Page 1
Sophos XG Firewall
The world’s best visibility, protection, and response.
Sophos XG Firewall brings a fresh new approach to the way you
manage your firewall, respond to threats, and monitor what’s
happening on your network.
Page 2
Page 3
Sophos XG Firewall
Sophos XG Firewall
Sophos XG Firewall introduces an innovative approach to the way that you
manage your firewall, and how you can detect and respond to threats on your
network.
See it. Stop it. Secure it.
Our comprehensive next-generation firewall protection has been built to expose hidden risks, block both known and
unknown threats, and automatically respond to incidents.
Exposes hidden risks Automatically responds to incidentsBlocks unknown threats
Sophos XG Firewall provides unrivaled
visibility into risky users, unknown and
unwanted apps, advanced threats,
suspicious payloads, encrypted
traffic and much more. Rich on-box
reporting is built-in and powerful
centralized reporting for multiple
firewalls is available in the cloud.
Sophos XG Firewall provides all the
latest advanced technology you need to
protect your network from ransomware
and advanced threats including top-
rated IPS, Advanced Threat Protection,
Cloud Sandboxing and full AI-powered
threat analysis, Dual AV, Web and App
Control, Email Protection and a full-
featured Web Application Firewall.
And it’s easy to setup and manage.
XG Firewall is the only network security
solution that is able to fully identify the
source of an infection on your network
and automatically limit access to
other network resources in response.
This is made possible with our unique
Sophos Security Heartbeat that shares
telemetry and health status between
Sophos endpoints and your firewall.
1
Page 4
Sophos XG Firewall
The Xstream Advantage
The XG Firewall Xstream architecture is engineered to deliver extreme levels
of visibility, protection, and performance to help address some of the greatest
challenges facing network administrators today.
Xstream SSL Inspection
According to the latest statistics, approximately 80% of web
traffic is encrypted, making it invisible to most firewalls. An
increasing amount of malware and potentially unwanted
apps exploit the fact that organizations are simply not using
SSL inspection. Network administrators' main fears are that
SSL inspection will have a performance impact or cause
something to break, impacting the user experience.
XG Firewall removes the blind spots caused by encrypted
traffic by allowing you to use SSL inspection whilst
maintaining performance efficiency.
Xstream DPI Engine
We believe you should never have to decide between
security and performance. XG Firewall includes a highspeed Deep Packet Inspection (DPI) engine to scan your
traffic for threats without a proxy slowing down the process.
The firewall stack can completely offload the processing
to the DPI engine, significantly reducing latency and so
improving overall efficiency.
XG Firewall provides robust deep packet threat protection in
a single streaming engine for AV, IPS, Web, App Control and
SSL inspection.
Xstream Network Flow FastPath
Traffic which is known to be secure can be offloaded to the
Xstream Network Flow FastPath. This accelerated path
for trusted traffic boosts performance dramatically by
freeing up resources from unnecessary traffic inspection
tasks. This is particularly important for voice and video
applications which are very sensitive to latency and so can
quickly lead to a degradation of the user experience. XG
Firewall includes automatic and policy-based intelligent
offloading for trusted traffic processing at wire speed.
2
Page 5
Sophos XG Firewall
Sophos Central
Sophos Central is at the heart of everything we do. Our cloud management
platform provides a single pane of glass to not only manage your firewalls, but
also your full portfolio of Sophos security solutions.
Central Management
Simply manage multiple firewalls
Sophos Central is the ultimate cloud-management
platform - for all your Sophos products. It makes day-to-day
setup, monitoring, and management of your XG Firewall
easy. It also provides helpful features such as alerting,
backup management, one-click firmware updates and rapid
provisioning of new firewalls.
Ì Manage all your XG Firewalls and other
Sophos products from a single console
Ì Configure changes and apply them to a group of
firewalls or manage each firewall individually
Central Reporting
Firewall Reporting in the cloud
Sophos Central includes powerful reporting tools that
enable you to visualize your network, web, application
activity, and security over time. You get a flexible reporting
experience that combines a variety of built-in reports
with powerful tools to create your own custom reports –
enabling you to report what you want, how you want.
Ì Increase your visibility into network
activity through analytics
Ì Analyze data to identify security gaps, suspicious user
behavior or other events requiring policy changes
Ì Create a backup schedule and store
up to 5 backups in the cloud
Note: Central Management is available at no extra cost.
Ì Use the pre-defined modules or customize
each report for specific use cases
Note: Central Reporting is available at no extra cost for the storage of up to 7 days
of report data. Premium options with longer data retention are available for optional
purchase.
Zero-touch Deployment
Using Sophos Central, you can create a configuration for an XG firewall which you can then deploy at your
convenience, for example, at a remote site. There is no need for technical staff on-site, simply provide
the configuration file, store it on a USB key and boot the appliance with the USB key connected.
Learn more about the Sophos Central Ecosystem at sophos.com/firewall-central.
3
Page 6
Sophos XG Firewall
Synchronized Security
Security Heartbeat™ - Your firewall and your
endpoints are finally talking
Sophos XG Firewall is the only network security solution
that is able to fully identify the user and source of an
infection on your network and automatically limit access to
other network resources in response. This is made possible
with our unique Sophos Security Heartbeat that shares
telemetry and health status between Sophos endpoints
and your firewall and integrates endpoint health into firewall
rules to control access and isolate compromised systems.
The good news is, this all happens automatically, and
is successfully helping numerous businesses and
organizations to save time and money in protecting their
environments today.
What Next-Gen Firewalls See Today
Synchronized Application Control
Using Security Heartbeat, we can do much more than
just see the health status of an endpoint. We also have
a solution to one of the biggest problems most network
administrators face today - lack of visibility into network
traffic.
Synchronized Application Control automatically identifies,
classifies and controls encrypted, custom, evasive, and
generic HTTP or HTTPS applications which are currently
going unidentified.
What XG Firewall Sees
You can’t control what you can’t see. All firewalls today
depend on static application signatures to identify apps
But those don’t work for most custom, obscure, evasive,
or any apps using generic HTTP or HTTPS.
Lateral Movement Protection
Lateral Movement Protection automatically isolates
compromised systems at every point in the network to
stop attacks dead in their tracks. Healthy endpoints assist
by ignoring all traffic from unhealthy endpoints, enabling
complete isolation, even on the same network segment, to
prevent threats and active adversaries from spreading or
stealing data.
Synchronized SD-WAN - Powerful, reliable application routing
Synchronized SD-WAN harnesses the power of Synchronized Security to optimize
WAN path selection for your important business applications.
With Synchronized Application Control, discovered applications, which would otherwise be
unknown, can be used for traffic matching criteria in SD-WAN routing policies. This is yet
another way that Synchronized Security can improve the efficiency of your network.
XG Firewall utilizes Synchronized Security to automatically
identify, classify, and control all unknown applications
easily blocking the apps you don’t want and prioritizing
the ones you do.
Synchronized User ID
User authentication is critically important in a nextgeneration firewall but often challenging to implement
in a seamless and transparent way. Synchronized User
ID eliminates the need for client or server authentication
agents by sharing user identity between the endpoint
and the firewall through Security Heartbeat. It’s just
another great benefit of having your firewall and endpoints
integrated and sharing information.
4
Page 7
Sophos XG Firewall
Protection Modules
You can choose from a number of modules to customize the protection offered
by your firewall to your individual needs and deployment scenario.
Network Protection
All the protection you need to stop sophisticated attacks
and advanced threats while providing secure network
access to those you trust.
Next-gen Intrusion Prevention System
Provides advanced protection from all types of modern
attacks. It goes beyond traditional server and network
resources to protect users and apps on the network as well.
Security Heartbeat
Creates a link between your Sophos Central protected
endpoints and your firewall to identify threats faster,
simplify investigation and minimize impact from attacks.
