Page 1
Sophos XG Firewall
Unrivalled Security, Simplicity and Insight
Sophos XG Firewall brings a fresh new approach to the way you
manage your firewall, respond to threats, and monitor what’s
happening on your network.
Page 2
Sophos XG Firewall
Sophos XG Firewall
Sophos XG Firewall provides comprehensive next-generation firewall protection
that blocks unknown threats, automatically responds to incidents, and exposes
hidden risks.
Blocks unknown threats
Sophos XG Firewall provides all the latest advanced
technology you need to protect your network from
ransomware and advanced threats including top-rated
IPS, Advanced Threat Protection, Cloud Sandboxing, Dual
AV, Web and App Control, Email Protection and a fullfeatured Web Application Firewall. And it’s easy to setup and
manage.
Automatically responds to incidents
XG Firewall is the only network security solution that is able
to fully identify the source of an infection on your network
and automatically limit access to other network resources
in response. This is made possible with our unique Sophos
Security Heartbeat™ that shares telemetry and health
status between Sophos endpoints and your firewall.
Exposes hidden risks
Sophos XG Firewall provides unprecedented visibility into
top risk users, unknown apps, advanced threats, suspicious
payloads and much more. You also get rich on-box reporting
included at no extra charge and the option to add Sophos
iView for centralized reporting across multiple firewalls.
Potent, powerful … fast
We’ve engineered XG Firewall to deliver outstanding
performance and security efficiency for the best return
on your investment. Our appliances are built using Intel
multi-core technology, solid-state drives, and accelerated
in-memory content scanning. In addition, Sophos FastPath
packet optimization technology ensures you’ll always get
maximum throughput.
Simply manage multiple firewalls
Sophos Firewall Manager provides a single console for the
complete central management of multiple XG Firewalls.
And if you also want to consolidate reporting across
multiple XG, SG, and Cyberoam appliances then with
Sophos iView, you can.
1
Page 3
Sophos XG Firewall
Security features you can’t get anywhere else
XG Firewall includes a number of innovations that not only make your job a lot
easier, but also ensure your network is more secure.
A revolution in advanced threat protection –
Sophos Synchronized Security
An industry first, Synchronized Security links your endpoints
and your firewall to enable unique insights and coordination.
Security Heartbeat™ relays Endpoint health status and
enables your firewall to immediately identify and respond
to a compromised system on your network. The firewall can
isolate systems until they can be investigated and cleaned
up. Another Synchronized Security feature, Synchronized
App Control, also enables the firewall to query the endpoint to
determine the source of unknown traffic on the network.
Patented Layer-8 identity control
User identity takes enforcement to a whole new layer with
our patented Layer-8 identity based policy technology
enabling user level controls over applications, bandwidth and
other network resources regardless of IP-address, location,
network or device. It literally takes firewall policy to a whole
new layer.
Policy templates get you protected fast
Pre-defined policy templates let you protect common
applications like Microsoft Exchange or SharePoint quickly
and easily. Simply select them from a list, provide some
basic information and the template takes care of the rest.
It sets all the inbound/ outbound firewall rules and security
settings for you automatically – displaying the final policy in
a statement in plain English.
Automated user risk reports
The Sophos User Threat Quotient (UTQ) indicator is a unique
feature which provides actionable intelligence on user
behavior. Our firewall correlates each user’s surfing habits
and activity with advanced threat triggers and history to
identify users with risk-prone behavior.
Flexible deployment, no compromise
Unlike our competitors, whether you choose hardware,
software, or virtual, we don’t make you compromise – every
feature is available on every model and form- factor.
To find out more visit www.sophos.com/xgfirewall
XG Series Virtual AzureSoftware
Purpose-built devices
to provide the ultimate
in performance.
Install the Sophos Firewall
OS image on your own
Intel hardware or server.
Install on VMware,
Citrix, Microsoft
Hyper-V and KVM.
Protect your network
infrastructure in the
Azure cloud.
2
Page 4
Sophos XG Firewall
Network Protection
All the protection you need to stop sophisticated attacks and advanced threats
while providing secure network access to those you trust.
Next-gen Intrusion Prevention System
Provides advanced protection from all types of modern
attacks. It goes beyond traditional server and network
resources to protect users and apps on the network as well.
Advanced Threat Protection
Instant identification and immediate response to today’s
most sophisticated attacks. Multi-layered protection
identifies threats instantly and Security Heartbeat™ provides
an emergency response.
Security Heartbeat
Creates a link between your Sophos Central protected
endpoints and your firewall to identify threats faster,
simplify investigation and minimize impact from attacks.
Easily incorporate Heartbeat status into firewall policies to
automatically isolate compromised systems.
Advanced VPN technologies
Adds unique and simple VPN technologies including our
clientless HTML5 self-service portal that makes remote
access incredibly simple or utilize our exclusive light-weight
secure RED (Remote Ethernet Device) VPN technology.
Web Protection
Comprehensive web protection and application control with powerful and
flexible policy tools ensure your networked users are secure and productive.
Powerful user and group web policy
Provides enterprise-level Secure Web Gateway policy
controls to easily manage sophisticated user and group
web controls. Apply policies based upon uploaded web
keywords indicating inappropriate use or behavior.
Advanced Web Threat Protection
Backed by SophosLabs, our advanced engine provides
the ultimate protection from today’s polymorphic and
obfuscated web threats. Innovative techniques like
JavaScript emulation, behavioral analysis, and origin
reputation help keep your network safe.
High performance transparent proxy
Optimized for top performance, our transparent proxy
technology provides ultra-low latency inspection and
HTTPS scanning of all traffic for threats and compliance.
Layer-8 Application Control and QoS
Enables user-aware visibility and control over thousands of
applications with granular policy and traffic-shaping (QoS)
options based on application category, risk, and
other characteristics.
Sandstorm Protection
Sophos Sandstorm uses next-gen cloud-sandbox technology to give your
organization an extra layer of security against ransomware and targeted attacks.
No Additional Hardware
It integrates with your XG Firewall and is cloud-delivered so
there’s no additional hardware required. Sophos Sandstorm
blocks evasive threats like ransomware, disguised as
executables, PDFs, and Microsoft Office documents —
sending them to a cloud-sandbox to be detonated and
observed in a safe environment.
