Sophos XG 125w review

The XG 125w is a no-compromises gateway security appliance that delivers a wealth of protection measures at a great price

Editor's Choice
  • Heaps of protection features; Rich reporting; Simple deployment; Great speeds

SMEs that want centralized network protection need look no further than Sophos' XG 125w as this gateway appliance is packed to the rafters with security features. It's no performance lightweight either, claiming a high raw firewall throughput of 6.5Gbits/sec and 1.5Gbits/sec with all UTM functions enabled.

The XG 125w offers eight copper Gigabit and an SFP fibre Gigabit port, while its expansion bay accepts optional DSL, 3G/4G or Gigabit SFP modules. It also provides 2.4GHz/5GHz 11ac wireless services with support for multiple virtual SSIDs and hotspot guest access facilities.

Installation is a doddle; the web browser quick start wizard guided us through securing administrative access, setting up the LAN and WAN ports plus a secure wireless network and adding an email address for alerting. We opted for the default routed mode of operation as we wanted the appliance to provide all security functions including firewalling.

The base appliance has firewall, VPN, authentication and secure wireless management services enabled with a perpetual license. The price we've shown includes a 3-year TotalProtect subscription which actives the network, web, email and web server protection modules while a TotalProtect Plus subscription adds Sophos' Sandstorm feature which uses cloud sandbox technology to mitigate zero-day threats.

Advertisement - Article continues below
Advertisement - Article continues below

The wizard creates a base set of security policies to enable anti-malware scanning and web filtering for common sets of undesirable categories. The intuitive console makes it easy to customise security, where we could group ports into zones, apply firewall rules to sources and destinations and add service filters, blocking actions and time schedules.

From the Protect section of the console, you can create security policies for web filtering, IDP, email and application controls. Web filtering offers over 100 URL categories while the application controls provide 3,200 predefined apps, and policies are swiftly applied by selecting them in your firewall rules.

Sophos' identity-based security opens up many extra security features. With this in action, we could apply Internet access and bandwidth usage policies, enforce data transfer limitations on uploads and downloads and have different daily, weekly, monthly and yearly limits for individual users and groups.

It's easy to implement; users authenticate to an external directory server or log in to the appliance using the free Sophos Client Authentication Agent (CAA). This can be downloaded directly from the appliance's captive web portal, which also has links for Linux and macOS clients plus certificates for Android and iOS mobiles.

We already use the Sophos Central cloud security service and loved the appliance's Security Heartbeat feature. All we needed to do was enter our Sophos Central credentials in the appliance's console and after registration, all our endpoint activity data was sent to the appliance, which displayed coloured status icons in the console's dashboard.

Minimum heartbeat conditions can be linked to firewall policies so if any remote endpoint detects a threat, the policy can immediately isolate all users and devices in the same zone. You can also use the SAC (synchronized application control) feature which detects unknown apps on Sophos Central endpoints and tames them with firewall policies.

Advertisement - Article continues below

The appliance's iView syslog server provides a wealth of free reporting facilities from the same console. With data logging enabled in our firewall policies, we could view graphs and charts on firewall, virus, spam, web content filtering and user activity, plus pull up a range of data protection compliance reports.

Along with a pleasantly swift deployment, the XG 125w impressed us with its depth of security features. Adding in its seamless integration with Sophos Central, the high performance and integral 11ac wireless services makes it our recommended gateway security appliance for SMEs.


Along with a pleasantly swift deployment, the Sophos XG 125w impressed us with its depth of security features. Adding in its seamless integration with Sophos Central, the high performance and integral 11ac wireless services makes it our recommended gateway security appliance for SMEs.

Desktop chassis 1.6GHz Intel Atom C3508 4GB RAM 64GB SATA SSD 8 x Copper Gigabit, 1 x SFP Gigabit 2.4GHz/5GHz 802.11ac wireless 3 x 3 MIMO 3 x external aerials HDMI 2 x USB 2 Micro USB RJ-45 serial Expansion slot External PSU (max 2) 320 x 212 x 44mm (WDH) 3 year hardware warranty

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now


internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020

Windows 10 and the tools for agile working

20 Jan 2020
public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020