Shipping Policy
24/7 Customer Support
Login/Register
Book an Appointment
One-Stop Shop
Quality Solutions
Dedicated Support
Fast Shipping
Description
The Sophos XGS 136(w) Firewall is a comprehensive, all-in-one security solution designed to protect your network, web servers, email systems, and digital infrastructure from a wide array of cyber threats. Powered by Xstream architecture, the XGS 136(w) delivers high-performance TLS inspection, application acceleration, and robust threat protection. This solution is ideal for small to medium-sized businesses, branch offices, and retail environments, providing powerful and scalable protection.
Also see:
· Sophos XGS 136(w) Firewall with Protection Bundles Subscription
· Sophos XGS 136(w) Firewall Support, Training and Professional services
· Sophos XGS 136(w) Firewall Accessories and Add-Ons
Key Protection Modules
Central Orchestration
Firewall Central Orchestration simplifies the management of VPN tunnels between multiple firewalls and supports complex network topologies like full mesh and hub-and-spoke configurations. As part of the Xstream Protection Bundle, it allows for centralized control and management of security across multiple locations, providing a flexible, scalable solution suitable for businesses of all sizes.
Key Features
|
Powerful Protection |
The XGS 136(w) Firewall Security Appliance delivers the industry’s best visibility, protection, and performance. It provides powerful threat protection and high-performance TLS inspection. |
|
Superior Performance |
The XGS 136(w) is powered by a high-speed CPU and a dedicated Xstream Flow Processor for hardware acceleration. It offers a firewall throughput of 3,850 Mbps, TLS inspection of 375 Mbps, and VPN throughput of 375 Mbps. |
|
Connectivity Options |
The appliance comes with 4 GE copper and 1 SFP Fiber interfaces. It also includes 1 x COM RJ45, 1 x COM Micro-USB, 1 x USB 2.0 (front), and 1 x USB 3.0 (rear) interfaces. |
|
Modularity |
The XGS 136(w) offers the perfect balance between price and performance, with the modularity that smaller businesses, retail outlets, and branch offices need to grow and adapt to changing circumstances. |
|
Integrated Wi-Fi (XGS 136(w)w Only) |
Offers wireless connectivity, allowing for flexible deployment and easy access for users. |
|
Simple Management Interface |
The XGS 136(w) offers a simple management interface, making it one of the best SMB firewalls. |
|
Performance |
The firewall offers a throughput of 3.7 Gbps and a VPN throughput of 375 Mbps1. It is rated for 1-10 users |
A support subscription is required to receive firmware upgrades. Enhanced support is included in all protection bundles, but you can enhance your support experience further by upgrading.
|
Additional Protection Modules |
|
|
Email Protection |
On-box antispam, AV, DLP, encryption |
|
Web Server Protection |
Web Application Firewall |
|
Additional Support Options |
|
|
Enhanced Plus Support Upgrade |
Upgrade your support with VIP support, HW warranty for add-ons, TAM option (extra cost) |
Network Protection
The Network Protection module offers multi-layered Advanced Threat Protection (ATP), defending against targeted attacks and Advanced Persistent Threats (APTs). It includes an Intrusion Prevention System (IPS) that blocks application and protocol attacks, a VPN gateway for secure remote access, and a Self-Service User Portal for easy user management, reducing IT workload. Built-in reporting capabilities provide valuable security insights, and the XGS 136(w) can be deployed as a hardware, virtualized, software, or cloud-based appliance to meet specific needs.
