overview-rocket-icon

Powered by Xstream

Sophos XGS Series firewalls combine the best of two worlds: the flexibility of a high-performance, multi-core CPU for deep packet inspection and the performance benefits of a dedicated Xstream Flow Processor for intelligent application acceleration.

overview-pricing

Powerful Protection at Every Price Point

Sophos Firewall and the XGS Series deliver the industry’s best visibility, protection, and performance. From the small branch office to the distributed enterprise, no-compromise protection is guaranteed.

overview-network

We’ve Got the Edge

Sophos Firewall can take your network anywhere it needs to go with an extensive range of modular hardware appliances, cloud and virtual platform support, and secure access edge devices like our SD-RED and wireless access points.

XGS Series Appliances

SMB and Branch Office

XGS Series Desktop

Excellent value and all-in-one connectivity for all your branch office, retail outlet, and small business needs.

Models 87/87w, 107/107w, 116/116w, 126/126w, 136/136w

Distributed Edge

XGS Series 1U Rackmount

Performance and versatile connectivity options to meet the security infrastructure needs of larger SMB and mid-sized organizations.

Models 2100, 2300, 3100, 3300, 4300, 4500

Enterprise/Campus Edge

XGS Series 2U Rackmount

Performance, connectivity, and redundancy without compromise for the most demanding enterprise and campus networks.

Models 5500, 6500, 7500, 8500

SD-WAN and Wi-Fi

Remote Ethernet Devices

SD-RED Series

Plug-and-play Remote Ethernet Devices to provide edge connectivity for branch office and remote sites.

Models 20, 60

Wi-Fi Access Points

APX Series

Manage, secure, and control your Wi-Fi networks from your Sophos Firewall.

Models 120, 320, 530, 740

Switches

Access Layer Switch Range

Connectivity, power, and control.

Cloud and Virtual

Sophos Firewall protects your public, private, and hybrid cloud and virtual environments.

AWS

As an AWS Advanced Technology Partner, Sophos is a validated AWS Security Competency vendor, AWS marketplace seller, and AWS Public Section Partner.

Sophos Firewall is available in the AWS marketplace with a Pay as You Go (PAYG) license model or Bring Your Own License (BYOL) to best fit your needs.

Azure

Sophos Firewall is certified and optimized for Azure and is available in the Microsoft Azure Marketplace.

Take advantage of the free test drive or the flexible PAYG or BYOL licensing options.

XGS Series Next-Gen Firewall Appliances

SMB and Branch Office: Desktop Models

Customers looking for an all-in-one network security solution will appreciate the seamless connectivity options available for our desktop appliances. With the modularity that smaller businesses, retail outlets, and branch offices need to grow and adapt to changing circumstances, they offer the perfect balance between price and performance. All desktop models are optionally available with built-in Wi-Fi.

All models are powered by a high-speed CPU plus a dedicated Xstream Flow Processor for hardware acceleration.

Online DemoDownload Brochure

 

 

overview-xgs-desktop

Compare XGS Desktop Models

Scroll

XGS 87 / 87w

XGS 87/87w

FIREWALL3,850 Mbps

TLS INSPECTION375 Mbps

FIREWALL IMIX3,000 Mbps

IPS1,200 Mbps

IPSEC VPN3,000 Mbps

NGFW700 Mbps

THREAT PROTECTION280 Mbps

LATENCY (64 BYTE UDP)6 µs

ETHERNET INTERFACES (FIXED) 4 X GE copper
1 X SFP Fiber*

POWER-OVER-ETHERNET (FIXED) n/a

MANAGEMENT INTERFACES 1 x COM RJ45
1 x COM Micro-USB

OTHER I/O INTERFACES 1 x USB 2.0 (front)
1 x USB 3.0 (rear)

WI-FI OPTION (W-MODEL ONLY) Wi-Fi 5 (802.11ac)
2X2:2 MIMO
2 external antennas
single radio, 2.4 or 5 GHz

EXPANSION SLOTS n/a

OPTIONAL ADD-ON MODULES SFP VDSL modem
SFP transceivers

SWAPPABLE COMPONENTS n/a

NOTES: * Transceivers sold separately

XGS 87 / 87w

XGS 87/87w Front

Front

XGS 87/87w Back

Back

XGS 107 / 107w

XGS 107/107w

FIREWALL7,000 Mbps

TLS INSPECTION420 Mbps

FIREWALL IMIX3,750 Mbps

IPS1,500 Mbps

IPSEC VPN4,000 Mbps

NGFW1,050 Mbps

THREAT PROTECTION370 Mbps

LATENCY (64 BYTE UDP)6 µs

ETHERNET INTERFACES (FIXED) 8 x GE copper
1 X SFP Fiber*

POWER-OVER-ETHERNET (FIXED) n/a

MANAGEMENT INTERFACES 1 x COM RJ45
1 x COM Micro-USB

OTHER I/O INTERFACES 1 x USB 2.0 (front)
1 x USB 3.0 (rear)

WI-FI OPTION (W-MODEL ONLY) Wi-Fi 5 (802.11ac)
2X2:2 MIMO
2 external antennas
single radio, 2.4 or 5 GHz

EXPANSION SLOTS n/a

OPTIONAL ADD-ON MODULES SFP VDSL modem
SFP transceivers

SWAPPABLE COMPONENTS optional 2nd power supply

NOTES: * Transceivers sold separately

XGS 107 / 107w

XGS 107/107w Front

Front

XGS 107/107w Back

Back

XGS 116 / 116w

XGS 116/116w

FIREWALL7,700 Mbps

TLS INSPECTION650 Mbps

FIREWALL IMIX4,500 Mbps

IPS2,500 Mbps

IPSEC VPN4,800 Mbps

NGFW2,000 Mbps

THREAT PROTECTION720 Mbps

LATENCY (64 BYTE UDP)8 µs

ETHERNET INTERFACES (FIXED) 8 x GE copper
1 X SFP Fiber*

POWER-OVER-ETHERNET (FIXED) 1 x G
802.3at (30W max.)

