Elevate Your Cyber

Defence: Upgrade to
Sophos XGS Hardware
Now!
Sherif Saleh
Sophos System Engineer – Egypt & Levant
June 2024
Agenda
• Sophos Firewalls
• XGS Firewall High Performance
• Xstream Architecture Powerful Protection and Performance
• Enhanced Visibility and Control
• Sophos SD-WAN
• Sophos Firewall Add-on
• Sophos SD-RED
• Zero Trust Network Access Integration
• DNS Protection
• Sync-Security
• Active Threat Response
• Xstream License
• XG End-Of-Sale Announcement
• Migration Considerations
Sophos Firewall
 Further XGS Series

Amazing Added Value XGS 7500/8500

Xstream SD-WAN
XGS Series
5G Support
IPsec VPN
offloading
Further SD-WAN 2023: SFOS v20
Perf.-based link improvements
selection
MRs Active Threat Response,
Improved search Dynamic Threat Feeds
2nd Gen XG Series Xstream Architecture and
Xstream SSL inspection
Synchronized IOC
VPN usage and perf. Telemetry
Sophos Central Reporting,
enhancements MRs 2023: SFOS v19.5+
Group FW Management
IPv6 enhancements
Zero-Day Protection, AI- 2022: SFOS v19.5
powered threat intel. MRs
SD-WAN scalability and VPN
Xstream TLS enhancements
Synchronized SD-WAN
2022: SFOS v19
Cloud App Visibility MRs
Interface enable/disable
Destination/Missing Synchronized App (CASB-lite) Further SD-WAN
Heartbeat Quick HA, partial Plug &
Control improvements
1st XG Series Lateral Movement Play HA 2021: SFOS v18.5
Protection, Sync User ID Object reference look-up
Enterprise Web Web keywords HA improvements
Filtering MRs
Sophos Central XGS Series hardware with
Management Xstream Architecture Auto roll-back
Azure Support IKEv2
2015: XG FIREWALL MRs
Trusted traffic offload
MRs MRs
MRs 2020: SFOS v18

2016: SFOS v16 2017: SFOS v17 2018: SFOS v17+ New licensing scheme

NGFW Architecture
Central Orchestration
Security Heartbeat
 Sophos Firewall
Much more than a firewall
Services | Solutions | SASE

Automatic response to threats

Work from anywhere – safely and securely
Powerful Protection and Performance
Managed through a single console
Sophos Firewall
Full Next-Gen Firewall Protection
 Includes all the modern protection technology
an organization needs
 Encrypted traffic inspection, intrusion
prevention, web and application control, and
zero-day threat protection with machine
learning file analysis and dynamic sandboxing

Visibility and Insights

 Includes a rich traffic-light style dashboard that
surfaces risks and threats
 Includes free reporting on-box and across the
entire network thanks to Sophos Central
Reporting

Sophos Central Management

 Manage all firewalls from Sophos Central
 Group management capabilities and central
orchestration of SD-WAN VPN makes managing
Sophos Firewall - Unique Capabilities You Can’t Get Anywhere Else

Automatic response to threats

 Synchronized Security
 Active Threat Response

Easily enabling users to work from anywhere

 Integrated ZTNA
 Easy remote-access VPN
 Support for Sophos SASE Services such as DNS
Protection

The most powerful protection and performance

 Dual processor architecture
 No need to compromise on protection for
performance

Single Management Console

 Powerful but easy unified cloud management
 Group firewall management, SD-WAN orchestration,
Flexible Deployment

XGS Series Virtual or Software Public Cloud

hardware appliances appliance
Sophos Firewall
XGS Firewall High Performance
 Sophos Firewall XGS Series Appliances

Powered by Xstream
 Every model includes dedicated Xstream Flow
Processors
 The flow processors accelerate trusted traffic
24/7 threat monitoring, flows
investigation, and response
 They are programable so new features and
performance can be added over time
 They deliver powerful protection at every price
point

Flexible Connectivity
 Desktop models offer excellent value with all-
Full-scale incident response
performed in minutes in-one connectivity and options for wireless,
cellular and VDSL
 Rackmount models offer extensive connectivity
options with modular bays for future expansion
10  High-end models offer redundancy of key
Dual Processor Architecture

x86 Main CPU (AMD)

Routing, Connection Management,
Deep Packet Inspection, TLS Inspection
x86 CPU
CPU

Xstream Flow Processor (Marvell NPU)

Xstream Hardware FastPath for
New Dual Processor Architecture application acceleration
x86 CPU plus dedicated
Xstream Flow Processor
Sophos Firewall: XGS Series Appliance Portfolio

