 4 GbE copper ports built-in and 1 shared SFPÌ Optional second power supplySee detailed technical specifications9
Sophos XG FirewallSophos XG Series Desktop: SMB and Branch OfficeXG 86 and XG 86wTechnical SpecificationsNote: The XG 86 and 86w do not support some advanced features like on-box reporting, dual AV scanning, WAF AVscanning and the email message transfer agent (MTA) functionality. If you need these capabilities, the XG 106(w) isrecommended.Front ViewPerformance¹Status LEDs(w-model has additional Wi-Fi LED)Back View2 x external antenna(XG 86w only)Firewall throughputXG 86(w) Rev. 13,100 MbpsFirewall IMIX850 MbpsIPS throughput480 MbpsNGFW throughput350 MbpsThreat Protection throughput145 MbpsConcurrent connections1,570,000New connections/sec14,500IPsec VPN throughput225 MbpsXstream SSL decryption Threat Protection75 MbpsXstream SSL Concurrentconnections8,192Wireless Specification (XG 86w only)No. of antennas2 x USB2.01 x COM(RJ45)2 x 2:2Wireless interface802.11a/b/g/n/ac (2.4 GHz / 5 GHz)Physical interfacesStorage16 GB eMMCEthernet interfaces (fixed)4 GbE copperI/O ports (rear)PowerSupply1 x MicroUSB4 x GbEcopper portPower supplyEnvironmentPower consumptionOperating temperatureHumidity12W, 40.94 BTU/hr (idle)20.4W, 69.6 BTU/hr (full load)0-40 C (operating)-20 to 80 C (storage)10%-90%, non-condensing10CB, CE, FCC, ISED (IC), VCCI, RCM, UL,CCC, BIS, Anatel, KC (w-model only)2 x USB 2.01 x Micro-USB1 x COM (RJ45)External auto ranging DC: 12V,100-240VAC, 24W@50-60 HzPhysical specificationsMountingRackmount kit available(to be ordered separately)DimensionsWidth x Depth x Height190 x 117 x 43 mm7.48 x 4.61 x 1.69 inchesWeig
Sophos XG Firewall 2 The Xstream Advantage The XG Firewall Xstream architecture is engineered to deliver extreme levels of visibility, protection, and performance to help address some of the greatest
HTTPS Sophos UTM Manager IP Address 192.168.2.200 Sophos UTM (UTM01) Port 4433 Ext. IP Address 65.227.28.232 WebAdmin Port 4444 Port 4433 InternetInte Sophos UTM (UTM03) Sophos UTM (UTM04) Sophos UTM (UTM02) Sophos UTM (UTM06) Sophos UTM (UTM07) Sophos UTM (UTM05) Sophos UTM (UTM08) Customer/Of ce 1 Customer/Of ce 2 Port 4422 Gateway Manager
This section describes the Sophos products required for managed endpoint security: Sophos Enterprise Console Sophos Update Manager Sophos Endpoint Security and Control 2.1 Sophos Enterprise Console Sophos Enterprise Console is an administration tool that deploys and manages Sophos endpoint software using groups and policies.
Sophos Central Firewall Manager/ CFM . Cloud based centralized management service to configure and manage multiple Sophos Firewall devices from a single console. Firewall Registrant or MySophos Account User . User who has registered the firewall in MySophos account, either a partner or a customer. Primary Partner Contact or Primary Administrator
Sophos Server Protection Sophos Email Protection EMC NetApp Sophos for Network Storage ストレージサーバー 外部用サーバー SafeGuard Sophos Anti-Virus for vShield - VDI Windows Mac Linux Windows クライアント 支店 / 支社 2 Sophos RED Sophos Wi-Fi Ac
Sophos XG Firewall v 15.01.0 – Release Notes Sophos XG Firewall Web Interface Reference and Admin Guide v17 For Sophos Customers Document Date: October 2017
This guide is intended to help you install and get up and running with Sophos iView v2. Reports for Device Type iView v2 provides reports for following device types: - Sophos Firewall OS - Sophos UTM 9 - CyberoamOS Licensing Sophos iView licenses are available in multiple tiers based on storage requirements and support terms
Sep 21, 2018 · Sophos Anti-Virus for NetApp Storage Systems 4 Before you install Sophos Anti-Virus for NetApp Storage Systems Before installing Sophos Anti-Virus for NetApp Storage Systems, you need to do the following: Install Sophos Endpoint Security and Control (antivirus component only
EventTracker: Integrating Sophos UTM 11 Figure 11 . Verify Sophos UTM Alerts 1. Logon to EventTracker Enterprise. 2. Click the Admin menu, and then click Alerts. 3. In the Search field, type ' Sophos UTM ', and then click the Go button. Alert Management page will display all the imported Sophos UTM alerts. Figure 12 . 4.
