Powered by Xstream
Sophos XGS Series firewalls combine the best of two worlds: the flexibility of a high-performance, multi-core CPU for deep packet inspection and the performance benefits of a dedicated Xstream Flow Processor for intelligent application acceleration.
Powerful Protection at Every Price Point
Sophos Firewall and the XGS Series deliver the industry’s best visibility, protection, and performance. From the small branch office to the distributed enterprise, no-compromise protection is guaranteed.
We’ve Got the Edge
Sophos Firewall can take your network anywhere it needs to go with an extensive range of modular hardware appliances, cloud and virtual platform support, and secure access edge devices like our SD-RED and wireless access points.
XGS Series Appliances
SMB and Branch Office
XGS Series Desktop
Excellent value and all-in-one connectivity for all your branch office, retail outlet, and small business needs.
Models 87/87w, 107/107w, 116/116w, 126/126w, 136/136w
Distributed Edge
XGS Series 1U Rackmount
Performance and versatile connectivity options to meet the security infrastructure needs of larger SMB and mid-sized organizations.
Models 2100, 2300, 3100, 3300, 4300, 4500
Enterprise/Campus Edge
XGS Series 2U Rackmount
Performance, connectivity, and redundancy without compromise for the most demanding enterprise and campus networks.
Models 5500, 6500, 7500, 8500
SD-WAN and Wi-Fi
Remote Ethernet Devices
SD-RED Series
Plug-and-play Remote Ethernet Devices to provide edge connectivity for branch office and remote sites.
Models 20, 60
Wi-Fi Access Points
APX Series
Manage, secure, and control your Wi-Fi networks from your Sophos Firewall.
Models 120, 320, 530, 740
Switches
Access Layer Switch Range
Connectivity, power, and control.
Cloud and Virtual
Sophos Firewall protects your public, private, and hybrid cloud and virtual environments.
AWS
As an AWS Advanced Technology Partner, Sophos is a validated AWS Security Competency vendor, AWS marketplace seller, and AWS Public Section Partner.
Sophos Firewall is available in the AWS marketplace with a Pay as You Go (PAYG) license model or Bring Your Own License (BYOL) to best fit your needs.
Azure
Sophos Firewall is certified and optimized for Azure and is available in the Microsoft Azure Marketplace.
Take advantage of the free test drive or the flexible PAYG or BYOL licensing options.
XGS Series Next-Gen Firewall Appliances
SMB and Branch Office: Desktop Models
Customers looking for an all-in-one network security solution will appreciate the seamless connectivity options available for our desktop appliances. With the modularity that smaller businesses, retail outlets, and branch offices need to grow and adapt to changing circumstances, they offer the perfect balance between price and performance. All desktop models are optionally available with built-in Wi-Fi.
All models are powered by a high-speed CPU plus a dedicated Xstream Flow Processor for hardware acceleration.
Compare XGS Desktop Models
Scroll
XGS 87 / 87w
Performance
FIREWALL3,850 Mbps
TLS INSPECTION375 Mbps
FIREWALL IMIX3,000 Mbps
IPS1,200 Mbps
IPSEC VPN3,000 Mbps
NGFW700 Mbps
THREAT PROTECTION280 Mbps
LATENCY (64 BYTE UDP)6 µs
Connectivity
ETHERNET INTERFACES (FIXED) 4 X GE copper
1 X SFP Fiber*
POWER-OVER-ETHERNET (FIXED) n/a
MANAGEMENT INTERFACES 1 x COM RJ45
1 x COM Micro-USB
OTHER I/O INTERFACES 1 x USB 2.0 (front)
1 x USB 3.0 (rear)
WI-FI OPTION (W-MODEL ONLY) Wi-Fi 5 (802.11ac)
2X2:2 MIMO
2 external antennas
single radio, 2.4 or 5 GHz
Modularity
EXPANSION SLOTS n/a
OPTIONAL ADD-ON MODULES SFP VDSL modem
SFP transceivers
Redundancy
SWAPPABLE COMPONENTS n/a
NOTES: * Transceivers sold separately
XGS 87 / 87w
Front
Back
XGS 107 / 107w
Performance
FIREWALL7,000 Mbps
TLS INSPECTION420 Mbps
FIREWALL IMIX3,750 Mbps
IPS1,500 Mbps
IPSEC VPN4,000 Mbps
NGFW1,050 Mbps
THREAT PROTECTION370 Mbps
LATENCY (64 BYTE UDP)6 µs
Connectivity
ETHERNET INTERFACES (FIXED) 8 x GE copper
1 X SFP Fiber*
POWER-OVER-ETHERNET (FIXED) n/a
MANAGEMENT INTERFACES 1 x COM RJ45
1 x COM Micro-USB
OTHER I/O INTERFACES 1 x USB 2.0 (front)
1 x USB 3.0 (rear)
WI-FI OPTION (W-MODEL ONLY) Wi-Fi 5 (802.11ac)
2X2:2 MIMO
2 external antennas
single radio, 2.4 or 5 GHz
Modularity
EXPANSION SLOTS n/a
OPTIONAL ADD-ON MODULES SFP VDSL modem
SFP transceivers
Redundancy
SWAPPABLE COMPONENTS optional 2nd power supply
NOTES: * Transceivers sold separately
XGS 107 / 107w
Front
Back
XGS 116 / 116w
Performance
FIREWALL7,700 Mbps
TLS INSPECTION650 Mbps
FIREWALL IMIX4,500 Mbps
IPS2,500 Mbps
IPSEC VPN4,800 Mbps
NGFW2,000 Mbps
THREAT PROTECTION720 Mbps
LATENCY (64 BYTE UDP)8 µs
Connectivity
ETHERNET INTERFACES (FIXED) 8 x GE copper
1 X SFP Fiber*
POWER-OVER-ETHERNET (FIXED) 1 x G
802.3at (30W max.)
