Sophos XG 125w review

The XG 125w is a no-compromises gateway security appliance that delivers a wealth of protection measures at a great price

Editor's Choice
  • Heaps of protection features; Rich reporting; Simple deployment; Great speeds

SMEs that want centralized network protection need look no further than Sophos' XG 125w as this gateway appliance is packed to the rafters with security features. It's no performance lightweight either, claiming a high raw firewall throughput of 6.5Gbits/sec and 1.5Gbits/sec with all UTM functions enabled.

The XG 125w offers eight copper Gigabit and an SFP fibre Gigabit port, while its expansion bay accepts optional DSL, 3G/4G or Gigabit SFP modules. It also provides 2.4GHz/5GHz 11ac wireless services with support for multiple virtual SSIDs and hotspot guest access facilities.

Advertisement - Article continues below

Installation is a doddle; the web browser quick start wizard guided us through securing administrative access, setting up the LAN and WAN ports plus a secure wireless network and adding an email address for alerting. We opted for the default routed mode of operation as we wanted the appliance to provide all security functions including firewalling.

The base appliance has firewall, VPN, authentication and secure wireless management services enabled with a perpetual license. The price we've shown includes a 3-year TotalProtect subscription which actives the network, web, email and web server protection modules while a TotalProtect Plus subscription adds Sophos' Sandstorm feature which uses cloud sandbox technology to mitigate zero-day threats.

Advertisement - Article continues below

The wizard creates a base set of security policies to enable anti-malware scanning and web filtering for common sets of undesirable categories. The intuitive console makes it easy to customise security, where we could group ports into zones, apply firewall rules to sources and destinations and add service filters, blocking actions and time schedules.

Advertisement - Article continues below

From the Protect section of the console, you can create security policies for web filtering, IDP, email and application controls. Web filtering offers over 100 URL categories while the application controls provide 3,200 predefined apps, and policies are swiftly applied by selecting them in your firewall rules.

Sophos' identity-based security opens up many extra security features. With this in action, we could apply Internet access and bandwidth usage policies, enforce data transfer limitations on uploads and downloads and have different daily, weekly, monthly and yearly limits for individual users and groups.

It's easy to implement; users authenticate to an external directory server or log in to the appliance using the free Sophos Client Authentication Agent (CAA). This can be downloaded directly from the appliance's captive web portal, which also has links for Linux and macOS clients plus certificates for Android and iOS mobiles.

We already use the Sophos Central cloud security service and loved the appliance's Security Heartbeat feature. All we needed to do was enter our Sophos Central credentials in the appliance's console and after registration, all our endpoint activity data was sent to the appliance, which displayed coloured status icons in the console's dashboard.

Advertisement - Article continues below

Minimum heartbeat conditions can be linked to firewall policies so if any remote endpoint detects a threat, the policy can immediately isolate all users and devices in the same zone. You can also use the SAC (synchronized application control) feature which detects unknown apps on Sophos Central endpoints and tames them with firewall policies.

The appliance's iView syslog server provides a wealth of free reporting facilities from the same console. With data logging enabled in our firewall policies, we could view graphs and charts on firewall, virus, spam, web content filtering and user activity, plus pull up a range of data protection compliance reports.

Along with a pleasantly swift deployment, the XG 125w impressed us with its depth of security features. Adding in its seamless integration with Sophos Central, the high performance and integral 11ac wireless services makes it our recommended gateway security appliance for SMEs.


Along with a pleasantly swift deployment, the Sophos XG 125w impressed us with its depth of security features. Adding in its seamless integration with Sophos Central, the high performance and integral 11ac wireless services makes it our recommended gateway security appliance for SMEs.

Desktop chassis 1.6GHz Intel Atom C3508 4GB RAM 64GB SATA SSD 8 x Copper Gigabit, 1 x SFP Gigabit 2.4GHz/5GHz 802.11ac wireless 3 x 3 MIMO 3 x external aerials HDMI 2 x USB 2 Micro USB RJ-45 serial Expansion slot External PSU (max 2) 320 x 212 x 44mm (WDH) 3 year hardware warranty

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The economics of infrastructure scalability

Find the most cost-effective and least risky way to scale

Download now

IT operations overload hinders digital transformation

Clearing the path towards a modernised system of agreement

Download now



University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular


How to find RAM speed, size and type

24 Jun 2020
data protection

EU institutions told to avoid Microsoft software after licence spat

3 Jul 2020

Microsoft releases urgent patch for high-risk Windows 10 flaws

1 Jul 2020