Sophos XG 125w review

The XG 125w is a no-compromises gateway security appliance that delivers a wealth of protection measures at a great price

Editor's Choice
Price
£1,667
  • Heaps of protection features; Rich reporting; Simple deployment; Great speeds

SMEs that want centralized network protection need look no further than Sophos' XG 125w as this gateway appliance is packed to the rafters with security features. It's no performance lightweight either, claiming a high raw firewall throughput of 6.5Gbits/sec and 1.5Gbits/sec with all UTM functions enabled.

The XG 125w offers eight copper Gigabit and an SFP fibre Gigabit port, while its expansion bay accepts optional DSL, 3G/4G or Gigabit SFP modules. It also provides 2.4GHz/5GHz 11ac wireless services with support for multiple virtual SSIDs and hotspot guest access facilities.

Installation is a doddle; the web browser quick start wizard guided us through securing administrative access, setting up the LAN and WAN ports plus a secure wireless network and adding an email address for alerting. We opted for the default routed mode of operation as we wanted the appliance to provide all security functions including firewalling.

The base appliance has firewall, VPN, authentication and secure wireless management services enabled with a perpetual license. The price we've shown includes a 3-year TotalProtect subscription which actives the network, web, email and web server protection modules while a TotalProtect Plus subscription adds Sophos' Sandstorm feature which uses cloud sandbox technology to mitigate zero-day threats.

The wizard creates a base set of security policies to enable anti-malware scanning and web filtering for common sets of undesirable categories. The intuitive console makes it easy to customise security, where we could group ports into zones, apply firewall rules to sources and destinations and add service filters, blocking actions and time schedules.

From the Protect section of the console, you can create security policies for web filtering, IDP, email and application controls. Web filtering offers over 100 URL categories while the application controls provide 3,200 predefined apps, and policies are swiftly applied by selecting them in your firewall rules.

Sophos' identity-based security opens up many extra security features. With this in action, we could apply Internet access and bandwidth usage policies, enforce data transfer limitations on uploads and downloads and have different daily, weekly, monthly and yearly limits for individual users and groups.

It's easy to implement; users authenticate to an external directory server or log in to the appliance using the free Sophos Client Authentication Agent (CAA). This can be downloaded directly from the appliance's captive web portal, which also has links for Linux and macOS clients plus certificates for Android and iOS mobiles.

We already use the Sophos Central cloud security service and loved the appliance's Security Heartbeat feature. All we needed to do was enter our Sophos Central credentials in the appliance's console and after registration, all our endpoint activity data was sent to the appliance, which displayed coloured status icons in the console's dashboard.

Minimum heartbeat conditions can be linked to firewall policies so if any remote endpoint detects a threat, the policy can immediately isolate all users and devices in the same zone. You can also use the SAC (synchronized application control) feature which detects unknown apps on Sophos Central endpoints and tames them with firewall policies.

The appliance's iView syslog server provides a wealth of free reporting facilities from the same console. With data logging enabled in our firewall policies, we could view graphs and charts on firewall, virus, spam, web content filtering and user activity, plus pull up a range of data protection compliance reports.

Along with a pleasantly swift deployment, the XG 125w impressed us with its depth of security features. Adding in its seamless integration with Sophos Central, the high performance and integral 11ac wireless services makes it our recommended gateway security appliance for SMEs.

Verdict

Along with a pleasantly swift deployment, the Sophos XG 125w impressed us with its depth of security features. Adding in its seamless integration with Sophos Central, the high performance and integral 11ac wireless services makes it our recommended gateway security appliance for SMEs.

Desktop chassis 1.6GHz Intel Atom C3508 4GB RAM 64GB SATA SSD 8 x Copper Gigabit, 1 x SFP Gigabit 2.4GHz/5GHz 802.11ac wireless 3 x 3 MIMO 3 x external aerials HDMI 2 x USB 2 Micro USB RJ-45 serial Expansion slot External PSU (max 2) 320 x 212 x 44mm (WDH) 3 year hardware warranty

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

8 most secure web browsers
web browser

8 most secure web browsers

25 Sep 2020
Your essential guide to internet security
Security

Your essential guide to internet security

23 Sep 2020
How to enable private browsing on any device
privacy

How to enable private browsing on any device

22 Sep 2020
Third-party apps are tracking your WhatsApp activity
social media

Third-party apps are tracking your WhatsApp activity

21 Sep 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Unilever adopts Google Cloud’s complex data processing for conservation drive
big data analytics

Unilever adopts Google Cloud’s complex data processing for conservation drive

22 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020