Sophos Xg Series Appliances Brna_2 Brna 2

User Manual: sophos-xg-series-appliances-brna_2

Open the PDF directly: View PDF PDF.
Page Count: 19

DownloadSophos-xg-series-appliances-brna_2 Sophos-xg-series-appliances-brna 2
Open PDF In BrowserView PDF
Sophos XG Firewall
Unrivalled simplicity, security and insight
Sophos XG Firewall brings a fresh new approach to the way you
manage your firewall, respond to threats, and monitor what’s
happening on your network. Get ready for a whole new level of
simplicity, security and insight.

Sophos XG Firewall

Sophos XG Firewall – The next thing in next-gen
XG Firewall is optimized for today’s business, delivering all the protection and
insights you need in a single, powerful appliance that’s easy to manage.
Advanced protection made simple

Potent, powerful … fast

Most firewall products make you set up and manage policies
across multiple modules or screens. Not Sophos. We provide
a powerful unified policy model that allows you to manage,
view, filter, and sort all your user, application and network
policies on a single screen.

We’ve engineered XG Firewall to deliver outstanding
performance. Our appliances are built using Intel multicore technology, solid-state drives, and accelerated inmemory content scanning. In addition Sophos FastPath
packet optimization technology ensures you’ll always get
maximum throughput.

More-in-one protection
You get all the next-gen firewall features you need plus
features you can’t get anywhere else – including our
revolutionary Security Heartbeat™, full web application
firewall, and complete email anti-spam, encryption and DLP.
No extra hardware. No extra cost. Simply choose what you
want to deploy.

On-box reports included as standard
With hundreds of built-in reports you’ll know exactly what’s
happening with your users and your network. You get detailed
reports as standard, stored locally with no separate tools
required. And our unique User Threat Quotient reports show
you which of your users are putting your security at risk.

1

Simply manage multiple firewalls
Sophos Firewall Manager provides a single console for the
complete central management of multiple XG Firewalls.
And if you also want to consolidate reporting across
multiple XG, SG, and Cyberoam appliances then with
Sophos iView, you can.

Sophos XG Firewall

Security features you can’t get anywhere else
XG Firewall includes a number of innovations that not only makes your job a lot
easier, but also ensures your network is more secure.
A revolution in advanced threat protection –
Sophos Synchronized Security
An industry first, Synchronized Security links your endpoints
and your firewall to enable unique insights and coordination.
Security HeartbeatTM relays Endpoint health status and
enables your firewall to immediately identify and respond
to a compromised system on your network. The firewall can
isolate systems until they can be investigated and cleaned
up. Another Synchronized Security feature, Dynamic App
Identification, also enables the firewall to query the endpoint
to determine the source of unknown traffic on the network.

Patented Layer-8 identity control
User identity takes enforcement to a whole new layer with
our patented Layer-8 identity based policy technology
enabling user level controls over applications, bandwidth and
other network resources regardless of IP-address, location,
network or device. It literally takes firewall policy to a whole
new layer.

Policy templates get you protected fast
Pre-defined policy templates let you protect common
applications like Microsoft Exchange or SharePoint quickly
and easily. Simply select them from a list, provide some
basic information and the template takes care of the rest.
It sets all the inbound/ outbound firewall rules and security
settings for you automatically – displaying the final policy in
a statement in plain English.

Automated user risk reports
The Sophos User Threat Quotient (UTQ) indicator is a unique
feature which provides actionable intelligence on user
behavior. Our firewall correlates each user’s surfing habits
and activity with advanced threat triggers and history to
identify users with risk-prone behavior.

Flexible deployment, no compromise
Unlike our competitors whether you choose hardware,
software, or virtual we don’t make you compromise – every
feature is available on every model and form- factor.
To find out more visit www.sophos.com/xgfirewall

XG Series

Software

Virtual

Azure

Purpose-built devices
to provide the ultimate
in performance.

Install the Sophos Firewall
OS image on your own
Intel hardware or server.

Install on VMware,
Citrix, Microsoft
Hyper-V and KVM.

Protect your network
infrastructure in the
Azure cloud.

2

Sophos XG Firewall

Network Protection
All the protection you need to stop sophisticated attacks and advanced threats
while providing secure network access to those you trust.
Next-gen Intrusion Prevention System

Security Heartbeat

Provides advanced protection from all types of modern
attacks. It goes beyond traditional server and network
resources to protect users and apps on the network as well.

Creates a link between your Sophos Cloud Endpoints and
your Firewall to identify threats faster, simplify investigation
and minimize impact from attacks. Easily incorporate
Heartbeat status into firewall policies to automatically
isolate compromised systems.

Advanced Threat Protection
Instant identification and immediate response to today’s
most sophisticated attacks. Multi-layered protection
identifies threats instantly and Security Heartbeat™
provides an emergency response.

Web Protection

Advanced VPN technologies
Adds unique and simple VPN technologies including our
clientless HTML5 self-service portal that makes remote
access incredibly simple or utilize our exclusive light-weight
secure RED (Remote Ethernet Device) VPN technology.

Comprehensive web protection and application control with powerful and
flexible policy tools ensure your networked users are secure and productive.
Powerful user and group web policy
Provides enterprise-level Secure Web Gateway policy
controls to easily manage sophisticated user and group
web controls.

Advanced Web Threat Protection
Backed by SophosLabs, our advanced engine provides
the ultimate protection from today’s polymorphic and
obfuscated web threats. Innovative techniques like
JavaScript emulation, behavioral analysis, and origin
reputation help keep your network safe.

High performance transparent proxy
Optimized for top performance, our transparent proxy
technology provides ultra-low latency inspection and
HTTPS scanning of all traffic for threats and compliance.

Layer-8 Application Control and QoS
Enables user-aware visibility and control over thousands of
applications with granular policy and traffic-shaping (QoS)
options based on application category, risk, and
other characteristics.

