Transcription
Sophos XG FirewallThe world’s best visibility, protection, and response.Sophos XG Firewall brings a fresh new approach to the way youmanage your firewall, respond to threats, and monitor what’shappening on your network.
Sophos XG FirewallSophos XG FirewallSophos XG Firewall provides comprehensive next-generation firewall protectionthat exposes hidden risks, blocks unknown threats, and automaticallyresponds to incidents.Exposes hidden risksPotent, powerful fastSophos XG Firewall provides unprecedented visibility intotop risk users, unknown apps, advanced threats, suspiciouspayloads and much more. You also get rich on-box reportingincluded at no extra charge and the option to add SophosiView for centralized reporting across multiple firewalls.We’ve engineered XG Firewall to deliver outstandingperformance and security efficiency for the best returnon your investment. Our appliances are built using Intelmulti-core technology, solid-state drives, and acceleratedin-memory content scanning. In addition, Sophos FastPathpacket optimization technology ensures you’ll always getmaximum throughput.Blocks unknown threatsSophos XG Firewall provides all the latest advancedtechnology you need to protect your network fromransomware and advanced threats including top-ratedIPS, Advanced Threat Protection, Cloud Sandboxing, DualAV, Web and App Control, Email Protection and a fullfeatured Web Application Firewall. And it’s easy to setup andmanage.Automatically responds to incidentsXG Firewall is the only network security solution that is ableto fully identify the source of an infection on your networkand automatically limit access to other network resourcesin response. This is made possible with our unique SophosSecurity Heartbeat that shares telemetry and healthstatus between Sophos endpoints and your firewall.Simply manage multiple firewallsSophos Central is the ultimate cloud-managementplatform - for all your Sophos products. It makes day-to-daysetup, monitoring, and management of your XG Firewalleasy. It also provides helpful features such as alerting,backup management, one-click firmware updates andrapid provisioning of new firewalls. Optionally, SophosFirewall Manager (SFM) provides powerful multi-devicemanagement tools for easy provisioning of consistentpolicies across your entire estate. And if you also want toconsolidate reporting across multiple XG, SG, and Cyberoamappliances you can easily do that with Sophos iView.1
Sophos XG FirewallSecurity features you can’t get anywhere elseXG Firewall includes a number of innovations that not only make your job a loteasier, but also ensure your network is more secure.Synchronized SecurityA Firewall That Thinks Like YouAn industry first, Synchronized Security links your endpointsand your firewall to enable unique insights and coordination.Security Heartbeat relays Endpoint health status andenables your firewall to immediately identify and respondto a compromised system on your network. The firewall canisolate systems until they can be investigated and cleanedup. Another Synchronized Security feature, SynchronizedApp Control, also enables the firewall to query the endpoint todetermine the source of unknown traffic on the network.Pre-defined policy templates let you protect commonapplications like Microsoft Exchange or SharePoint quicklyand easily. Simply select them from a list, provide somebasic information and the template takes care of the rest.It sets all the inbound/outbound firewall rules and securitysettings for you automatically – displaying the final policy ina statement in plain English.Unified Firewall RulesUser identity takes enforcement to a whole new layer withour identity based policy technology enabling user levelcontrols over applications, bandwidth and other networkresources regardless of IP-address, location, network ordevice. It literally takes firewall policy to a whole new layer.2Insights into Top Risk UsersThe Sophos User Threat Quotient (UTQ) indicator is a uniquefeature which provides actionable intelligence on userbehavior. Our firewall correlates each user’s surfing habitsand activity with advanced threat triggers and history toidentify users with risk-prone behavior.Flexible deployment, no compromiseUnlike our competitors, whether you choose hardware,software, virtual or Microsoft Azure, we don’t make youcompromise – every feature is available on every model andform-factor.XG SeriesSoftwareVirtualAzurePurpose-built devicesto provide the ultimatein performance.Install the Sophos FirewallOS image on your ownIntel hardware or server.Install on VMware,Citrix, MicrosoftHyper-V and KVM.Protect your networkinfrastructure in theAzure cloud.