Key Features
|
Intrusion Prevention (IPS) |
|
· High-performance, next-gen IPS engine with selective patterns. · Thousands of signatures. · Granular category selection. · Support for custom IPS signatures. · Dynamic policies with IPS Policy Smart Filters. |
|
Advanced Threat Protection (ATP) and Security Heartbeat |
|
· Detects and blocks network traffic to command and control servers. · Sophos Security Heartbeat identifies compromised endpoints. · Policies can limit access or isolate compromised systems. |
|
SD-RED Device Management |
|
· Central management for SD-RED devices. · Automatic cloud-based provisioning. · Secure encrypted tunnel with X.509 certificates. · Reliable traffic transfer using Virtual Ethernet. · IP address management and remote de-authorization. |
|
Clientless VPN |
|
· Sophos unique encrypted HTML5 self-service portal. · Supports RDP, SSH, Telnet, and VNC. |
A support subscription is required to receive firmware upgrades. Enhanced support is included in all protection bundles, but you can enhance your support experience further by upgrading.
|
Additional Protection Modules |
|
|
Email Protection |
On-box antispam, AV, DLP, encryption |
|
Web Server Protection |
Web Application Firewall |
|
Additional Support Options |
|
|
Enhanced Plus Support Upgrade |
Upgrade your support with VIP support, HW warranty for add-ons, TAM option (extra cost) |
Standard Protection
Standard Protection on the XGS 136(w) defends against a range of threats through deep packet inspection, next-gen IPS, and web protection powered by SophosLabs Intelix. With support for deep learning and sandboxing, this protection offers customizable security settings through point-and-click policy tools in an easy-to-manage interface. It provides a firewall throughput of 3,700 Mbps and a VPN throughput of 375 Mbps, making it suitable for up to 10 users.
Key Features
|
Advanced Threat Protection |
It provides powerful protection against a wide range of threats, including malware, ransomware, and advanced persistent threats (APTs). |
|
Web Filtering |
This feature allows you to control access to certain types of websites, enhancing the overall security of your network. |
|
Intrusion Prevention System (IPS) |
The IPS feature helps detect and prevent attacks from threats that seek to exploit vulnerabilities in your network. |
|
Email Protection |
It offers protection against email-based threats, such as phishing and spam emails. |
|
VPN Support |
The firewall supports Virtual Private Network (VPN) connections, allowing secure remote access to your network. |
A support subscription is required to receive firmware upgrades. Enhanced support is included in all protection bundles, but you can enhance your support experience further by upgrading.
|
Additional Protection Modules |
|
|
Email Protection |
On-box antispam, AV, DLP, encryption |
|
Web Server Protection |
Web Application Firewall |
|
Additional Support Options |
|
|
Enhanced Plus Support Upgrade |
Upgrade your support with VIP support, HW warranty for add-ons, TAM option (extra cost) |
Web Protection
Web Protection enhances security for your network infrastructure through URL filtering, content filtering, and application control, defending against web-based threats and providing a safe and efficient network environment.
Key Features
|
Web Protection and Control |
|
· Provides streaming DPI web protection and explicit proxy mode inspection. · Supports per-connection authentication for multiple users on the same source IP in explicit proxy mode. · Offers enhanced Advanced Threat Protection. · Includes a URL Filter database with millions of sites across 92 categories, backed by SophosLabs. · Allows setting surfing quota time policies and access time policies per user/group. · Blocks all forms of viruses, web malware, trojans, and spyware on HTTP/S, FTP and web-based email. · Provides advanced web malware protection with JavaScript emulation. · Uses Live Protection for real-time, in-the-cloud lookups for the latest threat intelligence. · Includes a second independent malware detection engine (Avira) for dual-scanning. · Offers real-time or batch mode scanning and pharming protection. · Enforces tenant restrictions for O365. · Detects and enforces SSL protocol tunnelling. · Validates certificates. · Provides high performance web content caching and forced caching for Sophos Endpoint updates. · Filters file types by mime-type, extension, and active content types (e.g. Activex, applets, cookies, etc.) · Enforces YouTube for Schools and SafeSearch (DNS-based) for major search engines per policy (user/group). · Monitors and enforces web keywords to log, report or block web content matching keyword lists with the option to upload customs lists. · Blocks potentially unwanted applications (PUAs). · Allows teachers or staff to temporarily override web policy to allow access to blocked sites or categories. · Enforces user/group policy on Google Chromebooks. |