MANAGEMENT INTERFACES 1 x COM RJ45
1 x COM Micro-USB
OTHER I/O INTERFACES 1 x USB 2.0 (front)
1 x USB 3.0 (rear)
WI-FI OPTION (W-MODEL ONLY) Wi-Fi 5 (802.11ac)
2X2:2 MIMO
2 external antennas
single radio, 2.4 or 5 GHz
Modularity
EXPANSION SLOTS 1
OPTIONAL ADD-ON MODULES 3G/4G module
5G module
2nd Wi-Fi 5/802.11ac module (for w-model only)
SFP VDSL modem
SFP transceivers
Redundancy
SWAPPABLE COMPONENTS optional 2nd power supply
NOTES: * Transceivers sold separately
XGS 116 / 116w
Front
Back
XGS 126/126w
Performance
FIREWALL10,500 Mbps
TLS INSPECTION800 Mbps
FIREWALL IMIX5,250 Mbps
IPS3,250 Mbps
IPSEC VPN5,500 Mbps
NGFW2,500 Mbps
THREAT PROTECTION900 Mbps
LATENCY (64 BYTE UDP)8 µs
Connectivity
ETHERNET INTERFACES (FIXED)10 x GE copper
2 x SFP Fiber*
POWER-OVER-ETHERNET (FIXED)2 x GE
802.3at (30W max. per port)
MANAGEMENT INTERFACES 1 x COM RJ45
1 x COM Micro-USB
OTHER I/O INTERFACES 1 x USB 2.0 (front)
1 x USB 3.0 (rear)
WI-FI OPTION (W-MODEL ONLY)Wi-Fi 5 (802.11ac)
3X3:3 MIMO
3 external antennas
single radio, 2.4 or 5 GHz
Modularity
EXPANSION SLOTS 1
OPTIONAL ADD-ON MODULES 3G/4G module
5G module
2nd Wi-Fi 5/802.11ac module (for w-model only)
SFP VDSL modem
SFP transceivers
Redundancy
SWAPPABLE COMPONENTS optional 2nd power supply
NOTES: * Transceivers sold separately
XGS 126/126w
Front
Back
XGS 136/136w
Performance
FIREWALL11,500 Mbps
TLS INSPECTION950 Mbps
FIREWALL IMIX6,500 Mbps
IPS4,000 Mbps
IPSEC VPN6,350 Mbps
NGFW3,000 Mbps
THREAT PROTECTION1,000 Mbps
LATENCY (64 BYTE UDP)8 µs
Connectivity
ETHERNET INTERFACES (FIXED)10 x GE copper
2 x SFP Fiber*
POWER-OVER-ETHERNET (FIXED)2 x 2.5 GE
802.3at (30W max. per port)
MANAGEMENT INTERFACES 1 x COM RJ45
1 x COM Micro-USB
OTHER I/O INTERFACES 1 x USB 2.0 (front)
1 x USB 3.0 (rear)
WI-FI OPTION (W-MODEL ONLY)Wi-Fi 5 (802.11ac)
3X3:3 MIMO
3 external antennas
single radio, 2.4 or 5 GHz
Modularity
EXPANSION SLOTS 1
OPTIONAL ADD-ON MODULES 3G/4G module
5G module
2nd Wi-Fi 5/802.11ac module (for w-model only)
SFP VDSL modem
SFP transceivers
Redundancy
SWAPPABLE COMPONENTS optional 2nd power supply
NOTES: * Transceivers sold separately
XGS 136/136w
Front
Back
Performance Test Methodology
|
General |
Maximum throughput measured under ideal test conditions using industry-standard Keysight-Ixia BreakingPoint test tools. Actual performance may vary depending on network conditions and activated services. |
|
Firewall |
Measured using HTTP traffic and 512 KB response size. |
|
Firewall IMIX |
UDP throughput based on a combination of 66-byte, 570-byte, and 1518-byte packet sizes. |
|
IPS |
Measured with IPS with HTTP traffic using default IPS ruleset and 512 KB object size. |
|
IPsec VPN |
HTTP throughput using multiple tunnels and 512 KB HTTP response size. |
|
TLS inspection |
Performance measured with IPS with HTTPS sessions and different cipher suites. |
|
Threat Protection |
Measured with firewall, IPS, application control, and malware prevention enabled using HTTP 200 KB response size. |
Sophos Switch
Connectivity, Power, and Control
Product Highlights
- Dual-processor architecture delivers an excellent price-to-performance ratio.
- Every model is available with optional integrated Wi-Fi for all-in-one connectivity.
- An expansion bay on all XGS 116/126/136 models improves compatibility for 3G/4G or 5G when used with our optional modules.
- An optional second Wi-Fi radio module can be added to w-models with an expansion bay.
- A second power supply option for all XGS 1xx models offers a redundancy option not always seen in this form factor.
- Power-over-Ethernet ports are built-in on 116, 126 (1 GE), and 136 (2.5 GE) models to power your external devices.
- The SFP port on all models can be used for FTTH/FTTP or with the optional VDSL modem.
- Note: All protection features are supported on every XGS 1xx model and most on XGS 87 and 87w.
