Description
Overview:
Powerful Protection and Performance
The Sophos Firewall Xstream architecture is engineered to deliver extreme levels of visibility, protection, and performance to help address some of the greatest challenges facing network administrators today.
TLS 1.3 Decryption
Approximately 99% of web traffic is now encrypted, making it invisible to most firewalls. Many organizations find themselves powerless to protect their networks from an increasing amount of ransomware, threats and potentially unwanted apps which are exploiting this blind spot.
Sophos Firewall makes efficient and effective TLS inspection possible without compromising on performance. Our XGS Series appliances with integrated Xstream Flow Processors put TLS traffic on the FastPath for accelerated inspection. And our high-performance TLS inspection engine supports TLS 1.3 without downgrading, the latest cypher suites for maximum compatibility, and enhanced visibility into encrypted traffic flows right on the dashboard.
Deep Packet Inspection
We believe you should never have to decide between security and performance. Sophos Firewall includes a highspeed deep packet inspection (DPI) engine to scan your traffic for threats without a proxy slowing down the process. The firewall stack can completely offload the processing to the DPI engine, significantly reducing latency and so improving overall efficiency.
Sophos Firewall blocks the latest ransomware and breaches with high-performance streaming DPI including next-gen IPS, web protection, and app control, as well as deep learning and sandboxing powered by SophosLabs Intelix.
Application Acceleration
A significant portion of your network traffic is trusted business application traffic destined for branch offices, remote users, or cloud application servers. As such, no additional security scanning for threats or malware is needed, and it can be intelligently directed to the FastPath, reducing latency, optimizing overall performance, and freeing up capacity for traffic that does need deep packet inspection.
Sophos Firewall accelerates your SaaS, SD-WAN, and cloud traffic such as VoIP, video, and other trusted applications automatically or via your own policies – putting them on the FastPath through the Xstream Flow Processor.
SD-WAN
Managing application traffic routing over multiple WAN links, and interconnecting a distributed network are essential elements of any SD-WAN solution. Often these tasks are much more challenging than they should be.
Sophos Firewall with Xstream SD-WAN provides a powerful, integrated SD-WAN solution, with performance-based link selection and routing, load balancing, zero-impact transitions between links in the event of a disruption, central cloud-managed orchestration, and Xstream FastPath acceleration of VPN tunnel traffic. Sophos Firewall with Xstream SD-WAN is one of the best, most flexible SDWAN solutions available in any firewall today.
Sophos Central:
Sophos Central is the ultimate cybersecurity cloud management platform to not only manage your firewalls, but also your full portfolio of Sophos security solutions.
Central Management
Simply manage multiple firewalls
Sophos Central makes day-to-day setup, monitoring, and management of your Sophos Firewall easy. It also provides helpful features such as alerting, backup management, one-click firmware updates and rapid provisioning of new firewalls.
- Manage all your Sophos Firewalls and other Sophos products from a single console
- Configure changes and apply them to a group of firewalls or manage each firewall individually
- Create a backup schedule and store up to five backups in the cloud
- Schedule firmware updates across your entire network with just a few clicks
Zero-Touch Deployment
Zero-touch deployment enables the initial configuration to be performed in Sophos Central and then exported for loading onto the device from a flash drive at startup, automatically connecting the device back to Sophos Central.
SD-WAN Orchestration
Sophos Central makes interconnecting SD-WAN overlay networks between multiple Sophos Firewalls quick and easy. With just a few clicks you can setup a full mesh network, hub-and-spoke topology, or something in-between, and Sophos Central will automatically configure all the necessary VPN tunnel and firewall access rules to enable your SD-WAN network.
Central Reporting
Firewall Reporting in the cloud
Sophos Central includes powerful reporting tools that enable you to visualize your network, web, application activity, and security over time. You get a flexible reporting experience that combines a variety of built-in reports with powerful tools to create your own custom reports, enabling you to report what you want how you want.
- Increase your visibility into network activity through analytics
- Analyze data to identify security gaps, suspicious user behavior or other events requiring policy changes
- Use the pre-defined modules or customize each report for specific use cases
Central Reporting is available at no extra cost for the storage of up to 7 days of report data. Premium options with longer data retention and additional features are available for optional purchase, either individually or as part of other subscriptions/bundles.