|
Cloud Application Visibility |
|
· Displays amount of data uploaded and downloaded to cloud applications categorized as new, sanctioned, unsanctioned or tolerated via Control Center widget. · Allows to discover Shadow IT at a glance. · Provides detailed information on users, traffic, and data. · Offers one-click access to traffic shaping policies. · Filters cloud application usage by category or volume. · Provides detailed customizable cloud application usage report for full historical reporting. |
|
Application Protection and Control |
|
· Automatically identifies, classifies, and controls all unknown Windows and Mac applications on the network by sharing information between Sophos-managed endpoints and the firewall. · Controls applications based on signatures with patterns for thousands of applications. · Discovers shadow IT with Cloud Application Visibility and Control. · Uses App Control Smart Filters that enable dynamic policies which automatically update as new patterns are added. · Discovers and controls micro apps. · Controls applications based on category, characteristics (e.g., bandwidth and productivity consuming), technology (e.g. P2P), and risk level. · Enforces per-user or network rule application control policy. |
|
Web and App Traffic Shaping |
|
· Offers enhanced traffic shaping (QoS) options by web category or application to limit or guarantee upload/download or total traffic priority and bitrate individually or shared. |
A support subscription is required to receive firmware upgrades. Enhanced support is included in all protection bundles, but you can enhance your support experience further by upgrading.
|
Additional Protection Modules |
|
|
Email Protection |
On-box antispam, AV, DLP, encryption |
|
Web Server Protection |
Web Application Firewall |
|
Additional Support Options |
|
|
Enhanced Plus Support Upgrade |
Upgrade your support with VIP support, HW warranty for add-ons, TAM option (extra cost) |
Webserver Protection
The XGS 136(w) includes Webserver Protection, specifically designed to safeguard web servers and applications. It features a Web Application Firewall to block hackers, dual antivirus engines to scan inbound content, and server hardening features, eliminating the need for extensive web development work. The solution also enhances server performance through SSL offloading and provides reverse authentication, making it an ideal replacement for outdated TMG solutions. This protection ensures security for externally facing servers without compromising performance and availability.
Key Features
|
Web Server and Application Firewall Protection Features |
|
|
Reverse Proxy |
Provides an intermediary server for requests from clients. |
|
URL Hardening Engine |
Prevents deep-linking and directory traversal. |
|
Form Hardening Engine |
Enhances the security of web forms. |
|
SQL Injection Protection |
Shields against SQL injection attacks. |
|
Cross-Site Scripting Protection |
Defends against cross-site scripting attacks. |
|
Dual-Antivirus Engines |
Utilizes Sophos and Avira antivirus engines for enhanced security. |
|
HTTPS Encryption Offloading |
Handles HTTPS (TLS/SSL) encryption. |
|
Cookie Signing |
Uses digital signatures for cookie signing. |
|
Path-Based Routing |
Enables routing based on the path. |
|
Outlook Anywhere Protocol Support |
Supports the Outlook anywhere protocol. |
|
Reverse Authentication |
Offloads form-based and basic authentication for server access. |
|
Server Abstraction |
Provides abstraction for virtual and physical servers. |
|
Integrated Load Balancer |
Distributes visitors across multiple servers. |
|
Granular Check Skipping |
Allows skipping of individual checks as needed. |
|
Request Matching |
Matches requests from source networks or specific target URLs. |
|
Logical Operator Support |
Supports logical and/or operators. |
|
Compatibility Assistance |
Assists with various configurations and non-standard deployments. |
|
Performance Parameter Customization |
Allows changes to web application firewall performance parameters. |
|
Scan Size Limit Option |
Provides an option to limit the scan size. |
|
IP Range Management |
Allows or blocks specific IP ranges. |
|
Wildcard Support |
Supports wildcards for server paths and domains. |
|
Authentication Prefix/Suffix |
Automatically appends a prefix or suffix for authentication. |
A support subscription is required to receive firmware upgrades. Enhanced support is included in all protection bundles, but you can enhance your support experience further by upgrading.