Easily incorporate Heartbeat status into firewall policies to
automatically isolate compromised systems.
Advanced Threat Protection
Instant identification and immediate response to today’s
most sophisticated attacks. Multi-layered protection
identifies threats instantly and Security Heartbeat provides
an emergency response.
Advanced VPN technologies
Adds unique and simple VPN technologies including our
clientless HTML5 self-service portal that makes remote
access incredibly simple or utilize our exclusive light-weight
secure SD-RED (Remote Ethernet Device) VPN technology.
Web Protection
Unmatched visibility and control over all your user’s web
and application activity.
Powerful user and group web policy
Provides enterprise-level Secure Web Gateway policy
controls to easily manage sophisticated user and group
web controls. Apply policies based upon uploaded web
keywords indicating inappropriate use or behavior.
Application Control and QoS
Enables user-aware visibility and control over thousands
of applications with granular policy and traffic-shaping
(QoS) options based on application category, risk, and
other characteristics. Synchronized Application Control
automatically identifies all the unknown, evasive, and
custom applications on your network.
Advanced Web Threat Protection
Backed by SophosLabs, our advanced engine provides
the ultimate protection from today’s polymorphic and
obfuscated web threats. Innovative techniques like
JavaScript emulation, behavioral analysis, and origin
reputation help keep your network safe.
High-performance traffic scanning
Optimized for top performance, our Xstream SSL inspection
provides ultra-low latency inspection and HTTPS scanning
whilst maintaining performance.
See the Licensing section at the end of this document for details of all purchase options.
5
Page 8
Sophos XG Firewall
Email Protection
Consolidate your email protection with anti-spam, DLP, and
encryption.
Integrated Message Transfer Agent
Ensures always-on business continuity for your email,
allowing the firewall to automatically queue mail in the
event servers become unavailable.
Live Anti-Spam
Provides protection from the latest spam campaigns,
phishing attacks, and malicious attachments.
Self-serve Quarantine
Gives employees direct control over their spam quarantine,
saving you time and effort.
SPX Email Encryption
Unique to Sophos, SPX makes it easy to send encrypted
email to anyone, even those without any kind of trust
infrastructure, using our patent-pending password-based
encryption technology.
Web Server Protection
Harden your web servers and business applications against
hacking attempts while providing secure access.
Business Application Policy Templates
Pre-defined policy templates let you protect common
applications like Microsoft Exchange Outlook Anywhere or
SharePoint quickly and easily.
Protection from the latest hacks and attacks
With a variety of advanced protection technologies
including URL and form hardening, deep-linking and
directory traversal prevention, SQL injection and cross-site
scripting protection, cookie signing and more.
Reverse proxy
With authentication options, SSL offloading, and server load
balancing ensure maximum protection and performance
for your servers being accessed from the internet.
Data Loss Prevention
Policy-based DLP can automatically trigger encryption or
block/notify based on the presence of sensitive data in
emails leaving the organization.
6
Page 9
Sophos XG Firewall
Sandstorm Protection
AI-driven static and dynamic file analysis techniques combine to bring
unprecedented threat intelligence to your firewall and so effectively identify
and block ransomware, known and unknown threats.
How to buy Sandstorm Protection
Sandstorm Protection is available as an add-on subscription and is also included
in our 'Plus' Bundles, e.g. EnterpriseGuard Plus, FullGuard Plus.
Powered by SophosLabs
Powered by the industry-leading SophosLabs, the
Sandstorm Protection subscription includes a fully cloudbased threat intelligence and threat analysis platform. This
provides deep learning-based file analysis, detailed analysis
reporting and a threat meter to show the risk summary for
a file.
We use layers of analytics to identify known and potential
threats, reduce unknowns and derive verdicts and
intelligence reports for the most commonly used file types.
Static File Analysis
By harnessing the power of multiple machine learning
models, global reputation, deep file scanning, and more, you
can quickly identify threats without the need to execute the
files in real time.
Dynamic File Analysis
Execute a file in a secure cloud-based sandbox to observe
its behavior and intent. Screenshots provide added insight
into any key events during the analysis.
Threat Intelligence Analysis Reporting
Rich intelligence reports provide you with much more than
just a ‘good’, ‘bad’, or ‘unknown’ verdict. Full insight into the
nature and capabilities of a threat are delivered through the
use of data science and SophosLabs research.
The Threat Meter provides an almost instant result, even when
further analysis is still ongoing.
7
Page 10
Sophos XG Firewall
Sophos XG Series Appliances – at a glance
Our XG Series hardware appliances are purpose-built with the latest multi-core technology, generous RAM provisioning, and
solid-state storage. Whether you’re protecting a small business or a larger distributed enterprise, you’re getting industry
leading performance.
Product Matrix
Model Tech. Specs Throughput¹
Form
Revision #
XG 86(w) 1 desktop 4 Wi-Fi 5 n/a 3,100 225 350 145 75
XG 106(w) 1 desktop 4 Wi-Fi 5 opt. ext. Power 3,550 330 400 150 75
XG 115(w) 3 desktop 4 Wi-Fi 5 opt. ext. Power 4,000 560 1,000 375 130
XG 125(w) 3 desktop 9/1 (9) Wi-Fi 5 opt. ext. Power, 3G/4G 7,000 1,500 1,275 400 170
XG 135(w) 3 desktop 9/1 (9) Wi-Fi 5 opt. ext. Power, 3G/4G, Wi-Fi**7,500 1,700 1,800 600 210
XG 210 3 1U 8/1 (16) n/a opt. ext. Power 29,000 1,920 3,200 800 230
XG 230 2 1U 8/1 (16) n/a opt. ext. Power 32,000 2,100 4,500 1,000 280
XG 310 2 1U 12/1 (20) n/a opt. ext. Power 35,000 3,050 5,300 1,550 370
XG 330 2 1U 12/1 (20) n/a opt. ext. Power 38,000 3,940 9,300 2,100 560
XG 430 2 1U 10/2 (26) n/a opt. ext. Power 55,000 5,000 10,000 2,200 600
XG 450 2 1U 10/2 (26) n/a opt. int. Power 65,000 6,100 13,900 3,400 770
XG 550 2 2U 8/4 (32) n/a Power, SSD, Fan 75,000 8,500 15,300 6,000 1,000
XG 650 2 2U 8/6 (48) n/a Power, SSD, Fan 85,000 9,000 18,000 7,700 1,350
XG 750 2 2U 8/8 (64) n/a Power, SSD, Fan 100,000 12,500 19,200 9,400 1,400
* 802.11ac Wave 2
** 2nd Wi-Fi module option on 135w only (requires XG v17 MR6 or higher)
Factor
Ports/Slots
(Max Ports)
w-model*Swappable Components
Firewall
(Mbps)
IPsec VPN
(Mbps)
NGFW
(Mbps)
Threat Protection
(Mbps)
Xstream
SSL (Mbps)
What you get with every XG Series appliance
Ì Full Wireless Protection included in the Base License
Ì On-box reporting or reporting for 7 days via Sophos Central
Ì Free management via Sophos Central
Ì The flexibility to add optional connectivity modules to adapt your firewall to changes in your environment
Note: The latest XG Firewall (SFOS) version 18.x requires at least 4 GB of RAM.
8
Page 11
Sophos XG Firewall
Sophos XG Series Desktop: SMB and Branch Office
Our Desktop appliances offer the perfect balance between price and
performance for your small business or branch offices. All models offer a range
of built-in and add-on connectivity options. A ‘w’ at the end of the model name
indicates that the appliance has built-in Wi-Fi.
XG 86 and XG 86w
These entry-level desktop firewalls are the ideal choice for
budget-conscious small businesses, retail and small or
home offices.