MANAGEMENT INTERFACES 1 x COM RJ45
1 x COM Micro-USB

OTHER I/O INTERFACES 1 x USB 2.0 (front)
1 x USB 3.0 (rear)

WI-FI OPTION (W-MODEL ONLY) Wi-Fi 5 (802.11ac)
2X2:2 MIMO
2 external antennas
single radio, 2.4 or 5 GHz

EXPANSION SLOTS 1

OPTIONAL ADD-ON MODULES 3G/4G module
5G module
2nd Wi-Fi 5/802.11ac module (for w-model only)
SFP VDSL modem
SFP transceivers

SWAPPABLE COMPONENTS optional 2nd power supply

NOTES: * Transceivers sold separately

XGS 116 / 116w

XGS 116/116w Front

Front

XGS 116/116w Back

Back

XGS 126/126w

XGS 126/126w

FIREWALL10,500 Mbps

TLS INSPECTION800 Mbps

FIREWALL IMIX5,250 Mbps

IPS3,250 Mbps

IPSEC VPN5,500 Mbps

NGFW2,500 Mbps

THREAT PROTECTION900 Mbps

LATENCY (64 BYTE UDP)8 µs

ETHERNET INTERFACES (FIXED)10 x GE copper
2 x SFP Fiber*

POWER-OVER-ETHERNET (FIXED)2 x GE
802.3at (30W max. per port)

MANAGEMENT INTERFACES 1 x COM RJ45
1 x COM Micro-USB

OTHER I/O INTERFACES 1 x USB 2.0 (front)
1 x USB 3.0 (rear)

WI-FI OPTION (W-MODEL ONLY)Wi-Fi 5 (802.11ac)
3X3:3 MIMO
3 external antennas
single radio, 2.4 or 5 GHz

EXPANSION SLOTS 1

OPTIONAL ADD-ON MODULES 3G/4G module
5G module
2nd Wi-Fi 5/802.11ac module (for w-model only)
SFP VDSL modem
SFP transceivers

SWAPPABLE COMPONENTS optional 2nd power supply

NOTES: * Transceivers sold separately

XGS 126/126w

XGS 126/126w Front

Front

XGS 126/126w Back

Back

XGS 136/136w

XGS 136/136w

FIREWALL11,500 Mbps

TLS INSPECTION950 Mbps

FIREWALL IMIX6,500 Mbps

IPS4,000 Mbps

IPSEC VPN6,350 Mbps

NGFW3,000 Mbps

THREAT PROTECTION1,000 Mbps

LATENCY (64 BYTE UDP)8 µs

ETHERNET INTERFACES (FIXED)10 x GE copper
2 x SFP Fiber*

POWER-OVER-ETHERNET (FIXED)2 x 2.5 GE
802.3at (30W max. per port)

MANAGEMENT INTERFACES 1 x COM RJ45
1 x COM Micro-USB

OTHER I/O INTERFACES 1 x USB 2.0 (front)
1 x USB 3.0 (rear)

WI-FI OPTION (W-MODEL ONLY)Wi-Fi 5 (802.11ac)
3X3:3 MIMO
3 external antennas
single radio, 2.4 or 5 GHz

EXPANSION SLOTS 1

OPTIONAL ADD-ON MODULES 3G/4G module
5G module
2nd Wi-Fi 5/802.11ac module (for w-model only)
SFP VDSL modem
SFP transceivers

SWAPPABLE COMPONENTS optional 2nd power supply

NOTES: * Transceivers sold separately

XGS 136/136w

XGS 136/136w Front

Front

XGS 136/136w Back

Back

Performance Test Methodology

General

Maximum throughput measured under ideal test conditions using industry-standard Keysight-Ixia BreakingPoint test tools. Actual performance may vary depending on network conditions and activated services.

Firewall

Measured using HTTP traffic and 512 KB response size.

Firewall IMIX

UDP throughput based on a combination of 66-byte, 570-byte, and 1518-byte packet sizes.

IPS

Measured with IPS with HTTP traffic using default IPS ruleset and 512 KB object size.

IPsec VPN

HTTP throughput using multiple tunnels and 512 KB HTTP response size.

TLS inspection

Performance measured with IPS with HTTPS sessions and different cipher suites.

Threat Protection

Measured with firewall, IPS, application control, and malware prevention enabled using HTTP 200 KB response size.

Sophos Switch

Connectivity, Power, and Control

Product Highlights

  • Dual-processor architecture delivers an excellent price-to-performance ratio.
  • Every model is available with optional integrated Wi-Fi for all-in-one connectivity.
  • An expansion bay on all XGS 116/126/136 models improves compatibility for 3G/4G or 5G when used with our optional modules.
  • An optional second Wi-Fi radio module can be added to w-models with an expansion bay.
  • A second power supply option for all XGS 1xx models offers a redundancy option not always seen in this form factor.
  • Power-over-Ethernet ports are built-in on 116, 126 (1 GE), and 136 (2.5 GE) models to power your external devices.
  • The SFP port on all models can be used for FTTH/FTTP or with the optional VDSL modem.
  • Note: All protection features are supported on every XGS 1xx model and most on XGS 87 and 87w.
xgs-116-largeBg

Showing XGS 116w Model

Accessories

3G/4G or 5G Connectivity

For XGS 116, 126, and 136 models only

Our desktop appliances are often deployed in remote locations where flexible connectivity is essential. The expansion bay on the XGS 116, 126, and 136 models provides the option to add either a 3G/4G or a 5G module to your appliance. These optional modules can be securely mounted and are then managed from your Sophos Firewall console for better compatibility. 