3
Better Protected, Better Informed
Threat intelligence is fed back to your XG Firewall and the
file blocked or permitted. The process takes just a couple of
minutes with minimal impact for the user. And Sandstorm
gives you detailed threat reports for every incident so you
know exactly what’s going on.
Page 5
Sophos XG Firewall
Email Protection
Full SMTP and POP message protection from spam, phishing and data loss
with our unique all-in-one protection that combines policy-based email
encryption with DLP and anti-spam.
Integrated Message Transfer Agent
Ensures always-on business continuity for your email,
allowing the firewall to automatically queue mail in the
event servers become unavailable.
Live Anti-Spam
Provides protection from the latest spam campaigns,
phishing attacks, and malicious attachments .
Self-serve Quarantine
Gives employees direct control over their spam quarantine,
saving you time and effort.
SPX Email Encryption
Unique to Sophos, SPX makes it easy to send encrypted
email to anyone, even those without any kind of trust
infrastructure using our patent-pending password-based
encryption technology.
Data Loss Prevention
Policy based DLP can automatically trigger encryption or
block/notify based on the presence of sensitive data in
emails leaving the organization.
Web Server Protection
Harden your web servers and business applications against hacking attempts
with a full-featured Web Application Firewall while providing secure access with
reverse proxy authentication.
Business Application Policy Templates
Pre-defined policy templates let you protect common
applications like Microsoft Exchange Outlook Anywhere or
SharePoint quickly and easily.
Reverse proxy
With authentication options, SSL offloading, and server load
balancing ensure maximum protection and performance
for your servers being accessed from the internet.
Protection from the latest hacks and
attacks
With a variety of advanced protection technologies
including URL and form hardening, deep-linking and
directory traversal prevention, SQL injection and cross-site
scripting protection, cookie signing and more.
4
Page 6
Sophos XG Firewall
How to Buy
Every XG Firewall comes equipped with Base Firewall functionality including
IPSec, SSL VPN, and Wireless Protection. You can extend protection with our
bundles or by adding protection modules individually.
Network Protection Web ProtectionSandstorm Protection
All the protection you need to stop
sophisticated attacks and advanced
threats while providing secure
network access to those you trust.
Sophos Sandstorm uses next-gen
cloud-sandbox technology to give
your organization an extra layer
of security against ransomware
and targeted attacks.
Comprehensive web protection
and application control with
powerful and flexible policy tools
ensure your networked users
are secure and productive.
Security Heartbeat™ Web Server ProtectionEmail Protection
Links your Sophos endpoints with
your firewall to deliver unparalleled
protection from advanced threats
and reduce the time and complexity
of responding to security incidents.
Full SMTP and POP message protection
from spam, phishing and data loss
with our unique all-in-one protection
that combines policy-based email
encryption with DLP and anti-spam.
Harden your web servers and
business applications against
hacking attempts while providing
secure access to external users
with reverse proxy authentication.
A simple approach to comprehensive support
We build products that are simple yet comprehensive. And, we take the same approach with our support. With options
ranging from basic technical support to those including direct access to senior support engineers and customized delivery.
Standard
Licenses names
Support
Via telephone and email
Security Updates & Patches
For the life of the product
Software Feature Updates & Upgrades Included 90-days Included Included
Consulting
Remote consultation on your firewall configuration and
security with a Sophos Senior Technical Support Engineer
Warranty and RMA
For all hardware appliances
Technical Account Manager
Dedicated named technical account manager
Included with purchase
For 90 days
(business hours only)
Included with an active
software subscription
1 year (return / replace) Advance Exchange
Enhanced
Included in all bundles
Included
(24x7)
Included with an active
software subscription
(max. 5 years)
Optional
(extra cost)
Enhanced Plus
VIP Access
(24x7)
Included with an active
software subscription
Included
(up to 4 hours)
Advance Exchange
(max. 5 years)
Optional
(extra cost)
5
Page 7
Synchronized Security
Sophos XG Firewall
Security Heartbeat™ - Your firewall and your
endpoints are finally talking
Sophos XG Firewall is the only network security solution
that is able to fully identify the user and source of an
infection on your network and automatically limit access to
other network resources in response. This is made possible
with our unique Sophos Security Heartbeat™ that shares
telemetry and health status between Sophos endpoints
and your firewall.
The good news is, this all happens automatically, and
is successfully helping numerous businesses and
organizations to save time and money in protecting their
environments today.
What Next-Gen Firewalls See Today
Synchronized App Control - Revealing the
unknown
Using the Security Heartbeat we can do much more than
just see the health status of an endpoint. We also have
a solution to one of the biggest problems most network
administrators face today - lack of visibility into network
traffic.
Synchronized App Control automatically identifies,
classifies and controls custom, evasive, and generic
web applications which are currently going unidentified.
Because these applications become visible, policies can
also be applied to them, putting them fully under your
control.
To find out more, visit sophos.com/xgfirewall
What XG Firewall Sees
You can’t control what you can’t see. All firewalls today
depend on static application signatures to identify apps
But those don’t work for most custom, obscure, evasive,
or any apps using generic HTTP or HTTPS.
But there’s more...
Synchronized Security can connect much more than just
your firewall and your endpoints. Using Sophos Central as
our synchronized security platform, we are adding many
more solutions to improve your protection.
To find out more, visit our Synchronized Security page on
our website.
XG Firewall utilizes Synchronized Security to automatically
identify, classify, and control all unknown applications
Easily blocking the apps you don’t want and prioritizing
the ones you do.
6
Page 8
Sophos XG Firewall
Sophos XG Series Appliances – at a glance
Our XG Series hardware appliances are purpose-built with the latest multi-core Intel technology, generous RAM
provisioning, and solid-state storage. Whether you’re protecting a small business or a large datacenter, you’re getting
industry leading performance.
