Powerful protection and performance

Deep packet inspection

The Xstream DPI Engine provides high-performance traffic scanning for intrusion prevention (IPS), antivirus (AV), web protection, and app control in a single streaming engine

• TLS 1.3 inspection

• Next-gen IPS

• Zero-day threat protection

• Proxy-based dual-engine AV scanning

• Perimeter defenses

• Country-based blocking policy

Encrypted traffic inspection

Xstream TLS 1.3 inspection with industry-leading performance, visibility, policy tools, and built-in intelligence removes an enormous blind spot in your protection

• TLS 1.3 without downgrading

• Hardware acceleration

• Intelligent traffic selection

• Prepackaged exception list

• Powerful policy engine

• Covers all ports/protocols

• Supports all modern cipher suites

• Unmatched visibility and error handing

Zero-day and machine learning (ML) protection

Sophos Firewall leverages Sophos' industry-leading ML technology, powered by SophosLabs Intelix, to instantly identify the latest ransomware and unknown threats before they get on your network

• SophosLabs data scientists

• Multiple ML models

• Static file analysis

• Dynamic file analysis

Cloud sandbox

Sophos zero-day dynamic file analysis uses next-gen cloud sandboxing, powered by deep learning and Sophos Endpoint technology, to protect against zero-day threats, including new ransomware and targeted attacks coming in through phishing, spam, or web downloads

• Dynamic sandboxing analysis

• Deep learning static file analysis

Web protection

Sophos' web protection engine is backed by SophosLabs Intelix and includes innovative technologies required to identify and block the latest web threats

• Advanced web protection

• Pharming protection

• HTTPS scanning

• Potentially unwanted app control

• SophosLabs

DNS protection

Sophos DNS Protection provides a high-performance, cloud-based domain name resolution service for website compliance and security

• Cloud-delivered name resolution

• Powered by SophosLabs and AI technology

• Blocks access to the latest malicious sites

• Enables granular compliance policy enforcement

Synchronized Security™

Our revolutionary Security Heartbeat™ links your Sophos-managed endpoint with your firewall to share health and other valuable information to enable an automated and coordinated response, isolate threats, and prevent lateral movement

Learn more

• Security Heartbeat

• Active threat response

• Lateral movement protection

• Destination heartbeat protection

• Synchronized app control

• Synchronized user ID

Active Threat Response

Sophos Firewall provides an immediate and automated response to active threats and adversaries to stop them dead in their tracks and prevent lateral movement

• Multiple threat feeds supported, including those from Sophos X-Ops, Sophos MDR, and third parties

• Blocks active threats immediately without the need for firewall rules

• Utilizes Sophos Synchronized Security to automatically isolate managed endpoints, provide visibility, and protect against lateral movement

User identity

User identity-based policies and unique user risk analyses give you the knowledge and power to regain control of your users before they become a serious threat to your network

• Powers all firewall policies and reporting

• User threat quotient (UTQ) identifies the top-risk users on your network

• Synchronized user ID

• Flexible authentication options including directory services

• Two-factor authentication (2FA) and one-time password support for access to key system areas

Application control

Complete visibility and control over allapplications on your network with deep packet scanning technology

Synchronized app control can identify all the unidentified applications currently running on your network

• Visibility and control over thousands of applications

• Cloud access security broker (CASB) cloud app visibility

• Generative AI visibility and control

• Synchronized app control

• User-based application policies

• Traffic shaping (QoS) prioritizes bandwidth allocation to critical applications and limits bandwidth for non-business applications

Web control

Full visibility and control over all your web traffic with flexible enforcement tools that work the way you need, with options for user and group enforcement of activity, quotas, schedules, and traffic shaping

• Enterprise secure web gateway (SWG) policy model

• Support for Sophos DNS Protection

• Template-driven activity control with predefined workplace and compliance policies

• Education and SafeSearch features

• Comprehensive traffic enforcement

• Traffic shaping (QoS)

Content control

Flexible, user-based monitoring and control of keyword content and downloadable content, including file types via FTP, HTTP, and HTTPS

• Web keyword monitoring

• File download filtering templates

• Policy-based outbound email DLP

• Web caching

Business applications

Combine next-gen firewall capabilities with our enterprise-class web application firewall to protect your critical business applications from hacks and attacks while still enabling authorized access

• Next-generation IPS

• Web application firewall

• Granular, user-based protection

Email and data

Protect your email from spam, phishing, and data loss with our unique all-in-one protection that combines policy-based email encryption with DLP and anti-spam

• Full Mail Transfer Agent (MTA) store-and-forward support

• Live anti-spam

• Secure PDF Exchange (SPX) encryption

• Policy-based DLP

• Self-serve user portal

SD-WAN

Xstream SD-WAN in Sophos Firewall includes powerful features to help you meet your SD-WAN connectivity, quality, security, and continuity goals easily

Learn more

• Multiple WAN link profiles with flexible application, service, and user-based routing

• Real-time performance-based WAN link monitoring for jitter, latency, and packet loss

• Multilink load balancing using round robin queuing with custom weighting or session persistence

• Zero-impact rerouting of traffic to higher performing links in the event of a disruption

• Xstream FastPath acceleration of IPsec tunnel traffic

• Synchronized SD-WAN application routing of obscure and custom applications

Central SD-WAN orchestration

Sophos Central cloud-managed SD-WAN orchestration makes setting up complex site-to-site SD-WAN overlay networks easy

Learn more

• Point and click to set up full mesh, hub and spoke, or any SD-WAN overlay network

