Sophos XGS 2100
Unleash the full potential of your network
More pricing below, click here!
סקירה:
Powerful Protection and Performance
The Sophos Firewall Xstream architecture is engineered to deliver extreme levels of visibility, protection, and performance to help address some of the greatest challenges facing network administrators today.
Approximately 99% of web traffic is now encrypted, making it invisible to most firewalls. Many organizations find themselves powerless to protect their networks from an increasing amount of ransomware, threats and potentially unwanted apps which are exploiting this blind spot.
Sophos Firewall makes efficient and effective TLS inspection possible without compromising on performance. Our XGS Series appliances with integrated Xstream Flow Processors put TLS traffic on the FastPath for accelerated inspection. And our high-performance TLS inspection engine supports TLS 1.3 without downgrading, the latest cypher suites for maximum compatibility, and enhanced visibility into encrypted traffic flows right on the dashboard.
We believe you should never have to decide between security and performance. Sophos Firewall includes a highspeed deep packet inspection (DPI) engine to scan your traffic for threats without a proxy slowing down the process. The firewall stack can completely offload the processing to the DPI engine, significantly reducing latency and so improving overall efficiency.
Sophos Firewall blocks the latest ransomware and breaches with high-performance streaming DPI including next-gen IPS, web protection, and app control, as well as deep learning and sandboxing powered by SophosLabs Intelix.
A significant portion of your network traffic is trusted business application traffic destined for branch offices, remote users, or cloud application servers. As such, no additional security scanning for threats or malware is needed, and it can be intelligently directed to the FastPath, reducing latency, optimizing overall performance, and freeing up capacity for traffic that does need deep packet inspection.
Sophos Firewall accelerates your SaaS, SD-WAN, and cloud traffic such as VoIP, video, and other trusted applications automatically or via your own policies – putting them on the FastPath through the Xstream Flow Processor.
Managing application traffic routing over multiple WAN links, and interconnecting a distributed network are essential elements of any SD-WAN solution. Often these tasks are much more challenging than they should be.
Sophos Firewall with Xstream SD-WAN provides a powerful, integrated SD-WAN solution, with performance-based link selection and routing, load balancing, zero-impact transitions between links in the event of a disruption, central cloud-managed orchestration, and Xstream FastPath acceleration of VPN tunnel traffic. Sophos Firewall with Xstream SD-WAN is one of the best, most flexible SDWAN solutions available in any firewall today.
Sophos XGS Series Appliances
All XGS Series firewall appliances are built upon a dual-processor architecture, combining a high-performance, multi-core CPU with a dedicated Xstream Flow Processor for targeted acceleration at the hardware level. This gives you all the flexibility and adaptability of an x86 based firewall plus a significant performance boost over legacy firewall designs.
Model | Tech Specs | Throughput | ||||||
---|---|---|---|---|---|---|---|---|
Form Factor | Slots (Max Ports) | w-model* | Swappable Components | Firewall (Mbps) | IPsec VPN (Mbps) | Threat Protection (Mbps) | Xstream SSL/TLS (Mbps) | |
XGS 87(w) | Desktop | 5/- (5) | Wi-Fi 5 | n/a | 3,850 | 3,000 | 280 | 375 |
XGS 107(w) | Desktop | 9/- (9) | Wi-Fi 5 | Second power supply | 7,000 | 4,000 | 370 | 420 |
XGS 116(w) | Desktop | 9/1 (9) | Wi-Fi 5 | 2nd power supply, 3G/4G, 5G, Wi-Fi** | 7,700 | 4,800 | 720 | 650 |
XGS 126(w) | Desktop | 14/1 (14) | Wi-Fi 5 | 2nd power supply, 3G/4G, 5G, Wi-Fi** | 10,500 | 5,500 | 900 | 800 |
XGS 136(w) | Desktop | 14/1 (14) | Wi-Fi 5 | 2nd power supply, 3G/4G, 5G, Wi-Fi** | 11,500 | 6,350 | 1,000 | 950 |
XGS 2100 | 1U | 10/1 (18) | n/a | Optional external power | 30,000 | 17,000 | 1,250 | 1,100 |
XGS 2300 | 1U | 10/1 (18) | n/a | Optional external power | 39,000 | 20,500 | 1,500 | 1,450 |
XGS 3100 | 1U | 12/1 (20) | n/a | Optional external power | 47,000 | 25,000 | 2,000 | 2,470 |
XGS 3300 | 1U | 12/1 (20) | n/a | Optional external power | 58,000 | 31,100 | 3,000 | 3,130 |
XGS 4300 | 1U | 12/2 (28) | n/a | Optional external power | 75,000 | 62,500 | 6,500 | 8,000 |