Product Matrix
Model Tech. Specs Throughput¹
Revision #
XG 85(w) 3 desktop 4 a/b/g/n/ac n/a 3,000 225 310 360
XG 105(w) 3 desktop 4 a/b/g/n/ac opt. ext. Power 3,500 360 480 450
XG 115(w) 3 desktop 4 a/b/g/n/ac opt. ext. Power 4,000 490 1,000 600
XG 125(w) 3 desktop 9/1 (9) a/b/g/n/ac
XG 135(w) 3 desktop 9/1 (9) a/b/g/n/ac
XG 210 3 1U 8/1 (16) n/a opt. ext. Power 16,000 1,450 2,200 2,300
XG 230 2 1U 8/1 (16) n /a opt. ext. Power 20,000 1,700 3,000 2,800
XG 310 2 1U 12/1 (20) n/a opt. ext. Power 28,000 2,750 4,000 3,300
Form
Factor
Ports/Slots
(Max Ports)
w-model 802.11
wireless
Swappable
Components
opt. ext. Power,
3G/4G
opt. ext. Power,
3G/4G, Wi-Fi
Firewall
(Mbps)
6,500 700 1,100 700
8,000 1,180 1,200 1,580
*
VPN
(Mbps)
NGFW
(Mbps)
AV-proxy
(Mbps)
XG 330 2 1U 12/1 (20) n/a opt. ext. Power 33,000 3,200 5,500 6,000
XG 430 2 1U 10/2 (26) n/a opt. ext. Power 41,000 4,800 6,000 6,500
XG 450 2 1U 10/2 (26) n/a opt. int. Power 50,000 5,500 7,500 7,000
XG 550 2 2U 8/4 (32) n/a Power, SSD, Fan 65,000 8,400 9,000 10,000
XG 650 2 2U 8/6 (48) n/a Power, SSD, Fan 85,000 9,000 10,000 13,000
XG 750 2 2U 8/8 (64) n/a Power, SSD, Fan 100,000 11,000 11,800 17,000
* 2nd Wi-Fi module option on 135w only (requires XG v17 MR6)
Sophos XG Firewall TotalProtect Plus Bundle
For the ultimate in protection, value, and peace-of-mind, get our convenient TotalProtect Plus bundle.
What you get TotalProtect Plus Bundle
Base Firewall Firewall, IPsec and SSL VPN, Wireless Protection (APs sold separately)
Network Protection IPS, RED, HTML5 VPN, ATP, Security Heartbeat
Web Protection Anti-malware, Web and App visibility, control, and protection
Email Protection Anti-spam, SPX Email Encryption, and DLP
Web Server Protection Web Application Firewall and reverse proxy
Sandstorm Protection next-gen cloud-sandbox technology
Enhanced Support 24x7 support, security and software updates, adv. exchange warranty
XG Series Hardware Appliance Multi-core Intel processor, solid-state storage, flexible connectivity
7
Page 9
Sophos XG Firewall
Sophos XG Series Desktop Appliances:
XG 85 and XG 85w
Technical Specifications
These entry-level desktop firewalls are the ideal choice for budget-conscious small businesses, retail and small or home
offices. They are available with and without integrated 802.11ac wireless LAN, so you can have an all-in-one network
security and hotspot solution without the need for additional hardware. The Intel dual-core technology makes them highly
efficient and as they’re fanless, they won’t add unwanted noise to your office space.
Note: The XG 85 and 85w do not support some advanced features like on-box reporting, dual AV scanning, WAF AV
scanning and the email message transfer agent (MTA) functionality. If you need these capabilities, the XG 105(w) is
recommended.
Front View
Status LEDs
(w-model has additional Wi-Fi LED)
Back View
2 x external antenna
(XG 85w only)
2 x USB
1 x COM
2.0
(RJ45)
Power
Supply
1 x Micro
USB
4 x GbE
copper port
Environment
Power consumption 12W, 40.94 BTU/hr (idle)
Operating temperature 0-40°C (operating)
Humidity 10%-90%, non-condensing
20.4W, 69.6 BTU/hr (full load)
-20 to +80°C (storage)
Performance¹ XG 85(w) Rev. 3
Firewall throughput 3 Gbps
Firewall IMIX 800 Mbps
VPN throughput 225 Mbps
IPS throughput 580 Mbps
NGFW (IPS + App Ctrl) max. 310 Mbps
Antivirus throughput (proxy) 360 Mbps
Concurrent connections 3,200,000
New connections/sec 15,000
Maximum licensed users unrestricted
Wireless Specification (XG 85w only)
No. of antennas 2 external
MIMO capabilities 2 x 2:2
Wireless interface 802.11a/b/g/n/ac (2.4 GHz / 5 GHz)
Physical interfaces
Storage 8 GB eMMC
Ethernet interfaces (fixed) 4 GbE copper
I/O ports (rear) 2 x USB 2.0
Power supply External auto ranging DC: 12V,
1 x Micro-USB
1 x COM (RJ45)
100-240VAC, 24W@50-60 Hz
Physical specifications
Mounting Rackmount kit available
Dimensions
Width x Depth x Height
Weight 0.75 kg / 1.65 lbs (unpacked)
(to be ordered separately)
190 x 117 x 43 mm
7.48 x 4.61 x 1.69 inches
1.9 kg / 4.19 lbs (packed)
(w model minimally higher)
Product Certifications
Certifications CB, UL, CE, FCC, ISED, VCCI, MIC (Japan),
RCM, CCC, KC
Planned: BIS
8
Page 10
Sophos XG Firewall
Sophos XG Series Desktop Appliances:
XG 105, XG 105w, XG 115, XG 115w
Technical Specifications
These desktop firewall appliances offer an excellent price-to-performance ratio making them ideal for small businesses
or branch offices. They are available with or without integrated 802.11ac wireless LAN, so you can even have an all-inone network security and hotspot solution without the need for additional hardware. Of course, you can also add external
access points. With Intel multi-core technology designed for best performance and efficiency in a small form factor, these
models come equipped with 4 GbE copper ports built-in and 1 shared SFP interface, e.g. for use with our optional DSL
modem or an SFP Fiber transceiver to connect the device to a server or switch. An optional second power supply provides
an unmatched redundancy option in this product segment.
