Sophos XG 135w Rev. 3 review: The full package

Exceptional wired and wireless security, teamed up with great performance and remote management

Editor's Choice
£1,849 exc VAT (includes 1yr TotalProtect Plus licence)
  • Huge throughput
  • Great value
  • Well-rounded dashboard and reporting tools
  • CAA installation is a touch awkward

Sophos’ newest SMB security appliance comes straight in at the top of the range. Taking performance to new heights, the XG 135w Rev. 3 quotes a huge raw firewall throughput of 8Gbits/sec, and a decent 1.2Gbits/sec with all security services enabled. 

It’s not just fast, but versatile too. In addition to eight copper Gigabit Ethernet ports and one SFP fibre port, it presents dual-band 802.11ac wireless services, while an expansion slot allows you to add optional DSL, 3G/4G or Gigabit SFP cards – or a second Wi-Fi module. 

Another strength is the price. The figure we’ve shown above includes a one-year TotalProtect Plus subscription, which covers the network, web, email and web server protection modules, along with Sophos’ Sandstorm cloud sandbox and a FullGuard Plus support subscription. You don’t necessarily have to keep paying that, though: the cost of the base appliance includes a perpetual licence for firewall, VPN, authentication and secure wireless management services. 

The browser-based installation wizard helps you hit the ground running, stepping you through the business of securing admin access, sorting out the LAN and WAN ports, creating main and guest wireless networks, installing the latest firmware and setting a base security policy so your users are protected from the outset.

You’re then taken to the main dashboard, which presents an informative overview of network activity and security issues, with graphs and charts detailing traffic statistics and blocked applications. Reporting options are excellent: Sophos’ iView platform provides a wealth of graphical information about security services, app and web activity, threats, mail usage and more.

If you need to divide your users into different security groups, that’s no problem. The appliance’s ports can be assigned to different zones, each with its own firewall rules and policies for web filtering, IPS and application controls. These are easy to set up, as the appliance comes with 91 predefined website categories and over 3,400 predefined app profiles, including 73 solely relating to Facebook activities.

For finer control, it’s also possible to apply identity-based rules to specific users and groups, including daily bandwidth restrictions and limits on daily, weekly, monthly and even yearly internet usage. Sophos provides a free Client Authentication Agent (CAA) for Windows, although you have to download the certificate from the appliance and import it on all workstations.

A third way to segment your protection is by using more than one wireless network: the appliance can broadcast up to eight SSIDs, each with its own encryption scheme, DHCP, client isolation and masking settings. Placing these SSIDs in separate network zones lets you provision guest wireless access and apply firewall rules and security policies.

One last strength of the XG 135w Rev. 3 is that it’s fully manageable via the cloud. After we’d registered the appliance with the Sophos Central web portal, it presented exactly the same interface as the local console. It’s even possible to manage endpoints outside of your local network through Sophos’ Synchronised Security service. The dashboard shows all remote devices running the endpoint agent, and if any get compromised, you can automatically quarantine the network zone they’re located in. 

The XG 135w Rev.3 impressed us mightily. It offers a good breadth of security features, yet is easy to set up, and to manage remotely – and it delivers great performance at a reasonable price.

Sophos XG 135w Rev. 3 specifications


Desktop chassis


2.2GHz quad-core Intel Atom C3558



Storage included



8 x Gigabit Ethernet, 1 x Gigabit SFP, 2.4/5GHz 802.11ac wireless, 3x3 MIMO, 3 x external aerials

Other ports

HDMI, 2 x USB 2, micro-USB, RJ-45 serial, expansion slot


Sophos Central web console, cloud

Dimensions (WDH)

320 x 212 x 44mm (WDH)

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now


WatchGuard Firebox T70 review: Compact but capable
unified threat management (UTM)

WatchGuard Firebox T70 review: Compact but capable

24 Feb 2020
Zyxel NSG200 review: A fine spread of features
unified threat management (UTM)

Zyxel NSG200 review: A fine spread of features

21 Feb 2020

Most Popular

How to find RAM speed, size and type

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi

How to use Chromecast without Wi-Fi

4 Aug 2020
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

3 Aug 2020