XG Series hardware appliances are purpose-built with the latest multi-core Intel technology, generous RAM provisioning, and solid-state storage. Whether you’re protecting a small business or a large datacenter, you’re getting industry leading performance.
These desktop firewall appliances offer an excellent price-to-performance ratio making them ideal for small businesses or branch offices. They are available with or without integrated 802.11ac wireless LAN, so you can even have an all-in one network security and hotspot solution without the need for additional hardware. Of course, you can also add external access points. With Intel multi-core technology designed for best performance and efficiency in a small form factor, these models come equipped with 4 GbE copper ports built-in and 1 shared SFP interface, e.g. for use with our optional DSL modem or an SFP Fiber transceiver to connect the device to a server or switch. An optional second power supply provides an unmatched redundancy option in this product segment.
Security Heartbeat – Your firewall & your endpoints are finally talking
Sophos XG Firewall is the only network security solution that is able to fully identify the user and source of an infection on your network and automatically limit access to other network resources in response. This is made possible with our unique Sophos Security Heartbeat that shares telemetry and health status between Sophos endpoints and your firewall, and integrates endpoint health into firewall rules to control access and isolate compromised systems. The good news is, this all happens automatically, and is successfully helping numerous businesses and organizations to save time and money in protecting their environments today.
Synchronized Application Control
Using Security Heartbeat we can do much more than just see the health status of an endpoint. We also have a solution to one of the biggest problems most network administrators face today – lack of visibility into network traffic.
Synchronized Application Control automatically identifies, classifies and controls encrypted, custom, evasive, and generic HTTP or HTTPS applications which are currently going unidentified.
Synchronized User ID
User authentication is critically important in a nextgeneration firewall but often challenging to implement in a seamless and transparent way. Synchronized User ID eliminates the need for client or server authentication agents by sharing user identity between the endpoint and the firewall through Security Heartbeat. It’s just another great benefit of having your firewall and endpoints integrated and sharing information.
Lateral Movement Protection
Lateral Movement Protection automatically isolates compromised systems at every point in the network to stop attacks dead in their tracks. Healthy endpoints assist by ignoring all traffic from unhealthy endpoints, enabling complete isolation, even on the same network segment, to prevent threats and active adversaries from spreading or stealing data.