XGS 4300 | 1U | 12/2 (28) | n/a | Optional external power | 75,000 | 62,500 | 6,500 | 8,000 |
XGS 4500 | 1U | 12/2 (28) | n/a | Optional external power | 80,000 | 75,550 | 8,650 | 10,600 |
XGS 5500 | 2U | 16/3 (48) | n/a | Power, SSD, Fan | 100,000 | 92,500 | 14,000 | 13,500 |
XGS 6500 | 2U | 20/4 (68) | n/a | Power, SSD, Fan | 120,000 | 109,800 | 17,850 | 16,000 |
XGS 7500 | 2U | 22/4 (70) | n/a | Power, SSD, Fan | 160,000 | 117,000 | 26,000 | 19,500 |
XGS 8500 | 2U | 22/4 (70) | n/a | Power, SSD, Fan | 190,000 | 117,000 | 34,000 | 24,000 |
* 802.11ac
** 2nd Wi-Fi module option for XGS 116w, 126w and 136w only
Performance Test Methodology
General: Maximum throughput measured under ideal test conditions using industry standard Keysight-Ixia BreakingPoint test tools. Actual performance may vary depending on network conditions and activated services.
- Firewall: Measured using HTTP traffic and 512 KB response size.
- Firewall IMIX: UDP throughput based on a combination of 66 byte, 570 byte and 1518 byte packet sizes.
- IPS: Measured with IPS with HTTP traffic using default IPS ruleset and 512 KB object size.
- IPsec VPN: HTTP throughput using multiple tunnels and 512 KB HTTP response size.
- TLS inspection: Performance measured with IPS with HTTPS sessions and different cipher suites.
- Threat Protection: Measured with Firewall, IPS, Application Control, and malware prevention enabled using HTTP 200 KB response size.
- NGFW: Measured with IPS and Application Control enabled with HTTP traffic using default IPS ruleset and 512KB object size.
Sophos Central:
Sophos Central is the ultimate cybersecurity cloud management platform to not only manage your firewalls, but also your full portfolio of Sophos security solutions.
Central Management
Simply manage multiple firewalls
Sophos Central makes day-to-day setup, monitoring, and management of your Sophos Firewall easy. It also provides helpful features such as alerting, backup management, one-click firmware updates and rapid provisioning of new firewalls.
- Manage all your Sophos Firewalls and other Sophos products from a single console
- Configure changes and apply them to a group of firewalls or manage each firewall individually
- Create a backup schedule and store up to five backups in the cloud
- Schedule firmware updates across your entire network with just a few clicks
Central Management is available at no extra cost.
Zero-Touch Deployment
Zero-touch deployment enables the initial configuration to be performed in Sophos Central and then exported for loading onto the device from a flash drive at startup, automatically connecting the device back to Sophos Central.
SD-WAN Orchestration
Sophos Central makes interconnecting SD-WAN overlay networks between multiple Sophos Firewalls quick and easy. With just a few clicks you can setup a full mesh network, hub-and-spoke topology, or something in-between, and Sophos Central will automatically configure all the necessary VPN tunnel and firewall access rules to enable your SD-WAN network.
Central Reporting
Firewall Reporting in the cloud
Sophos Central includes powerful reporting tools that enable you to visualize your network, web, application activity, and security over time. You get a flexible reporting experience that combines a variety of built-in reports with powerful tools to create your own custom reports, enabling you to report what you want how you want.
- Increase your visibility into network activity through analytics
- Analyze data to identify security gaps, suspicious user behavior or other events requiring policy changes
- Use the pre-defined modules or customize each report for specific use cases
Central Reporting is available at no extra cost for the storage of up to 7 days of report data. Premium options with longer data retention and additional features are available for optional purchase, either individually or as part of other subscriptions/bundles.
מאפייני המערכת:
See How it Works:
Security Heartbeat: Your firewall and your endpoints are finally talking
Sophos Firewall is the only network security solution that is able to fully identify the user and source of an infection on your network, and automatically limit access to other network resources in response. Our unique Security Heartbeat shares telemetry and health status between Sophos endpoints and your firewall and integrates endpoint health into firewall rules to control access and isolate compromised systems.
