Sophos XGS 126 Next-Gen firewall
First thing is, Sophos’ new flagship line is now called, simply, Sophos Firewall. They have dedicated Xstream Flow processors, and apparently this is a good thing. These multi-core processors just make everything faster. Including the heavy-lift security functions like…
TLS 1.3 Inspection
According to the latest statistics, approximately 90% of web traffic is encrypted.Problem is, encryption makes traffic invisible to most firewalls.
The XGS 126 removes the blind spots caused by encrypted traffic. The speedy new processors allow you to use SSL Inspection without sacrificing speed and efficiency.
Deep Packet Inspection
Sophos believes you shouldn’t have to choose betrween security and performance. So, Sophos Firewall includes a fast Deep Packet Inspection engine. It scans your traffic without using a proxy, which tends to slow things down. The inspection processing is completely offloaded to the DPI engine. This reduces latency. In other words, it speeds things up.
Of course, let’s not forget that a lot of your network traffic is important application traffic. Traffic that’s supposed to be there, headed for branch offices, remote users, and so on. This trusted traffic can now be directed to FastPath, which will optimize performance further. This provides extra capacity for intelligently scanning traffic that does need DPI for malware and other threats.
The XGS 126 speeds up your SaaS, SD-WAN. So things like VoiP, video, and other trusted cloud traffic get pushed to FastPath either automatically, or by your own policies.
New Licensing options
In addition to the basic firewall features, there are three bundle options. They are the Network Protection, Web Protection, and Zero-Day protection options. Plus, there’s Sophos Central Management and Sophos Central Orchestration options for additional features and support. These are a topic all their own. And although Sophos recommends the Xstream Protection bundle for the most thorough security, you can customize your protection if you like. All subscriptions a available for individual purchase.
You can choose between hardware, AWS/Azure, virtual firewall, or software firewall options.
Sophos XGS 126 and XGS 126W Specs
There are some pretty advanced features like on-box reporting and dual AV scanning. It also has WAF AV scanning and an email message transfer agent functionality. It’s a desktop appliance, but there will be a rack mount unit available. The XGS 126 pushes 10.5 Gbps total firewall Throughput. IPS Throughput is 2.6 Gbps, Threat Protection Throughput is 900 Mbps, and Xstream SSL/TLS Inspection is 800 Mbps. The Wi-Fi option has 3×3:3 MIMO, with a single radio that runs 2.4 and 5 GHz. The wireless interface is 802.11ac.
Configure Your XGS 126
Configure Your XGS 126W
You can expect the XGS series to truly be carefree “install and forget” firewalls. As long as you maintain firmware upgrades, the standard installation does an excellent job.
Sophos has always offered an ease-of-use that is nearly unmatched. The XGS 126 is very suitable for small-to medium-sized businesses and remote branch offices. Any firewall designed for this kind of use case has to be easy to fire up, figure out, and forget about. After all, it’s built for organizations that may not have tons of resources to throw at IT staff and security. Sophos believes that nevertheless deserve first-rate protection.
Sophos XGS 126 At a Glance
|Firewall Throughput||10.5 Gbps|
|Firewall IMIX||3.5 Gbps|
|IPS Throughput||2.6 Gbps|
|Threat Protection||900 Mbps|
|Xstream SST/TLS Inspection||800 Mbps|