• Sophos Central automates all the necessary rule setups on your firewalls

• Full tunnel redundancy support

• Monitoring and management made easy

Site-to-site VPN

Sophos Firewall supports all standards-based VPN technologies, as well as our own lightweight, extremely robust Layer-2 remote Ethernet device (RED) tunnels

• IPsec and SSL VPN tunnels

• Xstream FastPath acceleration of IPsec tunnel traffic

• Wizard-based orchestration

• Sophos RED site-to-site tunnels

• AWS VPC easy import and management

ZTNA

Sophos Firewall integrates with Sophos Zero Trust Network Access (ZTNA) to offer a secure and simple way for users to connect to important applications and data securely

Learn more

• Integrated ZTNA gateway

• Securely connect users to applications

• Superior protection from ransomware and other threats

• Cloud and on-premises application support

• Remote access from anywhere

• Device health integrates with Sophos Synchronized Security

Remote access VPN

Sophos recommends ZTNA for remote access; however, Sophos Firewall also supports legacy remote access via our free Sophos Connect VPN client.

Learn more

• Windows and Mac support

• IPsec and SSL support

• Easy provisioning and deployment

• Free (unlimited SSL remote access licenses included at no extra charge)

SD-RED

Sophos-exclusive SD-RED software-defined remote Ethernet devices provide a unique and affordable secure edge access device for SD-branch, SOHO, and industrial control use cases

Learn more

• Zero-touch deployment/autoprovisioning for SD-WAN edge device

• Enterprise-grade encryption

• Split tunnel options

• Integrated wireless options

• Ultra affordable

Wireless controller

Every Sophos Firewall includes an integrated wireless controller to enable easy secure wireless deployments for our APX* wireless access points, all managed from a single console

Discover Sophos cloud-managed wireless with Wi-Fi 6/6E

* Sophos has announced an end-of-life date of December 31, 2027, for the APX Series. Although the APX models are no longer sold, existing customers can continue to use APX on a supported platform until the EOL date.

• Plug-and-play deployment

• Flexible configuration with options for isolation, bridging, zones, hotspots, channel width, and multiple SSIDs per radio

Core networking

Sophos Firewall offers the most advanced enterprise-grade networking technology available for Network Address Translation (NAT), routing, and bridging

• Powerful object-based NAT, SNAT, and DNAT rules

• Advanced static, OSPF, BGP, and RIP routing with full 802.1Q VLAN support

• IPv6-certified with BGP and DHCP Prefix Delegation support

• Dynamic routing with OSPFv3 (IPv6)

• SD-WAN profiles for sophisticated application, service, and user routing based on link performance

• Flexible bridging options

Segmentation

Flexible and powerful segmentation options via zones and VLANs provide ways to separate levels of trust on your network while enabling added protection against lateral movement between different parts of your network

• Zone-based firewall

• Default zones for LAN, WAN, DMZ, local, VPN, and Wi-Fi

• Full VLAN support

• Zone and VLAN isolation

• Zone-based policies

• Microsegmentation and auto-isolation via Sophos Synchronized Security

Sophos Central unified cybersecurity management platform

Provides powerful centralized management, reporting, and zero-touch deployment for all your Sophos Firewalls and other Sophos products from a single console

Learn more

• Sophos Central cloud management

• Group firewall management

• Synchronize policy and settings across groups

• Central cloud backup management

• Centralized firmware update scheduling

Central SD-WAN orchestration

Cloud-managed SD-WAN orchestration makes setting up complex site-to-site SD-WAN overlay networks easy

Learn more

• Point and click to set up full mesh, hub and spoke, or any kind of SD-WAN overlay network

• Sophos Central automates all the necessary rule setups on your firewalls

• Full tunnel redundancy support

• Monitoring and management made easy

Sophos Central Firewall Reporting Advanced

Provides flexible and powerful tools to create your own custom views of network activity and threats across your entire network

Learn more

• Report across multiple firewalls

• Create custom reports with powerful visualization tools

• Save, export, and schedule your reports

• Store firewall log data in the cloud for historical reporting for up to a year

Dashboard and alerts

Sophos Firewall’s carefully crafted control center analyzes extensive back-end data sources to surface just the information you need to respond quickly to changes in your network

• Instant insights at a glance

• Traffic light-style indicators

• Quick drill-down interaction with any control center widget

• Automatic email notifications for any important event

• SNMP with a custom MIB and support for IPsec VPN tunnels

Free reporting

Sophos Firewall is unique in providing extensive, on-box reporting and limited cloud-based reporting at no extra charge

• Hundreds of reports

• Built-in storage on XGS Series for unlimited log data storage for historical reporting

• Live log viewer

• Syslog support

• Limited 7-day cloud storage for Sophos Central Firewall reporting

• No extra charge

High availability (HA)

Sophos Firewall provides support for HA deployments to ensure maximum resiliency, reliability, uptime, and performance

• Active-active or active-passive cluster support

• Automatic plug-and-play synchronization

• Multiple HA links for added redundancy

• VLAN support for the dedicated HA link

• HA support for XGS Series, virtual, and AWS and Azure cloud firewalls

• AWS Auto Scaling support

Cybersecurity as a service (CSaaS)

Sophos Firewall integrates with our 24/7 Managed Detection and Response (MDR) service

Learn more

• 24/7 threat hunting, detection, and response delivered by an expert team

• Fully managed service that integrates Sophos Firewall with Sophos MDR

• Sophos monitors your network, servers, and computers and responds to any threats

• Sophos Firewall’s Active Threat Response feature provides an immediate response, blocking active threats without the need for firewall rules