SMB AND BRANCH OFFICE DISTRIBUTED EDGE ENTERPRISE and CAMPUS EDGE

DESKTOP 1U RACKMOUNT 2U RACKMOUNT

XGS 87, 87w, 107, 107w XGS 2100, XGS 2300, XGS 3100, XGS 3300 XGS 5500
XGS 116, 116w, 126, 126w, 136, 136w XGS 4300, XGS 4500 XGS 6500
XGS 7500
XGS 8500
Taking Xstream to the Extreme
Engineered for maximum performance to target enterprise and campus
edge deployments that we couldn’t previously address

XGS 7500 XGS 8500

Enterprise-grade acceleration
Up to 47% higher throughput for all key protection
High-capacity RAM, high-performance NVMe SSDs
High-speed QSFP28 ports on-board (support up to 100
Gbps*)
Industry-leading price-performance and energy
efficiency
NVMe = Non-Volatile Memory
Express
* On XGS 8500, max 40 Gbps on
XGS 7500
Plug-and-Play High Availability
Easy to Setup Easy to Manage
Use multiple links, LAG, or VLAN Each device is easily identified for
to reliably sync the firewalls easy management

Status & Visibility Elegant Failover

HA status and widget provides clear When a device fails the fail-over is
insights at-a-glance automatic and minimally disruptive
Sophos Firewall
Xstream Architecture Powerful Protection
and Performance
 MDR/XDR THREAT FEEDS 3rd PARTY FEEDS SOPHOS X-OPS FEEDS THREAT INTELLIGENCE SANDBOXING
Domains APTs Static File Analysis Dynamic File Analysis
Bad IPs Active C2 Multiple ML Models Behavioral Analysis
IPS AI Deep Learning Intercept X

DYNAMIC
THREAT FEEDS x86
CPU
API DPI ENGINE
ZTNA FIREWALL STACK ACTIVE THREAT RESPONSE DEEP PACKET INSPECTION

Connection Active Threats & APTs Single Streaming Engine

Management Dynamic Threat Feeds Proxy-less Scanning
Synchronized Security High Performance AV IPS WEB
CLOUD GW ALLOW | BLOCK |SECURE APPS

FASTPATH
DECRYPT/ENCRYPT ENGINE TRAFFIC ACCELERATION
TLS 1.3
All Ports/Applications
IPsec VPN Acceleration
ZTNA SD-WAN LOCAL APPS SAAS APPS
Sophos Firewall
Enhanced Visibility and Control
The Sophos Firewall Management Experience

The Best Dashboarding and Reporting

 The best at-a-glance dashboard on any firewall
 The only firewall with free on-box reporting
 Extensive central firewall reporting in the cloud

The Best Cloud Management

 Single pane-of-glass for all Sophos products
 Group firewall management for multiple firewalls
 Deploy and manage full access portfolio

The Best Cross-Product Automation

 Automatically identify and respond to threats
 Prevent lateral movement
 Identify unknown applications and users
 Central Firewall Reporting – Across The Entire Network
Cloud Log Storage for Convenient, Flexible, Insightful Historical Reporting

22
Sophos Central Cloud Management For All Sophos Products

Easy group firewall management that

replicates changes automatically
Easy point-and-click SD-WAN VPN
orchestration
Zero-touch deployment, firmware
update scheduling, and more
Sophos Firewall
SD-WAN
Xstream SD-WAN
SOPHOS FIREWALL SD-WAN SOPHOS CENTRAL SD-WAN
HARDWARE MANAGEMENT
SD-WAN SD-WAN
Orchestration Reporting

Sophos Firewall XGS Series SD-RED 20/60

Xstream FastPath Acceleration Zero-Touch Remote Edge Devices
SD-WAN | Apps | Cloud | IPsec

XSTREAM SD-WAN IN SOPHOS FIREWALL OS

19 Performance SLA 19 Link Management 19 Real-time Monitoring
Link Selection and Enhanced Routing and Logging
Jitter | Latency | Packet Loss App | User | Service Link Performance | Routing
Zero-Impact Transitions Failover | Failback
19.5 18 Synchronized App Control
19 SD-WAN Profiles Link Load Balancing
with Multiple Gateways Simultaneously routing of application Awareness
Up to 8 Gateways traffic across multiple links Obscure and Custom Apps
MPLS | WAN | VPN | RED

v20 Enhanced Scalability for the Most Demanding Networks – 3x Capacity

SD-WAN Load Balancing
Any Corporate Office Location
LTE Cellular

DSL

Firewall
MPLS Leased Line

Internet
Cable

Traffic load shared across

multiple SD-WAN links Multiple ISPs
Sophos Firewall Add-on
Sophos Firewall Add-on
SD-RED
Distributed Organizations Need SD-RED
SD-RED extends the network via a secure VPN Tunnel to any location or device…