  • Better performance with the latest standards supported
  • 3G/4G module supports LTE cat-6, up to 300 Mbps download/50 Mbps upload.
  • 5G module supports 5G Sub-6 bands with download speeds of up to 4.5 Gbps and upload speeds of up to 660 Mbps (depending on carrier and region).
  • Full protection from theft or damage

3G/4G module:

  • Two different versions: Europe/Americas and Asia-Pacific

5G module:

  • One version for all regions

SFP VDSL Modem

For use with all XG and XGS Series models

Use the SFP port to add VDSL connectivity to your appliance. Get rid of your router and connect your appliance directly to the DSL socket on your wall. This means one less piece of equipment to manage and a fully integrated solution. Our optional DSL modem supports most VDSL2 standards with download/upload speeds up to 100 Mbps.

 

2nd Wi-Fi Radio Module

For XGS 116w, 126w, and 136w only

Improve Wi-Fi coverage and performance in your office by adding a second Wi-Fi radio to selected XGS models. Adding a second radio with two extra antennas to a model that already has built-in Wi-Fi allows you to broadcast in both the 2.4- and 5-GHz bands simultaneously for an overall better Wi-Fi experience.

XGS Series Desktop Accessories Matrix

 

Model Power Redundancy Expansion Bay 3G/4G/5G Modules Wi-Fi
Options
VDSL SFP Modem Rackmount Kit
XGS 87 N/A N/A N/A N/A Optional Optional
XGS 87w N/A N/A N/A N/A Optional Optional
XGS 107 Optional 2nd
Power Supply
N/A N/A N/A Optional Optional
XGS 107w Optional 2nd
Power Supply
N/A N/A Built In Optional Optional
XGS 116 Optional 2nd
Power Supply
1 Optional N/A Optional Optional
XGS 116w Optional 2nd
Power Supply
1 Optional Built In
Optional 2nd Module
Optional Optional
XGS 126 Optional 2nd
Power Supply
1 Optional N/A Optional Optional
XGS 126w Optional 2nd
Power Supply
1 Optional Built In
Optional 2nd Module
Optional Optional
XGS 136 Optional 2nd
Power Supply
1 Optional N/A Optional Optional
XGS 136w Optional 2nd
Power Supply
1 Optional Built In
Optional 2nd Module
Optional Optional

Nutanix

Sophos Firewall is Nutanix AHV and Nutanix Flow Ready bringing next-gen protection to the industry’s leading Hyper Convergence Infrastructure (HCI) platform.

Take advantage of a 30-day free trial using our KVM image and flexible licensing.

Learn More

VMWare

Sophos Firewall is also available on all popular virtualization platforms, including VMWare ESXi, Microsoft Hyper-V 2008 and 2012, KVM, and Citrix Xen App platforms.

You can also install Sophos Firewall as a software appliance on your own x86 hardware.

XGS Series Next-Gen Firewall Appliances

Distributed Edge: 1U Models

Mid-sized and distributed organizations in need of a versatile solution to power and protect their networks will be well-served with our 1U models. These rackmount firewalls offer excellent performance, a diverse range of high-speed built-in interfaces, and a choice of add-on connectivity modules. Whether your priority is ensuring maximum uptime for your SD-WAN links, securely connecting your remote users, or protecting the network in a growing organization, you can tailor them to your dynamic environment.

All models are powered by a high-speed CPU plus a dedicated Xstream Flow Processor for hardware acceleration.

Online DemoDownload Brochure

 

 

overview-xgs-1u

Compare XGS 1U Models

Scroll

XGS 2100

XGS 2100

FIREWALL30,000 Mbps

TLS INSPECTION1,100 Mbps

FIREWALL IMIX16,500 Mbps

IPS6,000 Mbps

IPSEC VPN17,000 Mbps

NGFW5,200 Mbps

THREAT PROTECTION1,250 Mbps

LATENCY (64 BYTE UDP)6 µs

ETHERNET INTERFACES (FIXED) 8 x GE coppe
2 x SFP Fiber*

BYPASS PORT PAIRS (FIXED) 1

MAX. PORT DENSITY (INCL. MODULES) 18

MANAGEMENT INTERFACES 1 x RJ45 MGMT
1 x COM RJ45
1 x COM Micro-USB

OTHER I/O INTERFACES 2 x USB 3.0 (front)
1 x USB 2.0 (rear)

MAX. POE (USING FLEXI PORT MODULE) 1 Module: 4 Ports, 60W max.

