Sophos XG 450 Firewall

More Views

Quick overview:

Sophos XG 450 Next-Gen Firewall TotalProtect Bundle with 8x GbE FleXi Port Module, FullGuard License, 24x7 Support - 3 Years

Availability   : In stock

Product no  : XG 450

Price             : Contact to Sales

Details

OVERVIEW

XG Firewall includes a number of innovations that not only makes your job a lot easier but also ensures your network is more secure.These entry-level desktop firewalls are the ideal choice for budget-conscious small businesses, retail and small or home offices. They are available with and without integrated wireless LAN, so you can have an all-in-one network security and hotspot solution without the need for additional hardware.

Details

XG FIREWALL FEATURES

 

Sophos XG Firewall

  Highlights

  •       • Purpose-built user interfaces with an interactive control center.
  •       • Optimized three-clicks-to-anywhere navigation.       
  •       • Policy Control Centre Widget monitors policy activity for business, user and network policies and tracks unused, disabled, changed and new policies.
  •       • Policy Control Centre Widget monitors policy activity for business, and sharing user and network policies and tracks unused, disabled, changed and new policies.
  •       • New unified policy model enabling all business, user, and network policies to be managed on a single screen with powerful filtering and search options.
  •       • Policy Templates for common business applications like Microsoft Exchange, SharePoint, Lync, and much more defined in XML end sharing.
  •       • Policy Templates for common business applications like Microsoft Exchange, SharePoint, Lync, and much more defined in XML enabling customization and sharing.
  •       • Policy natural language descriptions and at-a-glance policy enforcement indicators.
  •       • Custom IPS, Web, App, and Traffic Shaping (QoS) settings per user or network policy on a single screen.
  •       • Layer-8 user identity awareness across key areas of the firewall.
  •       • Sophos Security Heartbeat connecting Sophos endpoints with the Firewall to share health status and telemetry to enable instant identification of unhealthy or compromised endpoints
  •       • Policy support for Sophos Security Heartbeat to automatically isolate or limit network access to compromised endpoints
  •       • User Threat Quotient for identifying risky users based on recent browsing behavior and ATP triggers.
  •       • Application Risk Meter provides and overall risk factor based on the risk level of applications on the network.
  •       • Configuration API for all features for RMM/PSA integration
  •       • Discover Mode (TAP mode) for seamless integration for trials and PoCs.
  •       • Full-featured centralized management with Sophos Firewall Manager available as a hardware, software, or virtual appliance.
  •       • New virtual and software licensing model based on CPU and Memory resources.

 Firewall, Networking, and Routing

  •       • Stateful deep packet inspection firewall
  •       • FastPath Packet Optimization
  •       • User, group, time, or network based policies
  •       • Access time policies per user/group
  •       • Enforce policy across zones, networks, or by service type
  •       • Zone isolation and zone-based policy support.
  •       • Default zones for LAN, WAN, DMZ, LOCAL, VPN, and WiFi.
  •       • Custom zones on LAN or DMZ.
  •       • Customizable NAT policies with IP masquerading.
  •       • Flood protection: DoS, DDoS, and portscan blocking Country blocking by geo-IP.
  •       • Routing: static, multicast (PIM-SM) and dynamic (RIP, BGP, OSPF)
  •       • Upstream proxy support.
  •       • Protocol independent multicast routing with IGMP snooping.
  •       • Bridging with STP support and ARP broadcast forwarding VLAN DHCP support and tagging.
  •       • Multiple bridge supportWAN link balancing: multiple Internet connections, auto-link health check, automatic failover, automatic and weighted balancing, and granular multipath rules.
  •     • Wireless WAN support (n/an in virtual deployments).
  •     • 802.3ad interface link aggregation.
  •     • Full configuration of DNS, DHCP, and NTP Dynamic DNS.
  •     • IPv6 support with tunneling support including 6in4, 6to4, 4in6, and IPv6 rapid deployment (6th) through IPSec.

