What’s the big deal about Sophos Xstream?

Earlier this year, Sophos introduced the new XGS series of firewalls, with Sophos Xstream. As the successor to the XG series, they offer significant changes and take network protection to a whole new level.

The XG series and the new XGS series may look similar, but there are big differences. Basically, the XGS series (now known as Sophos Firewall) features the new Xstream Architecture. Now, Xstream was introduced in SFOS v18, and is available in the XG series.

However, in the XG series, Sophos Xstream is entirely software based. But in the XGS series, Sophos has added a hardware layer. It’called, not surprisingly, the Xstream Flow Processor. This provides a dedicated fast path for app acceleration. It means less load on the CPU, which can focus its’ energies on core firewall tasks and deep packet inspection. This significantly improves latency and provides much more efficient network protection.

Sophos describes it this way:
“The Xstream architecture introduced in v18 is an efficient way to handle traffic by consolidating security into a single streaming deep packet inspection engine. It creates a virtual fast path to offload previously verified and trusted traffic and is of great benefit for applications with real-time data such as SaaS and cloud applications.”

Other differences

There are a couple of other differences between XG and the new Sophos Firewall (XGS) worth mentioning. One is that XGS offers a wider range of built-in and optional connectivity options. The new models offer more ports and in some cases more connection options for external modules. Sudden changes to your infrastrucrure can be more easily handled as a result.

Also, the XGS series with SFOS v18 provides a considerable performance increase over the XG series with SFOS v18. Depending on which performance statistic you look at, the XGS series offers up to 3 times better performance. And keep in mind, this is over an XG series firewall with Xstream software in it.

Xstream makes short work out of throughput-intensive features like TLS 1.3 Inspection, Application Acceleration, and Deep Packet Inspection. It’s a muscular platform that blocks the latest ransomware and breaches with high-performance streaming DPI. This includes next-gen IPS, web protection, and app control, as well as deep learning and sandboxing powered by SophosLabs.

And Sophos Central is at the heart of everything. Sophos’ familiar cloud platform provides a single pane of glass to manage your firewalls, and also your full portfolio of Sophos products.

The bundles

Sophos recommends the Xstream Protection bundle for most cases. It is expansive, and includes Base Firewall features, plus Network Protection, Web Protection, and Zero-Day Protection bundles. It’s their ultimate protection package, and it’s no joke. However, these separate protection bundles can be purchase individually, and there are additional modules as well. So you can customize your protection. Sophos Central Management and Sophos Central Orchestration provide support and additional features like Point and click Site-to-Site VPN Orchestration Multi-firewall reporting.

It’s a lot to take in, but that’s because Sophos Firewall has a whole lot to offer. And Corporate Armor would love to explain it further, and help you decide if it’s time to make the jump to the perfect Sophos XGS firewall for your business. So email us, or call 877-449-0458. Thanks for reading!

Sophos Firewall highlights

Engineered for extreme levels of visibility, protection, and performance
Blocks the latest ransomware and breaches with high-performance streaming DPI
Xstream DPI Engine for AV, IPS, Web, App control, and TLS Inspection
Xstream Network FastPath offloads of trusted traffic processing at wire speed

Sophos XGS series firewalls.pdf