The world's best visibility, protection and response

Top Recognition from Industry Experts

NSS Labs Recommended

Magic Quadrant Leader

5-Star Rating

See it. Stop it. Secure it.

"Synchronized Application Control is providing fantastic insight: complete visibility and precise control" – Sophos Partner

Expose Hidden Risks

Superior visibility into risky activity, suspicious traffic, and advanced threats helps you regain control of your network.

Stop Unknown Threats

Powerful next-gen protection technologies like deep learning and intrusion prevention keep your organization secure.

Isolate Infected Systems

Automatic threat response instantly identifies and isolates compromised systems on your network and stops threats spreading.

Stop Unknown Threats. Dead.

Harness the power of deep learning, deep packet inspection and aggressive run-time analysis
to stop threats before they get on your network

Deep Learning

XG Firewall integrates deep learning and the most advanced threat protection technology to block sophisticated unknown threats like ransomware, cryptojacking, bots, worms, hacks, breaches and advanced persistent threats (APTs).

Using the same technology as our award-winning Intercept X, Deep Learning drives threat prevention to unmatched levels. The artificial intelligence built into XG Firewall is a deep learning neural network, an advanced form of machine learning, that detects both known and unknown malware as well as unwanted applications without relying on signatures. It's smarter, more scalable, and higher performing than any traditional machine learning or signature-based detection solution.

Intrusion Prevention System

XG Firewall's IPS engine was recently tested by NSS Labs in their highly regarded Next-Gen Firewall Group Test and it performed among the top for security effectiveness, particularly against evasion techniques, while the price-performance ratio is also among the best of all vendors.

You get proven Next-Gen IPS protection that has stopped threats like Wanna and Petya. Dead.


Sophos Sandstorm is backed by SophosLabs to provide detonation and detection of suspicious payloads containing threats, malware and unwanted applications. Because it runs in a dedicated virtualized cloud environment, it completely frees your firewall and endpoints of any burden and enables far more rigorous and resource intensive analysis that's just not practical any other way.

Sandstorm's deep threat prevention goes beyond endpoint or gateway malware detection solutions with:

  • Deep learning neural network analysis of executables
  • Extremely aggressive & frequent memory analysis
  • Extensive behavioral analysis scrutiny of all activity and API calls
  • More thorough network activity analysis across all protocols

It's the best defense you can get against the latest threats lurking in phishing attacks, spam, and file downloads.

Advanced Threat Protection

Powerful multi-layered, call-home protection combines analysis from DNS, IPS, web, and traffic filters to identify and block botnet and command-and-control (C&C) call-home attempts.

Advanced threats are instantly identified and if you've enabled Synchronized Security with Sophos Central Endpoints or Intercept X you can automatically isolate infected systems until they can be cleaned up.

Dual-engine AV

Sophos' award-winning, high-performance behavioral anti-malware engine is backed by SophosLabs and a 30-year history of protecting enterprises from the latest threats.

Dual-engine scanning offers the option of scanning traffic with the Sophos engine for excellent performance and protection, or adding a second engine scan for even more protection.

Web Protection

Sophos Web Protection engine is backed by SophosLabs and includes innovative technologies like code emulation, behavioral analysis, live protection, and pharming protection to identify and block the latest web threats. Dead.

XG Firewall makes configuration easy, with pre-packaged Web policies activated in seconds, edited anytime, and simulated quickly and easily to verify or help troubleshoot policy settings.

SSL Inspection

XG Firewall high-performance SSL inspection ensures web threats and inappropriate content are not slipping through, a key blind spot in most network traffic.

Certificate validation and protocol enforcement options ensure your network is protected from spoofing and that unwanted traffic trying to bypass filtering or traffic shaping is stopped. Dead.

Expose Hidden Risks

Sophos XG Firewall provides unprecedented visibility into your network, users, and applications directly from the all-new control center. You also get rich on-box reporting, included at no extra charge.

Cloud Applications

See where your organization's data is going in the cloud with XG Firewall's CASB cloud application visibility widget. New, sanctioned, unsanctioned, and tolerated cloud services and application traffic volume is visible at a glance so you can immediately see if you have potential data at risk from Shadow IT.

Drill down to get a complete view of the cloud application usage, volume of data by user, and risk.

Security Heartbeat™

The Sophos Security Heartbeat widget indicates the health status of all your Sophos Central-managed endpoints. If any systems are running unwanted applications or infected, they will show here as yellow or red.

