Sophos Firewall Features

Sophos Firewall Ì All firewall rules provide an at-a-glance summary of

the applied security and control for AV, sandboxing,
Highlights IPS, web, app, traffic shaping (QoS), and Heartbeat
Ì Xstream Architecture provides extreme levels Ì Pre-defined IPS, web, app, TLS, and traffic shaping
of visibility, protection, and performance (QoS) policies enable quick setup and easy
through stream-based packet processing customization for common deployment scenarios
Ì Xstream TLS inspection offers high performance, support (e.g. CIPA, typical workplace policies, and more)
for TLS 1.3 with no downgrading, port agnostic, enterprise- Ì Sophos Security HeartbeatTM connects Sophos
grade policies with pre-packaged exceptions, unique endpoints with the firewall to share health status
dashboard visibility, and compatibility troubleshooting and telemetry, enabling instant identification
Ì Xstream DPI Engine provides stream scanning of unhealthy or compromised endpoints
protection for IPS, AV, web, app control, and TLS Ì Active Threat Response identifies, blocks and
inspection in a single-high performance engine automatically responds to active adversaries
Ì Xstream Network Flow FastPath delivers policy-driven and from threat feeds provided by SophosLabs,
intelligent acceleration of trusted traffic automatically MDR analysts, or third-parties

Ì Xstream SD-WAN provides performance-based Ì Synchronized Application Control automatically

link selection with zero-impact re-routing, SD-WAN identifies, classifies, and enables control of all unknown
monitoring, multi-site SD-WAN orchestration tools, Mac/Windows applications on the network
and FastPath acceleration of IPsec VPN tunnel traffic Ì Cloud Application Visibility enables shadow IT discovery
Ì Purpose-built user interface with interactive control instantly and offers one-click traffic shaping
center utilizes traffic-light indicators (red, yellow, green) Ì Policy test simulator tool enables firewall rule and web
to instantly identify what needs attention at a glance policy simulation and testing by user, IP, and time of day
Ì Control Center offers instant insights into endpoint Ì User Threat Quotient identifies risky users based
health, unidentified Mac and Windows applications, on recent browsing behavior and ATP triggers
cloud applications and shadow IT, suspicious
payloads, risky users, advanced threats, network Ì Configuration API for all features for RMM/PSA integration
attacks, objectionable websites, and much more Ì Discover Mode (TAP mode) for seamless integration in
Ì Optimized two-clicks-to-anywhere trials and PoCs with support for Synchronized Security
navigation with intelligent search Ì Integrated ZTNA Gateway in every firewall makes
Ì Policy Control Center widget monitors policy activity secure access to applications easy from anywhere
for business, user, and network policies and tracks Ì Sophos Central cloud-based management and reporting
unused, disabled, changed, and new policies for multiple firewalls provides group policy management
Ì Unified policy model combines all firewall, NAT, and one console for all your Sophos IT security products
and TLS inspection rules onto a single screen Ì Easy streamlined setup wizard enables fast out-
with grouping, filtering, and search options of-the box deployment in just a few minutes
Ì Streamlined firewall rule management for large rule Ì Zero-touch deployment and configuration
sets with custom auto and manual grouping plus at-a- in Sophos Central for new firewalls
glance mouse-over feature and enforcement indicators
Ì Seamless integration with Sophos MDR and XDR
Sophos Firewall Features