Unlimited Applications
RETAIL BIOGAS CONSTRUCTION TURBINES EMERGENCY

HOMES CCTV TRANSIT OBSERVATORIES SHIPS

SD-RED Example
Sophos Firewall Add-on
Zero Trust Network Access
ZTNA Gateway on Sophos Firewall
All Sophos Firewalls are now a ZTNA Gateway
Making the transition to Zero Trust easier than ever

• Integrated Zero Trust Connector

• Zero Touch Deployment
• No added infrastructure required
• Every Firewall is now a ZTNA Gateway
• Every form-factor supported
• XGS Series
• Cloud
• Virtual/Software appliance
• Single Console Management via Sophos
Central

Zero Touch - Zero Trust

ZTNA Gateway Firewall Integration – Zero Touch Zero Trust

Zero Trust Endpoint Zero Trust Endpoint

REMOTE WORKERS

SOPHOS SASE CLOUD

PUBLIC CLOUD APPS

ON PREM APPS ZTNA

ZTNA
GATEWAY GATEWA
on FW Y

Sophos ZTNAaaS

No Need to Deploy Gateway on VM Intelligent Access

Enforcement:
( and n- charge for ZTNA gateways) Continuous zero-trust user
verification and device
validation

SaaS APPS
Sophos Firewall Add-on
DNS Protection
Sophos DNS Protection

2 Minutes To Deploy
Be up and running in under two
minutes.

Protects Across all Ports, Protocols, Apps

Every app, service, or protocol
that needs to resolve a domain is
protected.
Backed by SophosLabs
Decades of global threat intelligence
updated in real-time

Integrated with Sophos MDR/XDR

Providing a valuable sensor and data
lake integration with your security
operations.
Sophos Firewall Add-on
Synchronized Security
 Synchronized Security – Cross-Product Automation

Instantly Identify Threats

 Whether the threat is first detected by the
firewall or the endpoint, the health status (or
Synchronized Security Heartbeat status) is shared across Sophos
products and clearly identifies the source of the
24/7 threat monitoring, threat
investigation, and response
Automated Response
 The firewall, wireless access points, and ZTNA
all automatically respond to a compromised
host by limiting access according to policy

Full-scale incident response

More than Just Threat Response
performed in minutes  Synchronized Security is also used between
Endpoint and Firewall to share important
information about unknown applications for
application control and routing
39
Synchronized Security Heartbeat – Sequence of Events
Automatic Response to Threats and Breaches

Threat Identified
1 XG Firewall identifies the presence of a threat or a
change in the health via Security Heartbeat

Security Heartbeat™

Lateral Movement Protection

2 Firewall communicates via Security Heartbeat
with other Endpoints to advise them of of the
compromised host to prevent spread

Compromised Endpoint Isolated

3 Dynamic Firewall Rules effectively isolate the
unhealthy host instantly and automatically from the
internet and other parts of the network
Synchronized SD-WAN – Sequence of Events
Leveraging Synchronized Application Control for SD-WAN Path Selection
Unknown Application
1 XG Firewall observes application traffic that does
not match a signature

Security Heartbeat™
Endpoint Shares Application Information
2 Sophos Endpoint passes app name, path and even
category to XG Firewall for classification

Application Classified and Controlled

3 Automatically categorize and control where possible
or admin can set category or policy to apply.

Application Routed Reliably

4 Application is reliably routed over the preferred
SD-WAN connection.
Sophos Firewall Add-on
Active Threat Response
Active Threat Response
Synchronized Security
Extended
Extensible Synchronized Security…
• To Sophos MDR / XDR Threat Hunting
• With Dynamic Threat Feeds
• And Third-Party Threat Feeds (Future)

The Same Automated Response

• Automatically blocks threats from
communicating out of the network
• Automatically coordinates with managed
endpoints to block traffic from compromised
hosts
• Automatically prevents lateral movement
• ZTNA prevents connections to applications
• Automatically restores all connectivity once
the threat is eradicated

Synchronized Security
Licensing
 Protection Subscriptions Xstream Standard Available
Protection Protection Separately

Base License (Stateful Firewall, Networking and SD-WAN, Wireless, VPN)

Network Protection (Xstream TLS, DPI, IPS, X-Ops Feeds, Security Heartbeat, SD-RED Mgmt)

Web Protection (Xstream TLS, DPI, Web security and Control, Application Control)

Zero-Day Protection (Static ML-based and dynamic (sandboxing) file analysis, reporting)

Central Orchestration (SD-WAN Orchestration, Central Reporting Adv (30-day), MTR/XDR/ATR)

Enhanced support (24x7 phone/email support, Advance RMA, required for firmware updates)

