The Sophos XG Series hardware models have reached their end-of-sale phase, as previously announced. These models will continue to be available only while supplies last, until August 17, 2018. Please note the following important dates in the standard lifecycle of the XG Series:
Final Purchase Date for XG Series Specific Accessories: August 17, 2019
Final Renewal Date: August 17, 2021
End-of-Life (EOL) Date: August 17, 2022
Please be advised that subscriptions for XG Series models must not extend beyond the EOL date. To ensure continued support, all 3-year subscriptions for XG Series must be purchased before January 1, 2021. For more information on upgrades or other available models, please visit our product page or contact our sales team.
Elevate your network security by upgrading from the Sophos XG 105 firewall to the innovative Sophos Firewall XGS 107. Explore the complete range of Sophos Firewall XGS models to find the perfect fit for your needs.
Global Promotion: Sophos XG to XGS Hardware Refresh
Sophos XG to XGS Hardware Refresh Offer, 1 and 3 Year.
Special offer for current XG Series Firewall customers.
(Valid until March 31, 2025)
Sophos XG Firewall provides comprehensive next-generation firewall protection that exposes hidden risks, blocks unknown threats, and automatically responds to incidents.
Exposes hidden risks
Sophos XG Firewall provides unprecedented visibility into top risk users, unknown apps, advanced threats, suspicious payloads and much more. You also get rich on-box reporting included at no extra charge and the option to add Sophos iView for centralized reporting across multiple firewalls.
Blocks unknown threats
Sophos XG Firewall provides all the latest advanced technology you need to protect your network from ransomware and advanced threats including top-rated IPS, Advanced Threat Protection, Cloud Sandboxing, Dual AV, Web and App Control, Email Protection and a fullfeatured Web Application Firewall. And it’s easy to setup and manage.
Automatically responds to incidents
XG Firewall is the only network security solution that is able to fully identify the source of an infection on your network and automatically limit access to other network resources in response. This is made possible with our unique Sophos Security Heartbeat™ that shares telemetry and health status between Sophos endpoints and your firewall.
Potent, powerful.. fast
We’ve engineered XG Firewall to deliver outstanding performance and security efficiency for the best return on your investment. Our appliances are built using Intel multi-core technology, solid-state drives, and accelerated in-memory content scanning. In addition, Sophos FastPath packet optimization technology ensures you’ll always get maximum throughput.
Simply manage multiple firewalls
Sophos Firewall Manager provides a single console for the complete central management of multiple XG Firewalls. And if you also want to consolidate reporting across multiple XG, SG, and Cyberoam appliances then with Sophos iView, you can.
Security features you can’t get anywhere else
XG Firewall includes a number of innovations that not only make your job a lot easier, but also ensure your network is more secure.
Synchronized Security
An industry first, Synchronized Security links your endpoints and your firewall to enable unique insights and coordination. Security Heartbeat™ relays Endpoint health status and enables your firewall to immediately identify and respond to a compromised system on your network. The firewall can isolate systems until they can be investigated and cleaned up. Another Synchronized Security feature, Synchronized App Control, also enables the firewall to query the endpoint to determine the source of unknown traffic on the network.
Unified Firewall Rules
User identity takes enforcement to a whole new layer with our identity based policy technology enabling user level controls over applications, bandwidth and other network resources regardless of IP-address, location, network or device. It literally takes firewall policy to a whole new layer.
A Firewall That Thinks Like You
Pre-defined policy templates let you protect common applications like Microsoft Exchange or SharePoint quickly and easily. Simply select them from a list, provide some basic information and the template takes care of the rest. It sets all the inbound/ outbound firewall rules and security settings for you automatically – displaying the final policy in a statement in plain English.
Insights into Top Risk Users
The Sophos User Threat Quotient (UTQ) indicator is a unique feature which provides actionable intelligence on user behavior. Our firewall correlates each user’s surfing habits and activity with advanced threat triggers and history to identify users with risk-prone behavior.
Flexible deployment, no compromise
Unlike our competitors, whether you choose hardware, software, virtual or Microsoft Azure, we don’t make you compromise – every feature is available on every model and form- factor.
