Next Generation Firewall features

Next Gen cyber threats and attacks have emerged demanding Next Gen protection capability. Introducing Sophos Firewall XGS series.

Same look, but completely new under the hood.



3 key features that help enhance your business cyber security;

Visibility and Protection:

Deep Packet Inspection
  • TLS 1.3 inspection
  • Next-Gen Intrusion Prevention (IPS)
  • Zero-day threat protection
  • Proxy-based dual-engine AV scanning
  • Perimeter defenses
  • Country-based blocking policy
Encrypted Traffic
  • TLS 1.3 without downgrading
  • Intelligent traffic selection
  • Pre-packaged exception list
  • Powerful policy engine
  • Covers all ports/protocols
  • Supports all modern cypher suites
  • Unmatched visibility and error handing
Zero-Day and ML Protection
  • SophosLabs Data Scientists
  • Multiple Machine Learning Models
  • Static File Analysis
  • Dynamic file analysis
Cloud Sandbox
  • Dynamic sandboxing analysis
  • Deep learning static file analysis
Web Protection
  • Advanced Web Protection
  • Pharming protection
  • HTTPS scanning
  • Potentially unwanted app control
  • SophosLabs
Synchronized Security
  • Security Heartbeat
  • Destination Heartbeat Protection
  • Synchronized App Control
  • Lateral Movement Protection
  • Synchronized User ID
Advanced Threat Protection
  • Security Heartbeat
  • Multi-layered, call-home protection
  • Intelligent firewall policies
  • Traffic light style indicators
User Identity
  • User identity powers all firewall polices and reporting
  • User Threat Quotient (UTQ) identifies the top risk users on your network
  • Synchronized User ID
  • Flexible authentication options including directory services
  • Two-factor Authentication (2FA) One-time Password Support for Access to key system areas
Application Control
  • Visibility and control over thousands of applications
  • CASB cloud app visibility
  • Synchronized App Control
  • User-based application policies
  • Traffic shaping (QoS) prioritizes bandwidth allocation to critical applications and limits bandwidth for non-business applications
Web Control
  • Enterprise Secure Web Gateway (SWG) policy model
  • Template-driven activity control with predefined workplace and compliance policies
  • Education and SafeSearch features
  • Comprehensive traffic enforcement
  • Traffic shaping (QoS)
Content Control
  • Web keyword monitoring
  • File download filtering templates
  • Policy-based outbound email DLP
  • Web caching
Business Applications
  • Next-generation IPS
  • Web Application Firewall
  • Granular, user-based protection
Email and Data
  • Full MTA store and forward support
  • Live anti-spam
  • SPX encryption
  • Policy-based DLP
  • Self-serve user portal


Networking and Access:

Sophos Firewall offers the most complete portfolio of secure edge access solutions, VPN , SD-WAN, and core networking capabilities to fit any network

  • Multiple WAN link monitoring
  • Fail-over and fail-back
  • Application path selection and routing
  • Synchronized SD-WAN application routing
Site-to-Site VPN
  • IPSec and SSL VPN tunnels
  • Wizard-based orchestration
  • Sophos RED site-to-site tunnels
Remote Access VPN
  • Windows and Mac Support
  • IPSec and SSL support
  • Easy provisioning and deployment
  • Free (unlimited SSL remote access licenses included at no extra charge)
  • Zero-touch deployment auto-provisioning SD-WAN edge device
  • Enterprise-grade encryption
  • Split tunnel options
  • Integrated wireless options
  • Ultra affordable
Wireless Controller
  • Plug-and-play deployment
  • High performance with the latest 802.11ac, Wave 2 wireless standard, and powerful radios
  • Flexible configuration with options for isolation, bridging, zones, hotspots, channel width, and multiple SSIDs per radio.
  • Secure encryption with support for all the latest standards
  • Securely connect users to applications
  • Cloud and on-premises application support
  • Remote access from anywhere
  • Device health integrates with Synchronized Security
Core Networking
  • Powerful object-based NAT rules
  • Advanced routing with Static, OSPF, BGP, and RIP with full 802.1Q VLAN support
  • SD-WAN link balancing
  • Flexible bridging options
  • IPv6 Certified support
  • Zone-based firewall
  • Default zones for LAN, WAN, DMZ, LOCAL, VPN, and Wi-Fi
  • Full VLAN support
  • Zone and VLAN isolation
  • Zone-based policies
  • Micro-segmentation and auto-isolation via Synchronized Security


Management and Reporting:

Sophos Central is your single-pane-of-glass for managing your entire cybersecurity portfolio. From endpoint, to mobile, to ZTNA, and of course, all your firewalls, no one offers this level of management integration and ease of use

 Sophos Central Management  
  • Sophos Central Cloud Management
  • Group Firewall Management in Sophos Central
  • Synchronize policy and settings across groups
  • Central cloud backup management
  • Centralized firmware update scheduling
 Central Firewall Reporting  
  • Report across multiple firewalls
  • Create custom reports with powerful visualization tools
  • Save, export, and schedule your reports
  • Store firewall log data in the cloud for historical reporting up to a year
 Dashboard and alerts  
  • Instant Insights At a Glance
  • Traffic-light-style indicators
  • Quick Drill-down Interaction with Any Control Center Widget
  • Automatic Email Notifications for any important event
  • SNMP with a Custom MIB and support for IPSec VPN Tunnels
 Free Reporting  
  • Hundreds of reports
  • Built-in storage on XGS Series for unlimited log data storage for historical reporting
  • Live Log Viewer
  • Syslog Support
  • Limited 7 day cloud storage for Central Firewall reporting
  • No extra charge


You’ll most certainly feel the difference. Full feature list

There’s a firewall for your business size. Compare the Models

Full details of the new Sophos Firewall XGS are here, Full Sophos Firewall details