Synchronized Application Control
Using Security Heartbeat, we also have a solution to one of the biggest problems most network administrators face today – lack of visibility into network traffic.
Synchronized Application Control utilizes the Heartbeat connections with Sophos endpoints to automatically identify, classify, and control application traffic. All encrypted, custom, evasive, and generic HTTP or HTTPS applications which are currently going unidentified will be revealed.
You can’t control what you can’t see. All firewalls today depend on static application signatures to identify apps. But those don’t work for most custom, obscure, evasive, or any apps using generic HTTP or HTTPS.
Sophos Firewall utilizes Synchronized Security to automatically identify, classify, and control all unknown applications easily blocking the apps you don’t want and prioritizing the ones you do
Lateral Movement Protection
Lateral Movement Protection automatically isolates compromised systems at every point in the network to stop attacks. Healthy endpoints assist by ignoring all traffic from unhealthy endpoints, enabling complete isolation, even on the same network segment, to prevent threats and active adversaries from spreading or stealing data.
Synchronized User ID
User authentication is critically important in a nextgeneration firewall but often challenging to implement in a seamless and transparent way. Synchronized User ID eliminates the need for client or server authentication agents by sharing user identity between the endpoint and the firewall through Security Heartbeat.
Synchronized SD-WAN: Powerful, reliable application routing
Synchronized SD-WAN harnesses the power of Synchronized Security to optimize WAN path selection for your important business applications
With Synchronized Application Control, discovered applications, which would otherwise be unknown, can be used for traffic matching criteria in SD-WAN routing policies. This is yet another way that Synchronized Security can improve the efficiency of your network.
Powerful Protection
See it. Stop it. Secure it.
Our comprehensive next-generation firewall protection has been built to expose hidden risks, block both known and unknown threats, and automatically respond to incidents.
Expose Hidden
Risks
Superior visibility into unknown applications, risky activity, suspicious traffic, and advanced threats helps you regain control of your network and get deeper insights.
Blocks unknown
threats
Powerful next-gen protection technologies like deep learning and intrusion prevention keep your organization secure from the latest hacks and attacks.
Automatically responds to incidents
Synchronized Security automatic threat response instantly identifies and isolates compromised systems on your network to prevent breaches and lateral movement.
Xstream
All the next-gen protection, performance and value you need to power even the most demanding networks. Also available with the XGS Series model of your choice included.
Base Firewall Features
- Networking and SD-WAN: Wireless, SD-WAN, application aware routing, traffic shaping
- Protection and Performance: Xstream Architecture with Network Flow FastPath, TLS 1.3 inspection, Deep-Packet Inspection
- SD-WAN and VPN: Xstream SD-WAN, IPsec/SSL site-to-site and remote access VPN (unlimited), SD-RED site-to-site
- Reporting: Historical on-box logging and reporting, Sophos Central cloud reporting (seven-day data retention)
Network Protection
- Xstream TLS Inspection: TLS 1.3 inspection with prepackaged exceptions
- Xstream DPI engine: streaming deep-packet inspection
- IPS: Next-gen Intrusion Prevention
- ATP: Advanced Threat Protection
- Synchronized Security Heartbeat: integration with Sophos Endpoints to identify and isolate threats
- Clientless VPN: HTML5
- SD-RED VPN: Manage SD-RED devices
- Reporting: Extensive network and threat reporting
Web Protection
- Xstream TLS Inspection: TLS 1.3 inspection with prepackaged exceptions
- Xstream DPI engine: streaming deep-packet inspection
- Web Control: by user, group, category, URL, keyword
- Web Threat Protection: malware, PUA, malicious JavaScript, pharming
- App Control: by user, group, category, risk, and more
- Synchronized App Control: integration with Sophos endpoints to identify unknown apps
- Synchronized SD-WAN: utilizing Synchronized App Control to route unknown apps
- Reporting: Extensive web and app reporting
Zero-Day Protection
- Xstream TLS Inspection: TLS 1.3 inspection with prepackaged exceptions
- Xstream DPI engine: streaming deep-packet inspection
- Zero-Day Threat Protection: analyze all unknown files using AI, ML, and sandboxing
- Powered by SophosLabs Intelix: cloud-based intelligence and analysis
- Machine Learning: using multiple deep learning models
- Cloud Sandboxing: dynamic runtime analysis of unknown files
- Reporting: Extensive threat intelligence analysis reporting
Sophos Central Management
- Group Firewall Management: Synchronized policy across firewall groups
- Backup and firmware updates: storage and scheduling
- Zero-touch deployment: for new firewalls from the cloud
Sophos Central Orchestration
- SD-WAN Orchestration: Point and click Site-to-Site VPN Orchestration
- Cloud Firewall Reporting: Multi-firewall reporting with save, schedule and export reports (30-day data retention)
- XDR and MDR Connector: Support for XDR and MDR services
Licensing and Deployment
We recommend the Xstream Protection bundle for the ultimate in security, but if you prefer to customize your protection, all subscriptions are also available for individual purchase.