Base Firewall Ì Group policy management allows objects, settings,

and policies to be modified once and automatically
General Management synchronized to all firewalls in the group
Ì Purpose-built, streamlined user interface and firewall Ì Task Manager provides a full historical audit trail
rule management for large rule sets with grouping with and status monitoring of group policy changes
at-a-glance rule feature and enforcement indicators
Ì Backup firmware management in Sophos Central
Ì Two-factor authentication (one-time-password) support stores the last five configuration backup files
for administrator access, user portal, IPsec and SSL VPN for each firewall with one that can be pinned
Ì Advanced logging and troubleshooting for permanent storage and easy access
tools in GUI (e.g., packet capture) Ì Firmware update scheduling from Sophos Central enables
Ì High Availability (HA) support clustering two easy automated updates to be applied at any time
devices in active-active or active-passive mode Ì Zero-touch deployment enables the initial
with plug-and-play Quick HA setup supporting configuration to be performed in Sophos Central
multiple redundant synchronization links and then exported for loading onto the device
Ì Full command line interface (CLI) accessible from GUI from a flash drive at startup, automatically
connecting the device back to Sophos Central
Ì Role-based administration with Azure
AD integration for single sign-on
Firewall, Networking, and Routing
Ì Automated firmware update notification with easy Ì Stateful deep packet inspection firewall
automated update process and roll-back features
Ì Xstream packet processing architecture provides
Ì Reusable and searchable system object definitions extreme levels of visibility, protection, and performance
for networks, services, hosts, time periods, through stream-based packet processing
users and groups, clients, and servers
Ì Xstream TLS inspection with high performance,
Ì Self-service user portal support for TLS 1.3 with no downgrading, port
Ì Configuration change tracking agnostic, enterprise-grade polices, unique dashboard
visibility, and compatibility troubleshooting
Ì Flexible device access control for services by zones
Ì Xstream DPI Engine provides stream scanning
Ì Email or SNMP trap notification options
protection for IPS, AV, web, app control, and TLS
Ì SNMP v3 and Netflow support inspection in a single high-performance engine

Ì Central management support via Sophos Central Ì Xstream Network Flow FastPath delivers policy-driven
and intelligent acceleration of trusted application traffic,
Ì Backup and restore configurations: locally,
IPSec VPN traffic, and TLS encrypted traffic automatically
via FTP or email; on-demand, daily, weekly,
or monthly - with the option to remap ports Ì User, group, time, or network-based policies
when upgrading hardware appliances
Ì Access time polices per user/group
Ì Let’s Encrypt certificate support for WAF, SMTP, TLS
Ì Enforce policy across zones, networks, or by service type
configuration, hotspot sign-in, the Web Admin console,
user portal, captive portal, VPN portal, and SPX portal Ì Zone isolation and zone-based policy support

Ì API for third-party integration Ì Default zones for LAN, WAN, DMZ, LOCAL, VPN, and Wi-Fi

Ì Interface renaming Ì Custom zones on LAN or DMZ

Ì Remote access option for Sophos Support Ì Customizable NAT policies with IP masquerading and full
object support to redirect or forward multiple services in
Ì Cloud-based license management via MySophos
a single rule with a convenient NAT rule wizard to quickly
and easily create complex NAT rules in just a few clicks
Sophos Central Management
Ì Re-usable network object definitions for all rules
Ì Sophos Central cloud-based management
with global intelligent free-text search
and reporting for multiple firewalls provides
group policy management and a single console Ì Flood protection: DoS, DDoS, and portscan blocking
for all your Sophos IT security products Ì Country blocking by geo-IP

2
Sophos Firewall Features

Ì Routing: static, multicast (PIM-SM), and Ì Robust VPN support including IPsec and SSL VPN
dynamic: RIP, BGP, OSPFv3 (IPv6) BGPv6
Ì Unique RED Layer 2 tunnel with routing
Ì Clone static routes and turn them on or off,
Redistribute dynamic BGP routes into OSPFv3, Base Traffic Shaping and Quotas
utilize Blackhole route options, and utilize Equal- Ì Flexible network- or user-based traffic shaping (QoS)
Cost Multi-Path (ECMP) for load balancing (enhanced web and app traffic shaping options
Ì Upstream proxy support included with the Web Protection subscription)

Ì Protocol-independent multicast Ì Set user-based traffic quotas on upload/download

routing with IGMP snooping or total traffic and cyclical or non-cyclical

Ì Bridging with STP support and ARP broadcast forwarding Ì Real-time VoIP optimization

Ì VLAN DHCP support and tagging Ì DSCP marking

Ì VLAN bridge support Secure Wireless

Ì Jumbo frame support Ì Simple plug-and-play deployment of Sophos wireless
access points (APX Series only) – automatically
Ì Enable/disable physical interfaces
appear on the firewall control center
Ì Wireless WAN support (n/a in virtual deployments)
Ì Central monitoring and management of APs and
Ì 802.3ad interface link aggregation wireless clients through the built-in wireless controller
Ì Full configuration of DNS, DHCP, and NTP Ì Bridge APs to LAN, VLAN, or a separate
Ì Dynamic DNS (DDNS) zone with client isolation options

Ì IPv6 Ready Logo Program Approval Certification Ì Multiple SSID support per radio including hidden SSIDs