Base Traffic Shaping and Quotas

  •     • Flexible network or user based traffic shaping (QoS) (enhanced Web and App traffic shaping options are included with the Web Protection Subscription)
  •     • Set user-based traffic quotas on upload/download or total traffic and cyclical or non-cyclical.
  •     • Real-time VoIP optimization.
User Self-Serve Portal
  •     • Download the Sophos Authentication Client.
  •     • Download SSL remote access client (Windows) and configuration files (other OS).
  •     • Hotspot access information.
  •     • Change username and password.
  •     • View personal internet usage.
  •     • Access quarantined messages (requires Email Protection).
Base VPN Options
  •     • Site-to-site VPN: SSL, IPSec, 256- bit AES/3DES, PFS, RSA, X.509 certificates, pre-shared key.
  •     • L2TP and PPTP.
  •     • Remote access: SSL, IPsec, iPhone/iPad/Cisco/Andriod VPN client support.
  •     • SSL client for Windows and configuration download via user portal.
IPSec Client (sold separately)
  •     • Authentication: Pre-Shared Key (PSK), PKI (X.509), Smartcards, Token and XAUTH.
  •     • Encryption: AES (128/192/256), DES, 3DES (112/168), Blowfish, RSA (up to 2048 Bit), DH groups 1/2/5/14, MD5 and SHA-256/384/512.
  •     • Intelligent split-tunneling for optimum traffic routing.
  •     • NAT-traversal support.
  •     • Client-monitor for a graphical overview of connection status.
  •     • Multilingual: German, English, and French.
  •     • (ZIP, BZIP, GZIP, RAR, TAR, LHA/LZH, 7Z, Microsoft Cabinet)
  •     • Supports more than 20 file types.
  •     • Dynamic malware behavior analysis runs files in real environments.
  •     • In-depth malicious file reports and dashboard file release capability.
  •     • Average analysis time less than 120 seconds.
  •     • Flexible user and group policy options on file type, exclusions, and actions on analysis.
  •     • Supports one-time download links.
Application Protection and Control
  •     • Enhanced application control with signatures and Layer 7 patterns for thousands of applications.
  •     • Micro app discovery and control.
  •     • Application control based on category, characteristics (e.g., bandwidth and productivity consuming), technology (e.g., P2P) and risk level.
  •     • Per-user or network rule application control policy enforcement.
Web and App Traffic Shaping
  •     • Enhanced traffic shaping (QoS) options by web category or application to limit or guarantee upload/download or total traffic priority and bitrate individually or shared.
Email Protection Subscription
Email Protection and Control
  •    • E-mail scanning with SMTP, POP3, and IMAP support.
  •    • Reputation service with spam outbreak monitoring based on patented Recurrent-Pattern-Detection technology.
  •    • Block spam and malware during the SMTP transaction.
  •    • Second independent malware detection engine (Avira) for dual-scanning.
  •    • Live Protection real-time, in-the-cloud lookups for the latest threat intelligence.
  •    • Automatic signature and pattern updates.
  •    • File-Type detection/blocking/scanning of attachments.
  •    • Accept, reject or drop over-sized messages.
  •    • Detects phishing URLs within emails.
  •    • Use pre-defined content scanning rules or create your own custom rules based on a variety of criteria.
  •    • TLS Encryption support for SMTP, POP, and IMAP.
  •    • Append signature automatically to all outbound messages.
  •    • Email archiver
Email Quarantine Management
  •    • Spam quarantine digest and notifications options.
  •    • Malware and spam quarantines with search and filter options by date, sender, recipient, subject, and reason with the option to release and delete messages.
  •    • Self-serve user portal for viewing and releasing quarantined messages.
Logging and Reporting
  • NOTE: Individual log, report, and widget availability depend on enabled software subscriptions.
  •    • Hundreds of on-box reports with custom report options: Dashboards (Traffic, Security, and User Threat Quotient), Applications (App Risk, Blocked Apps, Search Engines, Web Servers, FTP), Network and Threats (IPS, ATP, Wireless, Security Heartbeat), VPN, Email, Compliance (HIPAA, GLBA, SOX, FISMA, PCI, NERC CIP v3, CIPA).
  •    • Current Activity Monitoring: system health, live users, IPsec connections, remote users, live connections, wireless clients, quarantine, and DoS attacks.
  •    • Report anonymization.
  •    • Report scheduling to multiple recipients by report group with flexible frequency options.
  •    • Export reports as HTML, PDF, Excel (XLS).
  •    • Report bookmarks
  •    • Full log viewer with retention customization by category

 

 Base Firewall

General Management

  •      • Purpose-built streamlined user interface.
  •      • Three-clicks-to-anywhere navigation.
  •      • Self-documenting menu system.
  •      • Advanced troubleshooting tools in GUI (e.g., Packet Capture)
  •      • High Availability (HA) support clustering two devices in active-active or active-passive mode.
  •      • Full command-line-interface (CLI) accessible from GUI.
  •      • Role-based administration.
  •      • Automated firmware update notification with easily automated update process and roll-back features.
  •      • Reusable system object definitions for networks, services, hosts,time periods, users and groups, clients and servers
  •      • Self-service user portal.
  •      • Configuration change tracking.
  •      • Flexible device access control for services by zones.
  •      • Email or SNMP trap notification options SNMP and Net flow support.
  •      • Central management support from Sophos Firewall Manager or       Sophos Cloud Firewall Manager.
  •      • Backup and restore configurations: locally, via FTP or email; on-demand, daily, weekly or monthly.
  •      • API for third party integration.
  •      • Remote access option for Sophos Support.
  •      • Cloud-based license management via My Sophos.