Features:
See How it Works:
Security Heartbeat: Your firewall and your endpoints are finally talking
Sophos Firewall is the only network security solution that is able to fully identify the user and source of an infection on your network, and automatically limit access to other network resources in response. Our unique Security Heartbeat shares telemetry and health status between Sophos endpoints and your firewall and integrates endpoint health into firewall rules to control access and isolate compromised systems.
Synchronized Application Control
Using Security Heartbeat, we also have a solution to one of the biggest problems most network administrators face today – lack of visibility into network traffic.
Synchronized Application Control utilizes the Heartbeat connections with Sophos endpoints to automatically identify, classify, and control application traffic. All encrypted, custom, evasive, and generic HTTP or HTTPS applications which are currently going unidentified will be revealed.
You can’t control what you can’t see. All firewalls today depend on static application signatures to identify apps. But those don’t work for most custom, obscure, evasive, or any apps using generic HTTP or HTTPS.
Sophos Firewall utilizes Synchronized Security to automatically identify, classify, and control all unknown applications easily blocking the apps you don’t want and prioritizing the ones you do.
Specifications:
| Products | XGS 126(w) | ||||
|---|---|---|---|---|---|
| Performance | |||||
| Firewall throughput | 10,500 Mbps | ||||
| Firewall IMIX | 5,250 Mbps | ||||
| Firewall Latency (64 byte UDP) | 8 µs | ||||
| IPS throughput | 3,250 Mbps | ||||
| Threat Protection throughput | 900 Mbps | ||||
| NGFW | 2,500 Mbps | ||||
| Concurrent connections | 5,000,000 | ||||
| New connections/sec | 69,900 | ||||
| IPsec VPN throughput | 5,500 Mbps | ||||
| IPsec VPN concurrent tunnels | 1,500 | ||||
| SSL VPN concurrent tunnels | 2,500 | ||||
| Xstream SSL/TLS Inspection | 800 Mbps | ||||
| Xstream SSL/TLS Concurrent connections | 12,288 | ||||
| Physical Specifications | |
|---|---|
| Mounting | Rackmount kit available (to be ordered separately) |
| Dimensions Width x Height x Depth |
320 x 44 x 213 mm |
| Weight | 2.4 kg/5.29 lbs (unpacked) 4.4 kg/9.70 lbs (packed) (w-model minimally higher) |
| Power supply | |
| Power supply | External auto-ranging AC-DC 100-240VAC, 2.5A@50-60 Hz 12VDC, 12.5A, 150W Optional second redundant power supply |
| Power consumption | 126/136: 30 W/102 BTU/hr (idle) 126w/136w: 32 W/109 BTU/hr (idle) 126: 59 W/202 BTU/hr (max.) 126w/136: 62 W/212 BTU/hr (max.) 136w: 65 W/222 BTU/hr (max.) |
| PoE addition enabled | 76 W/260 BTU/hr (max.) |
| Operating temperature | 0°C to 40°C (operating) -20°C to +70°C (storage) |
| Humidity | 10% to 90%, non-condensing |
| Product Certifications | |
| Certifications | CB, CE, UKCA, UL, FCC, ISED, VCCI, CCC, KC*, BSMI, RCM, NOM, Anatel*, TEC, SDPPI†|
| Wireless Specification (XGS 126w and XGS 136w only) | |
|---|---|
| No. of antennas | 3 external |
| MIMO capabilities | 3 x 3:3 |
| Wireless interface | Wi-Fi 5/802.11a/b/g/n/ac (2.4 GHz / 5 GHz) |
| Optional second Wi-Fi module | Wi-Fi 5/802.11a/b/g/n/ac |
| Physical interfaces | |
|---|---|
| Storage | Integrated 64 GB SSD |
| Ethernet interfaces (fixed) | 12 x GbE copper 2 x SFP fiber* |
| Power-over-Ethernet (fixed) | 2 x GbE (30W max. per port) |
| Management ports | 1 x COM RJ45 1 x Micro-USB (cable incl.) |
| Other I/O ports | 1 x USB 2.0 (front) 1 x USB 3.0 (rear) |
| Number of expansion slots | 1 |
| Optional add-on connectivity | SFP DSL module (VDSL2) 3G/4G module/5G module Second Wi-Fi radio (XGS 126w/136w only) SFP transceivers |
Reviews
There are no reviews yet.