Ì IPv6 DHCP Prefix Delegation Ì Support for diverse security and encryption standards
including WPA2 Personal and Enterprise
Ì IPv6 tunnelling support including 6in4, 6to4, 4in6,
and IPv6 rapid deployment (6rd) through IPsec Ì Channel width selection option

Ì Support for IEEE 802.1X (RADIUS authentication)

Xstream SD-WAN with primary and secondary server support
Ì Xstream SD-WAN profiles support multiple WAN link Ì Support for 802.11r (fast transition)
options including VDSL, DSL, cable, LTE/cellular, and MPLS
Ì Hotspot support for (custom) vouchers,
Ì Performance-based SLAs automatically select the password of the day, or T&C acceptance
best WAN link based on jitter, latency, or packet loss
Ì Wireless guest internet access with walled garden options
Ì SD-WAN load balancing across multiple
Ì Time-based wireless network access
SD-WAN links with round robin weighting
or session persistence strategies Ì Wireless repeating and bridging meshed
network mode with supported APs
Ì Zero-impact re-routing maintains application sessions
when link performance falls below thresholds and a Ì Automatic channel selection background optimization
transition is made to a better performing WAN link
Ì Support for HTTPS login
Ì SD-WAN monitoring graphs provide real-time insights
into latency, jitter and packet loss for all WAN links Authentication
Ì Xstream FastPath acceleration of SD- Ì Synchronized User ID utilizes Synchronized Security
WAN IPsec tunnel traffic to share currently logged in Active Directory user
ID between Sophos endpoints and the firewall
Ì Synchronized SD-WAN, a Synchronized Security without an agent on the AD server or client
feature, leverages the added clarity and reliability of
application identification that comes with the sharing of Ì Authentication via: Active Directory,
Synchronized Application Control information between eDirectory, RADIUS, LDAP and TACACS+
Sophos-managed endpoints and Sophos Firewall Ì Server authentication agents for Active
Ì Application routing over preferred links via Directory SSO, STAS, SATC
firewall rules or policy-based routing
3
Sophos Firewall Features

Ì Single sign-on: Active directory, Ì L2TP and PPTP

eDirectory, RADIUS Accounting
Ì Route-based VPN with traffic selectors
Ì Azure AD single sign-on for administrator
Ì Remote access: SSL, IPsec, iPhone/iPad/
access to the Webadmin console
Cisco/Android VPN client support
Ì Azure AD single sign-on for users to authenticate
Ì IKEv2 Support
for web access via the captive portal
Ì IPsec Connection Stateful HA Failover for RBVPN,
Ì Transparent AD SSO with HSTS enforced, enabling
PBVPN, and remote access VPN without losing
Kerberos and NTLM handshakes over HTTP or HTTPS
session event in HA failover scenarios
Ì Azure AD Group Import and RBAC support
Ì IPsec VPN tunnel status monitoring via SNMP
Ì Client authentication agents for
Ì Advanced IPsec support for unique PSK
Windows, Mac OS X, Linux 32/64
and DH-Group 27-30 / RFC6954
Ì Browser SSO authentication: Transparent,
Ì SSL client for Windows and configuration
proxy authentication (NTLM) and Kerberos
download via user portal
Ì Browser Captive Portal
Sophos Connect Client
Ì Authentication certificates for iOS and Android
Ì Authentication: Pre-Shared Key (PSK),
Ì Authentication services for IPsec, SSL, L2TP, PPTP PKI (X.509), Token and XAUTH
Ì Google Chromebook authentication support for Ì Enables Synchronized Security and Security
environments with Active Directory and Google G Suite Heartbeat for remote connected users
Ì Google Workspace integration via LDAP Ì Intelligent split-tunneling for optimum traffic routing
client with Google Chromebook SSO
Ì NAT-traversal support
Ì API-based authentication
Ì Client-monitor for graphical overview of connection status

User Self-Service & VPN Portals Ì Mac (IPsec) and Windows (SSL/IPsec) client support
Ì Download the Sophos Authentication Client

Ì Download SSL remote access client (Windows)