Sandstorm Protection
Sophos Sandstorm uses next-gen cloud-sandbox technology to give your
organization an extra layer of security against ransomware and targeted
attacks.
It integrates with your XG Firewall and is cloud-delivered
so there’s no additional hardware required. Sophos
Sandstorm blocks evasive threats like ransomware,
disguised as executables, PDFs, and Microsoft Office
documents — sending them to a cloud-sandbox to be
detonated and observed in a safe environment.

3

Threat intelligence is fed back to your XG Firewall and the
file blocked or permitted. The process takes just a couple
of minutes with minimal impact for the user. And
Sandstorm gives you detailed threat reports for
every incident so you know exactly what’s going on.

Sophos XG Firewall

Email Protection
Full SMTP and POP message protection from spam, phishing and data loss
with our unique all-in-one protection that combines policy-based email
encryption with DLP and anti-spam.
Integrated Message Transfer Agent

SPX Email Encryption

Ensures always-on business continuity for your email,
allowing the firewall to automatically queue mail in the
event servers become unavailable.

Unique to Sophos, SPX makes it easy to send encrypted
email to anyone, even those without any kind of trust
infrastructure using our patent-pending password-based
encryption technology.

Live Anti-Spam
Provides protection from the latest spam campaigns,
phishing attacks, and malicious attachments .

Self-serve Quarantine
Gives employees direct control over their spam quarantine,
saving you time and effort.

Data Loss Prevention
Policy based DLP can automatically trigger encryption or
block/notify based on the presence of sensitive data in
emails leaving the organization.

Web Server Protection
Harden your web servers and business applications against hacking attempts
with a full-featured Web Application Firewall while providing secure access with
reverse proxy authentication.
Business Application Policy Templates

Reverse proxy

Pre-defined policy templates let you protect common
applications like Microsoft Exchange Outlook Anywhere or
SharePoint quickly and easily.

With authentication options, SSL offloading, and server load
balancing ensure maximum protection and performance
for your servers being accessed from the internet.

Protection from the latest hacks and
attacks
With a variety of advanced protection technologies
including URL and form hardening, deep-linking and
directory traversal prevention, SQL injection and cross-site
scripting protection, cookie signing and more.

4

Sophos XG Firewall

How to Buy
Every XG Firewall comes equipped with Base Firewall functionality including
IPSec, SSL VPN, and Wireless Protection. You can extend protection with our
Total Protection bundles or by adding protection modules individually.

Network Protection

Sandstorm Protection

Web Protection

All the protection you need to stop
sophisticated attacks and advanced
threats while providing secure
network access to those you trust.

Sophos Sandstorm uses next-gen
cloud-sandbox technology to give
your organization an extra layer
of security against ransomware
and targeted attacks.

Comprehensive web protection and
application control with powerful and
flexible policy tools ensure your networked
users are secure and productive.

Security Heartbeat™

Email Protection

Web Server Protection

Links your Sophos endpoints with
your firewall to deliver unparalleled
protection from advanced threats
and reduce the time and complexity
of responding to security incidents.

Full SMTP and POP message protection
from spam, phishing and data loss
with our unique all-in-one protection
that combines policy-based email
encryption with DLP and anti-spam.

Harden your web servers and
business applications against
hacking attempts while providing
secure access to external users
with reverse proxy authentication.

A simple approach to comprehensive support
We build products that are simple yet comprehensive. And, we take the same approach with our support. With options
ranging from basic technical support to those including direct access to senior support engineers and customized delivery.

Licenses names
Support
Via telephone and email
Security Updates & Patches
For the life of the product
Software Feature Updates & Upgrades

Standard

Enhanced

Included with purchase

Included in all bundles

For 90 days
(business hours only)

Included
(24x7)

VIP Access
(24x7)

Included with an active
software subscription

Included with an active
software subscription

Included with an active
software subscription

Included 90-days

Included

Included

Consulting
Remote consultation on your firewall configuration and
security with a Sophos Senior Technical Support Engineer
Warranty and RMA
For all hardware appliances
Technical Account Manager
Dedicated named technical account manager

5

Enhanced Plus

Included
(up to 4 hours)
1 year (return / replace)

Advance Exchange
(max. 5 years)

Advance Exchange
(max. 5 years)

Optional
(extra cost)

Optional
(extra cost)

Sophos XG Firewall

Sophos XG Series Appliances – at a glance
Our XG Series hardware appliances are purpose-built with the latest multi-core Intel technology, generous RAM
provisioning, and solid-state storage. Whether you’re protecting a small business or a large datacenter, you’re getting
industry leading performance.

Product Matrix
Model

Tech. Specs

Throughput¹

Revision #

Form
Factor

Ports/Slots
(Max Ports)

w-model 802.11
wireless

Swappable
Components

Firewall
(Mbps)

VPN
(Mbps)

NGFW
(Mbps)

AV-proxy
(Mbps)

XG 85(w)

1

desktop

4

a/b/g/n

n/a

2000

200

235

330

XG 105(w)

2

desktop

4

a/b/g/n

n/a

3000

300

270

430

XG 115(w)

2

desktop

4

a/b/g/n

n/a

3,500

350

310

520

XG 125(w)

2

desktop

8

a/b/g/n/ac

n/a

5,000

410

360

590

XG 135(w)