Front View
Status LEDs
(w-model has additional Wi-Fi LED)
Back View
2 x external antenna
(XG 105w and XG 115w only)
Connector for optional 2nd
redundant power supply
Power
Supply
HDMI
1 x COM
1 x
USB 2.0
(RJ45)
2 x
1 x GbE SFP
(shared)
1 x Micro
USB
4 x GbE
copper port
Environment
Power consumption 8.88W, 30.28 BTU/hr (idle)
Operating temperature 0-40°C (operating)
Humidity 10%-90%, non-condensing
10.44W, 35.6 BTU/hr (full load)
-20 to +80°C (storage)
Product Certifications
Certifications CB, UL, CE, FCC, ISED, VCCI, MIC (Japan),
RCM, CCC, KC
Planned: BIS
Performance¹ XG 105(w) Rev. 3 XG 115(w) Rev. 3
Firewall throughput 3,5 Gbps 4 Gbps
Firewall IMIX 1,8 Gbps 2,0 Gbps
VPN throughput 360 Mbps 490 Mbps
IPS throughput 970 Mbps 1,22 Gbps
NGFW (IPS + App Ctrl) max. 480 Mbps 1 Gbps
Antivirus throughput (proxy) 450 Mbps 600 Mbps
Concurrent connections 3,200,000 6,000,000
New connections/sec 28,000 35,000
Maximum licensed users unrestricted unrestricted
Wireless Specification (XG 105w and XG 115w only)
No. of antennas 2 external
MIMO capabilities 2 x 2:2
Wireless interface 802.11a/b/g/n/ac (2.4 GHz / 5 GHz)
Physical interfaces
Storage (local
quarantine/logs)
Ethernet interfaces (fixed) 4 GbE copper
Connectivity modules
(optional)
I/O ports (rear) 2 x USB 2.0
Power supply External auto ranging DC: 12V, 100-
Redundant PSU optional (external)
integrated SSD
1 GbE SFP (shared)
SFP DSL module (VDSL2)
SFP Transceivers
1 x Micro-USB
1 x COM (RJ45)
1 x HDMI
240VAC, 36W@50-60 Hz
*
Physical specifications
Mounting Rackmount kit available
Dimensions
Width x Depth x Height
Weight 1.17 kg / 2.58 lbs (unpacked)
* SFP transceivers sold separately
(to be ordered separately)
245 x 157 x 44 mm
9.65 x 6.18 x 1.73 inches
2.4 kg / 5.29 lbs (packed)
(w models minimally higher)
9
Page 11
Sophos XG Firewall
Sophos XG Series Desktop Appliances:
XG 125, XG 125w, XG 135, XG 135w
Technical Specifications
These powerful firewall appliances offer 1U performance with a desktop form factor and price. If you have a small business
or branch offices to protect and are working on a tight budget, these models are the ideal choice. They are also available
with integrated 802.11ac wireless LAN for optimal coverage and connectivity for your mobile workers. Built upon the latest
Intel architecture, our software makes optimal use of the multi-core technology to provide excellent throughput for all your
key processes. These models come equipped with 8 GbE copper ports built-in, plus 1 SFP port, e.g. for use with our optional
DSL modem or an SFP Fiber transceiver to connect the device to a server or switch. An expansion bay provides the option
to add additional connectivity such as our 3G/4G module. A 2nd Wi-Fi radio module is also available for the XG 135w. An
optional second power supply ensures business continuity for these models.
Front View
Status LEDs
(w-model has additional Wi-Fi LED)
Back View
3 x external antenna
(XG 125w and
XG 135w only)
1 x Micro
USB
1 x COM
(RJ45)
Power
Supply
Optional 2nd redundant
power supply
HDMI
2 x
1 x
USB 2.0
1 x GbE
SFP
8 x GbE
copper port
Expansion bay
(shown with optional
module incl. 2 antennas)
Environment
Power consumption 18.6W, 63.426 BTU/hr (idle)
Operating temperature 0-40°C (operating)
Humidity 10%-90%, non-condensing
20.04W, 68.336 BTU/hr (full load)
-20 to +80°C (storage)
Product Certifications
Certifications CB, UL, CE, FCC, ISED, VCCI, MIC (Japan),
RCM, CCC, KC
Planned: BIS
Performance¹ XG 125(w) Rev. 3 XG 135(w) Rev. 3
Firewall throughput 6,5 Gbps 8 Gbps
Firewall IMIX 2,5 Gbps 5 Gbps
VPN throughput 700 Mbps 1,18 Gbps
IPS throughput 1,53 Gbps 2,48 Gbps
NGFW (IPS + App Ctrl +
WebFilter) max.
Antivirus throughput (proxy) 700 Mbps 1,58 Gbps
Concurrent connections 6,000,000 6,000,000
New connections/sec 35,000 85,000
Maximum licensed users unrestricted unrestricted
1,1 Gbps 1,2 Gbps
Wireless Specification (XG 125w and XG 135w only)
No. of antennas 3 external
MIMO capabilities 3 x 3:3
Wireless interface 802.11a/b/g/n/ac (2.4 GHz / 5 GHz)
Physical interfaces
Storage (local
quarantine/logs)
Ethernet interfaces (fixed) 8 GbE copper
No. of expansion slots 1
Connectivity Modules
(optional)
802.11ac Wi-Fi radio 2x2:2 (XG 135w only)
I/O ports (rear) 2 x USB 2.0
Power supply External auto ranging DC: 12V,
Redundant PSU optional (external)
integrated SSD
1 GbE SFP
SFP DSL module (VDSL2)
3G/4G module
SFP transceivers
1 x Micro-USB
1 x COM (RJ45)
100-240VAC, 36W@50-60 Hz
*
1 x HDMI
Physical specifications
Mounting Rackmount kit available
Dimensions
Width x Depth x Height
Weight 1.9 kg / 4.19 lbs (unpacked)
* SFP transceivers sold separately
(to be ordered separately)
320 x 212 x 44 mm
12.60 x 8.35 x 1.73 inches
3.3 kg / 7.27 lbs (packed)
(w models minimally higher)
10
Page 12
Sophos XG Firewall
Sophos XG Series Rackmount Appliances:
XG 210, XG 230
Technical Specifications
The Sophos XG 210 and XG 230 are designed to protect small to mid-sized businesses and branch offices. Based on the
latest Intel technology and equipped with 6 GbE copper ports , 2 GbE SFP fiber ports plus one FleXi Port slot to configure
with an optional module, they provide high flexibility and throughput at an excellent price-to-performance ratio. An external
redundant power supply is optional for these models.