Network Protection
and configuration files (other OS) Intrusion Prevention (IPS)
Ì Hotspot access information Ì High-performance, next-gen IPS deep packet
inspection engine with selective IPS patterns
Ì Change user name and password
that can be applied on a firewall rule basis for
Ì View personal internet usage maximum performance and protection
Ì Access quarantined messages and manage user-based Ì Thousands of signatures
block/allow sender lists (requires Email Protection)
Ì Granular category selection
Zero Trust Network Access Ì Support for custom IPS signatures
Ì Integrated Sophos ZTNA gateway for secure access Ì IPS Policy Smart Filters enable dynamic policies that
to applications hosted behind the firewall automatically update as new patterns are added
Ì Managed from Sophos Central
Active Threat Response and Security
Base VPN Options HeartbeatTM
Ì Site-to-site VPN: SSL, IPsec, 256- bit AES/3DES, Ì Active Threat Response automatically monitors/blocks
PFS, RSA, X.509 certificates, pre-shared key APT and other threats identified via Sophos-X Ops Threat
Feeds for advanced threat protection from bots and active
Ì Sophos RED site-to-site VPN tunnel
adversaries attempting to contact malicious destinations
(robust and lightweight)
using multi-layered DNS, AFC, and firewall detections
Ì Xstream FastPath acceleration of IPsec tunnel
Ì Active Threat Response automatically monitors/
traffic (both site-to-site and remote-access)
blocks threats identified by MDR/XDR threat
Ì AWS VPC import, monitoring and management tools feeds published by a Sophos or customer/partner
4
Sophos Firewall Features

SOC analyst when Sophos Firewall with Xstream Ì Enhanced Advanced Threat Protection
Protection is combined with Sophos MDR/XDR
Ì URL Filter database with millions of sites across
Ì Active Threat Response automatically monitors/ 92 categories, backed by SophosLabs
blocks third-party threat feeds from industry, vertical, or
Ì Surfing quota time policies per user/group
regional threat intel sources with Xstream Protection
Ì Access time polices per user/group
Ì Sophos Synchronized Security Heartbeat instantly
flags compromised devices with a red Heartbeat status Ì Malware scanning: block all forms of viruses,
that are attempting to contact any threat indicator web malware, trojans, and spyware on
identified by Active Threat Response and it’s related HTTP/S, FTP and web-based email
threat feeds. Heartbeat status is also monitored by
Ì Advanced web malware protection
Sophos-managed endpoints and shared with the
with JavaScript emulation
firewall and will include details such as host, user,
process, incident count, and time of compromise Ì Live Protection real-time, in-the-cloud
lookups for the latest threat intelligence
Ì Sophos Security Heartbeat conditions can be attached
to any firewall rule, automatically limiting access to Ì Second independent malware detection
network resources and segments for a device that engine (Avira) for dual-scanning
has been compromised until it is cleaned up Ì Real-time or batch mode scanning
Ì Sophos Firewall also automatically initiates lateral Ì Pharming protection
movement protection in the event a managed
endpoint is compromised by informing all healthy Ì Enforce tenant restrictions for O365
Sophos-managed endpoints to reject traffic from Ì SSL protocol tunnelling detection and enforcement
the compromised device effectively stonewalling
Ì Certificate validation
the device - even on the same LAN segment
Ì High performance web content caching
SD-RED Device Management Ì Forced caching for Sophos Endpoint updates
Ì Central management of all SD-RED devices
Ì File type filtering by mime-type, extension, and active
Ì No configuration: Automatically connects content types (e.g. Activex, applets, cookies, etc.)
through a cloud-based provisioning service
Ì YouTube for Schools enforcement per policy (user/group)
Ì Secure encrypted tunnel using digital X.509
Ì SafeSearch enforcement (DNS-based) for major
certificates and AES 256-bit encryption
search engines per policy (user/group)
Ì Virtual Ethernet for reliable transfer of
Ì Web keyword monitoring and enforcement to log,
all traffic between locations
report or block web content matching keyword
Ì IP address management with centrally defined lists with the option to upload customs lists
DHCP and DNS server configuration
Ì Block potentially unwanted applications (PUAs)
Ì Remotely de-authorize SD-RED devices
Ì Web policy override option for teachers or
after a select period of inactivity
staff to temporarily allow access to blocked
Ì Compression of tunnel traffic sites or categories that are fully customizable
Ì VLAN port configuration options and manageable by select users