Sophos XG FirewallNetwork ProtectionStop hacks and attacks dead in their tracksNext-gen Intrusion Prevention SystemSecurity HeartbeatProvides advanced protection from all types of modernattacks. It goes beyond traditional server and networkresources to protect users and apps on the network as well.Creates a link between your Sophos Central protectedendpoints and your firewall to identify threats faster,simplify investigation and minimize impact from attacks.Easily incorporate Heartbeat status into firewall policies toautomatically isolate compromised systems.Advanced Threat ProtectionInstant identification and immediate response to today’smost sophisticated attacks. Multi-layered protectionidentifies threats instantly and Security Heartbeat providesan emergency response.Advanced VPN technologiesAdds unique and simple VPN technologies including ourclientless HTML5 self-service portal that makes remoteaccess incredibly simple or utilize our exclusive light-weightsecure RED (Remote Ethernet Device) VPN technology.Web ProtectionUnmatched visibility and control over all your user’s web and application activity.Powerful user and group web policyHigh performance transparent proxyProvides enterprise-level Secure Web Gateway policycontrols to easily manage sophisticated user and groupweb controls. Apply policies based upon uploaded webkeywords indicating inappropriate use or behavior.Optimized for top performance, our transparent proxytechnology provides ultra-low latency inspection andHTTPS scanning of all traffic for threats and compliance.Advanced Web Threat ProtectionEnables user-aware visibility and control over thousands ofapplications with granular policy and traffic-shaping (QoS)options based on application category, risk, andother characteristics. Synchronized Application Controlautomatically identifies all the unknown, evasive, andcustom applications on your network.Backed by SophosLabs, our advanced engine providesthe ultimate protection from today’s polymorphic andobfuscated web threats. Innovative techniques likeJavaScript emulation, behavioral analysis, and originreputation help keep your network safe.Application Control and QoSSandstorm ProtectionYour best protection against zero-day threats.The Best Zero-Day ProtectionPowered by Deep LearningSophos Sandstorm utilizes the best technology fromour leading Intercept X next-gen endpoint protection likeexploit prevention and CryptoGuard Protection to identifyeven previously unseen malware exploits and ransomwarebefore they get on your network.An industry first, XG Firewall integrates Deep Learningtechnology into our Sophos Sandstorm sandboxing. Itdelivers the industry’s best detection rates without usingsignatures. It catches previously unseen malware lurking insuspicious payloads quickly and effectively.3
Sophos XG FirewallEmail ProtectionConsolidate your email protection with anti-spam, DLP, and encryption.Integrated Message Transfer AgentSPX Email EncryptionEnsures always-on business continuity for your email,allowing the firewall to automatically queue mail in theevent servers become unavailable.Unique to Sophos, SPX makes it easy to send encryptedemail to anyone, even those without any kind of trustinfrastructure, using our patent-pending password-basedencryption technology.Live Anti-SpamProvides protection from the latest spam campaigns,phishing attacks, and malicious attachments .Self-serve QuarantineGives employees direct control over their spam quarantine,saving you time and effort.Data Loss PreventionPolicy-based DLP can automatically trigger encryption orblock/notify based on the presence of sensitive data inemails leaving the organization.Web Server ProtectionHarden your web servers and business applications against hacking attemptswhile providing secure access.Business Application Policy TemplatesReverse proxyPre-defined policy templates let you protect commonapplications like Microsoft Exchange Outlook Anywhere orSharePoint quickly and easily.With authentication options, SSL offloading, and server loadbalancing ensure maximum protection and performancefor your servers being accessed from the internet.Protection from the latesthacks and attacksWith a variety of advanced protection technologiesincluding URL and form hardening, deep-linking anddirectory traversal prevention, SQL injection and cross-sitescripting protection, cookie signing and more.4