2

desktop

8

a/b/g/n/ac

n/a

7,000

950

880

1,400

XG 210

3

1U

8/1 (16)

n/a

opt. ext. Power

16,000

1,450

2,200

2,300

XG 230

2

1U

8/1 (16)

n/a

opt. ext. Power

20,000

1,700

3,000

2,800

XG 310

2

1U

12/1 (20)

n/a

opt. ext. Power

28,000

2,750

4,000

3,300

XG 330

2

1U

12/1 (20)

n/a

opt. ext. Power

33,000

3,200

5,500

6,000

XG 430

2

1U

10/2 (26)

n/a

opt. ext. Power

41,000

4,800

6,000

6,500

XG 450

2

1U

10/2 (26)

n/a

opt. int. Power

50,000

5,500

7,500

7,000

XG 550

2

2U

8/4 (32)

n/a

Power, SSD, Fan

65,000

8,400

9,000

10,000

XG 650

2

2U

8/6 (48)

n/a

Power, SSD, Fan

85,000

9,000

10,000

13,000

XG 750

2

2U

8/8 (64)

n/a

Power, SSD, Fan

100,000

11,000

11,800

17,000

Sophos XG Firewall TotalProtect Plus Bundle
For the ultimate in protection, value, and peace-of-mind, get our convenient TotalProtect Plus bundle.
What you get

TotalProtect Plus Bundle

Base Firewall Firewall, IPsec and SSL VPN, Wireless Protection (APs sold separately)
Network Protection IPS, RED, HTML5 VPN, ATP, Security Heartbeat
Web Protection Anti-malware, Web and App visibility, control, and protection
Email Protection Anti-spam, SPX Email Encryption, and DLP
Web Server Protection Web Application Firewall and reverse proxy
Sandstorm Protection next-gen cloud-sandbox technology
Enhanced Support 24x7 support, security and software updates, adv. exchange warranty
XG Series Hardware Appliance Multi-core Intel processor, solid-state storage, flexible connectivity

6

Sophos XG Firewall

Sophos XG Series Desktop Appliances:
XG 85 and XG 85w
Technical Specifications
These entry-level desktop firewalls are the ideal choice for budget-conscious small businesses, retail and small or home
offices. They are available with and without integrated wireless LAN, so you can have an all-in-one network security and
hotspot solution without the need for additional hardware. The Intel dual-core technology makes them highly efficient and
as they’re fanless, they won’t add unwanted noise to your office space.
Note: The XG 85 and 85w do not support some advanced features like on-box reporting, dual AV scanning, WAF AV scanning
and the email message transfer agent (MTA) functionality. If you need these capabilities, the XG 105(w) is recommended.
Front View

Performance¹

XG 85(w) Rev. 1

Firewall throughput

Status LEDs

Back View

2 Gbps

Firewall IMIX

780 Mbps

VPN throughput

200 Mbps

IPS throughput

510 Mbps

NGFW (IPS + App Ctrl +
WebFilter) max.

235 Mbps

Antivirus throughput (proxy)

330 Mbps

Concurrent connections

2,000,000

New connections/sec

2 x external antennas
(XG 85w only)

Maximum licensed users

18,000
unrestricted

Wireless Specification (XG 85w only)
No. of antennas

2 x USB 2.0

2 external

MIMO capabilities

2 x 2:2

Wireless interface

802.11a/b/g/n (2.4 GHz / 5 GHz)

Physical interfaces
1 x COM
(RJ45)

4 x 1GbE
copper port

Operating temperature
Humidity

3.24W, 11.04 BTU/h (idle)
5.64W, 19.232 BTU/h (full load)
0-40°C (operating)
-20 to +80°C (storage)
10%-90%, non-condensing

Product Certifications
Certifications

7

8 GB eMMC

Ethernet interfaces (fixed)

4 GE copper

I/O ports (rear)

Environment
Power consumption

Storage

CB, CE, FCC Class B, IC, VCCI,
MIC, RCM, UL, CCC

Power supply

2 x USB 2.0
1 x COM (RJ45)
External auto ranging DC: 12V,
100-240VAC, 50-60 Hz

Physical specifications
Mounting

Rackmount kit available
(to be ordered separately)

Dimensions
Width x Depth x Height

225 x 150 x 44 mm
8.86 x 5.91 x 1.73 inches

Weight

0.95 kg / 2.09 lbs (unpacked)
1.97 kg / 4.34 lbs (packed)

Sophos XG Firewall

Sophos XG Series Desktop Appliances:
XG 105, XG 105w, XG 115, XG 115w
Technical Specifications
These desktop firewall appliances offer an excellent price-to-performance ratio making them ideal for small businesses
or branch offices. They are available with or without integrated wireless LAN, so you can even have an all-in-one network
security and hotspot solution without the need for additional hardware. Of course, you can also add external access points.
With Intel multi-core technology designed for best performance and efficiency in a small form factor, these models come
equipped with 4 GbE copper ports built-in.
Front View

Performance¹
Firewall throughput

Status LEDs

Back View

3 Gbps

3.5 Gbps

Firewall IMIX

1.04 Gbps

1.33 Gbps

VPN throughput

300 Mbps

350 Mbps

IPS throughput

700 Mbps

900 Mbps

NGFW (IPS + App Ctrl +
WebFilter) max.

270 Mbps

310 Mbps

Antivirus throughput (proxy)

430 Mbps

520 Mbps

Concurrent connections

3,200,000

6,000,000

New connections/sec

3 x external antennas
(XG 105w and XG 115w only)

XG 105(w) Rev. 2 XG 115(w) Rev. 2

Maximum licensed users

27,500

27,500

unrestricted

unrestricted

Wireless Specification (XG 105w and XG 115w only)
No. of antennas

2 x USB 2.0

3 external

MIMO capabilities

3 x 3:3

Wireless interface

802.11a/b/g/n (2.4 GHz / 5 GHz)

Physical interfaces
1 x VGA
port

1 x COM
(RJ45)

4 x 1GbE
copper port

Storage (local
quarantine/logs)
Ethernet interfaces (fixed)

Environment
Power consumption
Operating temperature
Humidity

I/O ports (rear)
4.83W, 16.468 BTU/hr (idle)
9.84W, 33.55 BTU/hr (full load)
0-40°C (operating)
-20 to +80°C (storage)
10%-90%, non-condensing