Ì User/group policy enforcement on Google Chromebooks

Clientless VPN
Ì Sophos unique encrypted HTML5 self-service portal Cloud Application Visibility
with support for RDP, SSH, Telnet, and VNC Ì Control Center widget displays amount of data uploaded
and downloaded to cloud applications categorized
Web Protection as new, sanctioned, unsanctioned or tolerated

Web Protection and Control Ì Discover Shadow IT at a glance

Ì Streaming DPI web protection or Ì Drill down to obtain details on users, traffic, and data
explicit proxy mode inspection
Ì One-click access to traffic shaping policies
Ì Explicit proxy mode supports per-connection
Ì Filter cloud application usage by category or volume
authentication for multiple users on the same source IP 5
Sophos Firewall Features

Ì Detailed customizable cloud application Ì Machine learning technology with deep learning
usage report for full historical reporting scans all dropped executable files

Ì Includes exploit prevention and CryptoGuard

Application Protection and Control
Protection technology from Sophos Intercept X
Ì Synchronized App Control to automatically, identify,
classify, and control all unknown Windows and Mac Ì In-depth malicious file reports with screen
applications on the network by sharing information shots and dashboard file release capability
between Sophos-managed endpoints and the firewall Ì Optional data center selection and flexible
Ì Signature-based application control with user and group policy options on file type,
patterns for thousands of applications exclusions, and actions on analysis

Ì Cloud Application Visibility and Control Ì Supports one-time download links

to discover shadow IT
Static Threat Intelligence Analysis
Ì App Control Smart Filters that enable dynamic policies
Ì All files containing active code downloaded via the
which automatically update as new patterns are added
web or coming into the firewall as email attachments
Ì Micro app discovery and control such as executables and documents containing
Ì Application control based on category, characteristics executable content (including .exe, .com, and .dll, .doc,
(e.g., bandwidth and productivity consuming), .docx, docm, and .rtf and PDF) and archives containing
technology (e.g. P2P), and risk level any of the file types listed above (including ZIP, BZIP,
GZIP, RAR, TAR, LHA/LZH, 7Z, Microsoft Cabinet) are
Ì Per-user or network rule application automatically sent for threat intelligence analysis
control policy enforcement
Ì Files are checked against SophosLabs’ massive threat
Web and App Traffic Shaping intelligence database and subjected to multiple machine
learning models to identify new and unknown malware
Ì Enhanced traffic shaping (QoS) options by web category
or application to limit or guarantee upload/download or Ì Extensive reporting includes a dashboard widget for
total traffic priority and bitrate individually or shared analyzed files, a detailed list of the files that have been
analyzed and the analysis results, and a detailed report
DNS Protection outlining the outcome of each machine learning model

Cloud-Based DNS Service Central Orchestration

Ì Domain Name Resolution Service
SD-WAN Orchestration
Ì High-performance cloud-based DNS service
Ì SD-WAN and VPN orchestration with easy and automated
Ì Powered by SophosLabs and AI wizard-based creation of site-to-site VPN tunnels
between network locations using an optimal architecture
Ì Blocks malicious URLs at DNS lookup
(hub-and-spoke, full mesh, or some combination)
Ì Granular compliance controls to block
Ì Supports IPsec, SSL or RED VPN tunnels. Integrates
unwanted websites by category
seamlessly with SD-WAN features for application
Ì Managed from Sophos Central prioritization, routing optimization, and leveraging
multiple WAN links for resiliency and performance
Zero-Day Protection
Central Firewall Reporting Advanced
Dynamic Sandbox Analysis Ì 30-days of cloud data storage for historical
Ì Full integration into your Sophos security firewall reporting with advanced features to
solution dashboard save, schedule, and export custom reports

Ì Inspects executables and documents containing XDR and MDR Integration

executable content (including .exe, .com, and .dll, .doc,
Ì Integration with Sophos XDR and MDR to feed telemetry
.docx, docm, and .rtf and PDF) and archives containing
and threat intelligence for threat hunting and analysis
any of the file types listed above (including ZIP, BZIP,
GZIP, RAR, TAR, LHA/LZH, 7Z, Microsoft Cabinet) Ì Sophos Active Threat Response utilizes threat feeds
from MDR and XDR analysts to automatically identify,
Ì Aggressive behavioral, network, and memory analysis
block, and isolate active threats on the network
Ì Detects sandbox evasion behavior
6
Sophos Firewall Features