FLEXI PORT SLOTS 1

OTHER OPTIONAL ADD-ON MODULES SFP VDSL modem
Transceivers

FLEXI PORT MODULES (OPTIONAL) 8 port GE copper
8 port GE SFP Fiber*
4 port 10GE SFP+ Fiber*
4 port GE copper bypass (2 pairs)
4 port GE copper PoE + 4 port GE copper
4 port 2.5 GE copper PoE
2 port GbE Fiber (LC) bypass + 4 port GbE SFP Fiber

2ND POWER SUPPLY optional external

DUAL SSD / RAID n/a

NOTES: * Transceivers sold separately

XGS 2100

XGS 2100 Front

Front

XGS 2100 Back

Back

XGS 2300

XGS 2300

FIREWALL39,000 Mbps

TLS INSPECTION1,450 Mbps

FIREWALL IMIX20,000 Mbps

IPS7,000 Mbps

IPSEC VPN20,500 Mbps

NGFW6,300 Mbps

THREAT PROTECTION1,500 Mbps

LATENCY (64 BYTE UDP)4 µs

ETHERNET INTERFACES (FIXED) 8 x GE copper
2 x SFP Fiber*

BYPASS PORT PAIRS (FIXED) 1

MAX. PORT DENSITY (INCL. MODULES) 18

MANAGEMENT INTERFACES 1 x RJ45 MGMT
1 x COM RJ45
1 x COM Micro-USB

OTHER I/O INTERFACES 2 x USB 3.0 (front)
1 x USB 2.0 (rear)

MAX. POE (USING FLEXI PORT MODULE) 1 Module: 4 Ports, 60W max.

FLEXI PORT SLOTS 1

OTHER OPTIONAL ADD-ON MODULES SFP VDSL modem
Transceivers

FLEXI PORT MODULES (OPTIONAL) 8 port GE copper
8 port GE SFP Fiber*
4 port 10GE SFP+ Fiber*
4 port GE copper bypass (2 pairs)
4 port GE copper PoE + 4 port GE copper
4 port 2.5 GE copper PoE
2 port GbE Fiber (LC) bypass + 4 port GbE SFP Fiber

2ND POWER SUPPLY optional external

DUAL SSD / RAID n/a

NOTES: * Transceivers sold separately

XGS 2300

XGS 2300 Front

Front

XGS 2300 Back

Back

XGS 3100

XGS 3100

FIREWALL47,000 Mbps

TLS INSPECTION2,470 Mbps

FIREWALL IMIX23,500 Mbps

IPS10,500 Mbps

IPSEC VPN25,000 Mbps

NGFW9,000 Mbps

THREAT PROTECTION2,000 Mbps

LATENCY (64 BYTE UDP)4 µs

ETHERNET INTERFACES (FIXED) 8 x GE copper
2 x SFP Fiber*
2 x SFP+ 10 GE Fiber*

BYPASS PORT PAIRS (FIXED) 1

MAX. PORT DENSITY (INCL. MODULES) 20

MANAGEMENT INTERFACES 1 x RJ45 MGMT
1 x COM RJ45
1 x COM Micro-USB

OTHER I/O INTERFACES 2 x USB 3.0 (front)
1 x USB 2.0 (rear)

MAX. POE (USING FLEXI PORT MODULE) 1 Module: 4 Ports, 60W max.

FLEXI PORT SLOTS 1

OTHER OPTIONAL ADD-ON MODULES SFP VDSL modem
Transceivers

FLEXI PORT MODULES (OPTIONAL) 8 port GE copper
8 port GE SFP Fiber*
4 port 10GE SFP+ Fiber*
4 port GE copper bypass (2 pairs)
4 port GE copper PoE + 4 port GE copper
4 port 2.5 GE copper PoE
2 port GbE Fiber (LC) bypass + 4 port GbE SFP Fiber

2ND POWER SUPPLY optional external

DUAL SSD / RAID n/a

NOTES: * Transceivers sold separately

XGS 3100

XGS 3100 Front

Front

XGS 3100 Back

Back

XGS 3100

XGS 3300

XGS 3300

FIREWALL58,000 Mbps

TLS INSPECTION3,130 Mbps

FIREWALL IMIX27,000 Mbps

IPS14,000 Mbps

IPSEC VPN31,100 Mbps

NGFW12,500 Mbps

THREAT PROTECTION3,000 Mbps

LATENCY (64 BYTE UDP)4 µs

ETHERNET INTERFACES (FIXED) 8 x GE copper
2 x SFP Fiber*
2 x SFP+ 10 GE Fiber*

BYPASS PORT PAIRS (FIXED) 1

MAX. PORT DENSITY (INCL. MODULES) 20

MANAGEMENT INTERFACES 1 x RJ45 MGMT
1 x COM RJ45
1 x COM Micro-USB

OTHER I/O INTERFACES 2 x USB 3.0 (front)
1 x USB 2.0 (rear)

MAX. POE (USING FLEXI PORT MODULE) 1 Module: 4 Ports, 60W max.

FLEXI PORT SLOTS 1

OTHER OPTIONAL ADD-ON MODULES SFP VDSL modem
Transceivers

FLEXI PORT MODULES (OPTIONAL) 8 port GE copper
8 port GE SFP Fiber*
4 port 10GE SFP+ Fiber*
4 port GE copper bypass (2 pairs)
4 port GE copper PoE + 4 port GE copper
4 port 2.5 GE copper PoE
2 port GbE Fiber (LC) bypass + 4 port GbE SFP Fiber

2ND POWER SUPPLY optional external

DUAL SSD / RAID n/a

NOTES: * Transceivers sold separately

XGS 3300

XGS 3300 Front

Front

XGS 3300 Back

Back

XGS 4300

XGS 4300

FIREWALL75,000 Mbps

TLS INSPECTION8,000 Mbps

FIREWALL IMIX33,000 Mbps

IPS29,500 Mbps

IPSEC VPN62,500 Mbps

NGFW23,000 Mbps

THREAT PROTECTION6,500 Mbps

LATENCY (64 BYTE UDP)3 µs

ETHERNET INTERFACES (FIXED) 4 x GE copper
4 x 2.5 GE copper
4 x SFP+ 10 GE Fiber*

