XG FirewallXG Firewall

Top Recognition from Industry Experts

Unrivaled Security, Simplicity, and Insight

  • Blocks unknown threats with a comprehensive suite of advanced protection including IPS, ATP, Sandboxing, Dual AV, Web and App Control, Anti-phishing, a full-featured Web Application Firewall and more.

  • Automatically responds to incidents by instantly identifying and isolating infected systems until they can be cleaned up.

  • Exposes hidden risks on your network including unknown apps, top risk users, advanced threats, suspicious payloads and much more.

Expose Hidden Risks

Sophos XG Firewall provides unprecedented visibility into your network, users, and applications directly from the all-new control center. You also get rich on-box reporting and the option to add Sophos iView for centralized reporting across multiple firewalls.

System Panel

The system panel displays the real-time status of system performance, services, connections, and other system parameters. Green indicates everything is fine, orange indicates a warning, and red indicates something needs immediate attention.

Each item is clickable to reveal additional details and graphs, as well as helpful system and network tools you can use for troubleshooting purposes such as ping, traceroute, packet capture, command-line access, and much more.

Security Heartbeat™

The Sophos Security Heartbeat widget indicates the health status of all your Sophos Central-managed endpoints. If any systems are running unwanted applications or infected, they will show here as yellow or red.

Clicking the widget reveals full details on the affected computer, including the user, hostname, IP address, and even the process responsible, enabling you to quickly take action. You can also use Security Heartbeat status in your policies to limit access to network resources for affected systems.

Traffic Insight

This provides an overview of traffic processed in the last 24 hours, including web activity, allowed and blocked apps and web categories, as well as network attacks.

You can quickly determine when your peak traffic periods are and how effective your policies have been at blocking unwanted activity and traffic.

Sandstorm and Advanced Threats

The Sandstorm widget provides an indication of suspect payloads and the sandboxing analysis results. Clicking it provides detailed reporting insights into suspicious file downloads.

The ATP widget provides an immediate indication of the presence of advanced threats on your network like botnets. Clicking it will reveal helpful details about the infected system, including the hostname, IP address, and source of the malicious traffic.

Top Risk Users

Unique to Sophos, User Threat Quotient (UTQ) is an indication of a user’s risk level based on recent web and advanced threat activity. This widget is green when risk levels are low, and turns red when a threshold of risky activity is detected indicating the number of high-risk users.

The score is analyzed over a seven day period, and clicking on it will take you directly to the detailed UTQ report.


The connections widget shows the status of various connected devices and users, including Remote Ethernet Device (RED) VPN connections, pending and active wireless access points, remote SSL VPN connections, and the current live users count.

Clicking the various components of this widget will take you directly to the respective setup or reporting screen.


The messages panel displays important system notices, warnings, and alerts with blue, yellow, and red icons respectively. Examples include default password warnings, HTTPS and SSH WAN access warnings, registration notifications, license notifications, and firmware updates.

Click any message to review the full details and take action.


This panel displays the top five reports that may have data of interest or require action based on automatic background analysis. Examples include high-risk applications, objectionable websites, web users, intrusion attacks, web server attacks, and more.

Clicking any of the listed reports will open the full report, or you can choose to download a PDF version.

Active Policies

The Active Policies panel right on the control center indicates exactly how many policies you have of each type, how many are unused, disabled, changed, and recently added.

Unused policies are a good indication of policies that may benefit from some housekeeping, as they can present potential openings or vulnerabilities in the network that are no longer required.


The menu items are logically organized, offering quick access to all areas of the system. In fact, you’re never more than two clicks from anywhere.

The navigation provides immediate access to monitoring and analysis tools, all protection and policy settings, firewall configuration, and system settings.

Synchronized App Control

This widget displays the number of previously unidentified apps that Sophos Synchronized App Control has discovered on your network including apps that are matched to known apps, new apps, and the total count of apps discovered.

Click through to the Synchronized App Control screen where you can assign applications to categories and policies to get your network under control.

Keep Your Network Under Control

Synchronized App Control

Synchronized App Control, an XG Firewall exclusive, provides clarity and control over all the application traffic on your network


You can’t control what you can’t see

On average, 60% of application traffic is going unidentified. Static application signatures don’t work for custom, obscure, evasive, or any apps using generic HTTP or HTTPS.

A breakthrough in network visibility

Synchronized App Control automatically identifies all unknown applications enabling you to easily block the apps you don't want and prioritize the ones you do.


A Breakthrough in Network Visibility

Identify Unknown Apps

Synchronized App Control reveals apps that are currently going unseen on your network so you can take appropriate action such as blocking the app or applying appropriate traffic shaping controls.

Prioritize Custom Apps

Synchronized App Control identifies custom business applications that are invisible to your current firewall so you can apply traffic shaping and QoS policies to optimize performance.

Control Evasive Apps

Synchronized App Control will automatically discover evasive applications on your network which are constantly changing their traffic profile to avoid detection so you can easily get them under control.

Block Unknown Threats

A comprehensive suite of next-gen protection that stops network threats. Dead.

Automatic Incident Response

Sophos XG Firewall is the only network security solution that is able to fully identify the source of an infection on your network and automatically limit access to other network resources in response. This is made possible with our unique Sophos Security Heartbeat™ that shares telemetry and health status between Sophos endpoints and your firewall.

Complete Next-Gen Protection

XG Firewall integrates all the advanced networking, protection, user, and app controls you need to stay secure and compliant.

A Firewall That Thinks Like You

So you don’t need to think like a firewall.

We’ve rethought the way policies are managed. Sophos XG offers an all-new unified policy model that enables you to see and manage all your user, application and network policies in a single place.

Powerful Management and Scalability

Sophos XG Firewall provides unprecidented visibility into your network, users, and applications right from the all-new control center. You also get rich on-box reporting and the option to add Sophos iView for centralized reporting across multiple Firewalls.

Sophos Firewall Manager Centralized Management

Use Sophos Firewall Manager to monitor, configure, and administer all your firewalls conveniently from a single console.

Sophos iView Centralized Reporting

Provides full visibility across your entire estate of firewalls with consolidated reporting and off-box storage management for important log data.

Clustering and Redundancy

Active-active clustering and active-passive failover provide scalability and business continuity.

Flexible Deployment Options

Choose from a variety of different hardware appliance models, virtual environments, or even deploy it on your Intel server hardware platform of choice.

Choose an industry-leading firewall
from an industry-leading company.

New Sophos XG Firewall

See how Sophos keeps you and your data secure

Free Trials

Monitor your network & address security risks now

Free Tools