Sophos XG Firewall provides comprehensive next-generation firewall protection that exposes hidden risks, blocks unknown threats, and automatically responds to incidents.
Sophos XG Firewall provides unprecedented visibility into top risk users, unknown apps, advanced threats, suspicious payloads and much more. You also get rich on-box reporting included at no extra charge and the option to add Sophos iView for centralized reporting across multiple firewalls.
Sophos XG Firewall provides all the latest advanced technology you need to protect your network from ransomware and advanced threats including top-rated IPS, Advanced Threat Protection, Cloud Sandboxing, Dual AV, Web and App Control, Email Protection and a fullfeatured Web Application Firewall. And it’s easy to setup and manage.
XG Firewall is the only network security solution that is able to fully identify the source of an infection on your network and automatically limit access to other network resources in response. This is made possible with our unique Sophos Security Heartbeat™ that shares telemetry and health status between Sophos endpoints and your firewall.
We’ve engineered XG Firewall to deliver outstanding performance and security efficiency for the best return on your investment. Our appliances are built using Intel multi-core technology, solid-state drives, and accelerated in-memory content scanning. In addition, Sophos FastPath packet optimization technology ensures you’ll always get maximum throughput.
Sophos Firewall Manager provides a single console for the complete central management of multiple XG Firewalls. And if you also want to consolidate reporting across multiple XG, SG, and Cyberoam appliances then with Sophos iView, you can.
XG Firewall includes a number of innovations that not only make your job a lot easier, but also ensure your network is more secure.
An industry first, Synchronized Security links your endpoints and your firewall to enable unique insights and coordination. Security Heartbeat™ relays Endpoint health status and enables your firewall to immediately identify and respond to a compromised system on your network. The firewall can isolate systems until they can be investigated and cleaned up. Another Synchronized Security feature, Synchronized App Control, also enables the firewall to query the endpoint to determine the source of unknown traffic on the network.
User identity takes enforcement to a whole new layer with our identity based policy technology enabling user level controls over applications, bandwidth and other network resources regardless of IP-address, location, network or device. It literally takes firewall policy to a whole new layer.
Pre-defined policy templates let you protect common applications like Microsoft Exchange or SharePoint quickly and easily. Simply select them from a list, provide some basic information and the template takes care of the rest. It sets all the inbound/ outbound firewall rules and security settings for you automatically – displaying the final policy in a statement in plain English.
The Sophos User Threat Quotient (UTQ) indicator is a unique feature which provides actionable intelligence on user behavior. Our firewall correlates each user’s surfing habits and activity with advanced threat triggers and history to identify users with risk-prone behavior.
Unlike our competitors, whether you choose hardware, software, virtual or Microsoft Azure, we don’t make you compromise – every feature is available on every model and form- factor.
Performance | XG 86(w) |
Firewall throughtput | 3 Gbps |
Firewall IMIX | 800 Mbps |
VPN throughput | 225 Mbps |
IPS throughtput | 580 Mbps |
NGFW (IPS + App Ctrl) max. | 310 Mbps |