Showing XGS 116w Model
Accessories
3G/4G or 5G Connectivity
For XGS 116, 126, and 136 models only
Our desktop appliances are often deployed in remote locations where flexible connectivity is essential. The expansion bay on the XGS 116, 126, and 136 models provides the option to add either a 3G/4G or a 5G module to your appliance. These optional modules can be securely mounted and are then managed from your Sophos Firewall console for better compatibility.
- Better performance with the latest standards supported
- 3G/4G module supports LTE cat-6, up to 300 Mbps download/50 Mbps upload.
- 5G module supports 5G Sub-6 bands with download speeds of up to 4.5 Gbps and upload speeds of up to 660 Mbps (depending on carrier and region).
- Full protection from theft or damage
3G/4G module:
- Two different versions: Europe/Americas and Asia-Pacific
5G module:
- One version for all regions
SFP VDSL Modem
For use with all XG and XGS Series models
Use the SFP port to add VDSL connectivity to your appliance. Get rid of your router and connect your appliance directly to the DSL socket on your wall. This means one less piece of equipment to manage and a fully integrated solution. Our optional DSL modem supports most VDSL2 standards with download/upload speeds up to 100 Mbps.
2nd Wi-Fi Radio Module
For XGS 116w, 126w, and 136w only
Improve Wi-Fi coverage and performance in your office by adding a second Wi-Fi radio to selected XGS models. Adding a second radio with two extra antennas to a model that already has built-in Wi-Fi allows you to broadcast in both the 2.4- and 5-GHz bands simultaneously for an overall better Wi-Fi experience.
XGS Series Desktop Accessories Matrix
| Model | Power Redundancy | Expansion Bay | 3G/4G/5G Modules | Wi-Fi Options |
VDSL SFP Modem | Rackmount Kit |
|---|---|---|---|---|---|---|
| XGS 87 | N/A | N/A | N/A | N/A | Optional | Optional |
| XGS 87w | N/A | N/A | N/A | N/A | Optional | Optional |
| XGS 107 | Optional 2nd Power Supply |
N/A | N/A | N/A | Optional | Optional |
| XGS 107w | Optional 2nd Power Supply |
N/A | N/A | Built In | Optional | Optional |
| XGS 116 | Optional 2nd Power Supply |
1 | Optional | N/A | Optional | Optional |
| XGS 116w | Optional 2nd Power Supply |
1 | Optional | Built In Optional 2nd Module |
Optional | Optional |
| XGS 126 | Optional 2nd Power Supply |
1 | Optional | N/A | Optional | Optional |
| XGS 126w | Optional 2nd Power Supply |
1 | Optional | Built In Optional 2nd Module |
Optional | Optional |
| XGS 136 | Optional 2nd Power Supply |
1 | Optional | N/A | Optional | Optional |
| XGS 136w | Optional 2nd Power Supply |
1 | Optional | Built In Optional 2nd Module |
Optional | Optional |
Nutanix
Sophos Firewall is Nutanix AHV and Nutanix Flow Ready bringing next-gen protection to the industry’s leading Hyper Convergence Infrastructure (HCI) platform.
Take advantage of a 30-day free trial using our KVM image and flexible licensing.
VMWare
Sophos Firewall is also available on all popular virtualization platforms, including VMWare ESXi, Microsoft Hyper-V 2008 and 2012, KVM, and Citrix Xen App platforms.
You can also install Sophos Firewall as a software appliance on your own x86 hardware.
XGS Series Next-Gen Firewall Appliances
Distributed Edge: 1U Models
Mid-sized and distributed organizations in need of a versatile solution to power and protect their networks will be well-served with our 1U models. These rackmount firewalls offer excellent performance, a diverse range of high-speed built-in interfaces, and a choice of add-on connectivity modules. Whether your priority is ensuring maximum uptime for your SD-WAN links, securely connecting your remote users, or protecting the network in a growing organization, you can tailor them to your dynamic environment.
All models are powered by a high-speed CPU plus a dedicated Xstream Flow Processor for hardware acceleration.
Compare XGS 1U Models
Scroll
XGS 2100
Performance
FIREWALL30,000 Mbps
TLS INSPECTION1,100 Mbps
FIREWALL IMIX16,500 Mbps
IPS6,000 Mbps
IPSEC VPN17,000 Mbps
NGFW5,200 Mbps
THREAT PROTECTION1,250 Mbps
LATENCY (64 BYTE UDP)6 µs
Connectivity
ETHERNET INTERFACES (FIXED) 8 x GE coppe
2 x SFP Fiber*
BYPASS PORT PAIRS (FIXED) 1
MAX. PORT DENSITY (INCL. MODULES) 18
MANAGEMENT INTERFACES 1 x RJ45 MGMT
1 x COM RJ45
1 x COM Micro-USB
OTHER I/O INTERFACES 2 x USB 3.0 (front)
1 x USB 2.0 (rear)
MAX. POE (USING FLEXI PORT MODULE) 1 Module: 4 Ports, 60W max.
