Sophos XG Firewall offers a full suite of next-generation threat protection in a single interface, offering simple threat management and quick security posture visibility to maximize the efficiency of security teams and harden defenses against advanced threats. Sophos offers zero-touch device deployment without an on-site engineer, using setup wizards to streamline the implementation of this solution and minimize time-to-value.

XStream is a new, streaming-based packet processing architecture that XG Firewall uses for all decryption, security and control. With its FastPath technology, this streaming engine also accelerates application performance by conducting proxy-less scanning.

The combination of the XStream DPI Engine, TLS inspection (including support for the 1.3 standard) and AI protection lets XG Firewall act whenever it identifies an endpoint threat or a change in security system health. XG Firewall communicates with endpoints via the synchronized security functionality, Security Heartbeat, whenever such threats and changes occur. This process lets the system automate threat responses according to dynamic firewall rules and lateral movement protection, relieving some of the burden on otherwise overloaded security teams and those organizations without dedicated security resources. The XG Firewall offers much-desired capabilities to create rules based on IP, device or geo-location, rather than on users, although we couldn't find them during the initial product test and required additional guidance from the vendor to locate them.

The XG Firewall also has synchronized application control that uses artificial intelligence to analyze unknown application packet headers automatically, even without a signature match. The endpoint shares this information with the firewall, which then automatically categorizes and controls all unknown applications to prevent malicious executions.

XG Firewall displays all the information it collects in the centralized cloud management platform, Sophos Central. Such information includes a user threat quotient that analyzes user risk and behavior as well as a traffic-light-style threat indication system that flashes red for threats requiring immediate attention, orange for warnings that may require further investigation and green for when it cannot detect any threats. We are especially impressed with the hover-over information bubbles that further explain each data feature. Security analysts may drill into virtually every aspect of the interface to uncover threat intelligence surrounding an alert, to see new threat reports, to find a comprehensive file analysis with sandboxing results and more. 

Overall, security pros will find Sophos XG Firewall an easy-to-manage, comprehensive UTM product that has extensive features to suit several use cases, including the latest SSL encryption standard. The XStream FastPath Technology affords administrators the freedom and visibility to choose which applications to accelerate. Synchronized security integrates with the Sophos endpoint and firewall solutions to bolster protection and isolate infected endpoints. Finally, Sophos Central pulls everything together in a unified console where all Sophos products, including XG Firewall, can be managed easily.

Pricing is $249 per year and includes 90-day phone and email support and a one-year warranty. 24/7 phone, email and website support are available for an additional fee and include access to a knowledgebase with effective documentation, how-to video guides and FAQ list. However, we would like to see an easier means of searching for specific documentation.

Written by Katelyn Dunn

Tested by Tom Weil