There’s still a lot to learn about the new Sophos XGS series, but we couldn’t wait to talk about the Sophos XGS 87 a little. Click here to learn more, or get a quick quote! First thing is, the Sophos XG series is now called, simply, Sophos Firewall. They have dedicated Xstream Flow processors, and apparently this is a good thing. These multi-core processors just make everything faster. Including the heavy-lift security functions like…
TLS 1.3 Inspection
According to the latest statistics, approximately 90% of web traffic is encrypted. Who knew? Problem is, encryption makes traffic invisible to most firewalls. As a result, many organizations simply don’t use the SSL Inspection features on their firewalls. The concern is that SSL Inspection will impact performance, and thus user experience. Predictably, an increasing amount of malware is taking advantage of this fact.
The Sophos XGS 87 now removes the blind spots caused by encrypted traffic. The speedy new processors allow you to use SSL Inspection without sacrificing speed and efficiency.
Deep Packet Inspection
Sophos believes you shouldn’t have to choose between security and performance. So, Sophos Firewall includes a fast Deep Packet Inspection engine. It scans your traffic without using a proxy, which tends to slow things down. The inspection processing is completely offloaded to the DPI engine. This reduces latency. In other words, it speeds things up.
The XGS 107 blocks the latest ransomware and breaches with high-performance streaming DPI. This includes next-gen IPS, web protection, and app control. It also features deep learning and sandboxing.
Of course, let’s not forget that a lot of your network traffic is important application traffic. Traffic that’s supposed to be there, headed for branch offices, remote users, and so on. This trusted traffic can now be directed to FastPath, which will optimize performance further. This provides extra capacity for intelligently scanning traffic that does need DPI for malware and other threats.
Sophos Firewall speeds up your SaaS, SD-WAN. So things like VoiP, video, and other trusted cloud traffic get pushed to FastPath either automatically, of by your own policies.
Sophos Central is still at the heart of everything. It’s all still centrally managed, and all still centrally reported.
New Licensing options for the Sophos XGS 87
In addition to the basic firewall features, there are three bundle options. They are the Network Protection, Web Protection, and Zero-Day protection options. Plus, there’s Sophos Central Management and Sophos Central Orchestration options for additional features and support. These are a topic all their own. And although Sophos recommends the Xstream Protection bundle for the most thorough security, you can customize your protection if you like. All subscriptions a available for individual purchase.
You can choose between hardware, AWS/Azure, virtual firewall, or software firewall options.
The XGS 87 and XGS 87W
And since we’ve talked this much about this whole, brand-new firewall family, let’s go ahead and start in with it’s smallest member, the XG 87. It’s a desktop appliance, but there will be a rack mount unit available. The XGS 87 pushes 3.7 Gbps total firewall Throughput, and 2.5 Gbps Firewall IMIX. IPS Throughput is 1.015 Gbps, Threat Protection Throughput is 240 Mbps, and Xstream SSL/TLS Inspection is 375 Mbps. The wireless interface is 802.11ac.
You can expect the XGS series to truly be carefree “install and forget” firewalls. As long as you maintain firmware upgrades, the standard installation does an excellent job.
From setting up business rules to access points to Remote Ethernet Devices, Sophos has always offered an ease-of-use that is nearly unmatched. As with most of the firewalls we review, this appliance is very suitable for small-to medium-sized businesses and remote branch offices. Any firewall designed for this kind of use case has to be easy to fire up, figure out, and forget about. After all, it’s built for organizations that may not have tons of resources to throw at IT staff and security, but that nevertheless deserve first-rate protection.
Sophos XGS highlights
|New, dedicated Xstream Flow processors|
|Superior TLS Inspection|
|Extremely fast Deep Packet Inspection|
|Efficient Application Acceleration|