 Secure Wireless

  •      • Simple plug-and-play deployment of Sophos wireless access points (APs) — automatically appear on the firewall control center.
  •      • Central monitor and manage all APs and wireless clients through the built-in wireless controller.
  •      • Bridge APs to LAN, VLAN, or a separate zone with client isolation options.
  •      • Multiple SSID support per radio including hidden SSIDs
  •      • Support for the latest security and encryption including WPA2 Personal and Enterprise.
  •      • Support for IEEE 802.1X (RADIUS authentication)
  •      • Support for 802.11r (fast transition).
  •      • Hotspot support for (custom) vouchers, password of the day, or T&C acceptance.
  •      • Wireless guest Internet access with walled garden options.
  •      • Time-based wireless network access.
  •      • Wireless repeating and bridging meshed network mode with supported APs.
  •      • Automatic channel selection background optimization
  •      • Support for HTTPS login
  •      • Rogue AP detection

Authentication

  •      • Transparent, proxy authentication (NTLM/Kerberos) or client authentication.
  •      • Authentication via: Active Directory, eDirectory, RADIUS, LDAP, and TACACS+.
  •      • Server authentication agents for Active Directory SSO, STAS, SATC.
  •      • Client authentication agents for Windows, Mac OS X, Linux 32/64.
  •      • Authentication certificates for iOS and Android.
  •      • Single sign-on: Active directory, eDirectory.
  •      • Authentication services for IPSec, L2TP, PPTP, SSL.
  •      • Captive Portal.
Network Protection Subscription
Intrusion Prevention (IPS)
  •      • High-performance, a next-gen IPS deep packet inspection engine with selective IPS patterns for maximum performance and protection.
  •      • Thousands of signatures.
  •      • Support for custom IPS signatures.
  •      • Flexible IPS policy deployment as part of any network or user policy with full customization.
ATP and Security Heartbeat
  •      • Advanced Threat Protection (Detect and block network traffic attempting to contact command and control servers using multi-layered DNS, AFC, and firewall).
  •      • Sophos Security Heartbeat™ instantly identifies compromised endpoints including the host, user, process, incident count, and time of compromise.
  •      • Sophos Security Heartbeat™ policies can limit access to network resources or completely isolate compromised systems until they are cleaned up.
Remote Ethernet Device (RED) VPN
  •      • Central Management of all RED devices.
  •      • No configuration: Automatically connects through a cloud-based provisioning service.
  •      • Secure encrypted tunnel using digital X.509 certificates and AES256-encryption.
  •      • Virtual Ethernet for reliable transfer of all traffic between locations.
  •      • IP address management with centrally defined DHCP and DNS Server configuration. 
  •      • Remotely de-authorize RED devices after a select period of inactivity.
  •      • Compression of tunnel traffic.
  •      • VLAN port configuration options (RED 50).
Clientless VPN
  •      • Sophos unique encrypted HTML5 self-service portal with support for RDP, HTTP, HTTPS, SSH, Telnet, and VNC.

Web Protection Subscription
Web Protection and Control

  •      • Fully transparent proxy for anti-malware and web-filtering
  •      • Enhanced Advanced Threat Protection.
  •      • URL Filter database with millions of sites across 92 categories, backed by SophosLabs.
  •      • Surfing quota time policies per user/group.
  •      • Access time policies per user/group.
  •      • Malware scanning: block all forms of viruses, web malware, trojans, and spyware on HTTP/S, FTP, and web-based email.
  •      • Advanced web malware protection with JavaScript emulation.
  •      • Live Protection real-time, in-the-cloud lookups for the latest threat intelligence.
  •      • Second independent malware detection engine (Avira) for dual-scanning.
  •      • Real-time or batch mode scanning.
  •      • Pharming Protection.
  •      • HTTP and HTTPS scanning and enforcement on any network and user policy with fully customizable rules and exceptions.
  •      • SSL protocol tunneling detection and enforcement.
  •      • Certificate validation.
  •      • High-performance web content caching.
  •      • Forced caching for Sophos Endpoint updates.
  •      • File type filtering by mime-type, extension and active content types (e.g. Activex, applets, cookies, etc.).
  •      • YouTube for Schools enforcement.
  •      • SafeSearch enforcement.

Web Server Protection Subscription

Web Application Firewall Protection

  •      • Reverse proxy.
  •      • URL hardening engine with deep-linking and directory traversal prevention.
  •      • Form hardening engine.
  •      • SQL injection protection.
  •      • Cross-site scripting protection.
  •      • Dual-antivirus engines (Sophos and Avira).
  •      • HTTPS (SSL) encryption offloading.
  •      • Cookie signing with digital signatures.
  •      • Path-based routing.
  •      • Outlook anywhere protocol support.
  •      • Reverse authentication (offloading) for form-based and basic authentication for server access.
  •      • Virtual server and physical server abstraction.
  •      • Integrated load balancer spreads visitors across multiple servers.
  •      • Skip individual checks in a granular fashion as required.
  •      • Match requests from source networks or specified target URLs.
  •      • Support for logical and/or operators.
  •      • Assists compatibility with various configurations and non-standard deployments.
  •      • Options to change Web AppliactionFIrewall performance parameters.
  •      • Scan size limit option.
  •      • Allow/Block IP ranges.
  •      • Wildcard support for server paths.
  •      • Automatically append a prefix/suffix for authentication.

 

 

Details

BENEFITS

Sophos XG Firewall – The next thing in next-gen

XG Firewall is optimized for today’s business, delivering all the protection and insights you need in a single, powerful appliance that’s easy to manage

Advanced protection made simple

Most firewall products make you set up and manage policies across multiple modules or screens. Not Sophos. We provide a powerful unified policy model that allows you to manage, view, filter, and sort all your user, application and network policies on a single screen.