Ì Optionally available with integrated 802.11ac WLAN
Ì Fanless
Note: The XG 86 and 86w do not support some advanced
features like on-box reporting, dual AV scanning, WAF AV
scanning and the email message transfer agent (MTA)
functionality. If you need these capabilities, the XG 106(w) is
recommended.
See detailed technical specifications
XG 106, XG 106w, XG 115, XG 115w
These desktop firewall appliances offer an excellent
price-to-performance ratio making them ideal for small
businesses or branch offices. These models come equipped
with 4 GbE copper ports built-in and 1 shared SFP interface,
e.g. for use with our optional DSL modem or an SFP Fiber
transceiver to connect the device to a server or switch.
An optional second power supply provides an unmatched
redundancy option in this product segment.
XG 125, XG 125w, XG 135, XG 135w
These powerful firewall appliances offer 1U performance
with a desktop form factor and price. If you have a small
business or branch offices to protect and are working on
a tight budget, these models are the ideal choice. These
models come equipped with 8 GbE copper ports built-in,
plus 1 SFP port, e.g. for use with our optional DSL modem or
an SFP Fiber transceiver to connect the device to a server
or switch. An expansion bay provides the option to add
additional connectivity such as our 3G/4G module. A 2nd
Wi-Fi radio module is also available for the XG 135w. An
optional second power supply ensures business continuity
for these models.
Ì Optionally available with integrated 802.11ac WLAN
Ì 8 GbE copper ports built-in, plus 1 SFP port
Ì Expansion bay for optional 3G/4G module
Ì 2nd Wi-Fi radio module option for XG 135w
Ì Optional second power supply
See detailed technical specifications
Ì Optionally available with integrated 802.11ac WLAN
Ì 4 GbE copper ports built-in and 1 shared SFP
Ì Optional second power supply
See detailed technical specifications
9
Page 12
Sophos XG Firewall
Sophos XG Series Desktop: SMB and Branch Office
XG 86 and XG 86w
Technical Specifications
Note: The XG 86 and 86w do not support some advanced features like on-box reporting, dual AV scanning, WAF AV
scanning and the email message transfer agent (MTA) functionality. If you need these capabilities, the XG 106(w) is
recommended.
Front View
Status LEDs
(w-model has additional Wi-Fi LED)
Back View
2 x external antenna
(XG 86w only)
2 x USB
1 x COM
2.0
(RJ45)
Power
Supply
1 x Micro
USB
4 x GbE
copper port
Environment
Power consumption 12W, 40.94 BTU/hr (idle)
Operating temperature 0-40°C (operating)
Humidity 10%-90%, non-condensing
20.4W, 69.6 BTU/hr (full load)
-20 to +80°C (storage)
Product Certifications
Certifications CB, CE, FCC, ISED (IC), VCCI, RCM, UL,
CCC, BIS, Anatel, KC (w-model only)
Performance¹ XG 86(w) Rev. 1
Firewall throughput 3,100 Mbps
Firewall IMIX 850 Mbps
IPS throughput 480 Mbps
NGFW throughput 350 Mbps
Threat Protection throughput 145 Mbps
Concurrent connections 1,570,000
New connections/sec 14,500
IPsec VPN throughput 225 Mbps
Xstream SSL decryption
+ Threat Protection
Xstream SSL Concurrent
connections
75 Mbps
8,192
Wireless Specification (XG 86w only)
No. of antennas 2 external
MIMO capabilities 2 x 2:2
Wireless interface 802.11a/b/g/n/ac (2.4 GHz / 5 GHz)
Physical interfaces
Storage 16 GB eMMC
Ethernet interfaces (fixed) 4 GbE copper
I/O ports (rear) 2 x USB 2.0
Power supply External auto ranging DC: 12V,
1 x Micro-USB
1 x COM (RJ45)
100-240VAC, 24W@50-60 Hz
Physical specifications
Mounting Rackmount kit available
Dimensions
Width x Depth x Height
Weight 0.75 kg / 1.65 lbs (unpacked)
(to be ordered separately)
190 x 117 x 43 mm
7.48 x 4.61 x 1.69 inches
1.9 kg / 4.19 lbs (packed)
(w model minimally higher)
10
Page 13
Sophos XG Firewall
Sophos XG Series Desktop: SMB and Branch Office
XG 106, XG 106w, XG 115, XG 115w
Technical Specifications
Front View
Status LEDs
(w-model has additional Wi-Fi LED)
Back View
2 x external antenna
(XG 106w and XG 115w only)
Connector for optional 2nd
redundant power supply
Power
Supply
HDMI
1 x COM
1 x
USB 2.0
(RJ45)
2 x
1 x GbE SFP
(shared)
1 x Micro
USB
4 x GbE
copper port
Environment
Power consumption 8.88W, 30.28 BTU/hr (idle)
Operating temperature 0-40°C (operating)
Humidity 10%-90%, non-condensing
10.44W, 35.6 BTU/hr (full load)
-20 to +80°C (storage)
Performance¹ XG 106(w) Rev. 1 XG 115(w) Rev. 3
Firewall throughput 3,550 Mbps 4,000 Mbps
Firewall IMIX 2,000 Mbps 2,700 Mbps
IPS throughput 490 Mbps 950 Mbps
NGFW throughput 400 Mbps 1,000 Mbps
Threat Protection throughput 150 Mbps 375 Mbps
Concurrent connections 1,570,000 1,570,000
New connections/sec 14,700 19,400
IPsec VPN throughput 330 Mbps 560 Mbps
Xstream SSL decryption
+ Threat Protection
Xstream SSL Concurrent
connections
75 Mbps 130 Mbps
8,192 8,192
Wireless Specification (XG 106w and XG 115w only)
No. of antennas 2 external
MIMO capabilities 2 x 2:2
Wireless interface 802.11a/b/g/n/ac (2.4 GHz / 5 GHz)
Physical interfaces
Storage (local
quarantine/logs)
Ethernet interfaces (fixed) 4 GbE copper
Connectivity modules
(optional)
I/O ports (rear) 2 x USB 2.0
Power supply External auto ranging DC: 12V, 100-
Redundant PSU optional (external)
integrated SSD
1 GbE SFP (shared)
SFP DSL module (VDSL2)
SFP Transceivers
1 x Micro-USB
1 x COM (RJ45)
1 x HDMI
240VAC, 36W@50-60 Hz
*
Product Certifications
Certifications CB, CE, FCC, ISED (IC), VCCI, RCM, UL,
CCC, BIS, Anatel, KC (w-model only)
Physical specifications
Mounting Rackmount kit available
Dimensions
Width x Depth x Height
Weight 1.17 kg / 2.58 lbs (unpacked)
* SFP transceivers sold separately
(to be ordered separately)
245 x 157 x 44 mm
9.65 x 6.18 x 1.73 inches
2.4 kg / 5.29 lbs (packed)
(w models minimally higher)
11
Page 14
Sophos XG Firewall
Sophos XG Series Desktop: SMB and Branch Office
XG 125, XG 125w, XG 135, XG 135w
Technical Specifications
Front View
Status LEDs
(w-model has additional Wi-Fi LED)
Back View
3 x external antenna
(XG 125w and
XG 135w only)
1 x Micro
USB
1 x COM
(RJ45)
Power
Supply
Optional 2nd redundant
power supply
HDMI
2 x
1 x
USB 2.0
1 x GbE
SFP
8 x GbE
copper port
Expansion bay
(shown with optional
module incl. 2 antennas)
Environment
Power consumption 18.6W, 63.426 BTU/hr (idle)