Product Certifications
Certifications

CB, CE, FCC Class B, IC, VCCI,
MIC, RCM, UL, CCC

Power supply

integrated SSD
4 GE copper
2 x USB 2.0
1 x COM (RJ45)
1 x VGA
External auto ranging DC: 12V,
100-240VAC, 50-60 Hz

Physical specifications
Mounting

Rackmount kit available
(to be ordered separately)

Dimensions
Width x Depth x Height

225 x 150 x 44 mm
8.86 x 5.91 x 1.73 inches

Weight

1.19 kg / 2.62 lbs (unpacked)
2.185 kg / 4.82 lbs (packed)

8

Sophos XG Firewall

Sophos XG Series Desktop Appliances:
XG 125, XG 125w, XG 135, XG 135w
Technical Specifications
These powerful firewall appliances offer 1U performance with a desktop form factor and price. If you have a small business
or branch offices to protect and are working on a tight budget, these models are the ideal choice. They are also available
with integrated 802.11ac wireless LAN for optimal coverage and connectivity for your mobile workers. Built upon the latest
Intel architecture, our software makes optimal use of the multi-core technology to provide excellent throughput for all your
key processes. These models come equipped with 8 GbE copper ports built-in.
Front View

Performance¹
Status LEDs

Firewall throughput

5 Gbps

7 Gbps

Firewall IMIX

1.75 Gbps

2.75 Gbps

VPN throughput

410 Mbps

950 Mbps

IPS throughput

1 Gbps

1.75 Gbps

360 Mbps

880 Mbps

NGFW (IPS + App Ctrl +
WebFilter) max.

Back View

Antivirus throughput (proxy)

590 Mbps

1.4 Gbps

Concurrent connections

6,200,000

8,200,000

New connections/sec

3 x external antennas
(XG 125w and XG 135w only)

XG 125(w) Rev. 2 XG 135(w) Rev. 2

Maximum licensed users

35,000

82,000

unrestricted

unrestricted

Wireless Specification (XG 125w and XG 135w only)
2 x USB 2.0

1 x VGA port

1 x COM (RJ45)

No. of antennas

8 x 1GbE copper port

3 x 3:3

Wireless interface

802.11a/b/g/n/ac (2.4 GHz / 5 GHz)

Physical interfaces
Storage (local
quarantine/logs)

Environment
Power consumption
Operating temperature
Humidity

Ethernet interfaces (fixed)
12.46W, 49.3 BTU/hr (idle)
26.16W, 89.2 BTU/hr (full load)
0-40°C (operating)
-20 to +80°C (storage)

Certifications

I/O ports (rear)

Power supply

10%-90%, non-condensing

Product Certifications

integrated SSD
8 GE copper
2 x USB 2.0
1 x COM (RJ45)
1 x VGA
External auto ranging DC: 12V,
100-240VAC, 50-60 Hz

Physical specifications
CB, CE, FCC Class B, IC, VCCI,
MIC, RCM, UL, CCC

Mounting

Rackmount kit available
(to be ordered separately)

Dimensions
Width x Depth x Height

288 x 186.8 x 44 mm
11.38 x 7.35 x 1.73 inches

Weight

9

3 external

MIMO capabilities

1.7 kg / 3.75 lbs (unpacked)
2.82 kg / 6.22 lbs (packed)

Sophos XG Firewall

Sophos XG Series Rackmount Appliances:
XG 210, XG 230
Technical Specifications
The Sophos XG 210 and XG 230 are designed to protect small to mid-sized businesses and branch offices. Based on the
latest Intel technology and equipped with 6 GbE copper ports , 2 GbE SFP fiber ports plus one FleXi Port slot to configure
with an optional module, they provide high flexibility and throughput at an excellent price-to-performance ratio. An external
redundant power supply is optional for these models.
Front View
Multi-function
LCD display

Navigation
for LCD

Performance¹
1 x COM
(RJ45)

2x
USB 3.0

6 x GE copper – fixed
Incl. 2 bypass pairs

2 x GE SPF
– fixed

1 x expansion bay
(shown here with optional
FleXi Port module)

Micro USB

20 Gbps

Firewall IMIX

5.5 Gbps

6.8 Gbps

VPN throughput

1.45 Gbps

1.7 Gbps

IPS throughput

2.7 Gbps

4.2 Gbps

NGFW (IPS + App Ctrl) max.

2.2 Gbps

3 Gbps

Antivirus throughput (proxy)

2.3 Gbps

2.8 Gbps

8,200,000

8,200,000

Concurrent connections
Maximum licensed users

Connector for optional 2nd
external power supply

Power supply

HDMI

1x
USB 3.0

Power switch

135,000

140,000

unrestricted

unrestricted

Physical interfaces
Storage (local
quarantine/logs)

Connector for
optional PoE Power

Ethernet interfaces (fixed)

integrated SSD
6 GE copper (incl. 2 bypass pairs)
2 GE SFP*

No. of FleXi Port slots
FleXi Port modules (optional)

Environment
Power consumption

Operating temperature
Humidity

XG 210: 19W, 65 BTU/hr (idle)
35W, 119 BTU/hr (full load)
XG 230: 21W, 72 BTU/hr (idle)
41W, 141 BTU/hr (full load)
0-40°C (operating)
-20 to +80°C (storage)
10%-90%, non-condensing

I/O ports

Product Certifications
Certifications

CB, UL, CE, FCC Class A,
ISED, VCCI, RCM, CCC
BIS (planned), MSIP/KCC (planned)