Modularity
FLEXI PORT SLOTS 1
OTHER OPTIONAL ADD-ON MODULES SFP VDSL modem
Transceivers
FLEXI PORT MODULES (OPTIONAL) 8 port GE copper
8 port GE SFP Fiber*
4 port 10GE SFP+ Fiber*
4 port GE copper bypass (2 pairs)
4 port GE copper PoE + 4 port GE copper
4 port 2.5 GE copper PoE
2 port GbE Fiber (LC) bypass + 4 port GbE SFP Fiber
Redundancy
2ND POWER SUPPLY optional external
DUAL SSD / RAID n/a
NOTES: * Transceivers sold separately
XGS 2100
Front
Back
XGS 2300
Performance
FIREWALL39,000 Mbps
TLS INSPECTION1,450 Mbps
FIREWALL IMIX20,000 Mbps
IPS7,000 Mbps
IPSEC VPN20,500 Mbps
NGFW6,300 Mbps
THREAT PROTECTION1,500 Mbps
LATENCY (64 BYTE UDP)4 µs
Connectivity
ETHERNET INTERFACES (FIXED) 8 x GE copper
2 x SFP Fiber*
BYPASS PORT PAIRS (FIXED) 1
MAX. PORT DENSITY (INCL. MODULES) 18
MANAGEMENT INTERFACES 1 x RJ45 MGMT
1 x COM RJ45
1 x COM Micro-USB
OTHER I/O INTERFACES 2 x USB 3.0 (front)
1 x USB 2.0 (rear)
MAX. POE (USING FLEXI PORT MODULE) 1 Module: 4 Ports, 60W max.
Modularity
FLEXI PORT SLOTS 1
OTHER OPTIONAL ADD-ON MODULES SFP VDSL modem
Transceivers
FLEXI PORT MODULES (OPTIONAL) 8 port GE copper
8 port GE SFP Fiber*
4 port 10GE SFP+ Fiber*
4 port GE copper bypass (2 pairs)
4 port GE copper PoE + 4 port GE copper
4 port 2.5 GE copper PoE
2 port GbE Fiber (LC) bypass + 4 port GbE SFP Fiber
Redundancy
2ND POWER SUPPLY optional external
DUAL SSD / RAID n/a
NOTES: * Transceivers sold separately
XGS 2300
Front
Back
XGS 3100
Performance
FIREWALL47,000 Mbps
TLS INSPECTION2,470 Mbps
FIREWALL IMIX23,500 Mbps
IPS10,500 Mbps
IPSEC VPN25,000 Mbps
NGFW9,000 Mbps
THREAT PROTECTION2,000 Mbps
LATENCY (64 BYTE UDP)4 µs
Connectivity
ETHERNET INTERFACES (FIXED) 8 x GE copper
2 x SFP Fiber*
2 x SFP+ 10 GE Fiber*
BYPASS PORT PAIRS (FIXED) 1
MAX. PORT DENSITY (INCL. MODULES) 20
MANAGEMENT INTERFACES 1 x RJ45 MGMT
1 x COM RJ45
1 x COM Micro-USB
OTHER I/O INTERFACES 2 x USB 3.0 (front)
1 x USB 2.0 (rear)
MAX. POE (USING FLEXI PORT MODULE) 1 Module: 4 Ports, 60W max.
Modularity
FLEXI PORT SLOTS 1
OTHER OPTIONAL ADD-ON MODULES SFP VDSL modem
Transceivers
FLEXI PORT MODULES (OPTIONAL) 8 port GE copper
8 port GE SFP Fiber*
4 port 10GE SFP+ Fiber*
4 port GE copper bypass (2 pairs)
4 port GE copper PoE + 4 port GE copper
4 port 2.5 GE copper PoE
2 port GbE Fiber (LC) bypass + 4 port GbE SFP Fiber
Redundancy
2ND POWER SUPPLY optional external
DUAL SSD / RAID n/a
NOTES: * Transceivers sold separately
XGS 3100
Front
Back
XGS 3300
Performance
FIREWALL58,000 Mbps
TLS INSPECTION3,130 Mbps
FIREWALL IMIX27,000 Mbps
IPS14,000 Mbps
IPSEC VPN31,100 Mbps
NGFW12,500 Mbps
THREAT PROTECTION3,000 Mbps
LATENCY (64 BYTE UDP)4 µs
Connectivity
ETHERNET INTERFACES (FIXED) 8 x GE copper
2 x SFP Fiber*
2 x SFP+ 10 GE Fiber*
BYPASS PORT PAIRS (FIXED) 1
MAX. PORT DENSITY (INCL. MODULES) 20
MANAGEMENT INTERFACES 1 x RJ45 MGMT
1 x COM RJ45
1 x COM Micro-USB
OTHER I/O INTERFACES 2 x USB 3.0 (front)
1 x USB 2.0 (rear)
MAX. POE (USING FLEXI PORT MODULE) 1 Module: 4 Ports, 60W max.