Ì Synchronized Security IoC telemetry gathers Ì Completely transparent - no additional

important information about any threat, users, software or client required
process and device that has been compromised
Ì DLP engine with automatic scanning of emails
and attachments for sensitive data
Email Protection
Ì Pre-packaged sensitive data type content
Email Protection and Control control lists (CCLs) for PII, PCI, HIPAA, and
Ì Email scanning with SMTP, POP3, and IMAP support more, maintained by SophosLabs

Ì Reputation service with spam outbreak monitoring based

Web Server Protection
on patented recurrent-pattern detection technology

Ì Block spam and malware during the SMTP transaction Web Application Firewall Protection
Ì Reverse proxy
Ì DKIM and BATV anti-spam protection
Ì URL hardening engine with deep-linking
Ì Spam greylisting and Sender Policy
and directory traversal prevention
Framework (SPF) protection
Ì Form hardening engine
Ì Recipient verification for mistyped email addresses
Ì SQL injection protection
Ì Second independent malware detection
engine (Avira) for dual scanning Ì Cross-site scripting protection
Ì Live Protection real-time, in-the-cloud Ì Dual-antivirus engines (Sophos and Avira)
lookups for the latest threat intelligence
Ì HTTPS (TLS/SSL) encryption offloading
Ì Automatic signature and pattern updates
Ì Cookie signing with digital signatures
Ì Smart host support for outbound relays
Ì Path-based routing
Ì File type detection/blocking/scanning of attachments
Ì Geo IP policy enforcement
Ì Accept, reject, or drop over-sized messages
Ì Custom cipher configuration and TLS version enforcement
Ì Detects phishing URLs within e-mails
Ì HSTS and X-Content-Type-Options enforcement
Ì Use pre-defined content scanning rules or create
Ì Outlook anywhere protocol support
your own custom rules based on a variety of criteria
with granular policy options and exceptions Ì Reverse authentication (offloading) for form-based
and basic authentication for server access
Ì TLS encryption support for SMTP, POP, and IMAP
Ì Virtual server and physical server abstraction
Ì Append signature automatically to all outbound messages
Ì Integrated load balancer spreads
Ì Email archiver
visitors across multiple servers
Ì Individual user-based block and allow sender
Ì Skip individual checks in a granular fashion as required
lists maintained through the user portal
Ì Match requests from source networks
Email Quarantine Management or specified target URLs
Ì Spam quarantine digest and notifications options Ì Support for logical and/or operators
Ì Malware and spam quarantines with search and Ì Assists compatibility with various configurations
filter options by date, sender, recipient, subject, and and non-standard deployments
reason with option to release and delete messages
Ì Options to change web application
Ì Self-serve user portal for viewing and firewall performance parameters
releasing quarantined messages
Ì Scan size limit option
Email Encryption and DLP Ì Allow/block IP ranges
Ì Patent-pending SPX encryption for one-
Ì Wildcard support for server paths and domains
way message encryption
Ì Automatically append a prefix/suffix for authentication
Ì Recipient self-registration SPX password management

Ì Add attachments to SPX secure replies

7
Sophos Firewall Features

Reporting and Logging On-box Reporting

Central Firewall Reporting NOTE: Sophos Firewall reporting is included at no extra
charge, but individual log, report, and widget availability may
Ì Pre-defined reports with flexible customization options
be dependent on their respective protection module licenses.
Ì Reporting for Sophos Firewalls: hardware,
Ì Hundreds of on-box reports with custom report options:
software, virtual, and cloud
Dashboards (Traffic, Security, and User Threat Quotient),
Ì Intuitive user interface provides Applications (App Risk, Blocked Apps, Synchronized
graphical representation of data Apps, Search Engines, Web Servers, Web Keyword Match,
FTP), Network and Threats (Active Threat Response
Ì Report dashboard provides an at-a-glance
and threat feeds, Security Heartbeat, IPS, wireless,
view of events over the past 24 hours
zero-day threat protection), VPN, Email, Compliance
Ì Easily identify network activities, (HIPAA, GLBA, SOX, FISMA, PCI, NERC CIP v3, CIPA)
trends, and potential attacks
Ì Current Activity Monitoring: system health, live users,
Ì Easy backup of logs with quick retrieval for audit needs IPsec connections, remote users, live connections,
Ì Simplified deployment without the wireless clients, quarantine, and DoS attacks
need for technical expertise Ì SD-WAN link performance monitoring
for jitter, latency, and packet loss
Central Firewall Reporting Advanced
Ì Report anonymization
Ì Multi-firewall aggregate reporting
Ì Report scheduling to multiple recipients by
Ì Save custom report templates report group with flexible frequency options
Ì Scheduled reporting Ì Export reports as HTML, PDF, Excel (XLS)
Ì Export reports in PDF, CFV, or HTML format Ì Report bookmarks
Ì Up to one year data storage per firewall Ì Log retention customization by category
Ì MDR/XDR data lake connector for threat hunting Ì Full-featured log viewer with column view and
detailed view with powerful filter and search options,
hyperlinked rule ID, and data view customization