Xstream Protection Bundle: | |
---|---|
Base License | Networking, wireless, Xstream Architecture, unlimited remote access VPN, site-to-site VPN, reporting |
Network Protection | Xstream TLS and DPI engine, IPS, ATP, Security Heartbeat, manage SD-RED, reporting |
Web Protection | Xstream TLS and DPI engine, Web Security and Control, Application Control, reporting |
Zero-Day Protection | Machine Learning and Sandboxing File Analysis, reporting |
Central Orchestration | SD-WAN VPN Orchestration, Central Firewall Advanced Reporting (30-days), MDR/XDR Connector |
Enhanced Support | 24/7 support, feature updates, advanced replacement hardware warranty for term |
Custom Protection
You can choose the Standard Protection Bundle or purchase any of the protection modules separately.
Standard Protection Bundle: | |
---|---|
Base License | Networking, wireless, Xstream Architecture, Xstream SD-WAN, unlimited remote access VPN, site-to-site VPN |
Network Protection | Xstream TLS and DPI engine, IPS, ATP, Security Heartbeat, manage SD-RED, reporting |
Web Protection | Xstream TLS and DPI engine, Web Security and Control, Application Control, reporting |
Enhanced Support | 24/7 support, feature updates, advanced replacement hardware warranty for term |
Additional Protection Modules: | |
---|---|
Email Protection | On-box antispam, AV, DLP, encryption |
Web Server Protection | Web Application Firewall |
Sophos Central Management and Reporting:
Sophos Central Management and Reporting (included at no charge): | |
---|---|
Sophos Central Management | Group firewall management, backup management, firmware update scheduling |
Sophos Central Firewall Reporting | Prepackaged and custom report tools with seven days cloud storage for no extra charge |
Additional Protection:
Additional Protection Services, Products and Modules: | |
---|---|
Managed Detection and Response | 24/7 threat hunting, detection and response delivered by an expert team |
Sophos Intercept X Endpoint with XDR | Sophos Central managed next-gen endpoint protection with EDR |
ZTNA | Sophos Central managed Zero Trust Network Access |
Central Email Advanced | Sophos Central managed antispam, AV, DLP, encryption |
Sophos Switch | Cloud-managed switches |
Support
A support subscription is required to receive firmware upgrades. Enhanced support is included in all protection bundles, but you can enhance your support experience further by upgrading.
Additional Support Options: | |
---|---|
Enhanced Plus Support Upgrade | Upgrade your support with VIP support, HW warranty for add-ons, TAM option |
Cloud, Virtual and Software Appliance Licensing Options
If you’re deploying Sophos Firewall in the cloud, in a virtual environment, or as software on your own hardware, the licensing guide below can help you find the right option.
Model | Equivalent AWS instance | Equivalent Azure VM | Software/Virtual License* |
---|---|---|---|
XGS 87(w) | t3.medium | - | 2C4 |
XGS 107(w) | c5.large | Standard_F2s_v2 | - |
XGS 116(w) | - | - | 4C6 |
XGS 2100 | c5.xlarge | - | - |
XGS 2300 | m5.xlarge | Standard_F4s_v2 | 6C8 |
XGS 3100 | c5.2xlarge | Standard_F8s_v2 | 8C16 |
XGS 4300 | c5.4xlarge | Standard_F16s_v2 | 16C24 |
XGS 5500 | c5.9xlarge | Standard_F32s_v2 | Unlimited |
* Based upon CPU cores and RAM
Deployment Options
XGS Series
Purpose-built devices to provide the ultimate in performance.
AWS/Azure
Protect your network infrastructure in the AWS or Azure cloud.
Virtual
Install on VMware, Citrix, Microsoft Hyper-V, and KVM.