Sophos XG FirewallHow to BuyEvery XG Firewall comes equipped with Base Firewall functionality includingIPSec, SSL VPN, and Wireless Protection. You can extend protection with ourbundles or by adding protection modules individually.Network ProtectionSandstorm ProtectionWeb ProtectionAll the protection you need to stopsophisticated attacks and advancedthreats while providing securenetwork access to those you trust.Sophos Sandstorm uses nextgen cloud-sandbox technologyto give your organization anessential layer of security againstransomware and zero-day attacks.Comprehensive web protectionand application control withpowerful and flexible policy toolsensure your networked usersare secure and productive.Security Heartbeat Email ProtectionWeb Server ProtectionLinks your Sophos endpoints withyour firewall to deliver unparalleledprotection from advanced threatsand reduce the time and complexityof responding to security incidents.Full SMTP and POP message protectionfrom spam, phishing and data losswith our unique all-in-one protectionthat combines policy-based emailencryption with DLP and anti-spam.Harden your web servers andbusiness applications againsthacking attempts while providingsecure access to external userswith reverse proxy authentication.Sophos XG Firewall Value BundlesFor the ultimate in protection, value, and peace-of-mind, get one of our convenient value bundles.What you getEnterpriseProtectPlus BundleTotalProtectPlus BundleBase Firewall Firewall, IPsec and SSL VPN, Wireless Protection (APs sold separately)Network Protection IPS, RED, HTML5 VPN, ATP, Security HeartbeatWeb Protection Anti-malware, Web and App visibility, control, and protectionEmail Protection Anti-spam, SPX Email Encryption, and DLPWeb Server Protection Web Application Firewall and reverse proxySandstorm Protection next-gen cloud-sandbox technologyEnhanced Support 24x7 support, security and software updates, adv. exchange warrantyXG Series Hardware Appliance Multi-core Intel processor, solid-state storage, flexible connectivity5
Sophos XG FirewallSynchronized SecuritySecurity Heartbeat - Your firewall and yourendpoints are finally talkingSophos XG Firewall is the only network security solutionthat is able to fully identify the user and source of aninfection on your network and automatically limit access toother network resources in response. This is made possiblewith our unique Sophos Security Heartbeat that sharestelemetry and health status between Sophos endpoints andyour firewall, and integrates endpoint health into firewallrules to control access and isolate compromised systems.Synchronized Application ControlUsing Security Heartbeat we can do much more thanjust see the health status of an endpoint. We also havea solution to one of the biggest problems most networkadministrators face today - lack of visibility into networktraffic.Synchronized Application Control automatically identifies,classifies and controls encrypted, custom, evasive, andgeneric HTTP or HTTPS applications which are currentlygoing unidentified.The good news is, this all happens automatically, andis successfully helping numerous businesses andorganizations to save time and money in protecting theirenvironments today.What Next-Gen Firewalls See TodayYou can’t control what you can’t see. All firewalls todaydepend on static application signatures to identify