What's New:
XG Firewall joins Sophos Central
We’re pleased to announce that the early access program (EAP) for XG Firewall management through Sophos Central is now available for you to take a test drive.
As you probably know, Sophos Central is the ultimate cloud-management platform for all of your Sophos products, and it now includes XG Firewall. It makes day-to-day setup, monitoring, and management of your network protection easy. You can quickly and easily add all your XG Firewalls into Sophos Central, giving you secure access to your entire estate from anywhere.
With XG Firewall joining Sophos Central, you can now manage all your Sophos Synchronized Security products from a single cloud console. Intercept X and the rest of the Sophos suite of protection are all there, at your fingertips: mobile, email, wireless, and more.
How to get started in three easy steps:
First, you’ll need a Sophos Central account if you don’t already have one. Head on over to cloud.sophos.com to create a trial account or login, and while you’re there, enroll in the Early Access Program by clicking your account in the upper right corner of the console.
Next, login into your firewall and add your Sophos Central credentials to the Central Synchronization screen and select the option to Manage from Sophos Central.
Then, return to Sophos Central and confirm adding your Firewall. That’s it! Now you can securely access your firewall from anywhere through Sophos Central.
Additional features coming soon
Over time, additional features will be added to Sophos Central management of your XG Firewall including:
Backup management and storage for your regularly scheduled firewall backups
Firmware update management to make multiple firewall updates easy
Light-touch deployment to enable easy remote setup of a new firewall
And much more!
XG Firewall v17.5 is now available
XG Firewall v17.5 is now available, bringing new Synchronized Security features, options for education institutions and more of your top requested features.
The rise in targeted ransomware and other active adversary attacks makes rapid identification and response critical to contain these threats and prevent them from moving laterally across your network.
Lateral Movement Protection, a new Synchronized Security feature, builds on the success of Security Heartbeat™ in providing an automated response to the presence of a threat. It not only isolates the compromised system from accessing network resources at the firewall, but also now enlists the aid of all healthy endpoints on the network to synchronize a defense.
All healthy Sophos endpoints will isolate any compromised system, providing isolation at the endpoint level, and preventing any threat from moving laterally – even on the same broadcast domain or network segment.
We will be diving into this and other Synchronized Security features in more detail in the days ahead.
In addition to Lateral Movement Protection, there’s a variety of new features focused on protection, flexibility, networking and management.
What’s new in XG Firewall v17.5
Here’s a quick overview of the key new features in v17.5:
Synchronized Security – lateral movement protection – extends our Security Heartbeat™ automated threat isolation to prevent any threat from moving laterally or spreading across the network, even on the same subnet. The firewall instructs all healthy endpoints to completely isolate any unhealthy endpoints.
Synchronized User ID – utilizes Security Heartbeat™ to greatly streamline authentication for user-based policy enforcement and reporting in any Active Domain network by eliminating the need for any kind of server or client agent.
Education features – such as per-user policy-based control over SafeSearch and YouTube restrictions, teacher enabled block-page overrides, and Chromebook authentication support.
Email features – adds Sender Policy Framework (SPF) anti-spoofing protection and a new MTA based on Exim, which closes a couple of top requested feature differences with SG Firewall.
IPS protection – is enhanced with greatly expanded categories enabling you to better optimize your performance and protection.
Management enhancements – including enhanced firewall rule grouping with automatic group assignment, and a custom column selection for the log viewer.
VPN and SD-WAN failover and failback – including new IPSec failover and failback controls and SD-WAN link failback options.
Client authentication – gets a major update with a variety of new enhancements such as per-machine deployment, a logout option, support for wake from sleep, and MAC address sharing.
Sophos Connect – is our new IPSec VPN Client, free for all XG Firewall customers, that makes remote VPN connections easy for users, and supports Synchronized Security.
In addition, coming in a following maintenance release we have:
Wireless APX access point support – provides support for the new Wave 2 access points providing faster connectivity and added scalability.
Airgap support – for deployments where XG Firewall can’t get updates automatically via an internet connection (due to an “airgap” or physical isolation), XG Firewall can now be updated via USB.