Software
Install the Sophos Firewall OS image on your own Intel hardware or server.
Cloud
Sophos Firewall offers the very best network visibility, protection, and response to secure your public, private, and hybrid cloud environments.
As an AWS Advanced Technology Partner, Sophos is a validated AWS Security Competency vendor, AWS marketplace seller, and AWS Public Sector Partner.
Sophos Firewall is now available in the AWS marketplace with autoscaling support with either a pay-as-you-go (PAYG) license model, or bring your own license (BYOL) to best fit your needs.
Sophos Firewall is certified and optimized for Azure and is available in the Microsoft Azure Marketplace. Take advantage of the free test drive or the flexible PAYG or BYOL licensing options.
Sophos Firewall is Nutanix AHV and Nutanix Flow Ready, bringing the world’s best next-gen firewall visibility, protection, and response to the industry’s leading Hyper Convergence Infrastructure (HCI) platform. Take advantage of a 30-day free trial using our KVM image and flexible licensing
Virtual and Software
Sophos Firewall supports a broad range of virtualization platforms and can also be deployed as a software appliance on your own x86 Intel hardware:
Protection Modules
You can choose from a number of modules to customize the protection offered by your firewall to your individual needs and deployment scenario.
Base Firewall
The Sophos Firewall Base License includes the Xstream Architecture, networking, wireless, SD-WAN, VPN, and reporting.
Xstream SD-WAN and Networking
Includes all networking, routing, and SD-WAN capabilities including zone-based stateful firewall, NAT, VLAN, SDWAN profiles, performance-based WAN link selection and monitoring, load balancing, zero-impact WAN link transitions, and Xstream FastPath acceleration of trusted application traffic, IPSec VPN traffic, and TLS encrypted traffic flows.
VPN
Provides standards-based site-to-site and remote access VPN (free up to the capacity of the firewall) with support for IPsec and SSL. Sophos Connect remote access VPN client for Windows and Macs offers seamless and easy deployment and configuration options. SD-RED layer 2 siteto-site tunnels offers a light-weight robust VPN alternative.
Reporting
Extensive on-box reporting provides valuable insights into threats, users, applications, web activity, and much more. Note that specific reporting functionality may be dependent on other protection modules to get the full benefits (for example, Web Protection or web and app reports).
Xstream Architecture
Enables high performance TLS 1.3 inspection, deep-packet inspection, and network flow FastPath to accelerate trusted SaaS, SD-WAN, and cloud application traffic. Note that Network and Web Protection are required to get the full benefits of the Xstream Architecture.
Secure Wireless
Built-in wireless controller for Sophos APX wireless access points. Plug-and-play access point discovery makes setup easy. Support for multiple SSIDs, hotspots, guest networks, and the diverse encryption and security standards.
Network Protection
All the protection you need to stop sophisticated attacks and advanced threats while providing secure network access to those you trust.
Next-Gen Intrusion Prevention System
Provides advanced protection from all types of modern attacks. It goes beyond traditional server and network resources to protect users and apps on the network as well.
Advanced Threat Protection
Instant identification and immediate response to today’s most sophisticated attacks. Multi-layered protection identifies threats instantly and Security Heartbeat provides an emergency response.
Security Heartbeat
Creates a link between your Sophos Central protected endpoints and your firewall to identify threats faster, simplify investigation, and minimize impact from attacks. Easily incorporate Heartbeat status into firewall policies to automatically isolate compromised systems.
Advanced VPN technologies
Adds unique and simple VPN technologies, including our clientless HTML5 self-service portal that makes remote access incredibly simple plus management for our exclusive light-weight secure SD-RED (Remote Ethernet Device) VPN technology.
Web Protection
Unmatched visibility and control over all your user’s web and application activity.
Powerful user and group web policy
Provides enterprise-level Secure Web Gateway policy controls to easily manage sophisticated user and group web controls. Apply policies based upon uploaded web keywords indicating inappropriate use or behavior.
High-performance traffic scanning
Optimized for top performance, our Xstream SSL inspection provides ultra-low latency inspection and HTTPS scanning while maintaining performance
Application Control and QoS
Enables user-aware visibility and control over thousands of applications with granular policy and traffic-shaping (QoS) options based on application category, risk, and other characteristics. Synchronized Application Control automatically identifies all the unknown, evasive, and custom applications on your network.