More-in-one protection

You get all the next-gen firewall features you need plus features you can’t get anywhere else – including our revolutionary Security Heartbeat™, full web application firewall, and complete email anti-spam, encryption, and DLP. No extra hardware. No extra cost. Simply choose what you want to deploy.

On-box reports included as standard

With hundreds of built-in reports, you’ll know exactly what’s happening with your users and your network. You get detailed reports as standard, stored locally with no separate tools required. And our unique User Threat Quotient reports show you which of your users are putting your security at risk.

Potent, powerful … fast

We’ve engineered XG Firewall to deliver outstanding performance. Our appliances are built using Intel multi-core technology, solid-state drives, and accelerated in-memory content scanning. In addition, Sophos FastPath packet optimization technology ensures you’ll always get maximum throughput.

Simply manage multiple firewalls

Sophos Firewall Manager provides a single console for the complete central management of multiple XG Firewalls.And if you also want to consolidate reporting across multiple XG, SG, and Cyberoam appliances then with Sophos iView, you can.

Network Protection

All the protection you need to stop sophisticated attacks and advanced threats while providing secure network access to those you trust.

Next-gen Intrusion Prevention System

Provides advanced protection from all types of modern attacks. It goes beyond traditional server and network resources to protect users and apps on the network as well.

Advanced Threat Protection

Instant identification and immediate response to today’s most sophisticated attacks. Multi-layered protection identifies threats instantly and Security Heartbeat™ provides an emergency response.

Security Heartbeat

Creates a link between your Sophos Cloud Endpoints and your Firewall to identify threats faster, simplify investigation and minimize impact from attacks. Easily incorporate Heartbeat status into firewall policies to automatically isolate compromised systems.

Advanced VPN technologies

Adds unique and simple VPN technologies including our clientless HTML5 self-service portal that makes remote access incredibly simple or utilize our exclusive light-weight secure RED (Remote Ethernet Device) VPN technology.

Web Protection

Comprehensive web protection and application control with powerful and flexible policy tools ensure your networked users are secure and productive.

Powerful user and group web policy

Provides enterprise-level Secure Web Gateway policy controls to easily manage sophisticated user and group web controls.

Advanced Web Threat Protection

Backed by SophosLabs, our advanced engine provides the ultimate protection from today’s polymorphic and obfuscated web threats. Innovative techniques like JavaScript emulation, behavioral analysis, and origin reputation help keep your network safe.

High-performance transparent proxy

Optimized for top performance, our transparent proxy technology provides ultra-low latency inspection and HTTPS scanning of all traffic for threats and compliance.

Layer-8 Application Control and QoS

Enables user-aware visibility and control over thousands of applications with granular policy and traffic-shaping (QoS) options based on application category, risk, and other characteristics.

Sandstorm Protection

Sophos Sandstorm uses next-gen cloud-sandbox technology to give your organization an extra layer of security against ransomware and targeted attacks.

It integrates with your XG Firewall and is cloud-delivered so there’s no additional hardware required. Sophos Sandstorm blocks evasive threats like ransomware, disguised as executables, PDFs, and Microsoft Office documents — sending them to a cloud sandbox to be detonated and observed in a safe environment.

Threat intelligence is fed back to your XG Firewall and the file blocked or permitted. The process takes just a couple of minutes with minimal impact to the user. And Sandstorm gives you detailed threat reports for every incident so you know exactly what’s going on.

Email Protection

Full SMTP and POP message protection from spam, phishing and data loss with our unique all-in-one protection that combines policy-based email encryption with DLP and anti-spam.

Integrated Message Transfer Agent

Ensures always-on business continuity for your email, allowing the firewall to automatically queue mail in the event servers become unavailable.

Live Anti-Spam

Provides protection from the latest spam campaigns, phishing attacks, and malicious attachments.

Self-serve Quarantine

Gives employees direct control over their spam quarantine, saving you time and effort.

SPX Email Encryption

Unique to Sophos, SPX makes it easy to send encrypted email to anyone, even those without any kind of trust infrastructure using our patent-pending password-based encryption technology.

Data Loss Prevention

Policy based DLP can automatically trigger encryption or block/notify based on the presence of sensitive data in emails leaving the organization.

Web Server Protection

Harden your web servers and business applications against hacking attempts with a full-featured Web Application Firewall while providing secure access with reverse proxy authentication.

Business Application Policy Templates

Pre-defined policy templates let you protect common applications like Microsoft Exchange Outlook Anywhere or SharePoint quickly and easily.

Protection from the latest hacks and attacks

With a variety of advanced protection technologies including URL and form hardening, deep-linking and directory traversal prevention, SQL injection and cross-site scripting protection, cookie signing and more.

Reverse proxy

With authentication options, SSL offloading, and server load balancing ensures maximum protection and performance for your servers being accessed from the internet.

Specifications

Benefits

BENEFITS

Sophos XG Firewall – The next thing in next-gen

XG Firewall is optimized for today’s business, delivering all the protection and insights you need in a single, powerful appliance that’s easy to manage

Advanced protection made simple

Most firewall products make you set up and manage policies across multiple modules or screens. Not Sophos. We provide a powerful unified policy model that allows you to manage, view, filter, and sort all your user, application and network policies on a single screen.