|
Additional Protection Modules |
|
|
Email Protection |
On-box antispam, AV, DLP, encryption |
|
Web Server Protection |
Web Application Firewall |
|
Additional Support Options |
|
|
Enhanced Plus Support Upgrade |
Upgrade your support with VIP support, HW warranty for add-ons, TAM option (extra cost) |
Xstream Protection
The Xstream Protection Subscription delivers high-performance, comprehensive security with flexible modular features, ensuring protection against advanced threats. This bundle is ideal for businesses seeking robust security with the ability to tailor protection levels to specific needs.
Key Features
|
Powerful Protection |
The XGS 136(w) Firewall Security Appliance delivers the industry’s best visibility, protection, and performance. It provides powerful threat protection and high-performance TLS inspection. |
|
Superior Performance |
The XGS 136(w) is powered by a high-speed CPU and a dedicated Xstream Flow Processor for hardware acceleration. It offers a firewall throughput of 3,850 Mbps, TLS inspection of 375 Mbps, and VPN throughput of 375 Mbps. |
|
Connectivity Options |
The appliance comes with 4 GE copper and 1 SFP Fiber interfaces. It also includes 1 x COM RJ45, 1 x COM Micro-USB, 1 x USB 2.0 (front), and 1 x USB 3.0 (rear) interfaces. |
|
Modularity |
The XGS 136(w) offers the perfect balance between price and performance, with the modularity that smaller businesses, retail outlets, and branch offices need to grow and adapt to changing circumstances. |
|
Integrated Wi-Fi (XGS 136(w)w Only) |
Offers wireless connectivity, allowing for flexible deployment and easy access for users. |
|
Simple Management Interface |
The XGS 136(w) offers a simple management interface, making it one of the best SMB firewalls. |
|
Performance |
The firewall offers a throughput of 3.7 Gbps and a VPN throughput of 375 Mbps1. It is rated for 1-10 users |
A support subscription is required to receive firmware upgrades. Enhanced support is included in all protection bundles, but you can enhance your support experience further by upgrading.
|
Additional Protection Modules |
|
|
Email Protection |
On-box antispam, AV, DLP, encryption |
|
Web Server Protection |
Web Application Firewall |
|
Additional Support Options |
|
|
Enhanced Plus Support Upgrade |
Upgrade your support with VIP support, HW warranty for add-ons, TAM option (extra cost) |
Zero-Day Protection
Zero-Day Protection defends against previously unknown threats using advanced detection techniques, preserving the network’s resilience and security. This module continuously updates defenses to combat new, evolving cyber threats, ensuring long-term network integrity and security.
Key Features
|
Zero-Day Protection |
|
· Integrated into your Sophos security solution dashboard. · Inspects executables, documents, and archives containing executable content (e.g., .exe, .docx, ZIP files). · Utilizes aggressive behavioral, network, and memory analysis. · Detects sandbox evasion behavior. |
|
Sophos Firewall Features |
|
· Employs machine learning technology with deep learning for scanning dropped executable files. · Includes exploit prevention and CryptoGuard Protection from Sophos Intercept X. · Provides detailed malicious file reports with screenshots and file release capability. · Offers flexible user and group policy options, including data center selection and one-time download links. |
|
Static Threat Intelligence Analysis |
|
· Automatically analyzes files containing active code downloaded via the web or email attachments. · Checks against SophosLabs’ threat intelligence database using multiple machine learning models. · Extensive reporting includes a dashboard widget and detailed analysis results. |
A support subscription is required to receive firmware upgrades. Enhanced support is included in all protection bundles, but you can enhance your support experience further by upgrading.
