Sophos XGS 126 Next-Gen firewall

We’ve been talking lately about the new Sophos XGS family of firewalls, with good reason. And today, it’s the turn of the Sophos XGS 126.

First thing is, Sophos’ new flagship line is now called, simply, Sophos Firewall. They have dedicated Xstream Flow processors, and apparently this is a good thing. These multi-core processors just make everything faster. Including the heavy-lift security functions like…

TLS 1.3 Inspection

According to the latest statistics, approximately 90% of web traffic is encrypted.Problem is, encryption makes traffic invisible to most firewalls.

The XGS 126 removes the blind spots caused by encrypted traffic. The speedy new processors allow you to use SSL Inspection without sacrificing speed and efficiency.

Deep Packet Inspection

Sophos believes you shouldn’t have to choose betrween security and performance. So, Sophos Firewall includes a fast Deep Packet Inspection engine. It scans your traffic without using a proxy, which tends to slow things down. The inspection processing is completely offloaded to the DPI engine. This reduces latency. In other words, it speeds things up.

Application Acceleration

Of course, let’s not forget that a lot of your network traffic is important application traffic. Traffic that’s supposed to be there, headed for branch offices, remote users, and so on. This trusted traffic can now be directed to FastPath, which will optimize performance further. This provides extra capacity for intelligently scanning traffic that does need DPI for malware and other threats.

The XGS 126 speeds up your SaaS, SD-WAN. So things like VoiP, video, and other trusted cloud traffic get pushed to FastPath either automatically, or by your own policies.

New Licensing options

In addition to the basic firewall features, there are three bundle options. They are the Network Protection, Web Protection, and Zero-Day protection options. Plus, there’s Sophos Central Management and Sophos Central Orchestration options for additional features and support. These are a topic all their own. And although Sophos recommends the Xstream Protection bundle for the most thorough security, you can customize your protection if you like. All subscriptions a available for individual purchase.

You can choose between hardware, AWS/Azure, virtual firewall, or software firewall options.

Sophos XGS 126 and XGS 126W Specs

There are some pretty advanced features like on-box reporting and dual AV scanning. It also has WAF AV scanning and an email message transfer agent functionality. It’s a desktop appliance, but there will be a rack mount unit available. The XGS 126 pushes 10.5 Gbps total firewall Throughput. IPS Throughput is 2.6 Gbps, Threat Protection Throughput is 900 Mbps, and Xstream SSL/TLS Inspection is 800 Mbps. The Wi-Fi option has 3×3:3 MIMO, with a single radio that runs 2.4 and 5 GHz. The wireless interface is 802.11ac.

Configure Your XGS 126

Sophos XGS 107 Firewall Only – Next-Gen firewall with Xstream Processors
Firewall PLUS Standard Hardware Bundle:




Firewall PLUS Xstream Hardware Bundle:




Configure Your XGS 126W

Sophos XGS 107W Firewall Only – Next-Gen firewall with Xstream Processors
Firewall PLUS Standard Hardware Bundle:




Firewall PLUS Xstream Hardware Bundle:




You can expect the XGS series to truly be carefree “install and forget” firewalls. As long as you maintain firmware upgrades, the standard installation does an excellent job.

Sophos has always offered an ease-of-use that is nearly unmatched. The XGS 126 is very suitable for small-to medium-sized businesses and remote branch offices. Any firewall designed for this kind of use case has to be easy to fire up, figure out, and forget about. After all, it’s built for organizations that may not have tons of resources to throw at IT staff and security. Sophos believes that nevertheless deserve first-rate protection.

If you have any questions, please reach out to us here, or call Corporate Armor at 877-449-0458.

Sophos XGS 126 At a Glance

Firewall Throughput10.5 Gbps
Firewall IMIX3.5 Gbps
IPS Throughput2.6 Gbps
Threat Protection900 Mbps
Xstream SST/TLS Inspection800 Mbps
Wireless Interface802.11ac

View all Sophos lines.

Check out our additional Sophos XGS content!

Sophos to the Rescue: Hackers spend months inside a network; nobody noticed

Sophos Intercept X Endpoint Protection – Ready for whatever the Russians have (left)

What is an Advanced Persistent Threat (and what can be done about it)?

How Do I set up my Sophos XGS firewall?

Sophos XGS 126 review