Operating temperature 0-40°C (operating)
Humidity 10%-90%, non-condensing
20.04W, 68.336 BTU/hr (full load)
-20 to +80°C (storage)
Product Certifications
Certifications CB, UL, CE, FCC, ISED, VCCI, MIC (Japan),
RCM, CCC, KC
Planned: BIS
Performance¹ XG 125(w) Rev. 3 XG 135(w) Rev. 3
Firewall throughput 7,000 Mbps 7,500 Mbps
Firewall IMIX 3,500 Mbps 4,300 Mbps
IPS throughput 1,530 Mbps 1,900 Mbps
NGFW throughput 1,275 Mbps 1,800 Mbps
Threat Protection throughput 400 Mbps 600 Mbps
Concurrent connections 1,570,000 4,200,000
New connections/sec 29,300 37,200
IPsec VPN throughput 1,500 Mbps 1,700 Mbps
Xstream SSL decryption
170 Mbps 210 Mbps
+ Threat Protection
Xstream SSL Concurrent
8,192 12,288
connections
Wireless Specification (XG 125w and XG 135w only)
No. of antennas 3 external
MIMO capabilities 3 x 3:3
Wireless interface 802.11a/b/g/n/ac (2.4 GHz / 5 GHz)
Physical interfaces
Storage (local
quarantine/logs)
Ethernet interfaces (fixed) 8 GbE copper
No. of expansion slots 1
Connectivity Modules
(optional)
802.11ac Wi-Fi radio 2x2:2 (XG 135w only)
I/O ports (rear) 2 x USB 2.0
Power supply External auto ranging DC: 12V,
Redundant PSU optional (external)
integrated SSD
1 GbE SFP
*
SFP DSL module (VDSL2)
3G/4G module
SFP transceivers
1 x Micro-USB
1 x COM (RJ45)
1 x HDMI
100-240VAC, 36W@50-60 Hz
Physical specifications
Mounting Rackmount kit available
Dimensions
Width x Depth x Height
Weight 1.9 kg / 4.19 lbs (unpacked)
* SFP transceivers sold separately
(to be ordered separately)
320 x 212 x 44 mm
12.60 x 8.35 x 1.73 inches
3.3 kg / 7.27 lbs (packed)
(w models minimally higher)
12
Page 15
Sophos XG Firewall
Sophos XG Series 1U: Distributed Edge
Our 1U rackmount appliances are the ideal choice for mid-sized and distributed
organizations looking for a choice of connectivity options and the flexibility to
adapt the network as and when needs change. Our redundancy options in this
range are second to none.
1U Short
XG 210, XG 230
The Sophos XG 210 and XG 230 are designed to protect
small to mid-sized businesses and branch offices. Based
on the latest multi-core technology and equipped with 6
GbE copper ports, 2 GbE SFP fiber ports plus one Flexi Port
slot to configure with an optional module, they provide
high flexibility and throughput at an excellent price-toperformance ratio. An external redundant power supply is
optional for these models.
Ì 6 GbE copper ports plus 2 GbE SFP built-in
Ì One 'Flexi Port' modular bay to use with
a range of optional LAN modules
Ì Optional 2nd external power supply
See detailed technical specifications
XG 310, XG 330
The Sophos XG 310 and XG 330 are scalable appliances
suitable for distributed organizations or mid-sized
companies. With solid-state drives for on-box reporting,
logs and spam quarantine, they’re highly responsive even
in high traffic environments. Each model is equipped with
8 GbE copper ports, 2 GbE SFP fiber ports, 2 10 GbE SFP+
fiber ports plus one Flexi Port slot to configure with an
optional module. They provide optimal performance and
flexibility plus redundancy through an optional external
power supply.
Ì 8 GbE copper ports, 2 GbE SFP plus
2 10 GbE SFP+ built-in
1U Long
XG 430, XG 450
The Sophos XG 430 and XG 450 offer optimal performance
and efficiency for distributed organizations or larger midsized companies. The connectivity options are second
to none for rack mountable appliances, with each model
coming equipped with 8 GbE copper ports, 2 10 GbE
SFP+ ports and 2 additional Flexi Port slots which you can
configure with your choice of optional modules. For highavailability, the XG 450 also offers unparalleled redundancy
features in a 1U appliance with a second SSD (RAID)
integrated and an optional second power supply is available
for both models.
Ì 8 GbE copper ports plus 2 10 GbE SFP+ built-in
Ì Two 'Flexi Port' modular bays to use with
a range of optional LAN modules
Ì 2nd SSD (RAID) integrated
Ì Optional 2nd internal power supply
See detailed technical specifications
Our connectivity tips:
With Sophos APX Series access points, you can
manage your Wi-Fi networks using your firewall as a
controller. And should you want to securely connect
your smaller offices or remote locations to your
main office, Sophos SD-RED is the ideal choice.
Find out more at the end of this brochure.
Ì One 'Flexi Port' modular bay to use with
a range of optional LAN modules
Ì Optional 2nd external power supply
See detailed technical specifications
13
Page 16
Sophos XG Firewall
Sophos XG Series 1U: Distributed Edge
XG 210, XG 230
Technical Specifications
Front View
Multi-function
LCD display
Navigation
for LCD
1 x COM
(RJ45)
USB 3.0
2 x
Micro USB
6 x GbE copper – fixed
Incl. 2 bypass pairs
2 x GbE SFP
– fixed
1 x expansion bay
(shown here with optional
Flexi Port module)
Back View
Connector for optional 2nd
optional PoE Power
external power supply
1 x
HDMIConnector for
USB 3.0
Power supply
Power switch
Environment
Power consumption XG 210: 19W, 65 BTU/hr (idle)
Operating temperature 0-40°C (operating)
Humidity 10%-90%, non-condensing
35W, 119 BTU/hr (full load)
XG 230: 21W, 72 BTU/hr (idle)
41W, 141 BTU/hr (full load)
-20 to +80°C (storage)
Product Certifications
Certifications CB, UL, CE, FCC Class A, ISED,
VCCI, RCM, CCC, KC, BIS
Performance¹ XG 210 Rev. 3 XG 230 Rev. 2
Firewall throughput 29,000 Mbps 32,000 Mbps
Firewall IMIX 12,100 Mbps 14,800 Mbps
IPS throughput 4,200 Mbps 4,900 Mbps
NGFW throughput 3,200 Mbps 4,500 Mbps
Threat Protection throughput 800 Mbps 1,000 Mbps
Concurrent connections 6,570,000 6,570,000
New connections/sec 88,900 108,900
IPsec VPN throughput 1,920 Mbps 2,100 Mbps
Xstream SSL decryption
230 Mbps 280 Mbps
+ Threat Protection
Xstream SSL Concurrent
18,432 18,432
connections
Physical interfaces
Storage (local
quarantine/logs)
Ethernet interfaces (fixed) 6 GbE copper (incl. 2 bypass pairs)
No. of Flexi Port slots 1
Flexi Port modules (optional) 8 port GbE copper
Connectivity modules
(optional)
I/O ports 2 x USB 3.0 (front)
Display Multi-function LCD module
Power supply Internal auto-ranging
Redundant PSU optional (external)
integrated SSD
2 GbE SFP
8 port GbE SFP
2 port 10 GbE SFP+
4 port 10 GbE SFP+
2 port 40 GbE QSFP+
*
*
*
*
*
4 port GbE PoE
