Sophos XG 125w
A superbly versatile gateway appliance that combines in-house security with cloud management capabilities
SCORE PRICE With 3yr TotalProtect subscription, £1,667 exc VAT from broadbandbuyer. co.uk
If you’re seeking a do-it-all UTM appliance, the Sophos XG 125w could well be the answer. It’s packed to the rafters with security features, and it’s no performance lightweight either: it claims a raw firewall throughput of 6.5Gbits/sec, or a respectable 1.5Gbits/sec with all UTM functions enabled.
Connectivity comes courtesy of eight copper Gigabit Ethernet ports, plus a single SFP optical Ethernet port. An expansion bay can be used to add an optional DSL or 3G/4G adapter, or an additional SFP module. The appliance also provides dual-band 802.11ac wireless services, with support for multiple virtual SSIDs and built-in hotspot guest access facilities.
Installation is a doddle. The browser-based quick-start wizard guided us through securing administrative access, setting up the LAN and WAN ports, configuring Wi-Fi and adding an email address for alerts.You can install the XG 125w in bridge mode to fit in with an existing infrastructure, but we opted for the default gateway mode, as we wanted the appliance to handle all security functions, including firewall duties.
On that point, it’s worth noting that the base appliance comes with a perpetual licence for firewall services, plus VPN, authentication and secure wireless management. The price shown above includes a three-year TotalProtect subscription, which activates the network, web, email and web server protection modules; if you want more, a TotalProtect Plus subscription adds Sophos’ Sandstorm feature, which uses cloud-based sandbox technology to protect you from zero-day threats.
The setup wizard installs a base set of security policies, which activate malware scanning and set the web filter to block a standard set of site categories. It’s a good starting point, but the intuitive console makes it easy to customise your protection: the web filtering component gives you over 100 URL categories to choose from, while a built-in database of 3,200 recognised apps and services is a great help in setting up application controls and firewall rules.
You can also create per-user or group-wide policies using Sophos’ identity-based security features. These can include internet access and bandwidth usage policies, with daily, weekly, monthly and yearly limits. Users can authenticate with an external directory server, or they can log in to the appliance itself using the free Sophos Client Authentication Agent (CAA).
Although the XG 125w can be used as a purely local appliance, it also integrates seamlessly with the Sophos Central cloud portal, so businesses with both on-site and remote endpoints can manage them all from a single console. Once you’ve entered
“Although the XG 125w can be used as a purely local appliance, it also integrates seamlessly with the Sophos Central cloud portal”
your Sophos Central credentials in the appliance’s console, all your endpoint activity can be easily monitored via coloured status icons in the cloud console’s dashboard. You can set overarching policies too, so – for example – if any remote endpoint detects a threat, all users and devices in the same zone can be immediately isolated. The SAC (synchronised application control) feature meanwhile detects unknown apps on any Sophos Central endpoints and automatically applies precautionary firewall policies.
Reporting features can be accessed from the same console too, courtesy of Sophos’ iView syslog server. This provides a decent range of free reporting facilities: with data logging enabled, we were able to easily generate graphs and charts detailing firewall, virus, spam, web content filtering and other user activity, and pull up a range of data protection compliance reports. The XFG 125w might be overkill for the smallest businesses, but it impressed us with its depth of security features and its seamless integration with Sophos Central. Factor in its high performance and built-in 802.11ac wireless services and it’s a superb gateway security appliance for growing SMEs who are ready to get serious about security.
SPECIFICATIONS Desktop chassis 1.6GHz Intel Atom C3508 4GB RAM 64GB SATA SSD 8 x Gigabit Ethernet, 1 x SFP Gigabit 2.4GHz/5GHz 802.11ac wireless 3 x 3 MIMO
3 x external aerials HDMI 2 x USB 2 micro-USB RJ-45 serial expansion slot external PSU (max 2) 320 x 212 x 44mm (WDH) 3yr hardware warranty