|
Additional Protection Modules |
|
|
Email Protection |
On-box antispam, AV, DLP, encryption |
|
Web Server Protection |
Web Application Firewall |
|
Additional Support Options |
|
|
Enhanced Plus Support Upgrade |
Upgrade your support with VIP support, HW warranty for add-ons, TAM option (extra cost) |
Email Protection
The Email Protection module secures email gateways with multi-layered spam detection and dual-engine antivirus scanning. It also includes SPX encryption and Data Loss Prevention (DLP) policies, ensuring sensitive information remains protected. A User Portal enables users to manage spam, supporting 15 languages for convenience.
|
Email Scanning |
|
· Supports SMTP, POP3, and IMAP. · Utilizes patented Recurrent-Pattern-Detection technology for reputation-based spam outbreak monitoring. · Blocks spam and malware during SMTP transactions. · Provides DKIM and BATV anti-spam protection. · Implements SPF protection and recipient verification. |
|
Malware Detection |
|
· Dual scanning using an independent malware detection engine (Avira). · Real-time cloud lookups for the latest threat intelligence. · Automatic signature and pattern updates. |
|
Attachment Handling |
|
· Detects and scans attachments for file types. · Allows custom content scanning rules. · Supports TLS encryption for SMTP, POP, and IMAP. |
|
Quarantine Management |
|
· Spam and malware quarantines with search and filter options. · Self-serve user portal for viewing and releasing quarantined messages. |
|
Email Encryption and DLP |
|
· Patent-pending SPX encryption for one-way message encryption. · Recipient self-registration for SPX password management. · Transparent, no additional software required. · DLP engine scans emails and attachments for sensitive data. · Pre-packaged sensitive data type content control lists (CCLs) maintained by SophosLabs. |
A support subscription is required to receive firmware upgrades. Enhanced support is included in all protection bundles, but you can enhance your support experience further by upgrading.
|
Additional Protection Modules |
|
|
Email Protection |
On-box antispam, AV, DLP, encryption |
|
Web Server Protection |
Web Application Firewall |
|
Additional Support Options |
|
|
Enhanced Plus Support Upgrade |
Upgrade your support with VIP support, HW warranty for add-ons, TAM option (extra cost) |
Performance and Connectivity
The XGS 136(w) is equipped with a high-speed CPU and a dedicated Xstream Flow Processor for optimal hardware acceleration. Performance metrics include:
· Firewall throughput: 3,850 Mbps
· TLS inspection: 375 Mbps
· VPN throughput: 375 Mbps
The firewall also offers versatile connectivity with 4 GE copper and 1 SFP Fiber interfaces, along with COM RJ45, COM Micro-USB, USB 2.0 (front), and USB 3.0 (rear) options, enabling easy integration into various network configurations.