8 port GbE PoE
4 port GE copper LAN bypass
SFP DSL module (VDSL2)
SFP/SFP+ Transceivers
1 x Micro USB (front)
1 x USB 3.0 (rear)
1 x COM (RJ45) (front)
1 x HDMI (rear)
100-240VAC, 50-60 Hz
14
Physical specifications
Mounting 1U rack mount
Dimensions
Width x Depth x Height
Weight 5.2 kg / 11.46lb (unpacked)
* Transceivers (mini GBICs) sold separately
(2 rackmount ears included)
438 x 344.4 x 44 mm
17.24 x 13.56 x 1.75 inches
7.7 kg / 16.98 lbs (packed)
Page 17
Sophos XG Series 1U: Distributed Edge
XG 310, XG 330
Technical Specifications
Sophos XG Firewall
Front View
Multi-function
LCD display
Navigation
for LCD
1 x COM
(RJ45)
USB 3.0
2 x
8 x GbE copper – fixed
Incl. 2 bypass pairs
Micro USB
2 x GbE SFP
– fixed
2 x 10 GbE
SFP+ – fixed
1 x expansion bay
(shown here with optional
Flexi Port module)
Back View
Connector for optional 2nd
optional PoE Power
external power supply
1 x
HDMIConnector for
USB 3.0
Power supply
Power switch
Environment
Power consumption XG 310: 32W, 109 BTU/hr (idle)
Operating temperature 0-40°C (operating)
Humidity 10%-90%, non-condensing
49W, 167 BTU/hr (full load)
XG 330: 36W, 122 BTU/hr (idle)
54W, 184 BTU/hr (full load)
-20 to +80°C (storage)
Product Certifications
Certifications CB, UL, CE, FCC Class A, ISED,
VCCI, RCM, CCC, KC, BIS
Performance¹ XG 310 Rev. 2 XG 330 Rev. 2
Firewall throughput 35,000 Mbps 38,000 Mbps
Firewall IMIX 21,200 Mbps 24,200 Mbps
IPS throughput 7,200 Mbps 10,000 Mbps
NGFW throughput 5,300 Mbps 9,300 Mbps
Threat Protection throughput 1,550 Mbps 2,100 Mbps
Concurrent connections 10,170,000 10,490,000
New connections/sec 138,000 140,000
IPsec VPN throughput 3,050 Mbps 3,940 Mbps
Xstream SSL decryption
370 Mbps 560 Mbps
+ Threat Protection
Xstream SSL Concurrent
55,296 55,296
connections
Physical interfaces
Storage (local
quarantine/logs)
Ethernet interfaces (fixed) 8 GbE copper (incl. 2 bypass pairs)
No. of Flexi Port slots 1
Flexi Port modules (optional) 8 port GbE copper
Connectivity modules
(optional)
I/O ports 2 x USB 3.0 (front)
Display Multi-function LCD module
Power supply Internal auto-ranging
Redundant PSU optional (external)
integrated SSD
2 GbE SFP
2 10 GbE SFP+
8 port GbE SFP
2 port 10 GbE SFP+
4 port 10 GbE SFP+
2 port 40 GbE QSFP+
*
*
*
*
*
*
4 port GbE PoE
8 port GbE PoE
4 port GbE copper LAN bypass
SFP DSL module (VDSL2)
SFP/SFP+ Transceivers
1 x Micro USB (front)
1 x USB 3.0 (rear)
1 x COM (RJ45) (front)
1 x HDMI (rear)
100-240VAC, 50-60 Hz
Physical specifications
Mounting 1U rack mount
Dimensions
Width x Depth x Height
Weight 5.8 kg / 12.78 lbs (unpacked)
* Transceivers (mini GBICs) sold separately
(2 rackmount ears included)
438 x 405.5 x 44 mm
17.24 x 15.96 x 1.75 inches
8.8 kg / 19.4 lbs (packed)
15
Page 18
Sophos XG Firewall
Sophos XG Series 1U: Distributed Edge
XG 430, XG 450
Technical Specifications
Front View
Multi-function
LCD display
for LCD
MGMT
port
USB 3.0
2 x
1 x COM
(RJ45)
8 x GbE copper – fixed
Incl. 2 bypass pairs
Micro USBNavigation
2 x 10 GbE SFP+
– fixed
2 x expansion bay
(shown here with optional
Flexi Port module)
IPMI
Back View XG 430
Connector for optional 2nd
optional PoE Power
external power supply
1 x
USB 3.0
Power supply
Power switchHDMIConnector for
Back View XG 450
Power supply
Space for optional 2nd hot
swappable power supply
optional PoE Power
Power switch
HDMIConnector for
1 x
USB 3.0
Environment
Power consumption XG 430: 28W, 96 BTU/hr (idle)
Operating temperature 0-40°C (operating)
Humidity 10%-90%, non-condensing
79W, 270 BTU/hr (full load)
XG 450: 31W, 107 BTU/hr (idle)
83W, 283 BTU/hr (full load)
-20 to + 80°C (storage)
Product Certifications
Certifications CB, UL, CE, FCC Class A, ISED,
VCCI, RCM, CCC, KC, BIS
Performance¹ XG 430 Rev. 2 XG 450 Rev. 2
Firewall throughput 55,000 Mbps 65,000 Mbps
Firewall IMIX 26,900 Mbps 34,000 Mbps
IPS throughput 10,800 Mbps 14,700 Mbps
NGFW throughput 10,000 Mbps 13,900 Mbps
Threat Protection throughput 2,200 Mbps 3,400 Mbps
Concurrent connections 13,640,000 13,640,000
New connections/sec 146,000 187,000
IPsec VPN throughput 5,000 Mbps 6,100 Mbps
Xstream SSL decryption
600 Mbps 770 Mbps
+ Threat Protection
Xstream SSL Concurrent
102,400 102,400
connections
Physical interfaces
Storage (local
quarantine/logs)
Ethernet interfaces (fixed) 8 GbE copper (incl. 2 bypass pairs)
No. of Flexi Port slots 2
Flexi Port modules (optional) 8 port GbE copper
Connectivity modules
(optional)
I/O ports 2 x USB 3.0 (front)
Display Multi-function LCD module
Power supply Internal auto-
integrated SSD 2 x integrated SSD
2 10 GbE SFP+
8 port GbE SFP
2 port 10 GbE SFP+
4 port 10 GbE SFP+
2 port 40 GbE QSFP+
*
*
*
*
*
4 port GbE PoE
8 port GbE PoE
4 port GbE copper LAN bypass
SFP DSL module (VDSL2)
SFP/SFP+ Transceivers
1 x Micro USB (front)
1 x USB 3.0 (rear)
1 x COM (RJ45) (front)
1 x IPMI (front)
1 x HDMI (rear)
Internal auto-
ranging 100-
240VAC, 50-60 Hz
Redundant PSU
optional (external)
ranging 100-
240VAC, 50-60 Hz
Hot Swap
Redundant PSU
optional (internal)
16
Physical specifications
Mounting 1U rackmount (sliding rails incl.)
Dimensions
Width x Depth x Height
Weight 7.6 kg / 16.76 lbs
* Transceivers (mini GBICs) sold separately
438 x 507.7 x 44 mm
17.24 x 19.99 x 1.75 inches
(unpacked)
13.7 kg / 30.2
lbs (packed)
7.8 kg / 17.2 lbs
(unpacked)
14.8 kg / 32.63
lbs (packed)
Page 19
Sophos XG Firewall
Sophos XG Series 2U: Performance and Data Center
Our 2U rackmount appliances are built for distributed enterprises looking for a
firewall to handle higher traffic volumes. These models offer you the flexibility
to tailor your connectivity to your environment and come with the redundancy
features to keep your business running.
Performance
XG 550, XG 650
The Sophos XG 550 and XG 650 are high-performance
firewalls equipped to provide protection for larger
distributed and growing organizations. They offer CPU
technology to effortlessly handle use as an all-in-one
solution or a powerful next-generation firewall. The models
offer either 4 (XG 550) or 6 (XG 650) Flexi Port expansion
bays to tailor your connectivity to your environment. An
8 port GbE copper module is supplied as a default. Hotswappable dual SSDs and power supplies are standard
redundancy features in this class.