Modularity
FLEXI PORT SLOTS 1
OTHER OPTIONAL ADD-ON MODULES SFP VDSL modem
Transceivers
FLEXI PORT MODULES (OPTIONAL) 8 port GE copper
8 port GE SFP Fiber*
4 port 10GE SFP+ Fiber*
4 port GE copper bypass (2 pairs)
4 port GE copper PoE + 4 port GE copper
4 port 2.5 GE copper PoE
2 port GbE Fiber (LC) bypass + 4 port GbE SFP Fiber
Redundancy
2ND POWER SUPPLY optional external
DUAL SSD / RAID n/a
NOTES: * Transceivers sold separately
XGS 3300
Front
Back
XGS 4300
Performance
FIREWALL75,000 Mbps
TLS INSPECTION8,000 Mbps
FIREWALL IMIX33,000 Mbps
IPS29,500 Mbps
IPSEC VPN62,500 Mbps
NGFW23,000 Mbps
THREAT PROTECTION6,500 Mbps
LATENCY (64 BYTE UDP)3 µs
Connectivity
ETHERNET INTERFACES (FIXED) 4 x GE copper
4 x 2.5 GE copper
4 x SFP+ 10 GE Fiber*
BYPASS PORT PAIRS (FIXED) 2
MAX. PORT DENSITY (INCL. MODULES) 28
MANAGEMENT INTERFACES 1 x RJ45 MGMT
1 x COM RJ45
1 x COM Micro-USB
OTHER I/O INTERFACES 2 x USB 3.0 (front)
MAX. POE (USING FLEXI PORT MODULE) 2 Modules: 4 Ports, 60W max. per module
Modularity
FLEXI PORT SLOTS 2
OTHER OPTIONAL ADD-ON MODULES SFP VDSL modem
Transceivers
FLEXI PORT MODULES (OPTIONAL) 8 port GE copper
8 port GE SFP Fiber*
4 port 10GE SFP+ Fiber*
4 port GE copper bypass (2 pairs)
4 port GE copper PoE + 4 port GE copper
4 port 2.5 GE copper PoE
2 port GbE Fiber (LC) bypass + 4 port GbE SFP Fiber
Redundancy
2ND POWER SUPPLY optional external
DUAL SSD / RAID n/a
NOTES: * Transceivers sold separately
XGS 4300
Front
Back
XGS 4500
Performance
FIREWALL80,000 Mbps
TLS INSPECTION10,600 Mbps
FIREWALL IMIX37,000 Mbps
IPS36,500 Mbps
IPSEC VPN75,550 Mbps
NGFW30,000 Mbps
THREAT PROTECTION8,650 Mbps
LATENCY (64 BYTE UDP)4 µs
Connectivity
ETHERNET INTERFACES (FIXED) 4 x GE copper
4 x 2.5 GE copper
4 x SFP+ 10 GE Fiber*
BYPASS PORT PAIRS (FIXED) 2
MAX. PORT DENSITY (INCL. MODULES) 28
MANAGEMENT INTERFACES 1 x RJ45 MGMT
1 x COM RJ45
1 x COM Micro-USB
OTHER I/O INTERFACES 2 x USB 3.0 (front)
MAX. POE (USING FLEXI PORT MODULE) 2 Modules: 4 Ports, 60W max. per module
Modularity
FLEXI PORT SLOTS 2
OTHER OPTIONAL ADD-ON MODULES SFP VDSL modem
Transceivers
FLEXI PORT MODULES (OPTIONAL) 8 port GE copper
8 port GE SFP Fiber*
4 port 10GE SFP+ Fiber*
4 port GE copper bypass (2 pairs)
4 port GE copper PoE + 4 port GE copper
4 port 2.5 GE copper PoE
2 port GbE Fiber (LC) bypass + 4 port GbE SFP Fiber
Redundancy
2ND POWER SUPPLY optional internal
DUAL SSD / RAID Included
SW RAID-1 support
NOTES: * Transceivers sold separately
XGS 4500
Front
Back
Performance Test Methodology
|
General |
Maximum throughput measured under ideal test conditions using industry-standard Keysight-Ixia BreakingPoint test tools. Actual performance may vary depending on network conditions and activated services. |
|
Firewall |
Measured using HTTP traffic and 512 KB response size. |
|
Firewall IMIX |
UDP throughput based on a combination of 66-byte, 570-byte, and 1518-byte packet sizes. |
|
IPS |
Measured with IPS with HTTP traffic using default IPS ruleset and 512 KB object size. |
|
IPsec VPN |
HTTP throughput using multiple tunnels and 512 KB HTTP response size. |
|
TLS inspection |
Performance measured with IPS with HTTPS sessions and different cipher suites. |
|
Threat Protection |
Measured with firewall, IPS, application control, and malware prevention enabled using HTTP 200 KB response size. |
Sophos Switch
Connectivity, Power, and Control
Product Highlights
- Dual-processor architecture supports all key protection features without compromising performance.
- A wide selection of copper and fiber ports plus various management interfaces are built-in on every model.
- Fixed LAN bypass ports are on every model to support various deployment scenarios.
- Modular Flexi Port expansion bay(s) on every model allows you to adapt connectivity.
- Second power supply is an option for all models.
- Optional Power-over-Ethernet (PoE) Flexi Port modules are centrally powered and benefit from power redundancy when using the second power option.
- Rackmount kit is included.
Showing model XGS 4300
Accessories
Flexi Port Modules
For all XGS 1U models
Our 1U models come with one or more expansion bays to flexibly add to the diverse range of built-in interfaces on every box. Changes in your environment, your workforce, or your edge infrastructure may require additional fiber ports or a change in your connectivity. With Flexi Port modules, you have a cost-effective way to adapt your appliance, rather than having to purchase new hardware mid-term.
Transceivers
Sophos offers a range of transceivers to use in the SFP and SFP+ interfaces on your appliance or Flexi port module.
A list of compatible third-party transceivers can be found in our knowledge base article.
External Redundant Power Supply
For XGS 2xxx, 3xxx, 4300
All of our 1U models offer an optional second power supply for redundancy. The external power supply can be connected to the rear of the appliance.
When using this power supply with either the XGS 2100 or 2300, we suggest that you purchase rackmount rails (rather than using the rackmount ears supplied) for a more stable deployment in your data center.
Internal Redundant Power Supply
For XGS 4500 only
The second power supply for the XGS 4500 provides a simple way to add redundancy to our most powerful 1U unit.
For added reliability, the XGS 4500 also offers a second integrated SSD (RAID).
