Sophos XG 125w review
The XG 125w is a no-compromises gateway security appliance that delivers a wealth of protection measures at a great price
SMEs that want centralized network protection need look no further than Sophos' XG 125w as this gateway appliance is packed to the rafters with security features. It's no performance lightweight either, claiming a high raw firewall throughput of 6.5Gbits/sec and 1.5Gbits/sec with all UTM functions enabled.
The XG 125w offers eight copper Gigabit and an SFP fibre Gigabit port, while its expansion bay accepts optional DSL, 3G/4G or Gigabit SFP modules. It also provides 2.4GHz/5GHz 11ac wireless services with support for multiple virtual SSIDs and hotspot guest access facilities.
Installation is a doddle; the web browser quick start wizard guided us through securing administrative access, setting up the LAN and WAN ports plus a secure wireless network and adding an email address for alerting. We opted for the default routed mode of operation as we wanted the appliance to provide all security functions including firewalling.
The base appliance has firewall, VPN, authentication and secure wireless management services enabled with a perpetual license. The price we've shown includes a 3-year TotalProtect subscription which actives the network, web, email and web server protection modules while a TotalProtect Plus subscription adds Sophos' Sandstorm feature which uses cloud sandbox technology to mitigate zero-day threats.
The wizard creates a base set of security policies to enable anti-malware scanning and web filtering for common sets of undesirable categories. The intuitive console makes it easy to customise security, where we could group ports into zones, apply firewall rules to sources and destinations and add service filters, blocking actions and time schedules.
From the Protect section of the console, you can create security policies for web filtering, IDP, email and application controls. Web filtering offers over 100 URL categories while the application controls provide 3,200 predefined apps, and policies are swiftly applied by selecting them in your firewall rules.
Sophos' identity-based security opens up many extra security features. With this in action, we could apply Internet access and bandwidth usage policies, enforce data transfer limitations on uploads and downloads and have different daily, weekly, monthly and yearly limits for individual users and groups.
It's easy to implement; users authenticate to an external directory server or log in to the appliance using the free Sophos Client Authentication Agent (CAA). This can be downloaded directly from the appliance's captive web portal, which also has links for Linux and macOS clients plus certificates for Android and iOS mobiles.
We already use the Sophos Central cloud security service and loved the appliance's Security Heartbeat feature. All we needed to do was enter our Sophos Central credentials in the appliance's console and after registration, all our endpoint activity data was sent to the appliance, which displayed coloured status icons in the console's dashboard.
Minimum heartbeat conditions can be linked to firewall policies so if any remote endpoint detects a threat, the policy can immediately isolate all users and devices in the same zone. You can also use the SAC (synchronized application control) feature which detects unknown apps on Sophos Central endpoints and tames them with firewall policies.
The appliance's iView syslog server provides a wealth of free reporting facilities from the same console. With data logging enabled in our firewall policies, we could view graphs and charts on firewall, virus, spam, web content filtering and user activity, plus pull up a range of data protection compliance reports.
Along with a pleasantly swift deployment, the XG 125w impressed us with its depth of security features. Adding in its seamless integration with Sophos Central, the high performance and integral 11ac wireless services makes it our recommended gateway security appliance for SMEs.
Along with a pleasantly swift deployment, the Sophos XG 125w impressed us with its depth of security features. Adding in its seamless integration with Sophos Central, the high performance and integral 11ac wireless services makes it our recommended gateway security appliance for SMEs.
Desktop chassis 1.6GHz Intel Atom C3508 4GB RAM 64GB SATA SSD 8 x Copper Gigabit, 1 x SFP Gigabit 2.4GHz/5GHz 802.11ac wireless 3 x 3 MIMO 3 x external aerials HDMI 2 x USB 2 Micro USB RJ-45 serial Expansion slot External PSU (max 2) 320 x 212 x 44mm (WDH) 3 year hardware warranty