Antivirus throughtput (proxy) | 360 Mbps |
Concurrent connections | 3,200,000 |
New connections/sec | 15,000 |
Maximum licensed users | unrestricted |
Wireless Specification (XG 86w only) | |
No. of antennas | 2 external |
MIMO capabilities | 2 x 2:2 |
Wireless interface | 802.11a/b/g/n/ac (2.4 GHz / 5 GHz) |
Physical interfaces | |
Storage | 16 GB eMMC |
Ethernet interfaces (fixed) | 4 GbE copper |
I/O ports (rear) | 2 x USB 2.0 1 x Micro-USB 1 x COM (RJ45) |
Power supply | External auto ranging DC: 12V 100-240VAC, 24W@50-60 Hz |
Physical specifications | |
Mounting | Rackmount kit available (to be ordered separately) |
Dimensions Width x Depth x Height | 190 x 117 x 43 mm 7.48 x 4.61 x 1.69 inches |
Weight | 0.75 kg / 1.65 lbs (unpacked) 1.9 kg / 4.19 lbs (packed) (w model minimally higher) |
Environment | |
Power consumption | 12W, 40.94 BTU/hr (idle) 20.4W, 69.6 BTU/hr (full load) |
Operating temperature | 0-40 C (operating) -20 to +80 C (storage) |
Humidity | 10%-90%, non-condensing |
Product Certifications | |
Certifications | CB, CE, FCC, ISED (IC), VCCI, RCM, UL, CCC, BIS, Anatel, KC (w-model only) |
FullGuard Plus (included in TotalProtect Plus) |
FullGuard (included in TotalProtect) |
EnterpriseGuard Plus (included in EnterpriseProtect Plus) |
EnterpriseGuard (included in EnterpriseProtect) |
Service | Base Firewall | Sandstorm Protection |
Network Protection |
Web Protection | Email Protection | Webserver Protection |
General Management (incl. HA) | ● |
Firewall, Networking and Routing | ● | |||||||||||||
Base Traffic Shaping and Quotas | ● | |||||||||||||
Secure Wireless | ● | |||||||||||||
Authentication | ● | |||||||||||||
Self-Serve User Portal | ● | |||||||||||||
Base VPN Options | ● | |||||||||||||
Sophos Connect IPSec Client | ● | |||||||||||||
Sandstorm Protection | ● | |||||||||||||
Intrusion Prevention (IPS) | ● | |||||||||||||
ATP and Security Heartbeat™ | ● | |||||||||||||
Remote Ethernet Device (RED) VPN | ● | |||||||||||||
Clientless VPN | ● | |||||||||||||
Synchronized Application Control | ● | |||||||||||||
Web Protection and Control | ● | |||||||||||||
Application Protection and Control | ● | |||||||||||||
Cloud Application Visibility | ● | |||||||||||||
Web and App Traffic Shaping | ● | |||||||||||||
Email Protection and Control | ● | |||||||||||||
Email Quarantine Management | ● | |||||||||||||
Email Encryption and DLP | ● | |||||||||||||
Web Application Firewall Protection | ● | |||||||||||||
Logging and Reporting | ● | ● | ● | ● | ● | ● |
Firewall throughput | 3 Gbps |
Firewall IMIX | 800 Mbps |
Antivirus Throughput | 360 Mbps |
Concurrent connections | 3,200,000 |
New connections/sec | 15,000 |
IPS throughput | 580 Mbps |
NGFW Throughput | 310 Mbps |
IPSec VPN throughput | 225 Mbps |
GE RJ45 Ports | 4 GbE cooper |
GE RJ45 WAN Ports | 4 GbE cooper |
GE SFP Slots | No |
I/O ports | 2 x USB 2.0 | 1 x Micro-USB | 1x COM (RJ45) |
Storage | 8 GB eMMC |
Mounting | Rackmount kit available (to be ordered separately) |
Dimensions Width x Depth x Height (inches) | 748 x 4.61 x 1.69 inches |
Dimensions Height x Width x Length (mm) | 190 x 117 x 43 mm |
Weight | 0.75 kg / 1.65 lbs (unpacked) | 1.9 kg / 4.19 lbs (packed) | (w model minimally higher) |
Power supply | External auto ranging DC: 12V, 100-240VAC, 24W@50-60 Hz |
Power Consumption | 12W, 40.94 BTU/hr (idle) 20.4W, 69.6 BTU/hr (full load) |
Operating Temperature | 0-40°C (operating) -20 to +80°C (storage) |
Humidity | 10%-90%, non-condensing |
No. of antennas | 2 external |
MIMO capabilities | 2 x 2:2 |
Wireless interface | 802.11a/b/g/n/ac (2.4 GHz / 5 GHz) |
Certifications | CB, CE, FCC, ISED (IC), VCCI, RCM, UL, CCC, BIS, Anatel, KC (w-model only) |