Sophos Firewall

Powerful Protection and Performance

All the firewall features you need.

Expose Hidden Risks
Superior visibility into risky activity, suspicious traffic, and advanced threats help you regain control of your networks.

Stop Unknown Threats
Powerful next-gen protection technologies like deep learning and intrusion prevention keep your organization secure.

Isolate Infected Systems
Automatic threat response instantly identifies and isolates compromised systems on your network to stop threats from spreading.

Visibility and Protection

Sophos Firewall offers the best protection to stop the latest hacks and attacks dead in their tracks – before they get on your network.

Deep Packet Inspection

The Xstream Deep-Packet Inspection (DPI) engine provides high-performance traffic scanning for IPS, AV, Web Protection, and App Control in a single streaming engine.

• TLS 1.3 inspection

• Next-Gen Intrusion Prevention (IPS)

• Zero-day threat protection

• Proxy-based dual-engine AV scanning

• Perimeter defenses

• Country-based blocking policy

Encrypted Traffic

Xstream TLS Inspection 1.3 with industry-leading performance, visibility, policy tools, and built-in intelligence removes an enormous blind spot in your protection.

• TLS 1.3 without downgrading

• Hardware acceleration

• Intelligent traffic selection

• Pre-packaged exception list

• Powerful policy engine

• Covers all ports/protocols

• Supports all modern cypher suites

• Unmatched visibility and error handing

Zero-Day and ML Protection

Sophos Firewall leverages Sophos' industry-leading machine learning technology, powered by SophosLabs Intelix, to instantly identify the latest ransomware and unknown threats before they get on your network

• SophosLabs data scientists

• Multiple machine learning models

• Static file analysis

• Dynamic file analysis

Cloud Sandbox

Sophos zero-day dynamic file analysis uses next-gen cloud-sandbox technology powered by deep learning and the best technology from Sophos Endpoint to protect your organization against zero-day threats like the latest ransomware and targeted attacks coming in through phishing, spam, or web downloads.

• Dynamic sandboxing analysis

• Deep learning static file analysis

Web Protection

Sophos' Web Protection engine is backed by SophosLabs Intelix and includes innovative technologies required to identify and block the latest web threats.

• Advanced Web Protection

• Pharming protection

• HTTPS scanning

• Potentially unwanted app control

• SophosLabs

Synchronized Security

Our revolutionary Security Heartbeat links your Sophos managed endpoint with your firewall to share health and other valuable information enabling an automated and coordinated response to isolate threats and prevent lateral movement.

Learn More

• Security Heartbeat

• Active Threat Response

• Lateral Movement Protection

• Destination Heartbeat Protection

• Synchronized App Control

• Synchronized User ID

Active Threat Protection

Sophos Firewall provides an immediate and automated response to active threats and adversaries to stop them dead in their tracks – preventing lateral movement.

• Multiple threat feeds supported including Sophos X-Ops and MDR/XDR

• Blocks active threats immediately without the need for firewall rules

• Utilizes Synchronized Security to automatically isolate managed endpoints and provide visibility

User Identity

User identity-based policies and unique user risk analysis give you the knowledge and power to regain control of your users before they become a serious threat to your network.

• User identity powers all firewall policies and reporting

• User Threat Quotient (UTQ) identifies the top risk users on your network

• Synchronized User ID

• Flexible authentication options including directory services

• Two-factor Authentication (2FA) one-time password support for Access to key system areas

Application Control

Complete visibility and control over all applications on your network with deep-packet scanning technology. Synchronized App Control that can identify all the applications that are currently going unidentified on your network.

• Visibility and control over thousands of applications

• CASB cloud app visibility

• Generative AI Visibility and Control

• Synchronized App Control

• User-based application policies

• Traffic shaping (QoS) prioritizes bandwidth allocation to critical applications and limits bandwidth for non-business applications

Web Control

Full visibility and control over all your web traffic with flexible enforcement tools that work the way you need, with options for user and group enforcement of activity, quotas, schedules, and traffic shaping.