XGS Series 1U Accessories Matrix
| Model | Redundant Power | Redundant SSD | VDSL SFP Modem | Flexi Port Bays | Flexi Port Modules | Rackmount Kit |
|---|---|---|---|---|---|---|
| XGS 2100 | optional external | n/a | optional | 1 | 8 Port 1G copper 8 Port 1G SFP 4 Port 10G SFP+ 4 Port 1G copper bypass 4 port 1G copper PoE + 4 port 1G copper 4 port 2.5G copper PoE 2 port GbE Fiber (LC) bypass + 4 port GbE SFP Fiber |
Rackmount ears incl. Optional sliding rails |
| XGS 2300 | optional external | n/a | optional | 1 | Rackmount ears incl. Optional sliding rails |
|
| XGS 3100 | optional external | n/a | optional | 1 | Rackmount ears incl. Optional sliding rails |
|
| XGS 3300 | optional external | n/a | optional | 1 | Rackmount ears incl. Optional sliding rails |
|
| XGS 4300 | optional external | n/a | optional | 2 | Sliding rails included | |
| XGS 4500 | optional internal | included | optional | 2 | Sliding rails included |
XGS Series Next-Gen Firewall Appliances
Enterprise and Campus Edge: 2U Models
Distributed and growing enterprises in need of maximum throughput for the most complex networks get the ultimate in protection, performance, and business continuity with these next-gen firewalls. Xstream Flow Processors provide dedicated hardware acceleration to easily handle full-on protection for today’s encrypted, cloud-hosted applications and traffic. These models strike the perfect balance between port density and modularity, with a range of high-speed, built-in ports, plus additional high-density Flexi Port modules available to extend connectivity even further.
All models are powered by a high-speed CPU plus a dedicated Xstream Flow Processor for hardware acceleration.
Compare XGS 2U Models
Scroll
XGS 5500
Performance
FIREWALL100,000 Mbps
TLS INSPECTION13,500 Mbps
FIREWALL IMIX52,000 Mbps
IPS40,000 Mbps
IPSEC VPN92,500 Mbps
NGFW38,000 Mbps
THREAT PROTECTION14,000 Mbps
LATENCY (64 BYTE UDP)5 µs
Connectivity
ETHERNET INTERFACES (FIXED) 8 x GE copper
8 x SFP+ 10 GE Fiber*
MANAGEMENT INTERFACES 1 x RJ45 MGMT
1 x COM RJ45
1 x COM Micro-USB
BYPASS PORT PAIRS (FIXED) 2
OTHER I/O INTERFACES 2 x USB 3.0 (front)
MAX. PORT DENSITY (INCL. MODULES) 48
Modularity
FLEXI PORT SLOTS 2 + 1 for High-density module
FLEXI PORT MODULES (OPTIONAL) 8 port GE copper
8 port GE SFP Fiber*
4 port 10 GE SFP+ Fiber*
4 port GE copper bypass (2 pairs)
2 port 40 GE QSFP+ Fiber*
8 port 10 GE SFP+ Fiber*
2 port GbE Fiber (LC) bypass + 4 port GbE SFP Fiber
2 port 10 GbE Fiber (LC) bypass + 4 port 10 GbE SFP+ Fiber
High-density module: 12 port GE copper + 4 port 2.5 GE copper
OTHER OPTIONAL ADD-ON MODULES SFP VDSL modem
Transceivers
Redundancy
POWER SUPPLY 2 x hot-swap internal
DUAL SSD Included
HW RAID built into CPU
NOTES: * Transceivers sold separately
XGS 5500
Front
Back
XGS 6500
Performance
FIREWALL120,000 Mbps
TLS INSPECTION16,000 Mbps
FIREWALL IMIX60,000 Mbps
IPS50,750 Mbps
IPSEC VPN109,800 Mbps
NGFW46,500 Mbps
THREAT PROTECTION17,850 Mbps
LATENCY (64 BYTE UDP)5 µs
Connectivity
ETHERNET INTERFACES (FIXED) 8 x GE copper
12 x SFP+ 10 GE Fiber*
MANAGEMENT INTERFACES 1 x RJ45 MGMT
1 x COM RJ45
1 x COM Micro-USB
BYPASS PORT PAIRS (FIXED) 2
OTHER I/O INTERFACES 2 x USB 3.0 (front)
MAX. PORT DENSITY (INCL. MODULES) 68
Modularity
FLEXI PORT SLOTS 2 + 2 for High-density modules
FLEXI PORT MODULES (OPTIONAL) 8 port GE copper
8 port GE SFP Fiber*
4 port 10 GE SFP+ Fiber*
4 port GE copper bypass (2 pairs)
2 port 40 GE QSFP+ Fiber*
8 port 10 GE SFP+ Fiber*
2 port GbE Fiber (LC) bypass + 4 port GbE SFP Fiber
2 port 10 GbE Fiber (LC) bypass + 4 port 10 GbE SFP+ Fiber
High-density module: 12 port GE copper + 4 port 2.5 GE copper
OTHER OPTIONAL ADD-ON MODULES SFP VDSL modem
Transceivers
Redundancy
POWER SUPPLY 2 x hot-swap internal
DUAL SSD Included
HW RAID built into CPU
NOTES: * Transceivers sold separately
XGS 6500
Front
Back
XGS 7500
Performance
FIREWALL160,000 Mbps
TLS INSPECTION19,500 Mbps
FIREWALL IMIX70,500 Mbps
IPS71,500 Mbps
IPSEC VPN117,000 Mbps
NGFW58,000 Mbps
THREAT PROTECTION26,000 Mbps
LATENCY (64 BYTE UDP)5.4 µs
Connectivity
ETHERNET INTERFACES (FIXED) 8 x GE copper
12 x SFP+ 10 GE Fiber*
2 x QSFP28 10/25/40 Gbps