Clicking the widget reveals full details on the affected computer, including the user, hostname, IP address, and even the process responsible, enabling you to quickly take action. You can also use Security Heartbeat status in your policies to limit access to network resources for affected systems.


The menu items are logically organized, offering quick access to all areas of the system. In fact, you're never more than two clicks from anywhere.

The navigation provides immediate access to monitoring and analysis tools, all protection and policy settings, firewall configuration, and system settings.

System Panel

The system panel displays the real-time status of system performance, services, connections, and other system parameters. Green indicates everything is fine, orange indicates a warning, and red indicates something needs immediate attention.

Each item is clickable to reveal additional details and graphs, as well as helpful system and network tools you can use for troubleshooting purposes such as ping, traceroute, packet capture, command-line access, and much more.

Active Policies

The Active Policies panel right on the control center indicates exactly how many policies you have of each type, how many are unused, disabled, changed, and recently added.

Unused policies are a good indication of policies that may benefit from some housekeeping, as they can present potential openings or vulnerabilities in the network that are no longer required.

Traffic Insight

This provides an overview of traffic processed in the last 24 hours, including web activity, allowed and blocked apps and web categories, as well as network attacks.

You can quickly determine when your peak traffic periods are and how effective your policies have been at blocking unwanted activity and traffic.

Sandstorm and Advanced Threats

The Sandstorm widget provides an indication of suspect payloads and the sandboxing analysis results. Clicking it provides detailed reporting insights into suspicious file downloads.

The ATP widget provides an immediate indication of the presence of advanced threats on your network like botnets. Clicking it will reveal helpful details about the infected system, including the hostname, IP address, and source of the malicious traffic.


The connections widget shows the status of various connected devices and users, including Remote Ethernet Device (RED) VPN connections, pending and active wireless access points, remote SSL VPN connections, and the current live users count.

Clicking the various components of this widget will take you directly to the respective setup or reporting screen.

Top Risk Users

Unique to Sophos, User Threat Quotient (UTQ) is an indication of a user's risk level based on recent web and advanced threat activity. This widget is green when risk levels are low, and turns red when a threshold of risky activity is detected indicating the number of high-risk users.

The score is analyzed over a seven day period, and clicking on it will take you directly to the detailed UTQ report.


The messages panel displays important system notices, warnings, and alerts with blue, yellow, and red icons respectively. Examples include default password warnings, HTTPS and SSH WAN access warnings, registration notifications, license notifications, and firmware updates.

Click any message to review the full details and take action.


This panel displays the top five reports that may have data of interest or require action based on automatic background analysis. Examples include high-risk applications, objectionable websites, web users, intrusion attacks, web server attacks, and more.

Clicking any of the listed reports will open the full report, or you can choose to download a PDF version.

Synchronized App Control

This widget displays the number of previously unidentified apps that Sophos Synchronized App Control has discovered on your network including apps that are matched to known apps, new apps, and the total count of apps discovered.

Click through to the Synchronized App Control screen where you can assign applications to categories and policies to get your network under control.

Keep Your Network Under Control

Application visibility and control like nothing you've ever seen. XG Firewall gives you 100% visibility over all your application traffic - both native Mac and Windows Apps as well as cloud apps

Synchronized Application Control

You can't control what you can't see

On average, 45% of application traffic is going unidentified. Static application signatures don't work for custom, obscure, evasive, or any apps using generic HTTP or HTTPS.

A breakthrough in network visibility

Synchronized App Control automatically identifies all unknown applications enabling you to easily block the apps you don't want and prioritize the ones you do.

CASB and Cloud App Visibility

Identify Data at Risk

Cloud Access Security Broker (CASB) in XG Firewall helps identify risky behavior and data at risk by providing insights into what cloud services are being used, how much they are being used, and by who.

Discover Shadow IT

Quickly and easily classify unsanctioned cloud services and applications so you can identify Shadow IT early, including specific users and traffic volumes to get them under control before it's too late.

One-Click Traffic Shaping

Whether you want to prioritize mission-critical cloud services or put a stop to unsanctioned activity, XG Firewall makes it easy with one-click access to the included traffic shaping policies as well as your own custom policies, all on the same screen.

Isolate Infected Systems

Sophos XG Firewall is the only network security solution that is able to fully identify the source of an infection on your network and automatically limit access to other network resources in response. This is made possible with our unique Sophos Security Heartbeat™ that shares telemetry and health status between Sophos endpoints and your firewall.

Monitor Network Health

XG Firewall not only monitors host network activity, but also receives health status directly from your endpoints so you have constant visibility into the health of your entire network.