Advanced Web Threat Protection
Backed by SophosLabs, our advanced engine provides the ultimate protection from today’s polymorphic and obfuscated web threats. Innovative techniques like JavaScript emulation, behavioral analysis, and origin reputation help keep your network safe.
Zero-Day Protection
AI-driven static and dynamic file analysis techniques combine to bring unprecedented threat intelligence to your firewall and so effectively identify and block ransomware and other known and unknown threats.
Powered by SophosLabs
Powered by the industry-leading SophosLabs, the Zero-Day Protection subscription includes a fully cloud-based threat intelligence and threat analysis platform. This provides deep learning-based file analysis, detailed analysis reporting, and a threat meter to show the risk summary for a file
Threat Intelligence Analysis Reporting
Rich intelligence reports provide you with much more than just a ‘good,' ‘bad,' or ‘unknown’ verdict. Full insight into the nature and capabilities of a threat are delivered through the use of data science and SophosLabs research.
Dynamic File Analysis
Execute a file in a secure cloud-based sandbox to observe its behavior and intent. Screenshots provide added insight into any key events during the analysis.
Static File Analysis
By harnessing the power of multiple machine learning models, global reputation, deep file scanning, and more, you can quickly identify threats without the need to execute the files in real time.
Central Orchestration
Sophos Central cloud-managed VPN orchestration, firewall reporting, and MDR/XDR integration.
Sophos Central SD-WAN Orchestration
Makes VPN orchestration easy. Wizard-based tunnel configuration helps create full mesh networks, hub-andspoke models, or complex tunnel setups between multiple firewalls a quick point-and-click exercise. Seamlessly integrates multiple WAN link and SD-WAN functionality and routing optimizations to improve resilience and performance and also integrates with user authentication and Synchronized Security Heartbeat to control access.
Central Firewall Reporting Advanced (30-day)
Cloud-based reporting with several pre-packaged common reports for threats, compliance, and user activity. Includes advanced options for creating custom reports and views with the option to save, schedule or export your custom reports. Includes 30 days of log data retention with the option to add additional storage for additional historical reporting needs.
MDR/XDR Connector
Sophos MDR provides optional 24/7 threat hunting, detection and response delivered by an expert team as a fully-managed service. Sophos XDR offers extended detection and response managed by your own team. Regardless of whether you manage it yourself, or Sophos manages it for you, your Sophos Firewall is ready to share the necessary threat intelligence and data to the cloud.
Email Protection
Consolidate your email protection with anti-spam, DLP, and encryption. We recommend Sophos Central Email Advanced for the best cloud-based email protection solution. If you require on-box email protection, this module offers essential anti-spam, DLP and encryption.
Integrated Message Transfer Agent
Ensures always-on business continuity for your email, allowing the firewall to automatically queue mail in the event servers become unavailable.
SPX Email Encryption
Unique to Sophos, SPX makes it easy to send encrypted email to anyone, even those without any kind of trust infrastructure, using our patent-pending password-based encryption technology.
Data Loss Prevention
Policy-based DLP can automatically trigger encryption or block/notify based on the presence of sensitive data in emails leaving the organization
Live Anti-Spam
Provides protection from the latest spam campaigns, phishing attacks, and malicious attachments.
Self-serve Quarantine
Gives employees direct control over their spam quarantine, saving you time and effort.
Web Server Protection
Harden your web servers and business applications against hacking attempts while providing secure access.
Business Application Policy Templates
Pre-defined policy templates let you protect common applications like Microsoft Exchange Outlook Anywhere or SharePoint quickly and easily.
Protection from the latest hacks and attacksn
With a variety of advanced protection technologies including URL and form hardening, deep-linking and directory traversal prevention, SQL injection and cross-site scripting protection, cookie signing and more.
Reverse proxy
With authentication options, SSL offloading, and server load balancing ensure maximum protection and performance for your servers being accessed from the internet.
מפרט טכני:
Products | XGS 2100 | |||||
---|---|---|---|---|---|---|
Performance | ||||||
Firewall throughput | 30,000 Mbps | |||||
Firewall IMIX | 16,500 Mbps | |||||
Firewall Latency (64 byte UDP) | 6 µs | |||||
IPS throughput | 6,000 Mbps | |||||
Threat Protection throughput | 1,250 Mbps | |||||
NGFW | 5,200 Mbps | |||||
Concurrent connections | 6,500,000 | |||||
New connections/sec | 134,700 | |||||
IPsec VPN throughput | 17,000 Mbps | |||||
IPsec VPN concurrent tunnels | 5,000 | |||||
SSL VPN concurrent tunnels | 2,500 | |||||
Xstream SSL/TLS Inspection | 1,100 Mbps | |||||
Xstream SSL/TLS Concurrent connections | 18,432 |
Physical Specifications | |
---|---|
Mounting | 1U rackmount (2 rackmount ears included) |
Dimensions Width x Height x Depth |
438 x 44 x 405 mm |
Weight | 4.7 kg/10.36 lbs (unpacked) 7 kg/15.43 lbs (packed) |
Power supply | |
Power supply | Internal auto-ranging AC-DC 100-240VAC, 3-6A@50-60 Hz External Redundant PSU Option |
Power consumption | 2100: 43 W/146.86 BTU/hr (idle) 2300: 45 W/153.7 BTU/hr (idle) 2100: 162 W/533.5 BTU/hr (max.) 2300: 167 W/570.74 BTU/hr (max.) |
PoE addition enabled | 76 W/260 BTU/hr (max.) |
Operating temperature | 0°C to 40°C (operating) -20°C to +70°C (storage) |
Humidity | 10% to 90%, non-condensing |
Product Certifications | |
Certifications | CB, CE, UKCA, UL, FCC, ISED, VCCI, KC, RCM, NOM, Anatel, CCC, BSMI, TEC, SDPPI |
Physical interfaces | |
---|---|
Storage (local quarantine/logs) | Integrated min. 120 GB SATA-III SSD |
Ethernet interfaces (fixed) | 8 x GbE copper 2 x SFP fiber |
Bypass port pairs | 1 |
Management ports | 1 x RJ45 MGMT 1 x COM RJ45 1 x MicroB (cable incl.) |
Other I/O ports | 2 x USB 3.0 (front) 1 x USB 2.0 (rear) |
Number of Flexi Port slots | 1 |
Flexi Port modules (optional) | 8 port GbE copper 8 port GbE SFP fiber 4 port 10GE SFP+ fiber 4 port GbE copper bypass (2 pairs) 4 port GbE copper PoE + 4 port GbE copper 4 port 2.5 GbE copper PoE 2 port GbE Fiber (LC) bypass + 4 port GbE SFP Fiber |
Max. total port density (incl. use of modules) | 18 |
Max. Power-over-Ethernet (using Flexi Port module) | 1 module: 4 ports, 60W max. |
Optional add-on connectivity | SFP DSL module (VDSL2) SFP/SFP+ Transceivers |
Display | Multi-function LCD module |
* Transceivers (mini GBICs) sold separately
הורדת מפרט טכני:
Download the Sophos XGS Series Data Sheet (PDF).
Pricing Notes:
- Standard Hardware Bundle: Includes Applicance and Standard Protection subscription
- Xstream Hardware Bundle: Includes Applicance and Xstream Protection subscription
- Base License: Stateful Firewall, Networking and SD-WAN, Wireless, VPN, Reporting (7-day)
- Network Protection: Xstream TLS, DPI, IPS, ATP, Security Heartbeat, SD-RED Management
- Web Protection: Xstream TLS, DPI, Web security and Control, Application Control
- Zero-Day Protection: Static ML-based and dynamic (sandboxing) file analysis, reporting (Formerly known as Sandstrom)
- Central Orchestration: SD-WAN VPN Orchestration, Central Firewall Reporting Advanced (30-day), MTR/XDR-ready
- Enhanced Support: 24x7 phone/email support, Advance exchange RMA
- Pricing and product availability subject to change without notice.
המחיר שלנו: הצעת מחיר
המחיר שלנו: הצעת מחיר
המחיר שלנו: הצעת מחיר
המחיר שלנו: הצעת מחיר
המחיר שלנו: הצעת מחיר
המחיר שלנו: הצעת מחיר
המחיר שלנו: הצעת מחיר
המחיר שלנו: הצעת מחיר
המחיר שלנו: הצעת מחיר
המחיר שלנו: הצעת מחיר
המחיר שלנו: הצעת מחיר
המחיר שלנו: הצעת מחיר
המחיר שלנו: הצעת מחיר
המחיר שלנו: הצעת מחיר
המחיר שלנו: הצעת מחיר
המחיר שלנו: הצעת מחיר
המחיר שלנו: הצעת מחיר