MANAGEMENT INTERFACES 1 x RJ45 MGMT
1 x COM RJ45
1 x COM Micro-USB
BYPASS PORT PAIRS (FIXED) 2
OTHER I/O INTERFACES 2 x USB 3.0 (front)
MAX. PORT DENSITY (INCL. MODULES) 70
Modularity
FLEXI PORT SLOTS 2 + 2 for High-density modules
FLEXI PORT MODULES (OPTIONAL) 8 port GE copper
8 port GE SFP Fiber*
4 port 10 GE SFP+ Fiber*
4 port GE copper bypass (2 pairs)
2 port 40 GE QSFP+ Fiber*
8 port 10 GE SFP+ Fiber*
2 port GbE Fiber (LC) bypass + 4 port GbE SFP Fiber
2 port 10 GbE Fiber (LC) bypass + 4 port 10 GbE SFP+ Fiber
High-density module: 12 port GE copper + 4 port 2.5 GE copper
OTHER OPTIONAL ADD-ON MODULES SFP VDSL modem
Transceivers
Redundancy
POWER SUPPLY 2 x hot-swap internal
DUAL SSD Included
HW RAID built into CPU
NOTES: * Transceivers sold separately
XGS 7500
Front
Back
XGS 8500
Performance
FIREWALL190,000 Mbps
TLS INSPECTION24,000 Mbps
FIREWALL IMIX81,000 Mbps
IPS93,000 Mbps
IPSEC VPN141,000 Mbps
NGFW76,000 Mbps
THREAT PROTECTION34,000 Mbps
LATENCY (64 BYTE UDP)5.5 µs
Connectivity
ETHERNET INTERFACES (FIXED) 8 x GE copper
12 x SFP+ 10 GE Fiber*
2 x QSFP28 10/25/40/50/100 Gbps
MANAGEMENT INTERFACES 1 x RJ45 MGMT
1 x COM RJ45
1 x COM Micro-USB
BYPASS PORT PAIRS (FIXED) 2
OTHER I/O INTERFACES 2 x USB 3.0 (front)
MAX. PORT DENSITY (INCL. MODULES) 70
Modularity
FLEXI PORT SLOTS 2 + 2 for High-density modules
FLEXI PORT MODULES (OPTIONAL) 8 port GE copper
8 port GE SFP Fiber*
4 port 10 GE SFP+ Fiber*
4 port GE copper bypass (2 pairs)
2 port 40 GE QSFP+ Fiber*
8 port 10 GE SFP+ Fiber*
2 port GbE Fiber (LC) bypass + 4 port GbE SFP Fiber
2 port 10 GbE Fiber (LC) bypass + 4 port 10 GbE SFP+ Fiber
High-density module: 12 port GE copper + 4 port 2.5 GE copper
OTHER OPTIONAL ADD-ON MODULES SFP VDSL modem
Transceivers
Redundancy
POWER SUPPLY 2 x hot-swap internal
DUAL SSD Included
HW RAID built into CPU
NOTES: * Transceivers sold separately
XGS 8500
Front
Back
Performance Test Methodology
|
General |
Maximum throughput measured under ideal test conditions using industry-standard Keysight-Ixia BreakingPoint test tools. Actual performance may vary depending on network conditions and activated services. |
|
Firewall |
Measured using HTTP traffic and 512 KB response size. |
|
Firewall IMIX |
UDP throughput based on a combination of 66-byte, 570-byte, and 1518-byte packet sizes. |
|
IPS |
Measured with IPS with HTTP traffic using default IPS ruleset and 512 KB object size. |
|
IPsec VPN |
HTTP throughput using multiple tunnels and 512 KB HTTP response size. |
|
TLS inspection |
Performance measured with IPS with HTTPS sessions and different cipher suites. |
|
Threat Protection |
Measured with firewall, IPS, application control, and malware prevention enabled using HTTP 200 KB response size. |
Sophos Switch
Connectivity, Power, and Control
Product Highlights
- Engineered for no-compromise performance
- Dual-processor architecture with dedicated co-processor for enterprise-grade hardware acceleration
- High-performance Non-Volatile Memory Express (NVMe) SSDs for better compatibility and storage (XGS 7500/8500 only)
- Sufficient headroom to power all key threat protection features, such as TLS inspection, sandboxing, and AI-driven threat analysis
- Extremely competitive ROI per protected Mbps
- A range of standard 1 GE copper interfaces plus 8 to 12 SFP+ 10 GE fiber interfaces on every model
- QSFP28 interfaces on high-end models with port speeds of up to 40 Gbps (XGS 7500) and 100 Gbps (XGS 8500)
- Maximum port density of 48 (XGS 5500), 68 (XGS 6500), or 70 (XGS 7500/8500) using optional modules
- Redundancy features on all models to help ensure business continuity
Showing model XGS 8500
Accessories
Flexi Port Modules
For all XGS 2U models
Our 2U models come with two standard Flexi Port expansion bays plus one or two bays for high-density modules to flexibly add to the diverse range of built-in interfaces on every box. Changes in your environment, your workforce, or your edge infrastructure may require additional fiber ports or a change in your connectivity. With Flexi Port modules, you have a cost-effective way to adapt your appliance, rather than having to purchase new hardware mid-term.