Sophos Central Email Advanced (Sophos Central antispam, AV, DLP, encryption)

Firewall Email Protection (on-box antispam, AV, DLP, encryption)

Firewall Web Server Protection (web application firewall)

Sophos Central Reporting Advanced (additional longer-term storage)

Enhanced Plus Support Upgrade (VIP support, warranty for add-ons, TAM option)

Additional options are available for MSPs

45
XG End-of-Support
Announcement
Firewall - Nomenclature
Sophos Firewall
 Also known as “XG” or “XGS”
Actual Naming:
Overall product: Sophos Firewall
Software/OS: Sophos Firewall OS (SFOS)
Current Hardware Series: XGS Series
Legacy Hardware Series: XG Series
Only XG Series hardware appliances will be
EOL on March 31, 2025
Sophos UTM
 Also known as “SG”
Actual Naming
Overall product: Sophos UTM
Software/OS: Sophos UTM (OS)
Hardware Series: SG Series
Sophos UTM and the SG Series hardware
appliances will be EOL on June 30, 2026
 XG/SG Hardware Product Lifecycles
End of Sales and End of Life Create Important Buying Events
SW Last order
date for 3Y
Last order
date for 2Y
Last order
date for 1Y
HW SKU
sales end
SKUs SKUs SKUs

SG is XG is
here here

HW Active Product Phase Supported Product Phase End of

Life
Hardware selling normally. No fixed duration. Hardware no longer sold but still supported. Customers can renew up to EOL date. EOL

End of
EOS EOS EOS
Sale
+1Y +2Y +3Y
EOS

Important Note:
Last order
The above timeline is not Product
date
sales end
applicable to XGS which will accessories

have a 5-year support phase May sell off

inventory as long
as stock lasts
 XG Customers: Top Reasons to Refresh to XGS Series
XG Series – EOL Soon! XGS Series Appliances Xstream Architecture Expanded Connectivity

XG Series Unique Future-Proof Powerful Protection Increased Port Density

EOL March 2025 Dual-Processor Architecture and Performance and Diversity

Single CPU Xstream Flow Processors High Performance TLS Inspection Added Built-in Interfaces
Single CPU on XG Series needs to Network co-processors augment Offloads crypto operations from the Provides optimal value and future
perform all crypto and DPI functions multi-core CPUs for max performance CPU for added performance scalability

Virtual FastPath Upgradable Performance Xstream FastPath Additional Flexi Port Modules
All traffic is processed by the CPU which Programmable flow processors enable Xstream hardware accelerated Easily upgrade your connectivity as
creates a performance bottleneck new features and better performance FastPath for offloading trusted traffic your network grows

DPI Engine Headroom

Limited Connectivity Better Value and Increasing PoE Interfaces
With crypto and trusted traffic on the
Limited built-in connectivity with Best price per protected Mbps and FastPath, the CPU has added Built-in Power-over-Ethernet makes
expansion slots on XG 125/135 only getting better with each release performance headroom for DPI deployment simpler

49
Migration Considerations
XG to XGS Migration considerations
1. AP / RED Devices are not used in XGS
2. Flexiport are different
3. You can't migrate the license from XG to
XGS
4. You can migrate the configurations from
XG to XGS
Third Party Endorsements
 The Top-Rated
Firewall

Network Firewall

The only vendor Endpoint Detection and Response

named a Leader in Extended Detection and Response

every major category Managed Detection and Response

Endpoint Protection

53
 Contenders Leaders

G2 REPORTS | FALL 2023

The Top-Rated

MARKET PRESENCE
Firewall

Niche High Performers

SATISFACTION 2023 G2 Grid® for Firewall – Overall
 MARKET AVERAGE

Each quadrant is sorted

Strong alphabetically
Customers’ Choice
Performer

Fortinet
Hillstone
Sophos named a 2023 Networks

MARKET AVERAGE
Huawei
Gartner Customers’ Choice
GajShield Infotech
Sophos

in Network Firewalls Amazon Web Services

F5
Check Point
Cisco
Forcepoint Microsoft
Juniper Palo Alto Networks
SonicWall
VMware

OVERALL EXPERIENCE
WatchGuard

Aspiring Established

USER INTEREST AND ADOPTION As of March 2023 © Gartner, Inc

55
Sophos Rated 4.7/5
in Network Firewalls

As mentioned in Gartner® Peer Insights™ Based on reviews in the last 12 months as of October 5, 2023

The GARTNER PEER INSIGHTS CUSTOMERS’ CHOICE badge is a trademark and service mark of Gartner, Inc. and/or
its affiliates and is used herein with permission. All rights reserved. Gartner Peer Insights content consists of the
opinions of individual end users based on their own experiences with the vendors listed on the platform, should not
be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not
endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied,