Sophos - New generation firewall released
Sophos
Two years ago, Sophos partially renewed its firewall offering with the SG and XG Revision 3 devices. Now Sophos has released the latest generation of firewalls. This is a completely new range of devices.
They continue to run on SFOS, which is already known from the XG firewalls. The devices will be delivered with SFOS 18.5, which is expected to be available for the XG series in June. Nevertheless, there are a few things that are new here.
For example, all models now have a second processor, which significantly speeds up the processing of encrypted network traffic. In today's world where almost every page is encrypted and secure VPN connections to the home office are required, the need for fast processing of encrypted data is greater than ever.
The devices with integrated access points continue to offer single-band radio, but this time with 802.11ac Wave 2, also known as Wi-Fi5.
With the new XGS port modules, depending on the model, you can significantly expand the functionality. The possibilities include:
- Additional RFJ45 ports, optionally with bypass functionality.
- SFP ports, for fibre optic connections
- SFP+ ports, for 10 Gigabit connections via fibre optics
- PoE ports (XGS 2xxx/3xxx/4xxx only) with up to 60 watts per module
- 2.5 Gigabit RJ45 connections (XGS 2xxx/3xxx/4xxx only)
- QSFP+ ports with up to 40 Gigabit (XGS 5500/6500 only)
- VDSL SFP modem
- 3G/4G module (XGS 116(w)/126(w)/136(w) only)
- Second Wi-Fi 5 module (XGS 116w/126w/136w only)
Please note that the new XGS port modules are not compatible with the SG/XG port modules. Likewise, the previous port modules are not compatible with the new XGS units.
You also have the option of connecting a second power supply unit; this works with all models except the XGS87(w) Firewall.
In its basic configuration, a Sophos XGS already offers many features that you look for in a firewall. Hardware accelerated processing of encrypted network traffic, routing and SD-WAN functionality, WLAN controller for Sophos access points and VPN via IPSec and SSL.
What has changed is not only the hardware, but also the licences. Sophos now offers two new bundles:
- Standard Protection Bundle, this contains:
- Network Protection license
- Web Protection license
- Enhanced Support
- Xstream Protection Bundle, this includes:
- Network Protection Licence
- Web Protection Licence
- Zero-Day Protection (Sandstorm, extended with pre-execution analysis)
- Central Orchestration (service not yet available from Sophos)
- Enhanced Support
Additional licences can be booked a la carte.
The following individual licenses are available
- Network Protection
- Web Protection
- Zero-Day Protection
- Central Orchestration (expected to be available in June)
- E-mail Protection
- Web Server Protection
- Enhanced Support
- Enhanced Plus Support Upgrade
As some of you may have noticed, two things have changed. The Sandstorm Protection licence is now called Zero-Day Protection.
In addition to the well-known behavioural analysis, machine learning and pre-execution analysis have been added. This means that threats can be detected faster and more reliably.
In addition, there is now a Central Orchestration license. This allows you to conveniently set up VPN connections via Sophos Central with just a few clicks, and even complicated mesh and SD-WAN setups can be configured quickly. However, this feature is not yet available and should be released within the next two months.
If you are interested in a firewall solution from Sophos and would like a free initial consultation, please feel free to contact us via phone, email or our contact form.
Related products