Transceivers
A list of compatible third-party transceivers can be found in our knowledge base article.
Redundancy
All of our 2U appliances come equipped with hot-swappable components to ensure maximum uptime:
-
Dual SSDs
-
Dual Power supplies
Rackmount Kits
All 2U rackmount appliances are supplied with rackmount sliding rails.
XGS Series 2U Accessories Matrix
| Model | Redundant Power | Redundant SSD | VDSL SFP Modem | Flexi Port Bays | Flexi Port Modules | Rackmount Kit |
|---|---|---|---|---|---|---|
| XGS 5500 | included | included | optional | 2 + 1 for High-density module | 8 Port 1G copper 8 Port 1G SFP 4 Port 10G SFP+ 4 Port 1G copper bypass 2 port 40G QSFP+ 8 port 10G SFP+ 2 port GbE Fiber (LC) bypass + 4 port GbE SFP Fiber 2 port 10 GbE Fiber (LC) bypass + 4 port 10 GbE SFP+ Fiber High-Density Flexi Port module: 12 Port 1G copper + 4 Port 2.5G copper |
Sliding rails included |
| XGS 6500 | included | included | optional | 2 + 2 for High-density modules | Sliding rails included | |
| XGS 7500 | included | included | optional | 2 + 2 for High-density modules | Sliding rails included | |
| XGS 8500 | included | included | optional | 2 + 2 for High-density modules | Sliding rails included |
SD-RED
Edge Devices For Remote Locations
SD-RED (Remote Ethernet Device) offers a uniquely simple solution to extend network connectivity to your remote locations and branch offices, no matter where in the world they are. Replace expensive MPLS connections to reduce your costs and take advantage of other Sophos products, such as Intercept X, for added SD-WAN functionality in combination with Sophos Firewall.
Compare SD-RED Models
Scroll
SD-RED 20
Performance
MAX. THROUGHPUT 250 Mbps
Connectivity
ETHERNET AND WAN INTERFACES 4 x GE copper
1 x SFP (shared with WAN)
1 x WAN (shared with SFP)
Modularity
EXPANSION SLOTS 1
OPTIONAL MODULES Wi-Fi Module
3G/4G Module
SFP Transceivers
Redundancy
SWAPPABLE COMPONENTS Optional 2nd power supply
SD-RED 20
Front
Back
SD-RED 60
Performance
MAX. THROUGHPUT 850 Mbps
Connectivity
ETHERNET AND WAN INTERFACES 4 x GE copper
1 x SFP (shared with WAN1)
2 x WAN (WAN1 shared with SFP)
2 x PoE (total power 30W)
Modularity
EXPANSION SLOTS 1
OPTIONAL MODULES Wi-Fi Module
3G/4G Module
SFP Transceivers
Redundancy
SWAPPABLE COMPONENTS Optional 2nd power supply
SD-RED 60
Front
Back
Product Highlights
- Plug-and-play deployment, with no IT staff required on site.
- Flexible configuration to allow many different operating modes (backhaul all traffic, split tunnel, transparent).
- All data between the SD-RED and your firewall is securely encrypted.
- Modular concept to add connectivity, such as Wi-Fi or 3G/4G cellular.
- SD-RED 60 offers two Power-over-Ethernet (PoE) ports to directly power your wireless access points and other PoE-capable devices.
- Manage your SD-RED devices from your Sophos Firewall console (Network Protection subscription required for management).
- Five-year warranty is standard. Support for SD-RED is included if you have Enhanced Plus support for your appliance.
Accessories
Both SD-RED models are equipped with a modular bay, allowing you to tailor connectivity to your needs. This provides flexible, reliable WAN connectivity without the incompatibility issues experienced with USB dongles and similar add-on solutions.
Wi-Fi Connectivity
Add an 802.11ac Wave 2 (Wi-Fi 5) module to your SD-RED device to provide Wi-Fi connectivity at your remote sites. Two external antennas ensure that the network coverage is optimized.
Power Redundancy
Power redundancy is a must for network devices. A second power adapter on your SD-RED helps ensure business continuity.
3G/4G Connectivity
Our 3G/4G module has been tested using numerous Internet Service Providers in many countries. Two external antennas provide superior network coverage vs. other add-on solutions.
Rackmount Kit
Mount your SD-RED on a wall for easy access to all interfaces or use a rackmount kit to add it to your existing server rack.
Get a Complete Overview
Wireless LAN
Your options with Sophos Firewall
Wi-Fi Integrated XGS Models
All Sophos desktop appliances are optionally available with Wi-Fi built-in. These are ideal as a low-cost, all-in-one solution for smaller offices and retail environments where network coverage is required in a relatively limited space. See the XGS Desktop section for further details.
Cloud-Managed Wi-Fi with Support for Wi-Fi 6/6E
Sophos Wireless provides support for Sophos’ latest access points, the AP6 Series. AP6 management is either via Sophos Central (support subscription required) or individually via the local user interface. This option provides all the scalability of a cloud-managed solution and gives you a single pane of glass for all your Sophos solutions.
Existing Customers with APX Series Hardware
We have announced an end-of-life date for our Wi-Fi 5 APX Series hardware of December 31, 2027.
Customers who own APX can continue to use them on a supported platform until the EOL date.
As Wireless Protection is included in the Base License purchased with every appliance, there are no additional subscription costs to consider.
All existing APX models can also be managed via Sophos Central at no extra charge.