More-in-one protection

You get all the next-gen firewall features you need plus features you can’t get anywhere else – including our revolutionary Security Heartbeat™, full web application firewall, and complete email anti-spam, encryption, and DLP. No extra hardware. No extra cost. Simply choose what you want to deploy.

On-box reports included as standard

With hundreds of built-in reports, you’ll know exactly what’s happening with your users and your network. You get detailed reports as standard, stored locally with no separate tools required. And our unique User Threat Quotient reports show you which of your users are putting your security at risk.

Potent, powerful … fast

We’ve engineered XG Firewall to deliver outstanding performance. Our appliances are built using Intel multi-core technology, solid-state drives, and accelerated in-memory content scanning. In addition, Sophos FastPath packet optimization technology ensures you’ll always get maximum throughput.

Simply manage multiple firewalls

Sophos Firewall Manager provides a single console for the complete central management of multiple XG Firewalls.And if you also want to consolidate reporting across multiple XG, SG, and Cyberoam appliances then with Sophos iView, you can.

Network Protection

All the protection you need to stop sophisticated attacks and advanced threats while providing secure network access to those you trust.

Next-gen Intrusion Prevention System

Provides advanced protection from all types of modern attacks. It goes beyond traditional server and network resources to protect users and apps on the network as well.

Advanced Threat Protection

Instant identification and immediate response to today’s most sophisticated attacks. Multi-layered protection identifies threats instantly and Security Heartbeat™ provides an emergency response.

Security Heartbeat

Creates a link between your Sophos Cloud Endpoints and your Firewall to identify threats faster, simplify investigation and minimize impact from attacks. Easily incorporate Heartbeat status into firewall policies to automatically isolate compromised systems.

Advanced VPN technologies

Adds unique and simple VPN technologies including our clientless HTML5 self-service portal that makes remote access incredibly simple or utilize our exclusive light-weight secure RED (Remote Ethernet Device) VPN technology.

Web Protection

Comprehensive web protection and application control with powerful and flexible policy tools ensure your networked users are secure and productive.

Powerful user and group web policy

Provides enterprise-level Secure Web Gateway policy controls to easily manage sophisticated user and group web controls.

Advanced Web Threat Protection

Backed by SophosLabs, our advanced engine provides the ultimate protection from today’s polymorphic and obfuscated web threats. Innovative techniques like JavaScript emulation, behavioral analysis, and origin reputation help keep your network safe.

High-performance transparent proxy

Optimized for top performance, our transparent proxy technology provides ultra-low latency inspection and HTTPS scanning of all traffic for threats and compliance.

Layer-8 Application Control and QoS

Enables user-aware visibility and control over thousands of applications with granular policy and traffic-shaping (QoS) options based on application category, risk, and other characteristics.

Sandstorm Protection

Sophos Sandstorm uses next-gen cloud-sandbox technology to give your organization an extra layer of security against ransomware and targeted attacks.

It integrates with your XG Firewall and is cloud-delivered so there’s no additional hardware required. Sophos Sandstorm blocks evasive threats like ransomware, disguised as executables, PDFs, and Microsoft Office documents — sending them to a cloud sandbox to be detonated and observed in a safe environment.

Threat intelligence is fed back to your XG Firewall and the file blocked or permitted. The process takes just a couple of minutes with minimal impact to the user. And Sandstorm gives you detailed threat reports for every incident so you know exactly what’s going on.

Email Protection

Full SMTP and POP message protection from spam, phishing and data loss with our unique all-in-one protection that combines policy-based email encryption with DLP and anti-spam.

Integrated Message Transfer Agent

Ensures always-on business continuity for your email, allowing the firewall to automatically queue mail in the event servers become unavailable.

Live Anti-Spam

Provides protection from the latest spam campaigns, phishing attacks, and malicious attachments.

Self-serve Quarantine

Gives employees direct control over their spam quarantine, saving you time and effort.

SPX Email Encryption

Unique to Sophos, SPX makes it easy to send encrypted email to anyone, even those without any kind of trust infrastructure using our patent-pending password-based encryption technology.

Data Loss Prevention

Policy based DLP can automatically trigger encryption or block/notify based on the presence of sensitive data in emails leaving the organization.

Web Server Protection

Harden your web servers and business applications against hacking attempts with a full-featured Web Application Firewall while providing secure access with reverse proxy authentication.

Business Application Policy Templates

Pre-defined policy templates let you protect common applications like Microsoft Exchange Outlook Anywhere or SharePoint quickly and easily.

Protection from the latest hacks and attacks

With a variety of advanced protection technologies including URL and form hardening, deep-linking and directory traversal prevention, SQL injection and cross-site scripting protection, cookie signing and more.

Reverse proxy

With authentication options, SSL offloading, and server load balancing ensures maximum protection and performance for your servers being accessed from the internet.

