Sophos XG 135w Rev. 3 review: The full package
Exceptional wired and wireless security, teamed up with great performance and remote management
Sophos’ newest SMB security appliance comes straight in at the top of the range. Taking performance to new heights, the XG 135w Rev. 3 quotes a huge raw firewall throughput of 8Gbits/sec, and a decent 1.2Gbits/sec with all security services enabled.
It’s not just fast, but versatile too. In addition to eight copper Gigabit Ethernet ports and one SFP fibre port, it presents dual-band 802.11ac wireless services, while an expansion slot allows you to add optional DSL, 3G/4G or Gigabit SFP cards – or a second Wi-Fi module.
Another strength is the price. The figure we’ve shown above includes a one-year TotalProtect Plus subscription, which covers the network, web, email and web server protection modules, along with Sophos’ Sandstorm cloud sandbox and a FullGuard Plus support subscription. You don’t necessarily have to keep paying that, though: the cost of the base appliance includes a perpetual licence for firewall, VPN, authentication and secure wireless management services.
The browser-based installation wizard helps you hit the ground running, stepping you through the business of securing admin access, sorting out the LAN and WAN ports, creating main and guest wireless networks, installing the latest firmware and setting a base security policy so your users are protected from the outset.
You’re then taken to the main dashboard, which presents an informative overview of network activity and security issues, with graphs and charts detailing traffic statistics and blocked applications. Reporting options are excellent: Sophos’ iView platform provides a wealth of graphical information about security services, app and web activity, threats, mail usage and more.
If you need to divide your users into different security groups, that’s no problem. The appliance’s ports can be assigned to different zones, each with its own firewall rules and policies for web filtering, IPS and application controls. These are easy to set up, as the appliance comes with 91 predefined website categories and over 3,400 predefined app profiles, including 73 solely relating to Facebook activities.
For finer control, it’s also possible to apply identity-based rules to specific users and groups, including daily bandwidth restrictions and limits on daily, weekly, monthly and even yearly internet usage. Sophos provides a free Client Authentication Agent (CAA) for Windows, although you have to download the certificate from the appliance and import it on all workstations.
A third way to segment your protection is by using more than one wireless network: the appliance can broadcast up to eight SSIDs, each with its own encryption scheme, DHCP, client isolation and masking settings. Placing these SSIDs in separate network zones lets you provision guest wireless access and apply firewall rules and security policies.
One last strength of the XG 135w Rev. 3 is that it’s fully manageable via the cloud. After we’d registered the appliance with the Sophos Central web portal, it presented exactly the same interface as the local console. It’s even possible to manage endpoints outside of your local network through Sophos’ Synchronised Security service. The dashboard shows all remote devices running the endpoint agent, and if any get compromised, you can automatically quarantine the network zone they’re located in.
The XG 135w Rev.3 impressed us mightily. It offers a good breadth of security features, yet is easy to set up, and to manage remotely – and it delivers great performance at a reasonable price.
Sophos XG 135w Rev. 3 specifications
2.2GHz quad-core Intel Atom C3558
64GB SATA SSD
8 x Gigabit Ethernet, 1 x Gigabit SFP, 2.4/5GHz 802.11ac wireless, 3x3 MIMO, 3 x external aerials
HDMI, 2 x USB 2, micro-USB, RJ-45 serial, expansion slot
Sophos Central web console, cloud
320 x 212 x 44mm (WDH)
Become a digital service provider
How to transform your business from network core to edgeDownload now
Optimal business results with the cloud
Evaluating the best approaches to hybrid cloud adoptionDownload now
Virtualisation that enables choices, not compromises
Harness the virtualisation technology that's right for your hybrid infrastructureDownload now
Email security threat report 2020
Four key trends from spear fishing to credentials theftDownload now