Protect your network, email,
applications and users

With Next-Gen Firewall
and Unified Threat Management (UTM)


The ultimate enterprise firewall solution

  • Sophos UTM from Orchestrate equips your business with complete security solutions within one single appliance.
  • Complete email, web and network protection made easy
  • Multi-level security from the network firewall to endpoint antivirus
  • Security policies for effective control of advanced threats and improved management
  • Detailed reports for the insight you need to improve your network performance
  • Accelerated output speeds with Intel multi-core technology, solid-state drives, and in-memory content scanning

Security Heartbeat™

Finally, your endpoint protection and firewall can communicate for better protection against advanced threats and faster incident
response time. The best of both worlds is available right now.


Faster threat detection

Advanced threat indicators are instantly shared between the Next-Gen Firewall and Next-Gen Endpoint to detect and prevent attacks in real time.

Investigation simplified

Active identification lets you take action faster than ever before by sharing computer names, users and paths between your Endpoint and Firewall.

Minimal threat impact

Next-Gen Firewall automatically isolates compromised endpoints for prompt removal of malicious software.

Secure and compliant network protection

Next-Generation Network Protection integrates networking, user and application protection, and control
that ensures utmost security and compliance.

Management and Scalability

Gain complete visibility into your network, users and applications with a highly intuitive control center that features on-box reporting for management efficiency. What’s more, you can also add Sophos iView for centralized reporting across multiple firewalls.


Centralized Management

Administer all your firewalls from a single console and push, pull, replicate and automate policies across firewalls in no time.


Centralized Reporting

Consolidated reporting provides insight to improve your business’s security performance while off-box storage management keeps important log data secure.


Flexible Deployment

Choose from hardware, software, virtual or cloud deployment with simple options for high availability, clustering, and branch office connectivity.

Get the security solution you deserve

Protect your business from online threats, before it’s too late

  • This field is for validation purposes and should be left unchanged.

Firewall Management

Sophos Firewall OS provides an elegant and effective web-based management console that provides quick access to all the features you need without unnecessary complexity.

Control Center provides at-a-glance feeds of system performance, traffic patterns, alerts, and policies

Unified Policy Model enables convenient management of all your user, network, and business app policies in one place for apps, web, QoS, and IPS, reducing redundancy and overall rule count

Policy Templates for networks, users, and business applications dramatically streamlines configuration

Role-based Administration provides flexible, granular access control for different functional areas

Centralized Management

Sophos Firewall Manager provides centralized management, monitoring, and control of all your firewalls from a single console.

Full-featured control and management of all firewall features centrally

Policy Management makes it easy to push, pull, replicate, or automate policies across firewalls

Real-time Monitoring provides an at-a-glance status including unique NOC view with instant drill-down

Role-based Administration provides flexible, granular access control for different functional areas

PSA/RMM integrated XML-based API over HTTPs with built-in explorer and ConnectWise PSA support

Status and Alerts

The all-new, carefully crafted Control Center analyzes extensive back-end data sources to surface just the information you need to respond quickly to changes in your network.

Instant Insights at a glance for all your important system, security, and network status indicators from the all-new control center

Automated Report Analysis highlights reports in the Control Center featuring data of interest or that may need attention, while providing one-click access to the full report

Quick Drill-down interaction with any Control Center widget gives you more detailed information, access to relevant tools, or lets you quickly take action

Email Notifications are automatically sent for important system-status events

SNMP with a custom MIB and support for IPSec VPN tunnels to manage remote office firewall devices

Reporting and Logging

Take advantage of the XG Firewall’s extensive on-box reporting or utilize Sophos iView for comprehensive centralized reporting across your all your firewall devices.

On-box Reporting comes standard with every XG Firewall for all your local firewall reporting needs

Centralized Reporting aggregates log data across all your firewall devices (including XG Firewall, UTM 9, and Cyberoam devices) to provide comprehensive, consolidated reporting from a single screen

User and App Risk Analysis reports such as our unique User Threat Quotient or App Risk Score identify top risk users and applications, respectively

Change Control and Audit Logging are provided to ensure compliance

Syslog Support enables safe backup, archival, and analysis of system logs

User Identity

Layer-8 identity-based policies and unique user risk analysis give you the knowledge and power to regain control of your users before they become a serious threat to your network.

Layer-8 Identity powers all firewall polices and reporting, enabling unprecedented next-gen control over applications, web surfing, bandwidth quotas, and other network resources

User-based Policy Control over applications, websites, categories, and traffic shaping (QoS)

User Threat Quotient (UTQ) identifies the top risk users on your network based on their recent network behavior

Flexible Authentication Options including directory services (AD, eDirectory, LDAP), NTLM, RADIUS, TACACS+, RSA, client agents, or captive portal

Application Control

Complete application visibility and control over all applications on your network with deep-packet scanning technology.

Visibility and Control over thousands of applications via customizable policy templates with granular controls based on category, risk, technology, or other undesirable characteristics

User-based Application Policies enables custom-tailored application control to be added to any user, group, or network policy with the option to also apply traffic shaping

Traffic Shaping (QoS) prioritizes bandwidth allocation to critical applications and limits bandwidth for non-business applications

HTTPS Scanning deep scans encrypted application traffic for browsers and related micro-apps to control chat, messaging, posts, file transfers, and other web and social media apps.

Web Control

Full visibility and control over all your web traffic with flexible enforcement tools that work the way you need with options for quotas, schedules, and traffic shaping.

Visibility and User-based Policies enables instant insights into your web traffic and custom-tailored web control to be added to any user, group, or network policy

Convenient Template-driven Control supports common workplace policies and compliance requirements using over 90 predefined website categories, covering billions of pages maintained by SophosLabs.