Ì 8 port GbE copper module supplied as default
Ì Multiple expansion bays to add connectivity
modules incl. options for up to 40 GbE QSFP+
Ì Dual SSDs and power supplies
See detailed technical specifications
Data Center
XG 750
The Sophos XG 750 is a high-performance firewall
suitable for high traffic and larger distributed enterprise
environments. Multi-core CPUs and redundancy features
such as dual SSDs, power supplies and swappable fans,
ensure that you have the best performance and that your
network stays protected at all times. With a total of 8 Flexi
Port bays, one of which comes equipped with a default 8
port GbE copper module, connectivity knows no bounds
and can reach a maximum of 64 ports using the optional
modules.
Ì 8 port GbE copper module supplied as default
Ì Eight expansion bays to add connectivity
modules incl. options for up to 40 GbE QSFP+
Ì Dual SSDs, power supplies, and swappable fans
See detailed technical specifications
17
Page 20
Sophos XG Firewall
Sophos XG Series 2U: Performance
XG 550, XG 650
Technical Specifications
Front View XG 550
2 x hot-swap
SSD (RAID-1)
Navigation
for LCD
2 x management port
2 x USB 2.0
1 x COM (RJ45)
Multi-function LCD display
4 expansion bays for Flexi Port
modules. 1 x 8 port GbE copper module
supplied as default (removable)
Front View XG 650
2 x hot-swap
SSD (RAID-1)
Navigation
for LCD
2 x management port
2 x USB 2.0
1 x COM (RJ45)
Multi-function LCD display
6 expansion bays for Flexi Port
modules. 1 x 8 port GbE copper module
supplied as default (removable)
Back View
1 x USB 3.0 1 x VGA port Power switch
4 x swappable fan
2 x hot swappable
power supply
Environment
Power consumption XG 550: 270.5W, 922.98BTU/hr (idle)
Operating temperature 0-40°C (operating)
Humidity 5%-90%, non-condensing
416.1W, 1419.79BTU/hr (full load)
XG 650: 320.5W, 1093.59BTU/hr (idle)
493.1W, 1682.53BTU/hr (full load)
-40 to +70°C (storage)
Product Certifications
Certifications CB, UL, CE, FCC Class A, ISED,
VCCI, RCM, CCC, KC, BIS
Performance¹ XG 550 Rev. 2 XG 650 Rev. 2
Firewall throughput 75,000 Mbps 85,000 Mbps
Firewall IMIX 34,000 Mbps 34,500 Mbps
IPS throughput 17,000 Mbps 20,250 Mbps
NGFW throughput 15,300 Mbps 18,000 Mbps
Threat Protection throughput 6,000 Mbps 7,700 Mbps
Concurrent connections 15,740,000 30,000,000
New connections/sec 213,800 220,000
IPsec VPN throughput 8,500 Mbps 9,000 Mbps
Xstream SSL decryption
1,000 Mbps 1,350 Mbps
+ Threat Protection
Xstream SSL Concurrent
204,800 512,000
connections
Physical interfaces
Storage (local
quarantine/logs)
Ethernet interfaces
(removable)
No. of Flexi Port slots 4 6
Flexi Port modules (optional) 8 port GbE copper
Connectivity modules
(optional)
I/O ports 2 x USB 2.0 (front)
Display Multi-function LCD module
Power supply 2 x hot-swap internal auto-ranging
2 x integrated
hot-swap SSD (RAID)
8 GbE copper
8 port GbE SFP
2 port 10 GbE SFP+
2 port 40 GbE QSFP+
4 port 10 GbE SFP+
*
*
*
*
4 port SFP* plus 4 port GbE
copper LAN bypass
SFP DSL module (VDSL2)
SFP/SFP+ Transceivers
1 x USB 3.0 (rear)
2 x Mgmt Port (eth0/eth1, front)
1 x COM (RJ45) (front)
1 x VGA (rear)
100-240VAC, 50-60 Hz PSU
Physical specifications
Mounting 2U sliding rails (included)
Dimensions
Width x Depth x Height
Weight 17.8 kg / 39.24 lbs (unpacked)
* Transceivers (mini GBICs) sold separately
438 x 600 x 88 mm
17.24 x 23.62 x 3.46 inches
27 kg / 59.53 lbs (packed)
18
Page 21
Sophos XG Series 2U: Data Center
XG 750
Technical Specifications
Sophos XG Firewall
Front View
2 x hot-swap
SSD (RAID-1)
Navigation
for LCD
2 x management port
2 x USB 2.0
1 x COM (RJ45)
Multi-function LCD display
8 expansion bays for Flexi Port
modules. 1 x 8 port GbE copper module
supplied as default (removable)
Back View
1 x USB 3.0 1 x VGA port Power switch
4 x swappable fan
2 x hot swappable
power supply
Environment
Power consumption 326.5W, 1114.01BTU/hr (idle)
Operating temperature 0-40°C (operating)
Humidity 5%-90%, non-condensing
512.2W, 1747.62BTU/hr (full load)
-40 to +70°C (storage)
Product Certifications
Certifications CB, UL, CE, FCC Class A, ISED,
VCCI, RCM, CCC, KC, BIS
Performance¹ XG 750 Rev. 2
Firewall throughput 100,000 Mbps
Firewall IMIX 38,000 Mbps
IPS throughput 23,000 Mbps
NGFW throughput 19,200 Mbps
Threat Protection throughput 9,400 Mbps
Concurrent connections 30,000,000
New connections/sec 223,500
IPsec VPN throughput 12,500 Mbps
Xstream SSL decryption
+ Threat Protection
Xstream SSL Concurrent
connections
1,400 Mbps
512,000
Physical interfaces
Storage (local
quarantine/logs)
Ethernet interfaces
(removable)
No. of Flexi Port slots 8
Flexi Port modules (optional) 8 port GbE copper
Connectivity modules
(optional)
I/O ports 2 x USB 2.0 (front)
Display Multi-function LCD module
Power supply
2 x integrated hot-swap SSD (RAID)
8 GbE copper
8 port GbE SFP
2 port 10 GbE SFP+
2 port 40 GbE QSFP+
4 port 10 GbE SFP+
4 port SFP* plus 4 port GbE
copper LAN bypass
SFP DSL module (VDSL2)
SFP/SFP+ Transceivers
1 x USB 3.0 (rear)
2 x Mgmt Port (eth0/eth1, front)
1 x COM (RJ45) (front)
1 x VGA (rear)
2 x hot-swap external auto ranging
100-240VAC, 50-60 Hz
*
*
*
*
Physical specifications
Mounting 2U sliding rails (included)
Dimensions
Width x Depth x Height
Weight 17.8 kg / 39.24 lbs (unpacked)
* Transceivers (mini GBICs) sold separately
438 x 600 x 88 mm
17.24 x 23.62 x 3.46 inches
27 kg / 59.53 lbs (packed)
19
Page 22
Sophos XG Firewall
Adapt Connectivity with Optional Modules
Connectivity Modules
Add additional connectivity options to your appliances to enhance the range and performance of your network.
Modules
(for XG/SG 125(w) and 135(w) Rev. 3 only)
Supports LTE (Cat-6)/DC-HSPA+/HSPA+/HSPA/
UMTS (WCDMA, APAC version also TD-SCDMA)
3G/4G Module:
2 external antennas, SIM card slot
(for all current SG/XG Series with an SFP Port)
SFP format supports all VDSL2 standards
defined in ITU –T G.993.2, G.994.1, G.997.1, and
the VDSL2 profiles 8a, 8b, 8c, 8d, 12a, 12b, 17a
Flexi Port Modules for 1U and 2U
Configure your hardware to suit your infrastructure and change it as and when you need to. Our optional Flexi Port LAN
modules give you the freedom to select the connectivity you need – copper, fiber, 10GbE, 40 GbE – you decide.
