See why the XG Firewall stands out from the competition. In a recent survey of 3,000 IT decision makers, the top three complaints with their current firewall were:

The real problem is when one nasty targeted attack, ransomware, or user inadvertently clicks on a phishing email.

These are a few of the headlines of businesses local to Berks County, Pennsylvania:

Allentown Council OKs nearly $1 million for computer virus fix in Allentown, PA

Wyoming Area paid $38,000 to end ransomware attack near Scranton, PA

Duncannon paid thousands in ransomware attack: officials in Perry County, PA

Large Pennsylvania health care company hit by malware attack in King of Prussia, PA

Ransomware Attack Hits Local Libraries in Butler County, PA

Pennsylvania trucking company falls victim to ransomware attack in West Chester, PA

Typical Firewall Pains

The XG Firewall was designed from the beginning to address the common problems administrators face with networking, protection, and management of most firewalls.

The Sophos Advantage

Key features to address typical pains

The control center uses traffic light style indicators to what needs immediate attention, is a risk, or is good. You can see your top risks related to heartbeat, apps, payloads, users, threats, websites and attacks. The visibility into encrypted traffic flows, and the option to deal with compatibility issues as they arise are only found in the XG Firewall.

For easier delivery, policies are pre-packaged – allowing to get up and running in minutes. Admins can choose from many built-in policies for web filtering, IPS, application control, traffic shaping, SSL inspection, or business application and then customize the policies or use as-is.

The new Deep Packet Inspection Engine allows for fast encrypted traffic inspection. Providing high performance inspection, compatible with the latest standards including TLS 1.3. The DPI Engine integrates all security and control needed to protect the network and enforce policies: AV, IPS, Web Protection, and Application Control – in a single streaming engine. If the AV engine detects any file with active code, such as an executable or document with a Macro, it will send that file to SophosLabs Cloud Services for machine-learning based threat intelligence analysis and dynamic sandboxing behavioral analysis to stop the latest ransomware.

Networking

Traditional MPLS connections are reliable but expensive. Consumer-grade Internet connections are inexpensive but less reliable. Connectivity Cost vs Reliability: 99.99% MPLS uptime = 4.4 min downtime per month VS 99% business internet SD-WAN uptime = 7 hours per month downtime, but at a 70% savings. In other words, MPLS has more uptime but costs more, and an SD-WAN has less uptime but costs less. However, the savings of switching to an SD-WAN typically allow for a redundant circuit to be implemented.

Watch the Sophos SD-WAN vs MPLS video

Application Performance

Remote locations, work from home, and cloud applications such as Microsoft 365, G Suite, SalesForce, along with virtual machines and cloud storage are contributing to a disappearing network perimeter.

Deployment Options

XG Firewall offers a full range of top-performing hardware appliances, support for all popular virtualization platforms, AWS and Azure public cloud and hybrid environments, and even a software appliance you can install on your own hardware.

• Hardware – select from the extensive Sophos range of XG series appliances
• Software – deploy a software image on Intel compatible hardware
• Virtual – VMware, Citrix, Hyper-V, and KVM.
• Cloud – AWS and Azure

Licensing

All XG Firewalls, regardless of deployment options, include a perpetual Base License. This includes IPsec, SSL VPN and full wireless protection. You can extend protection by purchasing individual subscription options or bundling:

• Network protection – stop sophisticated attacks and advanced threats while providing secure network access
• Web protection – unmatched visibility and control over web and application activity
• Email protection – Consolidate email protection with anti-spam, DLP, and encryption
• Web server protection – Harden web servers and business applications against hacking attempts while providing secure access
• Sandstorm protection – AI driven and dynamic file analysis techniques combine to bring unprecedented threat intelligence to XG Firewall and effectively identify and block ransomware, known and unknown threats.

Support

Choose from three levels of support: Standard, Enhanced, and Enhanced Plus. Standard is included with all devices, for 90 days. Enhanced is recommended for all customers and is included in all bundles. Enhanced Plus is an extra upgrade for VIP access and remote consulting hours. If you are buying an indi

SD-WAN

SD-WAN is all the rage! It’s perceived as networking rainbows and unicorns, being so ubiquitous many don’t know what it actually means. It means using consumer internet to connect remote and branch locations using VPN technology. The goal is to provide affordable means of connecting an organization’s geographically distributed sites with high quality connections over consumer grade infrastructure, allowing to skip expensive MPLS.

Read the Sophos XG Firewall and SD-WAN Whitepaper

There are three main options for adopting SD-WAN technology.

• Firewall Solutions – integrate SD-WAN capability into the firewall (Sophos, Fortinet, SonicWall, Cisco Meraki are examples). Firewalls already incorporate excellent security and protection features. Can be deployed via zero-touch provisioning and be centrally managed for easy set-up and deployment easier. Generally, these offer the easiest and simplest approach, but may not offer the sophistication and dedicated cloud a hybrid system can offer.
• Pure-Play Hybrid and Cloud Solutions – involve an SD-WAN appliance with only basic, state-full firewall capabilities and weak security, or a full firewall that is provisioned with a third-party cloud-based SD-WAN cloud based solution (Pan, Cisco, Silver Peak, Velocloud are examples). There are also cloud-based solutions delivered as a service, lacking strong security and include multiple products that must be managed and can cause complications.

Facilitate remote work with Sophos XG Firewall

As businesses try to keep their staff connected and productive, the ability for employees to work from home or any other location has become critical. While coronavirus (COVID-19) has been the largest driver for the increase of remote work, long commute times, severe weather, and need for greater flexibility are other popular reasons companies are looking at alternatives to working in an office.

XG Firewall and SD-RED devices provide businesses, schools, hospitals, and other organizations with multiple solutions for secure remote connectivity. Employees can have access to applications, email and resources on the network from their home, as if they were onsite. You can keep them safe with features like web filtering.

Client Connect

XG Firewall (hardware or virtual applicance) provides a perpetual Base license that includes both IPsec and SSL VPN connectivity. You can choose either or both to allow remote workers to connect with the network.

Setting up IPsec-based remote access is managed through the Sophos Connect client on XG Firewalls running v17.5 or newer firmware. Connect client is focused on ease of use and reliability to ensure an extremely positive user experience.

Just select a desired network or office and click “Connect” to establish an encrypted VPN tunnel that secure the transmission of traffic between the firewall and remote device. On the client side, the remote device uses free Connect client software for Windows or macOS to create the VPN connection.

IPsec or SSL VPN: Choosing the right remote access solution

SOHO Protection with XG86 or SD-RED

Small and affordable, the XG 86(w) and SD-RED devices provide the ultimate in SOHO protection with always-on dedicated or split-tunnel VPN that’s easy to deploy and manage with a variety of flexible options.

SD-RED

An alternative solution for connecting from home, the SD-RED is a low-cost Remote Ethernet Device that creates a secure Layer 2 VPN tunnel to a central XG Firewall. This makes for a great remote access solution for connecting remote sites, as well as individual employees who deal with sensitive information.

No technical expertise is needed to connect the device. Simply note the device ID in XG Firewall and ship it to the employee. As soon as it’s plugged in and connected to the internet, the SD-RED appliance contacts the XG Firewall and establishes a secure dedicated VPN tunnel. Customers can connect to the device directly or wirelessly through a Sophos APX wireless access point.

Mobile VPN

Mobile devices can utilize built-in or app-based VPN options including IPsec and SSL VPN for secure connectivity to the XG Firewall protected network.