Front View
Multi-function
LCD display
Navigation
for LCD
1 x COM
(RJ45)
USB 3.0
2 x
Micro USB
6 x GbE copper – fixed
Incl. 2 bypass pairs
2 x GbE SFP
– fixed
1 x expansion bay
(shown here with optional
FleXi Port module)
Back View
Connector for optional 2nd
optional PoE Power
external power supply
1 x
HDMIConnector for
USB 3.0
Power supply
Power switch
Environment
Power consumption XG 210: 19W, 65 BTU/hr (idle)
Operating temperature 0-40°C (operating)
Humidity 10%-90%, non-condensing
35W, 119 BTU/hr (full load)
XG 230: 21W, 72 BTU/hr (idle)
41W, 141 BTU/hr (full load)
-20 to +80°C (storage)
Product Certifications
Certifications CB, UL, CE, FCC Class A, ISED,
VCCI, RCM, CCC, KC, BIS
Performance¹ XG 210 Rev. 3 XG 230 Rev. 2
Firewall throughput 16 Gbps 20 Gbps
Firewall IMIX 5.5 Gbps 6.8 Gbps
VPN throughput 1.45 Gbps 1.7 Gbps
IPS throughput 2.7 Gbps 4.2 Gbps
NGFW (IPS + App Ctrl) max. 2.2 Gbps 3 Gbps
Antivirus throughput (proxy) 2.3 Gbps 2.8 Gbps
Concurrent connections 8,200,000 8,200,000
New connections/sec 135,000 140,000
Maximum licensed users unrestricted unrestricted
Physical interfaces
Storage (local
quarantine/logs)
Ethernet interfaces (fixed) 6 GbE copper (incl. 2 bypass pairs)
No. of FleXi Port slots 1
FleXi Port modules (optional) 8 port GbE copper
I/O ports 2 x USB 3.0 (front)
Display Multi-function LCD module
Power supply Internal auto-ranging
Redundant PSU optional (external)
integrated SSD
2 GbE SFP
8 port GbE SFP
2 port 10 GbE SFP+
4 port 10 GbE SFP+
2 port 40 GbE QSFP+
*
*
*
*
*
4 port GbE PoE
8 port GbE PoE
4 port GE copper LAN bypass
1 x Micro USB (front)
1 x USB 3.0 (rear)
1 x COM (RJ45) (front)
1 x HDMI (rear)
100-240VAC, 50-60 Hz
11
Physical specifications
Mounting 1U rack mount
Dimensions
Width x Depth x Height
Weight 5.2 kg / 11.46lb (unpacked)
* Transceivers (mini GBICs) sold separately
(2 rackmount ears included)
438 x 344.4 x 44mm
17.24 x 13.56 x 1.75 inches
7.7 kg / 16.98 lbs (packed)
Page 13
Sophos XG Firewall
Sophos XG Series Rackmount Appliances:
XG 310, XG 330
Technical Specifications
The Sophos XG 310 and XG 330 are scalable appliances suitable for distributed organizations or mid-sized companies.
With solid-state drives for on-box reporting, logs and spam quarantine, they’re highly responsive even in high traffic
environments. Each model is equipped with 8 GbE copper ports, 2 GbE SFP fiber ports, 2 10 GbE SFP+ fiber ports plus one
FleXi Port slot to configure with an optional module. They provide optimal performance and flexibility plus redundancy
through an optional external power supply.
Front View
Multi-function
LCD display
Navigation
for LCD
1 x COM
(RJ45)
USB 3.0
2 x
8 x GbE copper – fixed
Incl. 2 bypass pairs
Micro USB
2 x GbE SFP
– fixed
2 x 10 GbE
SFP+ – fixed
1 x expansion bay
(shown here with optional
FleXi Port module)
Back View
Connector for optional 2nd
optional PoE Power
external power supply
1 x
HDMIConnector for
USB 3.0
Power supply
Power switch
Environment
Power consumption XG 310: 32W, 109 BTU/hr (idle)
Operating temperature 0-40°C (operating)
Humidity 10%-90%, non-condensing
49W, 167 BTU/hr (full load)
XG 330: 36W, 122 BTU/hr (idle)
54W, 184 BTU/hr (full load)
-20 to +80°C (storage)
Product Certifications
Certifications CB, UL, CE, FCC Class A, ISED,
VCCI, RCM, CCC, KC, BIS
Performance¹ XG 310 Rev. 2 XG 330 Rev. 2
Firewall throughput 28 Gbps 33 Gbps
Firewall IMIX 9.5 Gbps 12.5 Gbps
VPN throughput 2.75 Gbps 3.2 Gbps
IPS throughput 5.5 Gbps 8.5 Gbps
NGFW (IPS + App Ctrl) max. 4 Gbps 5.5 Gbps
Antivirus throughput (proxy) 3.3 Gbps 6 Gbps
Concurrent connections 17,500,000 17,500,000
New connections/sec 200,000 200,000
Maximum licensed users unrestricted unrestricted
Physical interfaces
Storage (local
quarantine/logs)
Ethernet interfaces (fixed) 8 GbE copper (incl. 2 bypass pairs)
No. of FleXi Port slots 1
FleXi Port modules (optional) 8 port GbE copper
I/O ports 2 x USB 3.0 (front)
Display Multi-function LCD module
Power supply Internal auto-ranging
Redundant PSU optional (external)
integrated SSD
2 GbE SFP
2 10 GbE SFP+
8 port GbE SFP
2 port 10 GbE SFP+
4 port 10 GbE SFP+
2 port 40 GbE QSFP+
*
*
*
*
*
*
4 port GbE PoE
8 port GbE PoE
4 port GbE copper LAN bypass
1 x Micro USB (front)
1 x USB 3.0 (rear)
1 x COM (RJ45) (front)
1 x HDMI (rear)
100-240VAC, 50-60 Hz
Physical specifications
Mounting 1U rack mount
Dimensions
Width x Depth x Height
Weight 5.8 kg / 12.78 lbs (unpacked)
* Transceivers (mini GBICs) sold separately
(2 rackmount ears included)
438 x 405.5 x 44mm
17.24 x 15.96 x 1.75 inches
8.8 kg / 19.4 lbs (packed)
12
Page 14
Sophos XG Firewall
Sophos XG Series Rackmount Appliances:
XG 430, XG 450
Technical Specifications
The Sophos XG 430 and XG 450 offer enterprise performance for distributed organizations or larger mid-sized companies.