BYPASS PORT PAIRS (FIXED) 2

MAX. PORT DENSITY (INCL. MODULES) 28

MANAGEMENT INTERFACES 1 x RJ45 MGMT
1 x COM RJ45
1 x COM Micro-USB

OTHER I/O INTERFACES 2 x USB 3.0 (front)

MAX. POE (USING FLEXI PORT MODULE) 2 Modules: 4 Ports, 60W max. per module

FLEXI PORT SLOTS 2

OTHER OPTIONAL ADD-ON MODULES SFP VDSL modem
Transceivers

FLEXI PORT MODULES (OPTIONAL) 8 port GE copper
8 port GE SFP Fiber*
4 port 10GE SFP+ Fiber*
4 port GE copper bypass (2 pairs)
4 port GE copper PoE + 4 port GE copper
4 port 2.5 GE copper PoE
2 port GbE Fiber (LC) bypass + 4 port GbE SFP Fiber

2ND POWER SUPPLY optional external

DUAL SSD / RAID n/a

NOTES: * Transceivers sold separately

XGS 4300

XGS 4300 Front

Front

XGS 4300 Back

Back

XGS 4500

XGS 4500

FIREWALL80,000 Mbps

TLS INSPECTION10,600 Mbps

FIREWALL IMIX37,000 Mbps

IPS36,500 Mbps

IPSEC VPN75,550 Mbps

NGFW30,000 Mbps

THREAT PROTECTION8,650 Mbps

LATENCY (64 BYTE UDP)4 µs

ETHERNET INTERFACES (FIXED) 4 x GE copper
4 x 2.5 GE copper
4 x SFP+ 10 GE Fiber*

BYPASS PORT PAIRS (FIXED) 2

MAX. PORT DENSITY (INCL. MODULES) 28

MANAGEMENT INTERFACES 1 x RJ45 MGMT
1 x COM RJ45
1 x COM Micro-USB

OTHER I/O INTERFACES 2 x USB 3.0 (front)

MAX. POE (USING FLEXI PORT MODULE) 2 Modules: 4 Ports, 60W max. per module

FLEXI PORT SLOTS 2

OTHER OPTIONAL ADD-ON MODULES SFP VDSL modem
Transceivers

FLEXI PORT MODULES (OPTIONAL) 8 port GE copper
8 port GE SFP Fiber*
4 port 10GE SFP+ Fiber*
4 port GE copper bypass (2 pairs)
4 port GE copper PoE + 4 port GE copper
4 port 2.5 GE copper PoE
2 port GbE Fiber (LC) bypass + 4 port GbE SFP Fiber

2ND POWER SUPPLY optional internal

DUAL SSD / RAID Included
SW RAID-1 support

NOTES: * Transceivers sold separately

XGS 4500

XGS 4500 Front

Front

XGS 4500 Back

Back

Performance Test Methodology

General

Maximum throughput measured under ideal test conditions using industry-standard Keysight-Ixia BreakingPoint test tools. Actual performance may vary depending on network conditions and activated services.

Firewall

Measured using HTTP traffic and 512 KB response size.

Firewall IMIX

UDP throughput based on a combination of 66-byte, 570-byte, and 1518-byte packet sizes.

IPS

Measured with IPS with HTTP traffic using default IPS ruleset and 512 KB object size.

IPsec VPN

HTTP throughput using multiple tunnels and 512 KB HTTP response size.

TLS inspection

Performance measured with IPS with HTTPS sessions and different cipher suites.

Threat Protection

Measured with firewall, IPS, application control, and malware prevention enabled using HTTP 200 KB response size.

Sophos Switch

Connectivity, Power, and Control

Product Highlights

  • Dual-processor architecture supports all key protection features without compromising performance.
  • A wide selection of copper and fiber ports plus various management interfaces are built-in on every model.
  • Fixed LAN bypass ports are on every model to support various deployment scenarios.
  • Modular Flexi Port expansion bay(s) on every model allows you to adapt connectivity.
  • Second power supply is an option for all models.
  • Optional Power-over-Ethernet (PoE) Flexi Port modules are centrally powered and benefit from power redundancy when using the second power option.
  • Rackmount kit is included.
xgs-4300-largeBg

Showing model XGS 4300

Accessories

Flexi Port Modules

For all XGS 1U models

Our 1U models come with one or more expansion bays to flexibly add to the diverse range of built-in interfaces on every box. Changes in your environment, your workforce, or your edge infrastructure may require additional fiber ports or a change in your connectivity. With Flexi Port modules, you have a cost-effective way to adapt your appliance, rather than having to purchase new hardware mid-term.

Transceivers

Sophos offers a range of transceivers to use in the SFP and SFP+ interfaces on your appliance or Flexi port module.

A list of compatible third-party transceivers can be found in our knowledge base article.

External Redundant Power Supply

For XGS 2xxx, 3xxx, 4300

All of our 1U models offer an optional second power supply for redundancy. The external power supply can be connected to the rear of the appliance.

When using this power supply with either the XGS 2100 or 2300, we suggest that you purchase rackmount rails (rather than using the rackmount ears supplied) for a more stable deployment in your data center.

Internal Redundant Power Supply

For XGS 4500 only

The second power supply for the XGS 4500 provides a simple way to add redundancy to our most powerful 1U unit.

For added reliability, the XGS 4500 also offers a second integrated SSD (RAID).