8
Sophos Firewall Features

Sophos Firewall Features by Subscription Summary

Xstream Protection Bundle Available Separately
Standard Protection Bundle Available Separately

Bundle Central Web

Base Network Web DNS Zero-Day Central Email
Only Firewall Server
Firewall Protection Protection Protection Protection Orchestration Protection
Features Reporting Adv. Protection
General Management (incl. HA) ●

Xstream Architecture ●

Firewall, Networking and Routing ●

Xstream SD-WAN ●

Base Traffic Shaping and Quotas ●

Secure Wireless ●

Authentication ●

Self-Serve User Portal ●

ZTNA Gateway ●

VPN (IPsec, SSL, etc) ●

RED Site-to-Site VPN ●

Sophos Connect VPN Client ●

Intrusion Prevention (IPS) ●

Active Threat Response

Sophos X-Ops Threat Feeds ●

MDR/XDR Threat Feeds ●

Third Party Threat Feeds ●

Synchronized Security Heartbeat ●

SD-RED Device Management ●

Clientless VPN ●

Synchronized Application Control ●

Web Protection and Control ●

Application Protection and Control ●

Cloud Application Visibility ●

Web and App Traffic Shaping ●

DNS Security and Compliance ●

Dynamic Sandbox Analysis ●

Threat Intelligence Analysis ●

SD-WAN Orchestration ●

Central Firewall Reporting Data* 7 Days 30 Days Up to 1 Year

CFR Advanced Features ● ●

Email Protection and Control ●

Email Quarantine Management ●

Email Encryption and DLP ●

Web Application
●
Firewall Protection
Logging and Reporting ● ● ● ● ● ● ● ● ● ●

Sophos Central Management ● ● ● ● ● ● ● ● ● ●

Please note: Some features are not supported on XGS 87 and XGS 88 models
(on-box reporting, dual AV scanning, WAF AV scanning and email message transfer agent (MTA) functionality)
MSP licensing options differ slightly to the above
* Data storage retention time is an estimate based on average network usage and will vary depending on actual log data volume. Storage Estimation Tool.
9
Sophos Firewall Features

Support Plans
ENHANCED SUPPORT ENHANCED PLUS SUPPORT
(included in the Xstream (available as an upgrade from
Protection Bundle) Enhanced Support)

24/7 multi-channel support (phone, web portal, chat) including

● ●
remote assistance and self-help access to KB and support forums

Firmware downloads, updates, and maintenance ● ●

Advanced hardware replacement for active devices ● ●

Advanced hardware replacement for a passive HA device* ●

Advanced hardware replacement for SD-RED/APX devices ●

VIP Access (calls routed to senior engineers) ●

Remote consulting (2-8 hours per year) ●

* To enable advanced RMA coverage for a passive HA device, the active device must have an Enhanced Plus support license
Refer to the Sophos Support Service Guide for full details.

United Kingdom and Worldwide Sales North American Sales Australia and New Zealand Sales Asia Sales
Tel: +44 (0)8447 671131 Toll Free: 1-866-866-2802 Tel: +61 2 9409 9100 Tel: +65 62244168
Email: [email protected] Email: [email protected] Email: [email protected] Email: [email protected]

© Copyright 2024. Sophos Ltd. All rights reserved.

Registered in England and Wales No. 2096520, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, UK
Sophos is the registered trademark of Sophos Ltd. All other product and company names mentioned are
trademarks or registered trademarks of their respective owners.

24-10-07 FL-EN (PC)