XG 230 Rev. 2

16 Gbps

New connections/sec

Back View

XG 210 Rev. 3

Firewall throughput

Display
Power supply

1
8 port GE copper
8 port GE SFP*
2 port 10 GE SFP+*
4 port 10 GE SFP+*
2 port 40 GE QSFP+*
4 port GE PoE
8 port GE PoE
4 port GE copper LAN bypass
2 x USB 3.0 (front)
1 x Micro USB (front)
1 x USB 3.0 (rear)
1 x COM (RJ45) (front)
1 x HDMI (rear)
Multi-function LCD module
Internal auto-ranging
100-240VAC, 50-60 Hz
Redundant PSU optional (external)

Physical specifications
Mounting

1U rack mount
(2 rackmount ears included)

Dimensions
Width x Depth x Height

438 x 344.4 x 44mm
17.24 x 13.56 x 1.75 inches

Weight

5.2 kg / 11.46lb (unpacked)
7.7 kg / 16.98 lbs (packed)

* Transceivers (mini GBICs) sold separately

10

Sophos XG Firewall

Sophos XG Series Rackmount Appliances:
XG 310, XG 330
Technical Specifications
The Sophos XG 310 and XG 330 are scalable appliances suitable for distributed organizations or mid-sized companies.
With solid-state drives for on-box reporting, logs and spam quarantine, they’re highly responsive even in high traffic
environments. Each model is equipped with 8 GbE copper ports, 2 GbE SFP fiber ports, 2 10 GbE SFP+ fiber ports plus one
FleXi Port slot to configure with an optional module. They provide optimal performance and flexibility plus redundancy
through an optional external power supply.
Performance¹

Front View
Multi-function
LCD display

Navigation
for LCD

1 x COM
(RJ45)

2x
USB 3.0

8 x GE copper – fixed
Incl. 2 bypass pairs

Micro USB

2 x 10 GE
SPF+ – fixed

2 x GE SPF
– fixed

1 x expansion bay
(shown here with optional
FleXi Port module)

33 Gbps

Firewall IMIX

9.5 Gbps

12.5 Gbps

VPN throughput

2.75 Gbps

3.2 Gbps

IPS throughput

5.5 Gbps

8.5 Gbps

NGFW (IPS + App Ctrl) max.

4 Gbps

5.5 Gbps

Antivirus throughput (proxy)

3.3 Gbps

6 Gbps

17,500,000

17,500,000

200,000

200,000

unrestricted

unrestricted

Concurrent connections
Maximum licensed users

Connector for optional 2nd
external power supply

Power supply

Physical interfaces
Storage (local
quarantine/logs)

Connector for
optional PoE Power

HDMI

1x
USB 3.0

Power switch

Power consumption

Operating temperature
Humidity

Ethernet interfaces (fixed)

XG 310: 32W, 109 BTU/hr (idle)
49W, 167 BTU/hr (full load)
XG 330: 36W, 122 BTU/hr (idle)
54W, 184 BTU/hr (full load)

FleXi Port modules (optional)

0-40°C (operating)
-20 to +80°C (storage)
10%-90%, non-condensing
I/O ports

Product Certifications
Certifications

integrated SSD
8 GE copper (incl. 2 bypass pairs)
2 GE SFP*
2 10 GE SFP+*

No. of FleXi Port slots

Environment

XG 330 Rev. 2

28 Gbps

New connections/sec

Back View

XG 310 Rev. 2

Firewall throughput

CB, UL, CE, FCC Class A,
ISED, VCCI, RCM, CCC
BIS (planned), MSIP/KCC (planned)
Display
Power supply

1
8 port GE copper
8 port GE SFP*
2 port 10 GE SFP+*
4 port 10 GE SFP+*
2 port 40 GE QSFP+*
4 port GE PoE
8 port GE PoE
4 port GE copper LAN bypass
2 x USB 3.0 (front)
1 x Micro USB (front)
1 x USB 3.0 (rear)
1 x COM (RJ45) (front)
1 x HDMI (rear)
Multi-function LCD module
Internal auto-ranging
100-240VAC, 50-60 Hz
Redundant PSU optional (external)

Physical specifications
Mounting
Dimensions
Width x Depth x Height
Weight

1U rack mount
(2 rackmount ears included)
438 x 405.5 x 44mm
17.24 x 15.96 x 1.75 inches
5.8 kg / 12.78 lbs (unpacked)
8.8 kg / 19.4 lbs (packed)

* Transceivers (mini GBICs) sold separately

11

Sophos XG Firewall

Sophos XG Series Rackmount Appliances:
XG 430, XG 450
Technical Specifications
The Sophos XG 430 and XG 450 offer enterprise performance for distributed organizations or larger mid-sized companies.
The connectivity options are second to none for rack mountable appliances, with each model coming equipped with 8 GbE
copper ports, 2 10 GbE SFP+ ports and 2 additional FleXi Port slots which you can configure with your choice of optional
modules. For high-availability, the XG 450 also offers unparalleled redundancy features in a 1U appliance with a second SSD
(RAID) integrated and an optional second power supply is available for both models.
Front View
Multi-function
LCD display

Performance¹

IPMI
MGMT
port

Navigation
for LCD

Firewall throughput
1 x COM
(RJ45)

2x
USB 3.0

8 x GE copper – fixed
Incl. 2 bypass pairs

Micro USB

2 x expansion bay
(shown here with optional
FleXi Port module)

2 x GE SPF+
– fixed

50 Gbps

Firewall IMIX

14.5 Gbps

17.5 Gbps

VPN throughput

4.8 Gbps

5.5 Gbps

IPS throughput

9 Gbps

10 Gbps

NGFW (IPS + App Ctrl) max.