The connectivity options are second to none for rack mountable appliances, with each model coming equipped with 8 GbE
copper ports, 2 10 GbE SFP+ ports and 2 additional FleXi Port slots which you can configure with your choice of optional
modules. For high-availability, the XG 450 also offers unparalleled redundancy features in a 1U appliance with a second SSD
(RAID) integrated and an optional second power supply is available for both models.
Front View
Multi-function
LCD display
for LCD
MGMT
port
USB 3.0
2 x
1 x COM
(RJ45)
8 x GbE copper – fixed
Incl. 2 bypass pairs
Micro USBNavigation
2 x GbE SFP+
– fixed
2 x expansion bay
(shown here with optional
FleXi Port module)
IPMI
Back View XG 430
Connector for optional 2nd
optional PoE Power
external power supply
1 x
USB 3.0
Power supply
Power switchHDMIConnector for
Back View XG 450
Power supply
Space for optional 2nd hot
swappable power supply
optional PoE Power
Power switch
HDMIConnector for
1 x
USB 3.0
Environment
Power consumption XG 430: 28W, 96 BTU/hr (idle)
Operating temperature 0-40°C (operating)
Humidity 10%-90%, non-condensing
79W, 270 BTU/hr (full load)
XG 450: 31W, 107 BTU/hr (idle)
83W, 283 BTU/hr (full load)
-20 to + 80°C (storage)
Product Certifications
Certifications CB, UL, CE, FCC Class A, ISED,
VCCI, RCM, CCC, KC, BIS
Performance¹ XG 430 Rev. 2 XG 450 Rev. 2
Firewall throughput 41 Gbps 50 Gbps
Firewall IMIX 14.5 Gbps 17.5 Gbps
VPN throughput 4.8 Gbps 5.5 Gbps
IPS throughput 9 Gbps 10 Gbps
NGFW (IPS + App Ctrl) max. 6 Gbps 7.5 Gbps
Antivirus throughput (proxy) 6.5 Gbps 7 Gbps
Concurrent connections 20,000,000 20,000,000
New connections/sec 200,000 200,000
Maximum licensed users unrestricted
Physical interfaces
Storage (local
quarantine/logs)
Ethernet interfaces (fixed) 8 GbE copper (incl. 2 bypass pairs)
No. of FleXi Port slots 2
FleXi Port modules (optional) 8 port GbE copper
I/O ports 2 x USB 3.0 (front)
Display Multi-function LCD module
Power supply Internal auto-
integrated SSD 2 x integrated SSD
2 10 GbE SFP+
8 port GbE SFP
2 port 10 GbE SFP+
4 port 10 GbE SFP+
2 port 40 GbE QSFP+
*
*
*
*
*
4 port GbE PoE
8 port GbE PoE
4 port GbE copper LAN bypass
1 x Micro USB (front)
1 x USB 3.0 (rear)
1 x COM (RJ45) (front)
1 x IPMI (front)
1 x HDMI (rear)
Internal auto-
ranging 100-
240VAC, 50-60 Hz
Redundant PSU
optional (external)
ranging 100-
240VAC, 50-60 Hz
Hot Swap
Redundant PSU
optional (internal)
Physical specifications
Mounting 1U rackmount (sliding rails incl.)
Dimensions
Width x Depth x Height
Weight 7.6 kg / 16.76 lbs
* Transceivers (mini GBICs) sold separately
438 x 507.7 x 44mm
17.24 x 19.99 x 1.75 inches
(unpacked)
13.7 kg / 30.2
lbs (packed)
7.8 kg / 17.2 lbs
(unpacked)
14.8 kg / 32.63
lbs (packed)
13
Page 15
Sophos XG Firewall
Sophos XG Series Rackmount Appliances:
XG 550, XG 650
Technical Specifications
The Sophos XG 550 and XG 650 are high-performance firewalls equipped to provide protection for larger distributed and
growing organizations. They offer CPU technology to effortlessly handle use as an all-in-one solution or a powerful nextgeneration firewall. The models offer either 4 (XG 550) or 6 (XG 650) FleXi Port expansion bays to tailor your connectivity to
your environment. An 8 port GbE copper module is supplied as a default. Hot-swappable dual SSDs and power supplies are
standard redundancy features in this class.
Front View XG 550
2 x hot-swap
SSD (RAID-1)
Navigation
for LCD
2 x management port
2 x USB 2.0
1 x COM (RJ45)
Multi-function LCD display
Front View XG 650
2 x hot-swap
SSD (RAID-1)
Navigation
for LCD
2 x management port
2 x USB 2.0
1 x COM (RJ45)
Multi-function LCD display
Back View
1 x USB 3.0 1 x VGA port Power switch
4 x swappable fan
4 expansion bays for Flexi Port
modules. 1 x 8 port GbE copper module
supplied as default (removable)
6 expansion bays for Flexi Port
modules. 1 x 8 port GbE copper module
supplied as default (removable)
2 x hot swappable
power supply
Performance¹ XG 550 Rev. 2 XG 650 Rev. 2
Firewall throughput 65 Gbps 85 Gbps
Firewall IMIX 23 Gbps 28 Gbps
VPN throughput 8.4 Gbps 9 Gbps
IPS throughput 17 Gbps 20 Gbps
NGFW (IPS + App Ctrl +
9 Gbps 10 Gbps
WebFilter) max.