Flexi Port Modules for 1U Flexi Port Modules for 2U
DSL Modem – SFP:
2nd Wi-Fi Radio Module:
(for XG/SG 135w Rev.3 only)
802.11a/b/g/n/ac, 2 x 2 MIMO,
2.4 or 5 GHz, 2 external antennas
8 port GbE copper Flexi Port module
(for SG/XG 2xx/3xx/4xx only)
8 port GbE SFP Flexi Port module
(for SG/XG 2xx/3xx/4xx only)
2 port 10 GbE SFP+ Flexi Port module
(for SG/XG 2xx/3xx/4xx only)
4 port 10 GbE SFP+ Flexi Port module
(for SG/XG 2xx/3xx/4xx only)
4 port GbE copper LAN bypass Flexi Port module
(for XG 2xx/3xx/4xx only)
2 port 40 GbE QSFP+ Flexi Port module
(for SG/XG 210 Rev.3 and SG/XG 230,
3xx and 4xx Rev.2 only)
8 port GbE copper Flexi Port module
(for XG 750 and SG/XG 550/650 Rev.2 only)
8 port GbE SFP Flexi Port module
(for XG 750 and SG/XG 550/650 Rev.2 only)
2 port 10 GbE SFP+ Flexi Port module
(for XG 750 and SG/XG 550/650 Rev.2 only)
4 port 10 GbE SFP+ Flexi Port module
(for XG 750 and SG/XG 550/650 Rev.2 only)
4 port GbE SFP plus 4 port GbE copper LAN
bypass Flexi Port module
(for XG 750 and XG 550/650 Rev.2 only)
2 port 40 GbE QSFP+ Flexi Port module
(for XG 750 and SG/XG 550/650 Rev.2 only)
4 port GbE copper PoE Flexi Port module
(for SG/XG 210 Rev.3 and SG/XG 230,
3xx and 4xx Rev.2 only)
8 port GbE copper PoE Flexi Port module
(for SG/XG 210 Rev.3 and SG/XG 230,
3xx and 4xx Rev.2 only)
Please note: Transceivers (mini GBICs) are sold separately.
20
Page 23
Sophos XG Firewall
Sophos Wireless Protection
Simple, Secure, Reliable
Simplify and secure your wireless networking using XG Firewall as a wireless controller. Your Sophos Access Points are
automatically discovered when they are connected, allowing you to configure a variety of corporate, guest, or contractor
wireless networks quickly and easily. You get seamless wireless integration with your firewall protection, consistent security
policies across both wired and wireless traffic, and reliable high-speed connectivity.
Hardware Appliances with integrated Wi-Fi
All our XG Series desktop appliances are available with an integrated wireless access point. Coverage can be further
extended by adding Sophos Access Points.
Technical Specifications
Our APX Series access points are built on the latest enterprise-class, high-speed wireless chipsets with custom designed
antennas, top performing CPU and memory resources, and hardware accelerated encryption. With 802.11ac Wave 2
technology, they are custom-built for increased throughput at load and better performance and security.
Please note: APX 320/530/740 support was added in v17.5 Maintenance Release 3. Support for the APX 120 was added in
v17.5 Maintenance Release 5.
Model APX APX 120 120 APX 320 APX 530 APX 740
Deployment Indoor; desktop, wall, or ceiling mount.
WLAN Standards 802.11 a/b/g/n/ac
Radios 1x 2.4 GHz single band
Antennas 2x internal dual-band
Performance 2x2:2 MU-MIMO 3x3:3 MU-MIMO 4x4:4 MU-MIMO
Interfaces 1x 12V DC-in
Power (MAX.) 11.8 W 11.5 W 16.7 W 22.4 W
Power-over-ethernet (MIN.) PoE 802.3af PoE+ 802.3at
Dimensions
Width x Depth x Height
Weight 0.256 kg 0.474 kg 0.922 kg 1.012 kg
1x 5 GHz single band
antenna for Radio-1 and 2
1x RJ45 10/100/1000
Ethernet w/PoE
144 x 144 x 33.5 mm
5.67 x 5.67 x 1.32 inches
1x 2.4 GHz/5 GHz dual-band
1x 5 GHz single band
1x Bluetooth low energy
(BLE – for future use)
2x internal dual-band
antenna for Radio-1
2x internal 5 GHz
antenna for Radio-2
1x internal 2.4 GHz
antenna for BLE
1x RJ45 connector
console serial port
1x RJ45 10/100/1000
Ethernet w/PoE
155 x 155 x 38 mm
6.11 x 6.11 x 1.5 inches
1x 2.4 GHz single band
1x 5 GHz single band
1x Bluetooth low energy
(BLE – for future use)
3x internal 2.4 GHz
antenna for Radio-1
3x internal 5 GHz
antenna for Radio-2
1x internal 2.4 GHz
antenna for BLE
1x RJ45 connector console serial port
1x RJ45 10/100/1000 Ethernet port
1x RJ45 10/100/1000 Ethernet w/PoE
183 x 183 x 39 mm
7.21 x 7.21 x 1.54 inches
4x internal 2.4 GHz
antenna for Radio-1
4x internal 5 GHz
antenna for Radio-2
1x internal 2.4 GHz
antenna for BLE
195 x 195 x 43 mm
7.68 x 7.68 x 1.7 inches
If you prefer to free up the resources on your firewall and are looking for enhanced scalability, you can optionally manage
your Sophos access points in the cloud using Sophos Central. A separate license is required.
See sophos.com/compare-xg for further technical details.
21
Page 24
Sophos XG Firewall
SD-RED
Sophos SD-RED: Empowering your SD-WAN strategy
Sophos has long been a pioneer in providing an easy-to-use, secure way to connect branch offices and other remote
locations. XG Firewall includes a number of SD-WAN features to help you to accelerate application performance and get
better visibility into network health to ensure that your remote locations enjoy the same performance as your main office.
Our SD-RED devices are built on the latest enterprise-class, high-speed networking platforms. They work with your XG
Firewall whether you’ve deployed as hardware, software or in the public cloud. Our full range of Sophos Wireless Access
Points are also compatible with Sophos SD-RED. You can use Sophos SD-RED with just the Base License included in your
appliance purchase, however, you will need an active Network Protection subscription for management.
