In Review: Sophos XG-135

The Sophos XG 135 firewall is one of the best mid-sized business firewalls that offers superior performance with a simple management interface. The XG 135 firewalls are rated for 51-100 users, 8 Gbps firewall throughput, and 1.18 Gbps VPN throughput. Trust that your network security environment is protected with any of the Sophos XG 135 licenses that include Total Protect, Total Protect Plus, Enterprise Protect, or Enterprise Protect Plus enhanced security features. On review the XG135 looks fit for duty in mid-sized businesses, with the manufacturer claiming a remarkably high UTM throughput of 1.4Gbits/sec. It’s excellent value: the appliance and a year’s TotalProtect subscription, which activates all features.

There’s more. As well as eight Gigabit ports, the XG 185w provides dual–band 802.11ac wireless services. It also has an internal 64GB SSD, which is used for log and report storage and as a quarantine area.

It supports routed or transparent bridge modes, and a wizard handles installation. This offers a choice of operations, and the option to start in passive mode or apply a default security policy.

The new web console is a pleasure to use and opens with a complete overview of all network activity and security issues. It provides a smart web-traffic graph showing hit rates at five-minute intervals, along with bar charts for blocked and allowed applications, and detected network attacks.

Below these are counters showing the number of risky apps, dodgy websites and intrusions being spotted. Security policies are simple to deploy; ports can be grouped into zones with options for LAN, WAN and DMZ or your own custom zones.

You can organise wireless SSIDs in separate zones, which will allow you to set up guest access and enforce special security policies. Firewall rules are applied to source and destination zones and each can include app control, web filtering, IPS and traffic-shaping policies.

To use the identity-based security, users authenticate to an external directory server or log in to the appliance using the Sophos Client Authentication Agent. This can be downloaded directly from the appliance’s captive web portal, which also has links for Linux and OS X clients, and certificates for Android and iOS.

We were impressed by its controls for users and groups, which allowed us to apply web filtering, internet access and bandwidth-usage policies individually. Furthermore, you can enforce data-transfer limits on uploads and downloads, and have discrete daily, weekly, monthly, and yearly quotas.

Its Security Heartbeat feature sends all endpoint activity data to the appliance, on the basis of which it displays a coloured status icon on its homepage. Setting it up was as simple as entering our Sophos Cloud account credentials.

The clever bit comes next: we could specify that our security policies should require a minimum Heartbeat condition. If a single Sophos Cloud-protected endpoint is compromised, the status turns red, and the policy can be used to instantly block access to all users and devices in that zone.

At the same time, the embedded iView syslog server stores all logs and presents a range of activity reports. These provide impressive levels of information, including details on firewall, virus, and spam activity, as well as web-content filtering.

Clicking on a graph provides a breakdown of all traffic types and iView includes compliance reports for HIPAA, PCI, SOX and more. User Threat Quotient reports use security data aggregated for up to a fortnight so you can easily spot high-risk users.

Verdict

Strengths:

Great product for the price; an excellent choice for those running inside the Sophos ecosystem.

Weakness:

No ability to customize the control center, UI could be a bit more focused.

The XG 135w mixes together a superb range of security measures and serves them up at a price that does not hurt the pocket. The high performance makes it a great long-term investment, and its slick integration with Sophos Cloud.

  • Desktop Chassis
  • 4GHz Intel Atom C2558 CPU
  • 6GB RAM
  • 8 X Gigabit Ethernet
  • 64GB SSD
  • 2 X USB 2
  • RJ45 Serial
  • VGA
  • Dual- Band 802.11ac Wireless
  • External PSU
  • Web Browser Management

Leave a Reply