Sophos Firewall Features by Subscription Summary
|
Support |
Xstream Protection Bundle |
Available Separately |
|
||||||
|
Standard Protection Bundle |
Available Separately |
|
|||||||
|
Base Firewall |
Network Protection |
Web Protection |
Zero-Day Protection |
Central Orchestration |
Central Firewall Reporting |
Adv. Protection |
Web Server Protection |
|
|
|
General Management (incl. HA) |
|
|
|||||||
|
Xstream Architecture |
|
|
|||||||
|
Firewall, Networking and Routing |
|
|
|||||||
|
Xstream SD-WAN |
|
|
|||||||
|
Base Traffic Shaping and Quotas |
|
|
|||||||
|
Secure Wireless |
|
|
|||||||
|
Authentication |
|
|
|||||||
|
Self-Serve User Portal |
|
|
|||||||
|
VPN (IPsec, SSL, etc) |
|
|
|||||||
|
RED Site-to-Site VPN |
|
|
|||||||
|
Sophos Connect VPN Client |
|
|
|||||||
|
Intrusion Prevention (IPS) |
|
|
|||||||
|
ATP and Security HeartbeatTM |
|
|
|||||||
|
SD-RED Device Management |
|
|
|||||||
|
Clientless VPN |
|
|
|||||||
|
Synchronized Application Control |
|
|
|||||||
|
Web Protection and Control |
|
|
|||||||
|
Application Protection and Control |
|
|
|||||||
|
Cloud Application Visibility |
|
|
|||||||
|
Web and App Traffic Shaping |
|
|
|||||||
|
Dynamic Sandbox Analysis |
|
|
|||||||
|
Threat Intelligence Analysis |
|
|
|||||||
|
SD-WAN Orchestration |
|
|
|||||||
|
Central Firewall Reporting Data |
7 Days |
30 Days |
Up to 1 Year |
|
|||||
|
CFR Advanced Features |
|
|
|
||||||
|
XDR and MDR Connector |
|
|
|
||||||
|
Email Protection and Control |
|
|
|||||||
|
Email Quarantine Management |
|
|
|||||||
|
Email Encryption and DLP |
|
|
|||||||
|
Web Application Firewall Protection |
|
|
|||||||
|
Logging and Reporting |
|
|
|
|
|
|
|
|
|
|
Sophos Central Management |
|
|
|
|
|
|
|
|
|
FAQs
1. What is Sophos XGS 136(w) Firewall Central Orchestration?
Central Orchestration enables centralized management of SD-WAN and VPN configurations, simplifying complex network setups like full mesh and hub-and-spoke topologies.
2. What features are included in the SD-WAN & VPN Orchestration setup?
It includes the Xstream TLS and DPI engine, IPS, Advanced Threat Protection (ATP), Security Heartbeat, SD-RED VPN, and detailed reporting.
3. What benefits does renewing the Central Orchestration subscription provide?
Renewal provides access to SD-WAN & VPN Orchestration, cloud data storage, 24/7 Managed Threat Response, multi-channel support, automatic software updates, and advanced hardware replacement.
4. What is the cloud data storage, and how is it used?
Cloud data storage allows you to save, schedule, and export advanced custom reports for security monitoring and analysis.
5. What is the purpose of the Security Heartbeat feature in Network Protection?
Security Heartbeat enables your firewall and endpoints to share telemetry data, improving threat detection and response capabilities.
6. What features are included in the Network Protection plan?
Network Protection includes Next-Gen IPS, Security Heartbeat, Advanced Threat Protection, and VPN technology.
7. How does Standard Protection safeguard digital environments?
Standard Protection uses Xstream architecture to provide deep packet inspection, next-gen IPS, web protection, and app control for robust network security.
8. What is the firewall throughput capacity with Standard Protection?
The XGS 136(w) Firewall with Standard Protection offers 3,700 Mbps firewall throughput and 375 Mbps VPN throughput, suitable for 1-10 users.
9. What modules are included in the Standard Protection package?
The Standard Protection package includes Network Protection, Web Protection, and Enhanced Support.
10. What web threats does Web Protection mitigate?
Web Protection defends against web-based threats such as malware, spyware, and viruses, using advanced techniques like JavaScript emulation and cloud lookups.
11. How does URL filtering enhance productivity and security?
URL filtering allows administrators to block non-business-related sites, enhancing productivity and minimizing potential security risks.
12. What reporting features are available with Web Protection?
Web Protection provides dynamic reports on web activity, including domains visited, bandwidth use, and user-specific data.
13. What does Xstream Protection include?
Xstream Protection includes TLS inspection, DPI, sandboxing, and IPS to ensure both security and high performance for the network.
14. How does Zero-Day Protection enhance security?
Zero-Day Protection uses AI and machine learning to analyze unknown files, providing proactive defense against new, unknown threats.
15. What is Sophos Managed Threat Response (MTR), and how does it help?
Managed Threat Response is a 24/7 service that monitors your network for threats, helping keep your environment secure around the clock.