6 Gbps

7.5 Gbps

Antivirus throughput (proxy)
Concurrent connections

Power supply

Ethernet interfaces (fixed)
HDMI

1x
USB 3.0

Power switch

FleXi Port modules (optional)

Power switch

HDMI

1x
USB 3.0

Power supply

Space for optional 2nd hot
swappable power supply

I/O ports

Environment
Power consumption

Operating temperature
Humidity

200,000

200,000
unrestricted

integrated SSD

XG 430: 28W, 96 BTU/hr (idle)
79W, 270 BTU/hr (full load)
XG 450: 31W, 107 BTU/hr (idle)
83W, 283 BTU/hr (full load)
0-40°C (operating)
-20 to + 80°C (storage)

Display
Power supply

10%-90%, non-condensing

2
8 port GE copper
8 port GE SFP*
2 port 10 GE SFP+*
4 port 10 GE SFP+*
2 port 40 GE QSFP+*
4 port GE PoE
8 port GE PoE
4 port GE copper LAN bypass
2 x USB 3.0 (front)
1 x Micro USB (front)
1 x USB 3.0 (rear)
1 x COM (RJ45) (front)
1 x IPMI (front)
1 x HDMI (rear)
Multi-function LCD module
Internal autoranging 100240VAC, 50-60 Hz
Redundant PSU
optional (external)

Product Certifications
Certifications

CB, UL, CE, FCC Class A,
ISED, VCCI, RCM, CCC
BIS (planned), MSIP/KCC (planned)

2 x integrated SSD

8 GE copper (incl. 2 bypass pairs)
2 10 GE SFP+*

No. of FleXi Port slots

Back View XG 450

Connector for
optional PoE Power

7 Gbps
20,000,000

Physical interfaces
Storage (local
quarantine/logs)

Connector for
optional PoE Power

6.5 Gbps
20,000,000

Maximum licensed users
Connector for optional 2nd
external power supply

XG 450 Rev. 2

41 Gbps

New connections/sec

Back View XG 430

XG 430 Rev. 2

Internal autoranging 100240VAC, 50-60 Hz
Hot Swap
Redundant PSU
optional (internal)

Physical specifications
Mounting
Dimensions
Width x Depth x Height
Weight

1U rackmount (sliding rails incl.)
438 x 507.7 x 44mm
17.24 x 19.99 x 1.75 inches
7.6 kg / 16.76 lbs
(unpacked)
13.7 kg / 30.2
lbs (packed)

7.8 kg / 17.2 lbs
(unpacked)
14.8 kg / 32.63
lbs (packed)

* Transceivers (mini GBICs) sold separately

12

Sophos XG Firewall

Sophos XG Series Rackmount Appliances:
XG 550, XG 650
Technical Specifications
The Sophos XG 550 and XG 650 are high-performance firewalls equipped to provide protection for larger distributed and
growing organizations. They offer CPU technology to effortlessly handle use as an all-in-one solution or a powerful nextgeneration firewall. The models offer either 4 (XG 550) or 6 (XG 650) FleXi Port expansion bays to tailor your connectivity to
your environment. An 8 port GbE copper module is supplied as a default. Hot-swappable dual SSDs and power supplies are
standard redundancy features in this class.
Front View XG 550

Performance¹

2 x management port
2 x hot-swap
SSD (RAID-1)

2 x USB 2.0

Navigation
for LCD

XG 550 Rev. 2

XG 650 Rev. 2

65 Gbps

85 Gbps

Firewall IMIX

23 Gbps

28 Gbps

VPN throughput

8.4 Gbps

9 Gbps

IPS throughput

17 Gbps

20 Gbps

NGFW (IPS + App Ctrl +
WebFilter) max.

9 Gbps

10 Gbps

Antivirus throughput (proxy)

10 Gbps

Firewall throughput

1 x COM (RJ45)

4 expansion bays for Flexi Port
modules. 1 x 8 port GbE copper module
supplied as default (removable)

Multi-function LCD display

Concurrent connections
New connections/sec

13 Gbps
30,000,000

220,000

Maximum licensed users

240,000
unrestricted

Front View XG 650
Physical interfaces

2 x management port
2 x hot-swap
SSD (RAID-1)

Storage (local
quarantine/logs)

2 x USB 2.0

2 x integrated
hot-swap SSD (RAID)

Ethernet interfaces
(removable)
No. of FleXi Port slots
FleXi Port modules (optional)
Navigation
for LCD

1 x COM (RJ45)

6 expansion bays for Flexi Port
modules. 1 x 8 port GbE copper module
supplied as default (removable)

Multi-function LCD display

Back View

I/O ports
1 x USB 3.0

1 x VGA port

Power switch

Display
Power supply
4 x swappable fan

2 x hot swappable
power supply

Power consumption

Operating temperature
Humidity

XG 550: 270.5W, 922.98BTU/hr (idle)
416.1W, 1419.79BTU/hr (full load)
XG 650: 320.5W, 1093.59BTU/hr (idle)
493.1W, 1682.53BTU/hr (full load)
0-40°C (operating)
-40 to +70°C (storage)
5%-90%, non-condensing

Product Certifications
Certifications

13

CE, UL, FCC, ISED, CCC,
VCCI, RCM, BIS (CRS)

4

6

8 port GE copper
8 port GE SFP*
2 port 10 GE SFP+*
4 port 10 GE SFP+*
4 port SFP* plus 4 port GE
copper LAN bypass
2 x USB 2.0 (front)
1 x USB 3.0 (rear)
2 x Mgmt Port (eth0/eth1, front)
1 x COM (RJ45) (front)
1 x VGA (rear)
Multi-function LCD module
2 x hot-swap internal auto-ranging
100-240VAC, 50-60 Hz PSU

Physical specifications
Mounting

Environment

8 GE copper

Dimensions
Width x Depth x Height
Weight

2U sliding rails (included)
438 x 600 x 88 mm
17.24 x 23.62 x 3.46 inches
17.8 kg / 39.24 lbs (unpacked)
27 kg / 59.53 lbs (packed)

* Transceivers (mini GBICs) sold separately

Sophos XG Firewall

Sophos XG Series Rackmount Appliances:
XG 750
Technical Specifications
The Sophos XG 750 is a high performance firewall suitable for high traffic datacenter and large enterprise environments.
Intel multi core technology and redundancy features such as dual SSDs, power supplies and swappable fans, ensure you’re
protected at all times. With a total of 8 FleXi Port bays, one of which comes equipped with a default 8 port GbE copper
module, connectivity knows no bounds and can reach a maximum of 64 ports using the optional modules.
Front View

Performance¹
2 x management port

2 x hot-swap
SSD (RAID-1)

2 x USB 2.0

XG 750 Rev. 2

Firewall throughput

100 Gbps

Firewall IMIX

33.5 Gbps

VPN throughput

11 Gbps

IPS throughput

22 Gbps

NGFW (IPS + App Ctrl +
WebFilter) max.