Features

XG FIREWALL FEATURES

 

Sophos XG Firewall

  Highlights

  •       • Purpose-built user interfaces with an interactive control center.
  •       • Optimized three-clicks-to-anywhere navigation.       
  •       • Policy Control Centre Widget monitors policy activity for business, user and network policies and tracks unused, disabled, changed and new policies.
  •       • Policy Control Centre Widget monitors policy activity for business, and sharing user and network policies and tracks unused, disabled, changed and new policies.
  •       • New unified policy model enabling all business, user, and network policies to be managed on a single screen with powerful filtering and search options.
  •       • Policy Templates for common business applications like Microsoft Exchange, SharePoint, Lync, and much more defined in XML end sharing.
  •       • Policy Templates for common business applications like Microsoft Exchange, SharePoint, Lync, and much more defined in XML enabling customization and sharing.
  •       • Policy natural language descriptions and at-a-glance policy enforcement indicators.
  •       • Custom IPS, Web, App, and Traffic Shaping (QoS) settings per user or network policy on a single screen.
  •       • Layer-8 user identity awareness across key areas of the firewall.
  •       • Sophos Security Heartbeat connecting Sophos endpoints with the Firewall to share health status and telemetry to enable instant identification of unhealthy or compromised endpoints
  •       • Policy support for Sophos Security Heartbeat to automatically isolate or limit network access to compromised endpoints
  •       • User Threat Quotient for identifying risky users based on recent browsing behavior and ATP triggers.
  •       • Application Risk Meter provides and overall risk factor based on the risk level of applications on the network.
  •       • Configuration API for all features for RMM/PSA integration
  •       • Discover Mode (TAP mode) for seamless integration for trials and PoCs.
  •       • Full-featured centralized management with Sophos Firewall Manager available as a hardware, software, or virtual appliance.
  •       • New virtual and software licensing model based on CPU and Memory resources.

 Firewall, Networking, and Routing

  •       • Stateful deep packet inspection firewall
  •       • FastPath Packet Optimization
  •       • User, group, time, or network based policies
  •       • Access time policies per user/group
  •       • Enforce policy across zones, networks, or by service type
  •       • Zone isolation and zone-based policy support.
  •       • Default zones for LAN, WAN, DMZ, LOCAL, VPN, and WiFi.
  •       • Custom zones on LAN or DMZ.
  •       • Customizable NAT policies with IP masquerading.
  •       • Flood protection: DoS, DDoS, and portscan blocking Country blocking by geo-IP.
  •       • Routing: static, multicast (PIM-SM) and dynamic (RIP, BGP, OSPF)
  •       • Upstream proxy support.
  •       • Protocol independent multicast routing with IGMP snooping.
  •       • Bridging with STP support and ARP broadcast forwarding VLAN DHCP support and tagging.
  •       • Multiple bridge supportWAN link balancing: multiple Internet connections, auto-link health check, automatic failover, automatic and weighted balancing, and granular multipath rules.
  •     • Wireless WAN support (n/an in virtual deployments).
  •     • 802.3ad interface link aggregation.
  •     • Full configuration of DNS, DHCP, and NTP Dynamic DNS.
  •     • IPv6 support with tunneling support including 6in4, 6to4, 4in6, and IPv6 rapid deployment (6th) through IPSec.