XGS Series 1U Accessories Matrix

 

Model Redundant Power Redundant SSD VDSL SFP Modem Flexi Port Bays Flexi Port Modules Rackmount Kit
XGS 2100 optional external n/a optional 1 8 Port 1G copper

8 Port 1G SFP

4 Port 10G SFP+

4 Port 1G copper bypass

4 port 1G copper PoE + 4 port 1G copper

4 port 2.5G copper PoE

2 port GbE Fiber (LC) bypass + 4 port GbE SFP Fiber
Rackmount ears incl.
Optional sliding rails
XGS 2300 optional external n/a optional 1 Rackmount ears incl.
Optional sliding rails
XGS 3100 optional external n/a optional 1 Rackmount ears incl.
Optional sliding rails
XGS 3300 optional external n/a optional 1 Rackmount ears incl.
Optional sliding rails
XGS 4300 optional external n/a optional 2 Sliding rails included
XGS 4500 optional internal included optional 2 Sliding rails included

XGS Series Next-Gen Firewall Appliances

Enterprise and Campus Edge: 2U Models

Distributed and growing enterprises in need of maximum throughput for the most complex networks get the ultimate in protection, performance, and business continuity with these next-gen firewalls. Xstream Flow Processors provide dedicated hardware acceleration to easily handle full-on protection for today’s encrypted, cloud-hosted applications and traffic. These models strike the perfect balance between port density and modularity, with a range of high-speed, built-in ports, plus additional high-density Flexi Port modules available to extend connectivity even further.

All models are powered by a high-speed CPU plus a dedicated Xstream Flow Processor for hardware acceleration.

Online DemoDownload Brochure

 

 

overview-xgs-2u

Compare XGS 2U Models

Scroll

XGS 5500

XGS 5500

FIREWALL100,000 Mbps

TLS INSPECTION13,500 Mbps

FIREWALL IMIX52,000 Mbps

IPS40,000 Mbps

IPSEC VPN92,500 Mbps

NGFW38,000 Mbps

THREAT PROTECTION14,000 Mbps

LATENCY (64 BYTE UDP)5 µs

ETHERNET INTERFACES (FIXED) 8 x GE copper
8 x SFP+ 10 GE Fiber*

MANAGEMENT INTERFACES 1 x RJ45 MGMT
1 x COM RJ45
1 x COM Micro-USB

BYPASS PORT PAIRS (FIXED) 2

OTHER I/O INTERFACES 2 x USB 3.0 (front)

MAX. PORT DENSITY (INCL. MODULES) 48

FLEXI PORT SLOTS 2 + 1 for High-density module

FLEXI PORT MODULES (OPTIONAL) 8 port GE copper
8 port GE SFP Fiber*
4 port 10 GE SFP+ Fiber*
4 port GE copper bypass (2 pairs)
2 port 40 GE QSFP+ Fiber*
8 port 10 GE SFP+ Fiber*
2 port GbE Fiber (LC) bypass + 4 port GbE SFP Fiber
2 port 10 GbE Fiber (LC) bypass + 4 port 10 GbE SFP+ Fiber
High-density module: 12 port GE copper + 4 port 2.5 GE copper

OTHER OPTIONAL ADD-ON MODULES SFP VDSL modem
Transceivers

POWER SUPPLY 2 x hot-swap internal

DUAL SSD Included
HW RAID built into CPU

NOTES: * Transceivers sold separately

XGS 5500

XGS 5500 Front

Front

XGS 5500 Back

Back

XGS 6500

XGS 6500

FIREWALL120,000 Mbps

TLS INSPECTION16,000 Mbps

FIREWALL IMIX60,000 Mbps

IPS50,750 Mbps

IPSEC VPN109,800 Mbps

NGFW46,500 Mbps

THREAT PROTECTION17,850 Mbps

LATENCY (64 BYTE UDP)5 µs

ETHERNET INTERFACES (FIXED) 8 x GE copper
12 x SFP+ 10 GE Fiber*

MANAGEMENT INTERFACES 1 x RJ45 MGMT
1 x COM RJ45
1 x COM Micro-USB

BYPASS PORT PAIRS (FIXED) 2

OTHER I/O INTERFACES 2 x USB 3.0 (front)

MAX. PORT DENSITY (INCL. MODULES) 68

FLEXI PORT SLOTS 2 + 2 for High-density modules

FLEXI PORT MODULES (OPTIONAL) 8 port GE copper
8 port GE SFP Fiber*
4 port 10 GE SFP+ Fiber*
4 port GE copper bypass (2 pairs)
2 port 40 GE QSFP+ Fiber*
8 port 10 GE SFP+ Fiber*
2 port GbE Fiber (LC) bypass + 4 port GbE SFP Fiber
2 port 10 GbE Fiber (LC) bypass + 4 port 10 GbE SFP+ Fiber
High-density module: 12 port GE copper + 4 port 2.5 GE copper

OTHER OPTIONAL ADD-ON MODULES SFP VDSL modem
Transceivers

POWER SUPPLY 2 x hot-swap internal

DUAL SSD Included
HW RAID built into CPU

NOTES: * Transceivers sold separately

XGS 6500

XGS 6500 Front

Front

XGS 6500 Back

Back

XGS 7500

XGS 7500

FIREWALL160,000 Mbps

TLS INSPECTION19,500 Mbps

FIREWALL IMIX70,500 Mbps

IPS71,500 Mbps

IPSEC VPN117,000 Mbps

NGFW58,000 Mbps

THREAT PROTECTION26,000 Mbps

LATENCY (64 BYTE UDP)5.4 µs

ETHERNET INTERFACES (FIXED) 8 x GE copper
12 x SFP+ 10 GE Fiber*
2 x QSFP28 10/25/40 Gbps