11.8 Gbps

Antivirus throughput (proxy)
Navigation
for LCD

1 x COM (RJ45)

8 expansion bays for Flexi Port
modules. 1 x 8 port GbE copper module
supplied as default (removable)

Multi-function LCD display

17 Gbps

Concurrent connections

30,000,000

New connections/sec

300,000

Maximum licensed users

unrestricted

Back View
Physical interfaces
1 x USB 3.0

1 x VGA port

Power switch

Storage (local
quarantine/logs)

2 x integrated hot-swap SSD (RAID)

Ethernet interfaces
(removable)

8 GE copper

No. of FleXi Port slots
FleXi Port modules (optional)
4 x swappable fan

2 x hot swappable
power supply

Environment
Power consumption
Operating temperature
Humidity

326.5W, 1114.01BTU/hr (idle)
512.2W, 1747.62BTU/hr (full load)

I/O ports

0-40°C (operating)
-40 to +70°C (storage)
5%-90%, non-condensing
Display

Product Certifications
Certifications

Power supply
CE, UL, FCC, ISED, CCC,
VCCI, RCM, BIS (CRS)

8
8 port GE copper
8 port GE SFP*
2 port 10 GE SFP+*
4 port 10 GE SFP+*
4 port SFP* plus 4 port GE
copper LAN bypass
2 x USB 2.0 (front)
1 x USB 3.0 (rear)
2 x Mgmt Port (eth0/eth1, front)
1 x COM (RJ45) (front)
1 x VGA (rear)
Multi-function LCD module
2 x hot-swap external auto ranging
100-240VAC, 50-60 Hz

Physical specifications
Mounting
Dimensions
Width x Depth x Height
Weight

2U sliding rails (included)
438 x 600 x 88 mm
17.24 x 23.62 x 3.46 inches
17.8 kg / 39.24 lbs (unpacked)
27 kg / 59.53 lbs (packed)

* Transceivers (mini GBICs) sold separately

14

Sophos XG Firewall

FleXi Port Modules
Configure your hardware to suit your infrastructure and change it as and when you need to. Our optional FleXi Port LAN
modules give you the freedom to select the connectivity you need – copper, fiber, 10GbE – you decide.
In some cases, FleXi Port modules are interchangeable within a range of appliances, so, for example, you can use the same
module with all of your 1U appliances which saves you money if you upgrade to a higher model at a later date.
FleXi Port Modules for 1U

8 port GbE copper FleXi Port module (for SG/XG 2xx/3xx/4xx only)

8 port GbE SFP FleXi Port module (for SG/XG 2xx/3xx/4xx only)

2 port 10 GbE SFP+ FleXi Port module
(for SG/XG 2xx/3xx/4xx only)

4 port 10 GbE SFP+ FleXi Port module
(for SG/XG 2xx/3xx/4xx only)

2 port 40 GbE QSFP+
(for SG/XG 210 Rev.3 and SG/XG 230, 3xx and 4xx Rev.2 only)

4 port 1GE copper PoE
(for SG/XG 210 Rev.3 and SG/XG 230, 3xx and 4xx Rev.2 only)

8 port 1GE copper PoE
(for SG/XG 210 Rev.3 and SG/XG 230, 3xx and 4xx Rev.2 only)

4 port GbE copper LAN Bypass FleXi Port module
(for XG 2xx/3xx/4xx only)

Please note: Transceivers (mini GBICs) are sold separately.

15

FleXi Port Modules for 2U

8 port GbE copper FleXi Port module
(for XG 750 and SG/XG 550/650 Rev.2 only)

8 port GbE SFP FleXi Port module
(for XG 750 and SG/XG 550/650 Rev.2 only)

2 port 10 GbE SFP+ FleXi Port module
(for XG 750 and SG/XG 550/650 Rev.2 only)

4 port 10 GbE SFP+ FleXi Port module
(for XG 750 and SG/XG 550/650 Rev.2 only)

4 port GbE SFP plus 4 port GbE copper LAN bypass FleXi port module
(for XG 750 and XG 550/650 Rev.2 only)

Sophos XG Firewall

Sophos Wireless
Protection

Sophos RED
(Remote Ethernet Device)

Get secure and reliable wireless access all
over the office

Turn any location into a secure location
with our Remote Ethernet Devices (RED)

Simplify your wireless networking by using your Sophos
XG Firewall as a wireless controller to centralize your Wi-Fi
management and security. Sophos Wireless Protection
is included in the Base Firewall license and for example,
provides full hotspot support to simply set up guest and
visitor access. Our optional access points are automatically
set up and configured by the firewall. That means all your
wireless clients get complete threat protection too.

If you have branch offices, retail locations, remote outposts
or otherwise need to extend your secure network easily
and affordably beyond your main facility, Sophos Remote
Ethernet Devices are the ideal solution. Uniquely simple and
imminently affordable, RED provides an elegant solution to
building a secure distributed network.

Choose your Access Point
Our APs are built on the latest enterprise-class, high-speed
wireless chipsets with custom designed antennas, added
CPU and memory resources, and hardware accelerated
encryption. Find out more.