appsBut those don’t work for most custom, obscure, evasive,or any apps using generic HTTP or HTTPS.What XG Firewall SeesXG Firewall utilizes Synchronized Security to automaticallyidentify, classify, and control all unknown applicationseasily blocking the apps you don’t want and prioritizingthe ones you do.Lateral Movement ProtectionSynchronized User IDLateral Movement Protection automatically isolatescompromised systems at every point in the network tostop attacks dead in their tracks. Healthy endpoints assistby ignoring all traffic from unhealthy endpoints, enablingcomplete isolation, even on the same network segment, toprevent threats and active adversaries from spreading orstealing data.User authentication is critically important in a nextgeneration firewall but often challenging to implementin a seamless and transparent way. Synchronized UserID eliminates the need for client or server authenticationagents by sharing user identity between the endpointand the firewall through Security Heartbeat . It’s justanother great benefit of having your firewall and endpointsintegrated and sharing information.6
Sophos XG FirewallSophos XG Series Appliances – at a glanceOur XG Series hardware appliances are purpose-built with the latest multi-core Intel technology, generous RAMprovisioning, and solid-state storage. Whether you’re protecting a small business or a large datacenter, you’re gettingindustry leading performance.Product MatrixModelTech. SpecsThroughput¹Revision #FormFactorPorts/Slots(Max Ports)w-model (Mbps)NGFW(Mbps)AV-proxy(Mbps)XG 86(w)1desktop4a/b/g/n/acn/a3,000225310360XG 106(w)1desktop4a/b/g/n/acopt. ext. Power3,500360480450XG 115(w)3desktop4a/b/g/n/acopt. ext. Power4,0004901,000600XG 125(w)3desktop9/1 (9)a/b/g/n/acopt. ext. Power,3G/4G6,5007001,100700XG 135(w)3desktop9/1 (9)a/b/g/n/acopt. ext. Power,3G/4G, Wi-Fi*8,0001,1801,2001,580XG 21031U8/1 (16)n/aopt. ext. Power16,0001,4502,9002,300XG 23021U8/1 (16)n/aopt. ext. Power20,0001,7003,5002,800XG 31021U12/1 (20)n/aopt. ext. Power28,0002,7504,5003,300XG 33021U12/1 (20)n/aopt. ext. Power33,0003,2006,2006,000XG 43021U10/2 (26)n/aopt. ext. Power41,0004,8007,0006,500XG 45021U10/2 (26)n/aopt. int. Power50,0005,5009,2007,000XG 55022U8/4 (32)n/aPower, SSD, Fan65,0008,40011,70010,000XG 65022U8/6 (48)n/aPower, SSD, Fan85,0009,00016,40013,000XG 75022U8/8 (64)n/aPower, SSD, Fan100,00011,00018,55017,000* 2nd Wi-Fi module option on 135w only (requires XG v17 MR6 or above)A simple approach to comprehensive supportWe build products that are simple yet comprehensive. And, we take the same approach with our support. With optionsranging from basic technical support to those including direct access to senior support engineers and customized delivery.Licenses namesSupportVia telephone and emailSecurity Updates & PatchesFor the life of the productSoftware Feature Updates & UpgradesStandardEnhancedIncluded with purchaseIncluded in all bundlesFor 90 days(business hours only)Included(24x7)VIP Access(24x7)Included with an activesoftware subscriptionIncluded with an activesoftware subscriptionIncluded with an activesoftware subscriptionIncluded 90-daysIncludedIncludedConsultingRemote consultation on your firewall configuration andsecurity with a Sophos Senior Technical Support EngineerWarranty and RMAFor all hardware appliancesTechnical Account ManagerDedicated named technical account managerEnhanced PlusIncluded(up to 4 hours)1 year (return / replace)Advance Exchange(max. 5 years)Advance Exchange(max. 5 years)Optional(extra cost)Optional(extra cost)7