Identify Infected Systems

XG Firewall instantly alerts you to compromised systems on your network with full details including the IP address, the user, and the process, so you're not left digging for information.

Automatically Isolate Infections

XG Firewall uniquely integrates the health of connected hosts into your firewall rules, enabling you to automatically limit access to sensitive network resources from any compromised system until it's cleaned up.

A Firewall That Thinks Like You

So you don't need to think like a firewall.

We've rethought the way firewall rules and security policies are managed. Sophos XG implements an all-new powerful and flexible unified security and control model that enables you to see and manage all your user, application and network policies in a single place on a firewall rule basis.

Unified Security Management

Most firewall products will have you setting up and managing security across multiple modules or screens. Not Sophos. We provide a powerful unified security model that allows you to easily establish and manage your security posture in one place.

User Identity

XG Firewall offers industry leading authentication options and enables user-level enforcement for threat protection, sandboxing, application control, traffic shaping, web filtering policy, IPS protection, Security HeartbeatTM and routing - all on a single screen to make management simpler and easier.

App, User, Net Rule Types

XG Firewall makes it easy to manage all your network security in one place including your network and user-based firewall rules alongside all your web application firewall protection for business applications and servers, as well as your NAT rules.

App, User, Net Rule Types

XG Firewall makes it easy to manage all your network security in one place including your network and user-based firewall rules alongside all your web application firewall protection for business applications and servers, as well as your NAT rules.

Security Heartbeat™ Policy

An industry first, Sophos Security Heartbeat links your endpoints and your firewall to combine their intelligence to immediately identify systems compromised by advanced threats, enabling you to establish policies that automatically isolate or limit infected systems until they can be cleaned up.

Rule Activity Monitoring

If you're like most network admins, you've probably wondered whether you have too many firewall rules, and which ones are really necessary and which ones are not actually being used. With Sophos XG Firewall, you don't need to wonder anymore.

Business App Policy Templates

Pre-defined policy templates let you protect common applications like Microsoft Exchange or Sharepoint fast. Simply select them from a list, provide some basic information and the template takes care of the rest. It sets all the inbound/ outbound firewall rules and security settings for you automatically.

Comprehensive Next-Gen Protection

XG Firewall integrates all the advanced networking, protection, user, and app controls you need to stay secure and compliant.

MANAGEMENT Firewall Management Centralized Management Status and Alerts Reporting and Logging
USER & APP CONTROL User Identity Application Control Web Control Content Control
Synchronized Security
Cloud Sandbox
Advanced Threat Protection
Business Applications
Web Protection
Email and Data
NETWORKING Routing and Bridging
Zone Segmentation
Traffic Shaping
Wireless Controller
Encrypted Traffic

Powerful Management and Scalability

Sophos XG Firewall provides unprecedented visibility into your network, users, and applications right from the all-new control center. You also get rich on-box reporting and the option to add Sophos iView for centralized reporting across multiple Firewalls.

Sophos Firewall Manager Centralized Management

Use Sophos Firewall Manager to monitor, configure, and administer all your firewalls conveniently from a single console.

Sophos iView Centralized Reporting

Provides full visibility across your entire estate of firewalls with consolidated reporting and off-box storage management for important log data.

Clustering and Redundancy

Active-active clustering and active-passive failover provide scalability and business continuity.

Flexible Deployment Options

Choose from a variety of different hardware appliance models, virtual environments, or even deploy it on your Intel server hardware platform of choice.

Protecting Your Cloud

XG Firewall provides a full suite of protection for your Azure cloud infrastructure that will have you up and running in minutes.

Optimized for Azure

XG Firewall is available as a certified preconfigured VM within the Azure Marketplace and supports Azure Resource Manager templates to streamline your custom deployments.

All-in-One Protection

Sophos XG Firewall integrates multiple best-of-breed security technologies into a single solution saving you from having to deploy and integrate multiple products in Azure.

Time Saving Templates

Sophos XG Firewall offers time saving business application and server protection templates as well as pre-packaged web filtering, IPS, traffic shaping and app control policies.

Synchronized Server Security

Sophos XG Firewall integrates perfectly with Sophos Server Protection to provide health status monitoring, instant threat identification and automated response when an incident occurs.

The content displayed on this website is sourced from the publicly available information on the websites of our principals, and is displayed here purely for informational purposes to promote our principals' products and services. All terms and conditions applicable to the content on our principals' websites remain applicable to the content displayed on the pages of

Call us at +91 9025 66 55 66 to know more about our Software, Hardware & Service offerings!