Plug-and-protect
Sophos RED makes extending your secure network to
other locations easy. It requires no technical skills at the
remote site; simply enter the RED device ID into your XG
Firewall console and ship it. As soon as it’s plugged in and
connected to the Internet, it will contact your firewall and
establish a secure dedicated VPN tunnel. It’s that easy.

Hardware Appliances with integrated WiFi
All our XG Series desktop appliances are available with an
integrated wireless access point. Coverage can be further
extended by adding Sophos Access Points. Please see the
Hardware section for further details.

16

Sophos XG Firewall

Sophos Firewall Manager
(SFM)
Sophos Firewall Manager (SFM) provides powerful
centralized management for all your Sophos Firewalls
across multiple customers sites or branch offices all from a
single screen. Whether you’re an MSP, Enterprise Network
Security Admin, or simply managing a few small offices,
SFM simplifies security management enabling consistent
enforcement, easy provisioning of new policies, and at-aglance monitoring of device health. SFM saves you time,
money and makes management simpler.

Comprehensive Centralized Management
Manage all Firewall policies and configuration from
single console.

Insightful Monitoring
At-a-glance device and network health indicators.

Extensive Administrative controls
Role-based administration, change control and logging.

Flexible Deployment Options
Available as Hardware, Software, or Virtual appliance.

Sophos iView v2
Monitoring a distributed network across multiple locations
can be a challenge. That’s where Sophos iView can help. It
provides you with an intelligent, uninterrupted view of your
network from a single pane of glass. If you have multiple
appliances, need consolidated reporting, or could just use
help with log management or compliance, Sophos iView is
the ideal solution.

Consolidated reporting
Aggregated reporting across multiple Sophos and
Cyberoam firewall devices.

User-based Reporting
Our patented Layer-8 user identity provides visibility into user
activities regardless of where they’re working.

Security intelligence
Identify potential network issues and possible attacks
anywhere across your network.

Log backup and management
Logs data from multiple devices at distributed locations with
smart indexing and easy search facilities.

Deployment options
Available as software ISO or virtual appliance.

17

Sophos XG Firewall

Try it for free – business and even at home
If you have any additional questions visit sophos.com or give one of our Sales Agents a call.

Free 30-day trial – no strings attached
If you’d like to take it for a test drive you can get the full-featured
product simply sign-up for our free 30-day trial.

See it in action now
You can take a walkthrough of the user interface with our interactive demo or watch videos
showing you just how we make network security simple.
Visit sophos.com/xgfirewall

Free Home Use version
Our Sophos XG Firewall Home Edition is a fully-equipped software version that
gives you complete network, web, mail, and web application security with VPN
functionality, for home-use only and limited to 4 virtual cores, 6 GB of RAM.
Visit sophos.com/freetools
¹ General: Max. throughput measured under ideal test conditions using SF-OS 16.5 with App-classification disabled using industry standard Spirent /Avalanche performance test and
Ixia test tools. Actual performance may vary depending on network conditions and activated services.
ÌÌFW: UDP throughput based on RFC 2544 using 1518 Byte packet size.
ÌÌFW IMIX: UDP throughput based on a combination of 48 bytes, 576 bytes and 1518 bytes packet sizes.
ÌÌIPS/NGFW: HTTP throughput using default IPS ruleset and 512KB object size (NGFW: with AppCtrl enabled)
ÌÌVPN: HTTP throughput using multiple tunnels and 512KB HTTP response size
ÌÌAV: HTTP throughput using Web proxy and 200KB response size

United Kingdom and Worldwide Sales
Tel: +44 (0)8447 671131
Email: sales@sophos.com

North American Sales
Toll Free: 1-866-866-2802
Email: nasales@sophos.com

© Copyright 2017. Sophos Ltd. All rights reserved.
Registered in England and Wales No. 2096520, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, UK
Sophos is the registered trademark of Sophos Ltd. All other product and company names mentioned are
trademarks or registered trademarks of their respective owners.
17-06-27 BRNA (2665-DD)

Australia and New Zealand Sales
Tel: +61 2 9409 9100
Email: sales@sophos.com.au

Asia Sales
Tel: +65 62244168
Email: salesasia@sophos.com



Source Exif Data:
File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.6
Linearized                      : No
Create Date                     : 2017:07:05 17:40:30+01:00
Creator                         : Adobe InDesign CC 2017 (Macintosh)
Modify Date                     : 2017:07:11 14:53:56+01:00
Has XFA                         : No
Language                        : en-GB
Tagged PDF                      : Yes
XMP Toolkit                     : Adobe XMP Core 5.6-c015 84.159810, 2016/09/10-02:41:30
Metadata Date                   : 2017:07:11 14:53:56+01:00
Creator Tool                    : Adobe InDesign CC 2017 (Macintosh)
Instance ID                     : uuid:bdd6a3e9-2167-a845-ade9-54b19852d94a
Original Document ID            : xmp.did:428771621F46DF1192D5DF5BEAAA6BB5
Document ID                     : xmp.id:14fba366-52a4-45a1-8f41-f1ce2ccee051
Rendition Class                 : proof:pdf
Derived From Instance ID        : xmp.iid:6874a73d-ac54-4e1b-9df8-1dc53ac6276e
Derived From Document ID        : xmp.did:416b5cb1-1e34-43f2-b886-c717012ad3c8
Derived From Original Document ID: xmp.did:428771621F46DF1192D5DF5BEAAA6BB5
Derived From Rendition Class    : default
History Action                  : converted
History Parameters              : from application/x-indesign to application/pdf
History Software Agent          : Adobe InDesign CC 2017 (Macintosh)
History Changed                 : /
History When                    : 2017:07:05 17:40:30+01:00
Format                          : application/pdf
Producer                        : Adobe PDF Library 15.0
Trapped                         : False
Page Count                      : 19
EXIF Metadata provided by EXIF.tools

Navigation menu