Base Traffic Shaping and Quotas

  •     • Flexible network or user based traffic shaping (QoS) (enhanced Web and App traffic shaping options are included with the Web Protection Subscription)
  •     • Set user-based traffic quotas on upload/download or total traffic and cyclical or non-cyclical.
  •     • Real-time VoIP optimization.
User Self-Serve Portal
  •     • Download the Sophos Authentication Client.
  •     • Download SSL remote access client (Windows) and configuration files (other OS).
  •     • Hotspot access information.
  •     • Change username and password.
  •     • View personal internet usage.
  •     • Access quarantined messages (requires Email Protection).
Base VPN Options
  •     • Site-to-site VPN: SSL, IPSec, 256- bit AES/3DES, PFS, RSA, X.509 certificates, pre-shared key.
  •     • L2TP and PPTP.
  •     • Remote access: SSL, IPsec, iPhone/iPad/Cisco/Andriod VPN client support.
  •     • SSL client for Windows and configuration download via user portal.
IPSec Client (sold separately)
  •     • Authentication: Pre-Shared Key (PSK), PKI (X.509), Smartcards, Token and XAUTH.
  •     • Encryption: AES (128/192/256), DES, 3DES (112/168), Blowfish, RSA (up to 2048 Bit), DH groups 1/2/5/14, MD5 and SHA-256/384/512.
  •     • Intelligent split-tunneling for optimum traffic routing.
  •     • NAT-traversal support.
  •     • Client-monitor for a graphical overview of connection status.
  •     • Multilingual: German, English, and French.
  •     • (ZIP, BZIP, GZIP, RAR, TAR, LHA/LZH, 7Z, Microsoft Cabinet)
  •     • Supports more than 20 file types.
  •     • Dynamic malware behavior analysis runs files in real environments.
  •     • In-depth malicious file reports and dashboard file release capability.
  •     • Average analysis time less than 120 seconds.
  •     • Flexible user and group policy options on file type, exclusions, and actions on analysis.
  •     • Supports one-time download links.
Application Protection and Control
  •     • Enhanced application control with signatures and Layer 7 patterns for thousands of applications.
  •     • Micro app discovery and control.
  •     • Application control based on category, characteristics (e.g., bandwidth and productivity consuming), technology (e.g., P2P) and risk level.
  •     • Per-user or network rule application control policy enforcement.
Web and App Traffic Shaping
  •     • Enhanced traffic shaping (QoS) options by web category or application to limit or guarantee upload/download or total traffic priority and bitrate individually or shared.
Email Protection Subscription
Email Protection and Control
  •    • E-mail scanning with SMTP, POP3, and IMAP support.
  •    • Reputation service with spam outbreak monitoring based on patented Recurrent-Pattern-Detection technology.
  •    • Block spam and malware during the SMTP transaction.
  •    • Second independent malware detection engine (Avira) for dual-scanning.
  •    • Live Protection real-time, in-the-cloud lookups for the latest threat intelligence.
  •    • Automatic signature and pattern updates.
  •    • File-Type detection/blocking/scanning of attachments.
  •    • Accept, reject or drop over-sized messages.
  •    • Detects phishing URLs within emails.
  •    • Use pre-defined content scanning rules or create your own custom rules based on a variety of criteria.
  •    • TLS Encryption support for SMTP, POP, and IMAP.
  •    • Append signature automatically to all outbound messages.
  •    • Email archiver
Email Quarantine Management
  •    • Spam quarantine digest and notifications options.
  •    • Malware and spam quarantines with search and filter options by date, sender, recipient, subject, and reason with the option to release and delete messages.
  •    • Self-serve user portal for viewing and releasing quarantined messages.
Logging and Reporting
  • NOTE: Individual log, report, and widget availability depend on enabled software subscriptions.
  •    • Hundreds of on-box reports with custom report options: Dashboards (Traffic, Security, and User Threat Quotient), Applications (App Risk, Blocked Apps, Search Engines, Web Servers, FTP), Network and Threats (IPS, ATP, Wireless, Security Heartbeat), VPN, Email, Compliance (HIPAA, GLBA, SOX, FISMA, PCI, NERC CIP v3, CIPA).
  •    • Current Activity Monitoring: system health, live users, IPsec connections, remote users, live connections, wireless clients, quarantine, and DoS attacks.
  •    • Report anonymization.
  •    • Report scheduling to multiple recipients by report group with flexible frequency options.
  •    • Export reports as HTML, PDF, Excel (XLS).
  •    • Report bookmarks
  •    • Full log viewer with retention customization by category

 

 Base Firewall

General Management

  •      • Purpose-built streamlined user interface.
  •      • Three-clicks-to-anywhere navigation.
  •      • Self-documenting menu system.
  •      • Advanced troubleshooting tools in GUI (e.g., Packet Capture)
  •      • High Availability (HA) support clustering two devices in active-active or active-passive mode.
  •      • Full command-line-interface (CLI) accessible from GUI.
  •      • Role-based administration.
  •      • Automated firmware update notification with easily automated update process and roll-back features.
  •      • Reusable system object definitions for networks, services, hosts,time periods, users and groups, clients and servers
  •      • Self-service user portal.
  •      • Configuration change tracking.
  •      • Flexible device access control for services by zones.
  •      • Email or SNMP trap notification options SNMP and Net flow support.
  •      • Central management support from Sophos Firewall Manager or       Sophos Cloud Firewall Manager.
  •      • Backup and restore configurations: locally, via FTP or email; on-demand, daily, weekly or monthly.
  •      • API for third party integration.
  •      • Remote access option for Sophos Support.
  •      • Cloud-based license management via My Sophos.

 Secure Wireless

  •      • Simple plug-and-play deployment of Sophos wireless access points (APs) — automatically appear on the firewall control center.
  •      • Central monitor and manage all APs and wireless clients through the built-in wireless controller.
  •      • Bridge APs to LAN, VLAN, or a separate zone with client isolation options.
  •      • Multiple SSID support per radio including hidden SSIDs
  •      • Support for the latest security and encryption including WPA2 Personal and Enterprise.
  •      • Support for IEEE 802.1X (RADIUS authentication)
  •      • Support for 802.11r (fast transition).
  •      • Hotspot support for (custom) vouchers, password of the day, or T&C acceptance.
  •      • Wireless guest Internet access with walled garden options.
  •      • Time-based wireless network access.
  •      • Wireless repeating and bridging meshed network mode with supported APs.
  •      • Automatic channel selection background optimization
  •      • Support for HTTPS login
  •      • Rogue AP detection