Features:
Network Protection
All the protection you need to stop sophisticated attacks and advanced threats while providing secure network access to those you trust.
Next-gen Intrusion Prevention System
Provides advanced protection from all types of modern attacks. It goes beyond traditional server and network resources to protect users and apps on the network as well.
Advanced Threat Protection
Instant identification and immediate response to today’s most sophisticated attacks. Multi-layered protection identifies threats instantly and Security Heartbeat™ provides an emergency response.
Security Heartbeat
Creates a link between your Sophos Central protected endpoints and your firewall to identify threats faster, simplify investigation and minimize impact from attacks. Easily incorporate Heartbeat status into firewall policies to automatically isolate compromised systems.
Advanced VPN technologies
Adds unique and simple VPN technologies including our clientless HTML5 self-service portal that makes remote access incredibly simple or utilize our exclusive light-weight secure RED (Remote Ethernet Device) VPN technology.
Web Protection
Comprehensive web protection and application control with powerful and flexible policy tools ensure your networked users are secure and productive.
Powerful user and group web policy
Provides enterprise-level Secure Web Gateway policy controls to easily manage sophisticated user and group web controls. Apply policies based upon uploaded web keywords indicating inappropriate use or behavior.
Advanced Web Threat Protection
Backed by SophosLabs, our advanced engine provides the ultimate protection from today’s polymorphic and obfuscated web threats. Innovative techniques like JavaScript emulation, behavioral analysis, and origin reputation help keep your network safe.
High performance transparent proxy
Optimized for top performance, our transparent proxy technology provides ultra-low latency inspection and HTTPS scanning of all traffic for threats and compliance.
Application Control and QoS
Enables user-aware visibility and control over thousands of applications with granular policy and traffic-shaping (QoS) options based on application category, risk, and other characteristics. Synchronized Application Control automatically identifies all the unknown, evasive, and custom application on your network.
Sandstorm Protection
Sophos Sandstorm uses next-gen cloud-sandbox technology to give your organization an essential layer of security against ransomware and zero-day attacks.
No Additional Hardware
It integrates with your XG Firewall and is cloud-delivered so there’s no additional hardware required. Sophos Sandstorm blocks evasive threats like ransomware, disguised as executables, PDFs, and Microsoft Office documents — sending them to a cloud-sandbox to be detonated and observed in a safe environment.
Better Protected, Better Informed
Threat intelligence is fed back to your XG Firewall and the file blocked or permitted. The process takes just a couple of minutes with minimal impact for the user. And Sandstorm gives you detailed threat reports for every incident so you know exactly what’s going on.
Email Protection
Full SMTP and POP message protection from spam, phishing and data loss with our unique all-in-one protection that combines policy-based email encryption with DLP and anti-spam.
Integrated Message Transfer Agent
Ensures always-on business continuity for your email, allowing the firewall to automatically queue mail in the event servers become unavailable.
Live Anti-Spam
Provides protection from the latest spam campaigns, phishing attacks, and malicious attachments.
Self-serve Quarantine
Gives employees direct control over their spam quarantine, saving you time and effort.
SPX Email Encryption
Unique to Sophos, SPX makes it easy to send encrypted email to anyone, even those without any kind of trust infrastructure using our patent-pending password-based encryption technology.
Data Loss Prevention
Policy based DLP can automatically trigger encryption or block/notify based on the presence of sensitive data in emails leaving the organization.
Web Server Protection
Harden your web servers and business applications against hacking attempts with a full-featured Web Application Firewall while providing secure access with reverse proxy authentication.
Business Application Policy Templates
Pre-defined policy templates let you protect common applications like Microsoft Exchange Outlook Anywhere or SharePoint quickly and easily.
Protection from the latest hacks and attacks
With a variety of advanced protection technologies including URL and form hardening, deep-linking and directory traversal prevention, SQL injection and cross-site scripting protection, cookie signing and more.
Reverse proxy
With authentication options, SSL offloading, and server load balancing ensure maximum protection and performance for your servers being accessed from the internet.
How to Buy:
Every XG Firewall comes equipped with Base Firewall functionality including IPSec, SSL VPN, and Wireless Protection. You can extend protection with our bundles or by adding protection modules individually.
A simple approach to comprehensive support
We build products that are simple yet comprehensive. And, we take the same approach with our support. With options ranging from basic technical support to those including direct access to senior support engineers and customized delivery.
Licenses names
Standard
Included with purchase
Enhanced
Included in all bundles
Enhanced Plus
Support
Via telephone and email
For 90 days
(business hours only)
Included
(24x7)
VIP Access
(24x7)
Security Updates & Patches
For the life of the product
Included with an active software subscription
Included with an active software subscription
Included with an active software subscription
Software Feature Updates & Upgrades
Included 90-days
Included
Included
Consulting
Remote consultation on your firewall configuration and security with a Sophos Senior Technical Support Engineer
Included
(up to 4 hours)
Warranty and RMA
For all hardware appliances
1 year (return / replace)
Advance Exchange
(max. 5 years)
Advance Exchange
(max. 5 years)
Technical Account Manager
Dedicated named technical account manager
Optional
(extra cost)
Optional
(extra cost)
Synchronized Security:
Security Heartbeat™ - Your firewall and your endpoints are finally talking
Sophos XG Firewall is the only network security solution that is able to fully identify the user and source of an infection on your network and automatically limit access to other network resources in response. This is made possible with our unique Sophos Security Heartbeat™ that shares telemetry and health status between Sophos endpoints and your firewall.
The good news is, this all happens automatically, and is successfully helping numerous businesses and organizations to save time and money in protecting their environments today.
Synchronized App Control - Revealing the unknown
Using Security Heartbeat we can do much more than just see the health status of an endpoint. We also have a solution to one of the biggest problems most network administrators face today - lack of visibility into network traffic.
Synchronized App Control automatically identifies, classifies and controls custom, evasive, and generic web applications which are currently going unidentified. Because these applications become visible, policies can also be applied to them, putting them fully under your control.
But there’s more..
Synchronized Security can connect much more than just your firewall and your endpoints. Using Sophos Central as our synchronized security platform, we are adding many more solutions to improve your protection.
Sophos XG Series Appliances – at a glance:
Our XG Series hardware appliances are purpose-built with the latest multi-core Intel technology, generous RAM provisioning, and solid-state storage. Whether you’re protecting a small business or a large datacenter, you’re getting industry leading performance.
Product Matrix
Model
Tech. Specs
Throughput¹
Revision #
Form Factor
Ports/Slots (Max Ports)
w-model 802.11 wireless
Swappable Components
Firewall (Mbps)
VPN (Mbps)
NGFW (Mbps)
AV-proxy (Mbps)
XG 85(w)
3
desktop
4
a/b/g/n/ac
n/a
3,000
225
310
360
XG 105(w)
3
desktop
4
a/b/g/n/ac
opt. ext. Power
3,500
360
480
450
XG 115(w)
3
desktop
4
a/b/g/n/ac
opt. ext. Power
4,000
490
1,000
600
XG 125(w)
3
desktop
9/1 (9)
a/b/g/n/ac
opt. ext. Power, 3G/4G
7,000
1,500
1,275
700
XG 135(w)
3
desktop
9/1 (9)
a/b/g/n/ac
opt. ext. Power, 3G/4G, Wi-Fi*
8,000
1,180
1,200
1,580
XG 210
3
1U
8/1 (16)
n/a
opt. ext. Power
16,000
1,450
2,200
2,300
XG 230
2
1U
8/1 (16)
n/a
opt. ext. Power
32,000
2,100
4,500
2,800
XG 310
2
1U
12/1 (20)
n/a
opt. ext. Power
28,000
2,750
4,000
3,300
XG 330
2
1U
12/1 (20)
n/a
opt. ext. Power
38,000
3,940
9,300
6,000
XG 430
2
1U
10/2 (26)
n/a
opt. ext. Power
41,000
4,800
6,000
6,500
XG 450
2
1U
10/2 (26)
n/a
opt. int. Power
50,000
5,500
7,500
7,000
XG 550
2
2U
8/4 (32)
n/a
Power, SSD, Fan
65,000
8,400
9,000
10,000
XG 650
2
2U
8/6 (48)
n/a
Power, SSD, Fan
85,000
9,000
10,000
13,000
XG 750
2
2U
8/8 (64)
n/a
Power, SSD, Fan
100,000
11,000
11,800
17,000
* 2nd Wi-Fi module option on 135w only (requires XG v17 MR6)
Sophos XG Firewall Value Bundles
For the ultimate in protection, value, and peace-of-mind, get one of our convenient Value Bundles.
What you get
EnterpriseProtect Plus Bundle
TotalProtect Plus Bundle
Base Firewall Firewall, IPsec and SSL VPN, Wireless Protection (APs sold separately)
These desktop firewall appliances offer an excellent price-to-performance ratio making them ideal for small businesses or branch offices. They are available with or without integrated 802.11ac wireless LAN, so you can even have an all-inone network security and hotspot solution without the need for additional hardware. Of course, you can also add external access points. With Intel multi-core technology designed for best performance and efficiency in a small form factor, these models come equipped with 4 GbE copper ports built-in and 1 shared SFP interface, e.g. for use with our optional DSL modem or an SFP Fiber transceiver to connect the device to a server or switch. An optional second power supply provides an unmatched redundancy option in this product segment.
Rackmount kit available
(to be ordered separately)
Dimensions
Width x Depth x Height
245 x 157 x 44 mm
9.65 x 6.18 x 1.73 inches
Weight
1.17 kg / 2.58 lbs (unpacked)
2.4 kg / 5.29 lbs (packed)
(w models minimally higher)
¹ General: Max. throughput measured under ideal test conditions using SF-OS 17.0 with App-classification disabled using industry standard Spirent /Avalanche performance test and Ixia test tools. Actual performance may vary depending on network conditions and activated services.* SFP transceivers sold separately
If your existing XG appliance does not have an active subscription or license, you will need to purchase a new license.
If you currently have an active subscription with an existing SG appliance, you can renew that subscription license by purchasing the renewal.
AP warranty is not included for the XG Wireless Subscriptions and will need to be purchased separately
TotalProtect includes: Appliance and FullGuard subscription (Network Protection, Web Protection, Email Protection, Webserver Protection and Enhanced Support). TotalProtect Plus additionally includes Sandstorm.
EnterpriseProtect includes:Appliance and EnterpriseGuard subscription (Network Protection, Web Protection and Enhanced Support). EnterpriseProtect Plus additionally includes Sandstorm.
FullGuard Subscription Includes: Network Protection, Web Protection, Email Protection, Webserver Protection and Enhanced Support. FullGuard Plus additionally includes Sandstorm.
EnterpriseGuard Subscription Includes: Network Protection, Web Protection and Enhanced Support. EnterpriseGuard Plus additionally includes Sandstorm.
Security Heartbeat functionality is available when XG Firewall Network Protection, EnterpriseGuard or FullGuard subscription is used in conjunction with Central Endpoint Advanced, Cloud Enduser Protection and Intercept X licences.
Pricing and product availability subject to change without notice.
Sophos Products
Module
SFP VDSL module (for all SG/XG/XGS appliances)
#XSGZTCHSF List Price: $324.50 Add to Cart for Pricing
1GbE Fiber Transceiver Long Range (1000 Base-LX)
#ITFZTCHLX List Price: $542.50 Add to Cart for Pricing
1GbE Fiber Transceiver Short Range (1000 Base-SX)
#ITFZTCHSX List Price: $203.50 Add to Cart for Pricing
1GbE Copper Transceiver (1000 Base-T)
#ITFZTCHTC List Price: $316.50 Add to Cart for Pricing
10GbE Fiber Transceiver Long Range (10 Base-LR)
#ITFZTCHLR List Price: $966.50 Add to Cart for Pricing
10GbE Fiber Transceiver Short Range (10 Base-SR)
#ITFZTCHXF List Price: $740.50 Add to Cart for Pricing
Power Supply
SG/XG 1xx and XG85/86 Wall Mount Power Supply (EU/UK/US plugs)
#XSGZT3HEK List Price: $112.00 Add to Cart for Pricing