Technical Specifications
Model Name SD-RED 20 SD-RED 60
Capacity
Maximum throughput 250 Mbps 850 Mbps
Physical Interfaces (Built-in)
LAN Interfaces 4 x 10/100/1000 Base-TX(1 GbE Copper) 4 x 10/100/1000 Base-TX(1 GbE Copper)
WAN Interfaces 1 x 10/100/1000 Base-TX(shared with SFP) 2 x 10/100/1000 Base-TX(WAN1 shared port with SFP)
SFP Interfaces 1x SFP Fiber (shared port with WAN) 1x SFP Fiber (shared port with WAN1)
Power-over Ethernet Ports None 2 PoE Ports (total power 30W)
USB Ports 2 x USB 3.0 (front and rear) 2 x USB 3.0 (front and rear)
COM Ports 1 x Micro-USB 1 x Micro-USB
Optional Connectivity
Modular Bay 1 (for use with optional Wi-Fi OR 4G/LTE Card) 1 (for use with optional Wi-Fi OR 4G/LTE Card)
Optional Wi-Fi Module
Optional 3G/4G LTE Module MC7430/MC7455 Sierra Wireless Card MC7430/MC7455 Sierra Wireless Card
Optional VDSL Modem Optional SFP Modem (support coming in future release) Optional SFP Modem (support coming in future release)
Physical Specifications
Dimensions
Weight 0.9 kg/1.8 kg (1.98 lbs/3.97 lbs) Unpacked/Packed 1.0 kg/2.2 kg (2.2 lbs/4.85 lbs) Unpacked/Packed
Power Supply Adapter
Power Redundancy Support Yes, optional 2nd power supply Yes, optional 2nd power supply
Power Consumption
Noise level (average) Fan Less, N/A Fan Less, N/A
Temperature (operational) 0°C to 40°C (32°F to 104°F) 0°C to 40°C
Temperature (storage) -20°C to 70°C (-4°F to 158°F) -20°C to 70°C (-4°F to 158°F)
Humidity 10-90% RH, non-condensing 10-90% RH, non-condensing
Safety Regulations
Certifications (Safety, EMC, Radio) CE/FCC/IC/RCM/VCCI/CB/UL/CCC/KC/ANATEL CE/FCC/IC/RCM/VCCI/CB/UL/CCC/KC/ANATEL
802.11 a/b/g/n/ac Wave 1 (Wi-Fi 5)dual-band capable
2x2 MIMO 2 antennas
225 x 44 x 150 (w*h*d) mm
8.86 x 1.73 x 5.91 (w*h*d) inches
AC Input: 110-240VAC @50-60 Hz
DC Output: 12V +/- 10%, 3.7A, 40W
Idle: 6.1Watt/20.814 BTU
Full Load: 22.6Watt/77.114 BTU
802.11 a/b/g/n/ac Wave 1 (Wi-Fi 5) dual-band capable
2x2 MIMO 2 antennas
225 x 44 x 150 (w*h*d) mm
8.86 x 1.73 x 5.91 (w*h*d) inches
AC Input: 110-240VAC @50-60 Hz
DC Output: 12V +/- 10%, 6.95A, 75W
Idle: 11.88 Watt/40.536 BTU
Full Load without PoE: 25.33 Watt/86.429 BTU
Full Load with PoE: 62.48 Watt/213.190 BTU
See sophos.com/compare-xg for further technical details.
22
Page 25
Sophos XG Firewall
Licensing
The purchase price of every XG Firewall appliance, no matter whether hardware, software/virtual, or in the public cloud
includes a perpetual Base License. This includes basic firewall functionality including, IPSec, SSL VPN and full wireless
protection.
You can extend protection according to your individual needs and deployment scenario, by purchasing individual
subscriptions or opting for one of our value bundles.
TotalProtect Plus
Appliance +
FullGuard Plus
XG Series or Virtual Appliance
Base License
incl. network firewall, VPN and
Wireless Protection
FullGuard Plus
incl. Enhanced Support
Network Protection
Web Protection
Email Protection
Web Server Protection
Sandstorm Protection
TotalProtect
Appliance +
FullGuard
XG Series or Virtual Appliance
Base License
incl. network firewall, VPN and
Wireless Protection
FullGuard
incl. Enhanced Support
Network Protection
Web Protection
Email Protection
Web Server Protection
EnterpriseProtect Plus
Appliance +
EnterpriseGuard Plus
XG Series or Virtual Appliance
Base License
incl. network firewall, VPN and
Wireless Protection
EnterpriseGuard Plus
incl. Enhanced Support
Network Protection
Web Protection
Sandstorm Protection
EnterpriseProtect
Appliance +
EnterpriseGuard
XG Series or Virtual Appliance
Base License
incl. network firewall, VPN and
Wireless Protection
EnterpriseGuard
incl. Enhanced Support
Network Protection
Web Protection
Full details of XG Firewall licensing can be found on our website: https://community.sophos.com/kb/en-us/131806
Licensing for Management and Reporting
Sophos Central Management
Ì Free
Sophos Central Reporting
Ì Free for up to 7 days of report data
Ì Options for longer data retention periods available for separate purchase
23
Page 26
Sophos XG Firewall
Deployment Options
XG Firewall offers a full range of top-performing hardware appliances, support for all the popular virtualization platforms,
AWS and Azure public cloud and hybrid environments, and even a software appliance you can install on your own hardware.
Software VirtualXG Series AWS/Azure
Purpose-built devices
to provide the ultimate
in performance.
Install the Sophos Firewall
OS image on your own
Intel hardware or server.
Install on VMware,
Citrix, Microsoft
Hyper-V and KVM.
Protect your network
infrastructure in the
AWS or Azure cloud.
Support
A simple approach to comprehensive support
We build products that are simple yet comprehensive. And, we take the same approach with our support. With options
ranging from basic technical support to those including direct access to senior support engineers and customized delivery.
Standard
Licenses names
Support
Via telephone and email
Security Updates & Patches
For the life of the product
Software Feature Updates & Upgrades Included 90-days Included Included
Consulting
Remote consultation on your firewall configuration and
security with a Sophos Senior Technical Support Engineer
Warranty and RMA
For all hardware appliances
Technical Account Manager
Dedicated named technical account manager
Included with purchase
For 90 days
(business hours only)
Included with an active
software subscription
1 year (return / replace) Advance Exchange
Enhanced
Included in all bundles
Included
(24x7)
Included with an active
software subscription
(max. 5 years)
Optional
(extra cost)
Enhanced Plus
VIP Access
(24x7)
Included with an active
software subscription
Included
(up to 4 hours)
Advance Exchange
(max. 5 years)
Optional
(extra cost)
24
Page 27
Page 28
Sophos XG Firewall
Further resources
We have a broad range of resources available where you can find out more about XG
Firewall and get further product support.
Ì XG Firewall Web - sophos.com/firewall
Ì XG Hardware models - sophos.com/compare-xg
Ì XG Ecosystem: Add-ons and Accessories - sophos.com/firewall-ecosystem
Try it for free – business and even at home
If you have any additional questions visit sophos.com or give one of our Sales Agents a call.
Free 30-day trial – no strings attached
If you’d like to take it for a test drive you can get the full-featured
product simply sign-up for our free 30-day trial.
See it in action now
You can take a walkthrough of the user interface with our interactive demo or watch videos
showing you just how we make network security simple.
Visit sophos.com/xgfirewall
Free Home Use version
Our Sophos XG Firewall Home Edition is a fully-equipped software version that
gives you complete network, web, mail, and web application security with VPN
functionality, for home-use only and limited to 4 virtual cores, 6 GB of RAM.
Visit sophos.com/freetools
¹ General: Max. throughput measured under ideal test conditions using industry standard Keysight-Ixia Breaking point test tools. Actual performance may vary depending on network
conditions and activated services.
Ì FW: Measured using HTTP traffic and 512KB response size.
Ì FW IMIX: UDP throughput based on a combination of 66 byte, 570 byte and 1518 byte packet sizes.
Ì NGFW: Measured with IPS and Application Control enabled with HTTP traffic using default IPS ruleset and 512KB object size.
Ì IPS: Measured with IPS with HTTP traffic using default IPS ruleset and 512KB object size.
Ì IPSEC VPN: HTTP throughput using multiple tunnels and 512KB HTTP response size.
Ì Threat Protection: Measured with Firewall, IPS, Application Control, and Malware prevention enabled using HTTP 200KB response size.
Ì Xstream SSL decryption: Measured with IPS and Threat Protection enabled using HTTP traffic with 192KB response size.
United Kingdom and Worldwide Sales
Tel: +44 (0)8447 671131
Email: sales@sophos.com
© Copyright 2020. Sophos Ltd. All rights reserved.
Registered in England and Wales No. 2096520, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, UK
Sophos is the registered trademark of Sophos Ltd. All other product and company names mentioned are
trademarks or registered trademarks of their respective owners.
20-10-19 BR-EN (DD)
North American Sales
Toll Free: 1-866-866-2802
Email: nasales@sophos.com
Australia and New Zealand Sales
Tel: +61 2 9409 9100
Email: sales@sophos.com.au
Asia Sales
Tel: +65 62244168
Email: salesasia@sophos.com
Loading...