Authentication

  •      • Transparent, proxy authentication (NTLM/Kerberos) or client authentication.
  •      • Authentication via: Active Directory, eDirectory, RADIUS, LDAP, and TACACS+.
  •      • Server authentication agents for Active Directory SSO, STAS, SATC.
  •      • Client authentication agents for Windows, Mac OS X, Linux 32/64.
  •      • Authentication certificates for iOS and Android.
  •      • Single sign-on: Active directory, eDirectory.
  •      • Authentication services for IPSec, L2TP, PPTP, SSL.
  •      • Captive Portal.
Network Protection Subscription
Intrusion Prevention (IPS)
  •      • High-performance, a next-gen IPS deep packet inspection engine with selective IPS patterns for maximum performance and protection.
  •      • Thousands of signatures.
  •      • Support for custom IPS signatures.
  •      • Flexible IPS policy deployment as part of any network or user policy with full customization.
ATP and Security Heartbeat
  •      • Advanced Threat Protection (Detect and block network traffic attempting to contact command and control servers using multi-layered DNS, AFC, and firewall).
  •      • Sophos Security Heartbeat™ instantly identifies compromised endpoints including the host, user, process, incident count, and time of compromise.
  •      • Sophos Security Heartbeat™ policies can limit access to network resources or completely isolate compromised systems until they are cleaned up.
Remote Ethernet Device (RED) VPN
  •      • Central Management of all RED devices.
  •      • No configuration: Automatically connects through a cloud-based provisioning service.
  •      • Secure encrypted tunnel using digital X.509 certificates and AES256-encryption.
  •      • Virtual Ethernet for reliable transfer of all traffic between locations.
  •      • IP address management with centrally defined DHCP and DNS Server configuration. 
  •      • Remotely de-authorize RED devices after a select period of inactivity.
  •      • Compression of tunnel traffic.
  •      • VLAN port configuration options (RED 50).
Clientless VPN
  •      • Sophos unique encrypted HTML5 self-service portal with support for RDP, HTTP, HTTPS, SSH, Telnet, and VNC.

Web Protection Subscription
Web Protection and Control

  •      • Fully transparent proxy for anti-malware and web-filtering
  •      • Enhanced Advanced Threat Protection.
  •      • URL Filter database with millions of sites across 92 categories, backed by SophosLabs.
  •      • Surfing quota time policies per user/group.
  •      • Access time policies per user/group.
  •      • Malware scanning: block all forms of viruses, web malware, trojans, and spyware on HTTP/S, FTP, and web-based email.
  •      • Advanced web malware protection with JavaScript emulation.
  •      • Live Protection real-time, in-the-cloud lookups for the latest threat intelligence.
  •      • Second independent malware detection engine (Avira) for dual-scanning.
  •      • Real-time or batch mode scanning.
  •      • Pharming Protection.
  •      • HTTP and HTTPS scanning and enforcement on any network and user policy with fully customizable rules and exceptions.
  •      • SSL protocol tunneling detection and enforcement.
  •      • Certificate validation.
  •      • High-performance web content caching.
  •      • Forced caching for Sophos Endpoint updates.
  •      • File type filtering by mime-type, extension and active content types (e.g. Activex, applets, cookies, etc.).
  •      • YouTube for Schools enforcement.
  •      • SafeSearch enforcement.

Web Server Protection Subscription

Web Application Firewall Protection

  •      • Reverse proxy.
  •      • URL hardening engine with deep-linking and directory traversal prevention.
  •      • Form hardening engine.
  •      • SQL injection protection.
  •      • Cross-site scripting protection.
  •      • Dual-antivirus engines (Sophos and Avira).
  •      • HTTPS (SSL) encryption offloading.
  •      • Cookie signing with digital signatures.
  •      • Path-based routing.
  •      • Outlook anywhere protocol support.
  •      • Reverse authentication (offloading) for form-based and basic authentication for server access.
  •      • Virtual server and physical server abstraction.
  •      • Integrated load balancer spreads visitors across multiple servers.
  •      • Skip individual checks in a granular fashion as required.
  •      • Match requests from source networks or specified target URLs.
  •      • Support for logical and/or operators.
  •      • Assists compatibility with various configurations and non-standard deployments.
  •      • Options to change Web AppliactionFIrewall performance parameters.
  •      • Scan size limit option.
  •      • Allow/Block IP ranges.
  •      • Wildcard support for server paths.
  •      • Automatically append a prefix/suffix for authentication.

 

 

Documentation

   XG Firewall Document

Send inquiry? Yes
Firewall throughput

45 Gbps

VPN Throughput

5.5 Gbps

IPS Throughput

10 Gbps

Antivirus Throughput

7 Gbps

Concurrent connections

20,000,000

New Connections

200,000

Maximum Licensed users

unrestricted

No of antennas No
Wireless interface No
Storage

integrated SSD x2

Ethernet Interfaces

8 GE copper

2 x USB 2.0 1 x COM (RJ45)

2 x USB 3.0 (front) 1 x USB 3.0 (rear) 1 x COM (RJ45) (front) 1 x VGA (rear)

Power Supply

Internal autoranging 100- 240VAC, 50-60 Hz

Display

Multi-function LCD module

Mountage

1U rackmount (sliding rails incl.)

Dimensions Width x Depth x Height

438 x 483 x 44mm 17.24 x 19 x 1.75 inches

Weight

8.3 kg / 18.29 lbs (unpacked) 13.1 kg / 28.88 lbs (packed)

Details

Product Tags

Use spaces to separate tags. Use single quotes (') for phrases.

Reviews

Write Your Own Review

You're reviewing: Sophos XG 450 Firewall