Sophos XG 450 review

Sophos has been busy expanding its security appliance offerings and its latest XG Firewall family now has a solution for every business environment, ranging from the smallest of offices right up to enterprises. On review we have the new XG 450 Rev. 2 which sits at the top of Sophos' mid-sized office portfolio and looks to offer an impressive range of security measures for a comparatively modest outlay.

Features have been improved with Sophos' SAC (synchronized application control) designed to catch those apps that other solutions leave behind. All the 1U rack models now have two fail-safe bypass ports and also support Sophos' FleXi port expansion modules.

The XG 450 comes with eight Gigabit and two 10GbE SFP+ ports as standard and has two expansion bays. Sophos offers optional FleXi modules with eight copper or fibre Gigabit, quad 10GbE copper or fibre and dual 40GbE QSFP+ ports.

There's plenty of power on tap too, with the XG 450 claiming a raw firewall throughput of 50Gbits/sec. Enable the IPS features and this drops to 10Gbits/sec - still very respectable as this price point.

Sophos XG 450 review: Options and deployment

The base appliance has firewall, VPN, authentication and secure wireless management services enabled with a perpetual license, to which you can add a selection of subscription-based security features. The price we've shown is for a 3-year Enterprise Protect Plus and Enhanced Support agreement which costs 9,686 per year.

Along with the network and web protection modules, this activates the Sandstorm feature which uses cloud sandbox technology to mitigate zero-day threats such as ransomware. Go for the Enterprise Protect Full subscription and you'll get everything activated including email and web server protection.

Deployment is swift; we pointed a web browser at the appliance and followed the quick start wizard. This helped secure administrative access, set up LAN and WAN port address assignments and DHCP services, add an email address for alerting and choose the operation mode.

We plumped for routed mode, as we wanted the XG 450 to provide all security functions including firewalling. The appliance starts protection immediately, and the wizard created base security policies which activated web filtering for common unwanted categories and anti-malware scanning.

Sophos XG 450 review: Security policies

The web console dashboard offers an overview of all network activity and security issues, web traffic graphs and bar charts for blocked and allowed applications, plus detected network attacks. Our only issue is the Traffic Insight section frequently failed to update itself, requiring the page to be regularly refreshed.

After grouping the appliance's ports into zones, we applied firewall rules to source and destination zones along with associated networks and hosts. Other network objects include service filters, blocking actions and time schedules which can be applied within each rule.

It's worth setting up policies for web filtering, IPS and application controls first as these are referenced in your firewall rules. They are easy to create from the Protect section of the web console with web filtering offering over 90 categories and application controls providing over 3,000 predefined apps.

Sophos' identity-based security allows you to apply more versatile policies to users and groups which include data transfer limitations on uploads and downloads, and limits on daily, weekly, monthly and yearly usage. Clients authenticating to an external directory server will be automatically logged in while others can use the free Client Authentication Agent (CAA).

The appliance stores versions for Windows, Linux and Macs while free mobile apps are available for Android and iOS devices. We had no problems with the Windows CAA as it automatically found the appliance and once users had logged in, they appeared in the web console as live.

Sophos XG 450 review: Heartbeat and RED

The Heartbeat features extends the firewall's reach into the cloud as it interacts with the Sophos Central Endpoint Protection service. It requires an Advanced license and after logging the XG 450 into our cloud account, all endpoint activity data was sent to the appliance which showed status icons in its home page.

Heartbeat alert conditions can be linked to firewall policies so if any endpoints detect threats, you can isolate all systems in the same zone. The SAC feature works in tandem with Heartbeat where it detects unknown applications running on Sophos Central endpoints and applies firewall policies to control them.

Business with lots of remote sites will like the RED (remote Ethernet device) option. Sophos offers three RED appliances (including one with wireless) and once you've entered the firewall's details, just ship them to the remote sites and they'll automatically create an encrypted connection with it and extend its protection.

Sophos XG 450 review: Reporting

Value looks even better as the appliance has an embedded syslog server which collects all logs and provides an impressive range of reports. Don't forget to enable firewall traffic logging in your rules; with this enabled, we could keep a close eye on firewall, virus, web content filtering and spam activity.

From the security dashboard, we could monitor all threats or select displays for web filtering, spam activity, intrusion attacks and much more. You can click on any graph to drill down for more detailed traffic information and Sophos includes compliance reports for all key data protection regulations.

Sophos XG 450 review: Verdict

Along with its remarkably swift deployment, we were impressed with the depth of security features offered by the XG 450. Sophos has succeeded in seamlessly integrating everything together in a well-specified appliance that offers great performance at a sensible price.

Verdict

A good choice for larger businesses, the XG 450 is a high-performing security appliance that’s packed with features and has plenty of room to grow with demand

Chassis: 1U rack

CPU: 3.6GHz E3-1275 v5 Xeon

Memory: 16GB DDR4

Storage: 2 x 250GB Adata SFF SATA SSDs (mirrored)

Network: 8 x Gigabit, 2 x 10-Gigabit SFP+

Expansion: 2 x FleXi module slots

Power: Hot-plug 300W PSU (max 2)

Local ports: USB 3, HDMI, RJ-45 console

Management: Web browser