MANAGEMENT INTERFACES 1 x RJ45 MGMT
1 x COM RJ45
1 x COM Micro-USB

BYPASS PORT PAIRS (FIXED) 2

OTHER I/O INTERFACES 2 x USB 3.0 (front)

MAX. PORT DENSITY (INCL. MODULES) 70

FLEXI PORT SLOTS 2 + 2 for High-density modules

FLEXI PORT MODULES (OPTIONAL) 8 port GE copper
8 port GE SFP Fiber*
4 port 10 GE SFP+ Fiber*
4 port GE copper bypass (2 pairs)
2 port 40 GE QSFP+ Fiber*
8 port 10 GE SFP+ Fiber*
2 port GbE Fiber (LC) bypass + 4 port GbE SFP Fiber
2 port 10 GbE Fiber (LC) bypass + 4 port 10 GbE SFP+ Fiber
High-density module: 12 port GE copper + 4 port 2.5 GE copper

OTHER OPTIONAL ADD-ON MODULES SFP VDSL modem
Transceivers

POWER SUPPLY 2 x hot-swap internal

DUAL SSD Included
HW RAID built into CPU

NOTES: * Transceivers sold separately

XGS 7500

XGS 7500 Front

Front

XGS 7500 Back

Back

XGS 8500

XGS 8500

FIREWALL190,000 Mbps

TLS INSPECTION24,000 Mbps

FIREWALL IMIX81,000 Mbps

IPS93,000 Mbps

IPSEC VPN141,000 Mbps

NGFW76,000 Mbps

THREAT PROTECTION34,000 Mbps

LATENCY (64 BYTE UDP)5.5 µs

ETHERNET INTERFACES (FIXED) 8 x GE copper
12 x SFP+ 10 GE Fiber*
2 x QSFP28 10/25/40/50/100 Gbps

MANAGEMENT INTERFACES 1 x RJ45 MGMT
1 x COM RJ45
1 x COM Micro-USB

BYPASS PORT PAIRS (FIXED) 2

OTHER I/O INTERFACES 2 x USB 3.0 (front)

MAX. PORT DENSITY (INCL. MODULES) 70

FLEXI PORT SLOTS 2 + 2 for High-density modules

FLEXI PORT MODULES (OPTIONAL) 8 port GE copper
8 port GE SFP Fiber*
4 port 10 GE SFP+ Fiber*
4 port GE copper bypass (2 pairs)
2 port 40 GE QSFP+ Fiber*
8 port 10 GE SFP+ Fiber*
2 port GbE Fiber (LC) bypass + 4 port GbE SFP Fiber
2 port 10 GbE Fiber (LC) bypass + 4 port 10 GbE SFP+ Fiber
High-density module: 12 port GE copper + 4 port 2.5 GE copper

OTHER OPTIONAL ADD-ON MODULES SFP VDSL modem
Transceivers

POWER SUPPLY 2 x hot-swap internal

DUAL SSD Included
HW RAID built into CPU

NOTES: * Transceivers sold separately

XGS 8500

XGS 8500 Front

Front

XGS 8500 Back

Back

Performance Test Methodology

General

Maximum throughput measured under ideal test conditions using industry-standard Keysight-Ixia BreakingPoint test tools. Actual performance may vary depending on network conditions and activated services.

Firewall

Measured using HTTP traffic and 512 KB response size.

Firewall IMIX

UDP throughput based on a combination of 66-byte, 570-byte, and 1518-byte packet sizes.

IPS

Measured with IPS with HTTP traffic using default IPS ruleset and 512 KB object size.

IPsec VPN

HTTP throughput using multiple tunnels and 512 KB HTTP response size.

TLS inspection

Performance measured with IPS with HTTPS sessions and different cipher suites.

Threat Protection

Measured with firewall, IPS, application control, and malware prevention enabled using HTTP 200 KB response size.

Sophos Switch

Connectivity, Power, and Control

Product Highlights

  • Engineered for no-compromise performance
  • Dual-processor architecture with dedicated co-processor for enterprise-grade hardware acceleration
  • High-performance Non-Volatile Memory Express (NVMe) SSDs for better compatibility and storage (XGS 7500/8500 only)
  • Sufficient headroom to power all key threat protection features, such as TLS inspection, sandboxing, and AI-driven threat analysis
  • Extremely competitive ROI per protected Mbps
  • A range of standard 1 GE copper interfaces plus 8 to 12 SFP+ 10 GE fiber interfaces on every model
  • QSFP28 interfaces on high-end models with port speeds of up to 40 Gbps (XGS 7500) and 100 Gbps (XGS 8500)
  • Maximum port density of 48 (XGS 5500), 68 (XGS 6500), or 70 (XGS 7500/8500) using optional modules
  • Redundancy features on all models to help ensure business continuity
sophos-xgs-8500-largeBG

Showing model XGS 8500

Accessories

Flexi Port Modules

For all XGS 2U models

Our 2U models come with two standard Flexi Port expansion bays plus one or two bays for high-density modules to flexibly add to the diverse range of built-in interfaces on every box. Changes in your environment, your workforce, or your edge infrastructure may require additional fiber ports or a change in your connectivity. With Flexi Port modules, you have a cost-effective way to adapt your appliance, rather than having to purchase new hardware mid-term.

Transceivers

A list of compatible third-party transceivers can be found in our knowledge base article.