• Enterprise Secure Web Gateway (SWG) policy model

• Support for Sophos DNS Protection

• Template-driven activity control with predefined workplace and compliance policies

• Education and SafeSearch features

• Comprehensive traffic enforcement

• Traffic shaping (QoS)

Content Control

Flexible, user-based monitoring and control of keyword content and downloadable content, including file types via FTP, HTTP, or HTTPS.

• Web keyword monitoring

• File download filtering templates

• Policy-based outbound email DLP

• Web caching

Business Applications

Combine next-gen firewall capabilities with our enterprise-class web application firewall to protect your critical business applications from hacks and attacks while still enabling authorized access.

• Next-generation IPS

• Web Application Firewall

• Granular, user-based protection

Email and Data

Protect your email from spam, phishing, and data loss with our unique all-in-one protection that combines policy-based email encryption with DLP and anti-spam.

• Full MTA store and forward support

• Live anti-spam

• SPX encryption

• Policy-based DLP

• Self-serve user portal

Networking and Access

Sophos Firewall offers the most complete portfolio of secure edge access solutions, VPN , SD-WAN, and core networking capabilities to fit any network.

SD-WAN

Xstream SD-WAN in Sophos Firewall includes powerful features to enable your SD-WAN connectivity, quality, security, and continuity goals easily. 

Learn More

• Multiple WAN link profiles with flexible application, service, or user-based routing

• Real-time performance-based WAN link monitoring (for jitter, latency, and packet loss)

• Multi-link load balancing using round-robin with custom weighting or session persistence

• Zero-impact re-routing of traffic to higher performing links in the event of a disruption

• Xstream FastPath acceleration of IPsec tunnel traffic

• Synchronized SD-WAN application routing of obscure or custom applications

Central SD-WAN Orchestration

Sophos Central cloud managed SD-WAN orchestration makes setting up complex site-to-site SD-WAN overlay networks easy.

Learn More

• Point-and-click to setup full mesh, hub and spoke, or any kind of SD-WAN overlay network 

• Sophos Central automates all the necessary rule setups on your firewalls

• Full tunnel redundancy support

• Monitoring and management made easy

Site-to-Site VPN

Sophos Firewall supports all standards-based VPN technologies, as well as our own lightweight extremely robust layer 2 RED tunnels.

• IPsec and SSL VPN tunnels

• Xstream FastPath acceleration of IPsec tunnel traffic

• Wizard-based orchestration

• Sophos RED site-to-site tunnels

• AWS VPC easy import and management

ZTNA

Sophos Firewall integrates with Sophos Zero Trust Network Access (ZTNA) to offer a secure and simple way for users to securely connect to important applications and data.

Learn More

• Integrated ZTNA Gateway

• Securely connect users to applications

• Superior protection from Ransomware and other threats

• Cloud and on-premises application support

• Remote access from anywhere

• Device health integrates with Synchronized Security

Remote Access VPN

Sophos recommends ZTNA for remote access; however, Sophos Firewall also supports legacy remote access via our free Sophos Connect VPN client.

Learn More about ZTNA

• Windows and Mac support

• IPsec and SSL support

• Easy provisioning and deployment

• Free (unlimited SSL remote access licenses included at no extra charge)

SD-RED

A Sophos exclusive, SD-RED (Remote Ethernet Device) provides a unique and affordable secure edge access device for SD-Branch, SOHO, and industrial control solutions.

Learn More

• Zero-touch deployment auto-provisioning SD-WAN edge device

• Enterprise-grade encryption

• Split tunnel options

• Integrated wireless options

• Ultra affordable

Wireless Controller

Every Sophos Firewall includes an integrated wireless controller to enable easy secure wireless deployments for our APX wireless access points, all managed from a single console.

• Plug-and-play deployment

• High performance with the latest 802.11ac, Wave 2 wireless standard, and powerful radios

• Flexible configuration with options for isolation, bridging, zones, hotspots, channel width, and multiple SSIDs per radio.

• Secure encryption with support for all the latest standards

Core Networking

Sophos Firewall offers the most advanced enterprise-grade networking technology available for NAT, routing, and bridging. 