Sophos XG FirewallSophos XG Series Desktop Appliances:XG 86 and XG 86wTechnical SpecificationsThese entry-level desktop firewalls are the ideal choice for budget-conscious small businesses, retail and small or homeoffices. They are available with and without integrated 802.11ac wireless LAN, so you can have an all-in-one networksecurity and hotspot solution without the need for additional hardware. The Intel dual-core technology makes them highlyefficient and as they’re fanless, they won’t add unwanted noise to your office space.Note: The XG 86 and 86w do not support some advanced features like on-box reporting, dual AV scanning, WAF AVscanning and the email message transfer agent (MTA) functionality. If you need these capabilities, the XG 106(w) isrecommended.Front ViewPerformance¹Status LEDs(w-model has additional Wi-Fi LED)Back ViewXG 86(w) Rev. 1Firewall throughput3 GbpsFirewall IMIX800 MbpsVPN throughput225 MbpsIPS throughput580 MbpsNGFW (IPS App Ctrl) max.310 MbpsAntivirus throughput (proxy)360 MbpsConcurrent connections3,200,000New connections/sec2 x external antenna(XG 85w only)Maximum licensed users15,000unrestrictedWireless Specification (XG 86w only)No. of antennas2 externalMIMO capabilities2 x 2:2Wireless interface802.11a/b/g/n/ac (2.4 GHz / 5 GHz)Physical interfaces2 x USB2.01 x COM(RJ45)Storage16 GB eMMCEthernet interfaces (fixed)4 GbE copperI/O ports (rear)Power supplyPowerSupply1 x MicroUSB4 x GbEcopper port2 x USB 2.01 x Micro-USB1 x COM (RJ45)External auto ranging DC: 12V,100-240VAC, 24W@50-60 HzPhysical specificationsEnvironmentPower consumptionOperating temperatureHumidity12W, 40.94 BTU/hr (idle)20.4W, 69.6 BTU/hr (full load)0-40 C (operating)-20 to 80 C (storage)10%-90%, non-condensingProduct CertificationsCertifications8CB, CE, FCC, ISED (IC), VCCI, RCM, UL,CCC, BIS, Anatel, KC (w-model only)MountingRackmount kit available(to be ordered separately)DimensionsWidth x Depth x Height190 x 117 x 43 mm7.48 x 4.61 x 1.69 inchesWeight0.75 kg / 1.65 lbs (unpacked)1.9 kg / 4.19 lbs (packed)(w model minimally higher)
Sophos XG FirewallSophos XG Series Desktop Appliances:XG 106, XG 106w, XG 115, XG 115wTechnical SpecificationsThese desktop firewall appliances offer an excellent price-to-performance ratio making them ideal for small businessesor branch offices. They are available with or without integrated 802.11ac wireless LAN, so you can even have an all-inone network security and hotspot solution without the need for additional hardware. Of course, you can also add externalaccess points. With Intel multi-core technology designed for best performance and efficiency in a small form factor, thesemodels come equipped with 4 GbE copper ports built-in and 1 shared SFP interface, e.g. for use with our optional DSLmodem or an SFP Fiber transceiver to connect the device to a server or switch. An optional second power supply providesan unmatched redundancy option in this product segment.Front ViewPerformance¹Status LEDs(w-model has additional Wi-Fi LED)Back View3,5 Gbps4 GbpsFirewall IMIX1,8 Gbps2,0 GbpsVPN throughput360 Mbps490 MbpsIPS throughput970 Mbps1,22 GbpsNGFW (IPS App Ctrl) max.480 Mbps1 GbpsAntivirus throughput (proxy)450 Mbps600 MbpsConcurrent connections3,200,0006,000,000New connections/sec2 x external antenna(XG 105w and XG 115w only)XG 106(w) Rev. 1 XG 115(w) Rev. 3Firewall throughputMaximum licensed users28,00035,000unrestrictedunrestrictedWireless Specification (XG 106w and XG 115w only)No. of antennas1 x COM(RJ45)2 x 2:2Wireless interface802.11a/b/g/n/ac (2.4 GHz / 5 GHz)Physical interfacesConnector for optional 2ndredundant power supply1xHDMI1 x GbE SFP(shared)4 x GbEcopper portStorage (localquarantine/logs)Ethernet interfaces (fixed)Connectivity modules(optional)PowerSupply2xUSB 2.01 x MicroUSBEnvironmentPower consumptionOperating temperatureHumidityI/O ports (rear)Power supply8.88W, 30.28 BTU/hr (idle)10.44W, 35.6 BTU/hr (full l
Live Anti-Spam Provides protection from the latest spam campaigns, phishing attacks, and malicious attachments . Self-serve Quarantine Gives employees direct control over their spam quarantine, saving you time and effort. SPX Email Encryption Unique to Sophos, SPX makes it easy to send encryp