Redundancy

All of our 2U appliances come equipped with hot-swappable components to ensure maximum uptime:

  • Dual SSDs

  • Dual Power supplies

Rackmount Kits

All 2U rackmount appliances are supplied with rackmount sliding rails.

XGS Series 2U Accessories Matrix

 

Model Redundant Power Redundant SSD VDSL SFP Modem Flexi Port Bays Flexi Port Modules Rackmount Kit
XGS 5500 included included optional 2 + 1 for High-density module 8 Port 1G copper

8 Port 1G SFP

4 Port 10G SFP+

4 Port 1G copper bypass

2 port 40G QSFP+

8 port 10G SFP+

2 port GbE Fiber (LC) bypass + 4 port GbE SFP Fiber

2 port 10 GbE Fiber (LC) bypass + 4 port 10 GbE SFP+ Fiber

High-Density Flexi Port module: 12 Port 1G copper + 4 Port 2.5G copper
Sliding rails included
XGS 6500 included included optional 2 + 2 for High-density modules Sliding rails included
XGS 7500 included included optional 2 + 2 for High-density modules Sliding rails included
XGS 8500 included included optional 2 + 2 for High-density modules Sliding rails included

SD-RED

Edge Devices For Remote Locations

SD-RED (Remote Ethernet Device) offers a uniquely simple solution to extend network connectivity to your remote locations and branch offices, no matter where in the world they are. Replace expensive MPLS connections to reduce your costs and take advantage of other Sophos products, such as Intercept X, for added SD-WAN functionality in combination with Sophos Firewall.

Online DemoDownload Brochure

sdred-20-60-thumb

Compare SD-RED Models

Scroll

SD-RED 20

SD-RED 20

MAX. THROUGHPUT 250 Mbps

ETHERNET AND WAN INTERFACES 4 x GE copper
1 x SFP (shared with WAN)
1 x WAN (shared with SFP)

EXPANSION SLOTS 1

OPTIONAL MODULES Wi-Fi Module
3G/4G Module
SFP Transceivers

SWAPPABLE COMPONENTS Optional 2nd power supply

SD-RED 20

SD-RED 20 Front

Front

SD-RED 20 Back

Back

SD-RED 60

SD-RED 60

MAX. THROUGHPUT 850 Mbps

ETHERNET AND WAN INTERFACES 4 x GE copper
1 x SFP (shared with WAN1)
2 x WAN (WAN1 shared with SFP)
2 x PoE (total power 30W)

EXPANSION SLOTS 1

OPTIONAL MODULES Wi-Fi Module
3G/4G Module
SFP Transceivers

SWAPPABLE COMPONENTS Optional 2nd power supply

SD-RED 60

SD-RED 60 Front

Front

SD-RED 60 Back

Back

Product Highlights

  • Plug-and-play deployment, with no IT staff required on site.
  • Flexible configuration to allow many different operating modes (backhaul all traffic, split tunnel, transparent).
  • All data between the SD-RED and your firewall is securely encrypted.
  • Modular concept to add connectivity, such as Wi-Fi or 3G/4G cellular.
  • SD-RED 60 offers two Power-over-Ethernet (PoE) ports to directly power your wireless access points and other PoE-capable devices.
  • Manage your SD-RED devices from your Sophos Firewall console (Network Protection subscription required for management).
  • Five-year warranty is standard. Support for SD-RED is included if you have Enhanced Plus support for your appliance.

Download SD-RED Datasheet

sdred-product-highlights

Accessories

Both SD-RED models are equipped with a modular bay, allowing you to tailor connectivity to your needs. This provides flexible, reliable WAN connectivity without the incompatibility issues experienced with USB dongles and similar add-on solutions.

Wi-Fi Connectivity

Add an 802.11ac Wave 2 (Wi-Fi 5) module to your SD-RED device to provide Wi-Fi connectivity at your remote sites. Two external antennas ensure that the network coverage is optimized.

Power Redundancy

Power redundancy is a must for network devices. A second power adapter on your SD-RED helps ensure business continuity.

3G/4G Connectivity

Our 3G/4G module has been tested using numerous Internet Service Providers in many countries. Two external antennas provide superior network coverage vs. other add-on solutions.

Rackmount Kit

Mount your SD-RED on a wall for easy access to all interfaces or use a rackmount kit to add it to your existing server rack.

Get a Complete Overview

Request a QuoteDownload Brochure

Wireless LAN

Your options with Sophos Firewall

Wi-Fi Integrated XGS Models

All Sophos desktop appliances are optionally available with Wi-Fi built-in. These are ideal as a low-cost, all-in-one solution for smaller offices and retail environments where network coverage is required in a relatively limited space. See the XGS Desktop section for further details.

Cloud-Managed Wi-Fi with Support for Wi-Fi 6/6E

Sophos Wireless provides support for Sophos’ latest access points, the AP6 Series. AP6 management is either via Sophos Central (support subscription required) or individually via the local user interface. This option provides all the scalability of a cloud-managed solution and gives you a single pane of glass for all your Sophos solutions.

Existing Customers with APX Series Hardware

We have announced an end-of-life date for our Wi-Fi 5 APX Series hardware of December 31, 2027.

Customers who own APX can continue to use them on a supported platform until the EOL date.

As Wireless Protection is included in the Base License purchased with every appliance, there are no additional subscription costs to consider.

All existing APX models can also be managed via Sophos Central at no extra charge.

Wireless DatasheetDownload Brochure

 

 

 

AP6 appliances

Get a Complete Overview

Request a QuoteDownload Brochure