• Powerful object-based NAT, SNAT, and DNAT rules

• Advanced routing with Static, OSPF, BGP, and RIP with full 802.1Q VLAN support

• IPv6 Certified with BGP and DHCP Prefix Delegation support

• Dynamic routing with OSPFv3 (IPv6)

• SD-WAN profiles for sophisticated application, service, and user routing based on link performance

• Flexible bridging options

Segmentation

Flexible and powerful segmentation options via zones and VLANs provide ways to separate levels of trust on your network while enabling added protection against lateral movement between different parts of your network.

• Zone-based firewall

• Default zones for LAN, WAN, DMZ, LOCAL, VPN, and Wi-Fi

• Full VLAN support

• Zone and VLAN isolation

• Zone-based policies

• Micro-segmentation and auto-isolation via Synchronized Security

Management and Reporting

Sophos Central is your single-pane-of-glass for managing your entire cybersecurity portfolio. From endpoint, to mobile, to ZTNA, and of course, all your firewalls, no one offers this level of management integration and ease of use.

Sophos Central Management

Sophos Central provides powerful centralized management, reporting, and zero-touch deployment for all your Firewalls and other Sophos products from a single console.

Learn More

• Sophos Central Cloud Management

• Group Firewall Management in Sophos Central

• Synchronize policy and settings across groups

• Central cloud backup management

• Centralized firmware update scheduling

Central SD-WAN Orchestration

Sophos Central cloud managed SD-WAN orchestration makes setting up complex site-to-site SD-WAN overlay networks easy.

Learn More

• Point-and-click to setup full mesh, hub and spoke, or any kind of SD-WAN overlay network 

• Sophos Central automates all the necessary rule setups on your firewalls

• Full tunnel redundancy support

• Monitoring and management made easy

Central Firewall Reporting

Central Firewall Reporting Advanced provides flexible and powerful tools to create your own custom views of network activity and threats across your entire network.

Learn More

• Report across multiple firewalls

• Create custom reports with powerful visualization tools

• Save, export, and schedule your reports

• Store firewall log data in the cloud for historical reporting up to a year

Dashboard and Alerts

Sophos Firewall’s carefully crafted control center analyzes extensive back-end data sources to surface just the information you need to respond quickly to changes in your network.

• Instant insights at a glance

• Traffic-light-style indicators

• Quick Drill-down Interaction with Any Control Center Widget

• Automatic email notifications for any important event

• SNMP with a Custom MIB and support for IPSec VPN Tunnels

Free Reporting

Sophos Firewall is unique in providing extensive, free on-box reporting and limited cloud-based reporting at no extra charge.

• Hundreds of reports

• Built-in storage on XGS Series for unlimited log data storage for historical reporting

• Live log Viewer

• Syslog support

• Limited 7 day cloud storage for Central Firewall reporting

• No extra charge

High Availability

Sophos Firewall provides support for high availability deployments to ensure maximum resiliency, reliability, up-time and performance.

• Active-Active or Active-Passive cluster support

• Automatic plug-and-play synchronization

• Multiple HA links for added redundancy

• VLAN support for the dedicated HA link

• HA support on XGS Series, virtual, AWS, and Azure

• AWS Autoscaling Support

Cybersecurity as a Service

Sophos Firewall integrates with our 24/7 Managed Threat Detection and Response service (MDR).

Learn More

• Cybersecurity as a service

• 24/7 threat hunting, detection and response delivered by an expert team

• Fully managed service that integrates Sophos Firewall with Sophos XDR

• Sophos monitors your network, servers and computers and responds to any threats

• Sophos Firewall’s Active Threat Response provides an immediate response - blocking active threats without the need for firewall rules

Powered by threat intelligence, AI and machine learning from SophosLabs and SophosAI, Sophos delivers a broad portfolio of advanced products and services to secure users, networks and endpoints against ransomware, malware, exploits, phishing and the wide range of other cyberattacks. Sophos provides a single integrated cloud-based management console, Sophos Central – the centerpiece of an adaptive cybersecurity ecosystem that features a centralized data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity vendors. Sophos sells its products and services through reseller partners and managed service providers (MSPs) worldwide.