Antivirus throughput (proxy) 10 Gbps 13 Gbps
Concurrent connections 30,000,000
New connections/sec 220,000 240,000
Maximum licensed users unrestricted
Physical interfaces
Storage (local
quarantine/logs)
Ethernet interfaces
(removable)
No. of FleXi Port slots 4 6
FleXi Port modules (optional) 8 port GbE copper
I/O ports 2 x USB 2.0 (front)
Display Multi-function LCD module
Power supply 2 x hot-swap internal auto-ranging
2 x integrated
hot-swap SSD (RAID)
8 GbE copper
8 port GbE SFP
2 port 10 GbE SFP+
2 port 40 GbE QSFP+
4 port 10 GbE SFP+
*
*
*
*
4 port SFP* plus 4 port GbE
copper LAN bypass
1 x USB 3.0 (rear)
2 x Mgmt Port (eth0/eth1, front)
1 x COM (RJ45) (front)
1 x VGA (rear)
100-240VAC, 50-60 Hz PSU
Environment
Power consumption XG 550: 270.5W, 922.98BTU/hr (idle)
416.1W, 1419.79BTU/hr (full load)
XG 650: 320.5W, 1093.59BTU/hr (idle)
493.1W, 1682.53BTU/hr (full load)
Operating temperature 0-40°C (operating)
-40 to +70°C (storage)
Humidity 5%-90%, non-condensing
Product Certifications
Certifications CB, UL, CE, FCC Class A, ISED,
VCCI, RCM, CCC, KC, BIS
Physical specifications
Mounting 2U sliding rails (included)
Dimensions
Width x Depth x Height
Weight 17.8 kg / 39.24 lbs (unpacked)
* Transceivers (mini GBICs) sold separately
438 x 600 x 88 mm
17.24 x 23.62 x 3.46 inches
27 kg / 59.53 lbs (packed)
14
Page 16
Sophos XG Firewall
Sophos XG Series Rackmount Appliances:
XG 750
Technical Specifications
The Sophos XG 750 is a high performance firewall suitable for high traffic datacenter and large enterprise environments.
Intel multi core technology and redundancy features such as dual SSDs, power supplies and swappable fans, ensure you’re
protected at all times. With a total of 8 FleXi Port bays, one of which comes equipped with a default 8 port GbE copper
module, connectivity knows no bounds and can reach a maximum of 64 ports using the optional modules.
Front View
2 x hot-swap
SSD (RAID-1)
Navigation
for LCD
2 x management port
2 x USB 2.0
1 x COM (RJ45)
Multi-function LCD display
8 expansion bays for Flexi Port
modules. 1 x 8 port GbE copper module
supplied as default (removable)
Back View
1 x USB 3.0 1 x VGA port Power switch
4 x swappable fan
2 x hot swappable
power supply
Environment
Power consumption 326.5W, 1114.01BTU/hr (idle)
Operating temperature 0-40°C (operating)
Humidity 5%-90%, non-condensing
512.2W, 1747.62BTU/hr (full load)
-40 to +70°C (storage)
Product Certifications
Certifications CB, UL, CE, FCC Class A, ISED,
VCCI, RCM, CCC, KC, BIS
Performance¹ XG 750 Rev. 2
Firewall throughput 100 Gbps
Firewall IMIX 33.5 Gbps
VPN throughput 11 Gbps
IPS throughput 22 Gbps
NGFW (IPS + App Ctrl +
WebFilter) max.
Antivirus throughput (proxy) 17 Gbps
Concurrent connections 30,000,000
New connections/sec 300,000
Maximum licensed users unrestricted
11.8 Gbps
Physical interfaces
Storage (local
quarantine/logs)
Ethernet interfaces
(removable)
No. of FleXi Port slots 8
FleXi Port modules (optional) 8 port GbE copper
I/O ports 2 x USB 2.0 (front)
Display Multi-function LCD module
Power supply
2 x integrated hot-swap SSD (RAID)
8 GbE copper
8 port GbE SFP
2 port 10 GbE SFP+
2 port 40 GbE QSFP+
4 port 10 GbE SFP+
4 port SFP* plus 4 port GbE
copper LAN bypass
1 x USB 3.0 (rear)
2 x Mgmt Port (eth0/eth1, front)
1 x COM (RJ45) (front)
1 x VGA (rear)
2 x hot-swap external auto ranging
100-240VAC, 50-60 Hz
*
*
*
*
15
Physical specifications
Mounting 2U sliding rails (included)
Dimensions
Width x Depth x Height
Weight 17.8 kg / 39.24 lbs (unpacked)
* Transceivers (mini GBICs) sold separately
438 x 600 x 88 mm
17.24 x 23.62 x 3.46 inches
27 kg / 59.53 lbs (packed)
Page 17
Sophos XG Firewall
Adapt Connectivity with Optional Modules
Connectivity Modules for Desktop Models
Add additional connectivity options to your Desktop appliances to enhance the range and performance of your network.
Modules for Desktops
(For XG/SG 125(w) and 135(w) Rev. 3 only)
Supports LTE (Cat-6)/DC-HSPA+/HSPA+/HSPA/
UMTS (WCDMA, APAC version also TD-SCDMA)
3G/4G Module:
2 external antennas, SIM card slot
SFP format supports all VDSL2 standards
defined in ITU –T G.993.2, G.994.1, G.997.1, and
the VDSL2 profiles 8a, 8b, 8c, 8d, 12a, 12b, 17a
FleXi Port Modules for 1U and 2U
Configure your hardware to suit your infrastructure and change it as and when you need to. Our optional FleXi Port LAN
modules give you the freedom to select the connectivity you need – copper, fiber, 10GbE, 40 GbE – you decide.
FleXi Port Modules for 1U FleXi Port Modules for 2U
DSL Modem – SFP:
(for XG/SG 1xx(w) Rev.3 only)
2nd Wi-Fi Radio Module:
(For XG/SG 135w Rev.3 only)
802.11a/b/g/n/ac, 2 x 2 MIMO,
2.4 or 5 GHz, 2 external antennas
8 port GbE copper FleXi Port module
(for SG/XG 2xx/3xx/4xx only)
8 port GbE SFP FleXi Port module
(for SG/XG 2xx/3xx/4xx only)
2 port 10 GbE SFP+ FleXi Port module
(for SG/XG 2xx/3xx/4xx only)
4 port 10 GbE SFP+ FleXi Port module
(for SG/XG 2xx/3xx/4xx only)
2 port 40 GbE QSFP+ FleXi Port module
(for SG/XG 210 Rev.3 and SG/XG
230, 3xx and 4xx Rev.2 only)
4 port GbE copper PoE FleXi Port module
(for SG/XG 210 Rev.3 and SG/XG
230, 3xx and 4xx Rev.2 only)
8 port GbE copper FleXi Port module
(for XG 750 and SG/XG 550/650 Rev.2 only)
8 port GbE SFP FleXi Port module
(for XG 750 and SG/XG 550/650 Rev.2 only)
2 port 10 GbE SFP+ FleXi Port module
(for XG 750 and SG/XG 550/650 Rev.2 only)
4 port 10 GbE SFP+ FleXi Port module
(for XG 750 and SG/XG 550/650 Rev.2 only)
4 port GbE SFP plus 4 port GbE copper LAN
bypass FleXi port module
(for XG 750 and XG 550/650 Rev.2 only)
2 port 40 GbE QSFP+ FleXi Port module
(for XG 750 and SG/XG 550/650 Rev.2 only)
8 port GbE copper PoE FleXi Port module
(for SG/XG 210 Rev.3 and SG/XG
230, 3xx and 4xx Rev.2 only)
Please note: Transceivers (mini GBICs) are sold separately.
16
Page 18
Sophos XG Firewall
Sophos Wireless
Protection
Get secure and reliable wireless access all
over the office
Simplify your wireless networking by using your Sophos
XG Firewall as a wireless controller to centralize your Wi-Fi
management and security. Sophos Wireless Protection
is included in the Base Firewall license and for example,
provides full hotspot support to simply set up guest and
visitor access. Our optional access points are automatically
set up and configured by the firewall. That means all your
wireless clients get complete threat protection too.
Choose your Access Point
Our APs are built on the latest enterprise-class, high-speed
wireless chipsets with custom designed antennas, added
CPU and memory resources, and hardware accelerated
encryption. Find out more.
Hardware Appliances with integrated WiFi
All our XG Series desktop appliances are available with an
integrated wireless access point. Coverage can be further
extended by adding Sophos Access Points. Please see the
Hardware section for further details.
Sophos RED
(Remote Ethernet Device)
Turn any location into a secure location
with our Remote Ethernet Devices (RED)
If you have branch offices, retail locations, remote outposts
or otherwise need to extend your secure network easily
and affordably beyond your main facility, Sophos Remote
Ethernet Devices are the ideal solution. Uniquely simple and
imminently affordable, RED provides an elegant solution to
building a secure distributed network.
Plug-and-protect
Sophos RED makes extending your secure network to
other locations easy. It requires no technical skills at the
remote site; simply enter the RED device ID into your XG
Firewall console and ship it. As soon as it’s plugged in and
connected to the Internet, it will contact your firewall and
establish a secure dedicated VPN tunnel. It’s that easy.
17
Page 19
Sophos XG Firewall
Sophos Firewall Manager
(SFM)
Sophos Firewall Manager (SFM) provides powerful
centralized management for all your Sophos Firewalls
across multiple customers sites or branch offices all from a
single screen. Whether you’re an MSP, Enterprise Network
Security Admin, or simply managing a few small offices,
SFM simplifies security management enabling consistent
enforcement, easy provisioning of new policies, and at-aglance monitoring of device health. SFM saves you time,
money and makes management simpler.
Comprehensive Centralized Management
Manage all Firewall policies and configuration from
single console.
Insightful Monitoring
At-a-glance device and network health indicators.
Extensive Administrative controls
Role-based administration, change control and logging.
Flexible Deployment Options
Available as Hardware, Software, or Virtual appliance.
Sophos iView v2
Monitoring a distributed network across multiple locations
can be a challenge. That’s where Sophos iView can help. It
provides you with an intelligent, uninterrupted view of your
network from a single pane of glass. If you have multiple
appliances, need consolidated reporting, or could just use
help with log management or compliance, Sophos iView is
the ideal solution.
Consolidated reporting
Aggregated reporting across multiple Sophos and
Cyberoam firewall devices.
User-based Reporting
Our patented Layer-8 user identity provides visibility into user
activities regardless of where they’re working.
Security intelligence
Identify potential network issues and possible attacks
anywhere across your network.
Log backup and management
Logs data from multiple devices at distributed locations with
smart indexing and easy search facilities.
Deployment options
Available as software ISO or virtual appliance.
18
Page 20
Sophos XG Firewall
Try it for free – business and even at home
If you have any additional questions visit sophos.com or give one of our Sales Agents a call.
Free 30-day trial – no strings attached
If you’d like to take it for a test drive you can get the full-featured
product simply sign-up for our free 30-day trial.
See it in action now
You can take a walkthrough of the user interface with our interactive demo or watch videos
showing you just how we make network security simple.
Visit sophos.com/xgfirewall
Free Home Use version
Our Sophos XG Firewall Home Edition is a fully-equipped software version that
gives you complete network, web, mail, and web application security with VPN
functionality, for home-use only and limited to 4 virtual cores, 6 GB of RAM.
Visit sophos.com/freetools
¹ General: Max. throughput measured under ideal test conditions using SF-OS 17.0 with App-classification disabled using industry standard Spirent /Avalanche performance test and
Ixia test tools. Actual performance may vary depending on network conditions and activated services.
Ì FW: UDP throughput based on RFC 2544 using 1518 Byte packet size.
Ì FW IMIX: UDP throughput based on a combination of 48 bytes, 576 bytes and 1518 bytes packet sizes.
Ì IPS/NGFW: HTTP throughput using default IPS ruleset and 512KB object size (NGFW: with AppCtrl enabled)
Ì VPN: HTTP throughput using multiple tunnels and 512KB HTTP response size
Ì AV: HTTP throughput using Web proxy and 200KB response size
United Kingdom and Worldwide Sales
Tel: +44 (0)8447 671131
Email: sales@sophos.com
© Copyright 2018. Sophos Ltd. All rights reserved.
Registered in England and Wales No. 2096520, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, UK
Sophos is the registered trademark of Sophos Ltd. All other product and company names mentioned are
trademarks or registered trademarks of their respective owners.
18-01-22 BRNA (2909-DD)
North American Sales
Toll Free: 1-866-866-2802
Email: nasales@sophos.com
Australia and New Zealand Sales
Tel: +61 2 9409 9100
Email: sales@sophos.com.au
Asia Sales
Tel: +65 62244168
Email: salesasia@sophos.com
Loading...