Traffic Shaping (QoS) prioritizes bandwidth allocation to critical web applications and limits bandwidth for non-business websites

Comprehensive Enforcement monitors HTTPS encrypted traffic, blocks anonymizing proxies, and can force SafeSearch to ensure your policies are always enforced

Content Control

Flexible, user-based policy control of downloadable content including files types and dynamic content via FTP, HTTP, or HTTPS.

Content Filtering Templates let you control hundreds of different files, executable, and dynamic content types simply as part of any user or network web control policy

Create Custom Content Type Definitions easily by adding them to existing content filtering categories or your own custom categories

Content Scanning Options let you customize when and how content is scanned with size options and real-time or batch-mode scanning.

Web Caching reduces bandwidth consumption by caching supported web content and downloads, including Sophos Endpoint updates


Stateful and deep-packet inspection for network and application traffic with advanced networking and perimeter defenses.

Zone-based Security enables profile-based networking and security rules with multiple security zones built-in (LAN, WAN, DMZ, VPN, Wi-Fi) or create your own custom zones

Perimeter Defenses stops attacks on your network including reconnaissance detection, spoofing, flood protection (DoS, DDoS), and packet-based attacks (ICMP)

Access Control Criteria based on user-identity, source and destination zone, MAC or IP address, Service, etc.

Country-based Policy blocks Geo IP ranges for entire countries or regions


XG Firewall incorporates next-generation IPS (NGIPS) advanced protection from hacks and attacks while maintaining top performance.

Next-Gen IPS goes beyond traditional servers and network resources to identify and protect users and applications on the network as well

Advanced Protection from all types of modern hacks and attacks using a uniform signature format backed by SophosLabs

FastPath Packet Optimization provides transparent (layer-2), single-scan performance with up to 200% better performance than conventional scanning technology, so IPS won’t slow you down

Country-based Policy blocks Geo IP ranges for entire countries or regions


Sophos' award-winning, high-performance anti-malware engine is backed by SophosLabs and a 30-year history of protecting enterprises from the latest threats.

Advanced Malware Protection that goes beyond signature-based detection to include advanced, proprietary techniques like code emulation and behavioral analysis to detect obfuscated or polymorphic threats

Live Protection is exclusive to Sophos and closes the gap between regular updates through real-time cloud lookups

Dual-engine Scanning offers the option of scanning traffic with the Sophos engine for excellent performance and protection, or adding a second engine scan for even more protection

SophosLabs 24/7 global threat research operation is one of few in the world with the breadth and depth necessary to stay ahead of the latest threats

Web Protection

Sophos' Web Protection engine is backed by SophosLabs and includes innovative technologies required to identify and block the latest web threats.

Advanced Web Protection combines advanced analysis capabilities such as JavaScript emulation, behavioral analysis, and origin reputation to protect against modern, multi-stage web attacks

Pharming Protection guards against phishing and pharming attacks by overriding corrupt host file or DNS lookups

HTTPS Scanning deep scans encrypted traffic for threats and compliance

SophosLabs, the global, round-the-clock threat research operation, identifies thousands of newly infected websites and instances of web malware, ensuring you have the best malicious site database protecting your network and users

Synchronized Security

Our revolutionary Security Heartbeat links your endpoints with your firewall to deliver unparalleled protection from advanced threats while significantly reducing the time and complexity of responding to security incidents.

Accelerated Discovery of Advanced Threats alerts you to compromised systems based on information shared between the firewall and endpoints about suspicious traffic or activity

Active Identification of Compromised Systems reports not just the IP address, but also the host, user, and process responsible

Automated Incident Response enables firewall policies to automatically isolate compromised systems or limit access to critical data and resources whenever there is a change in Security Heartbeat status

Advanced Threat Protection

Sophos Firewall OS delivers advanced threat protection to defend your network from today’s sophisticated attacks.

Security Heartbeat links your endpoints and your firewall, combining their intelligence to identify and isolate systems compromised by advanced and previously unknown threats

Multi-layered, Call-home Protection combines analysis from DNS, IPS, web, and traffic filters to identify and block bot-net and command-and-control (C&C) call-home attempts

Intelligent Firewall Policies account for endpoint behavior to automatically isolate or limit access to infected systems that may be compromised by an advanced threat

Business Applications

Combine next-gen firewall capabilities with our enterprise-class web application firewall to protect your critical business applications from hacks and attacks while still enabling authorized access.

Next-Generation IPS provides advanced protection from hacks and attacks while maintaining top performance

Web Application Firewall integrates seamlessly with your next-gen firewall, combining industrial-strength protection like URL and form hardening with the ease of template-driven policy configuration

Granular, User-based Protection with a rich set of configuration options and multiple authentication options, ensuring easy access for those you want and powerful protection from those you don't

Encrypted Traffic

Ensure encrypted traffic is not a blind spot in your network with fully transparent SSL scanning, enforcement, and protocol validation.

SSL Decryption securely intercepts and decrypts SSL traffic to allow deep scanning for security, compliance, and policy checks with policy-driven opt-outs, allowing privacy for sensitive traffic

SSL Inspection ensures enforcement and compliance even without full man-in-the-middle decryption

Certificate Validation protects your network from malformed or spoofed certificates

Protocol Enforcement for encrypted traffic connections identifies and blocks unwanted traffic trying to bypass filtering or traffic shaping

Routing and Bridging

Sophos XG Firewall offers the most advanced high-performance networking technology available.

Flexible NAT and Bridging Options ensures compatibility with nearly any network topology or segmentation strategy

Access Control Criteria is based on user-identity, source and destination zone, MAC or IP address, Service, etc.

Advanced Routing uses Static, OSPF, BGP, and RIP with full 802.1Q VLAN support and multicast

WAN Link Balancing provides load balancing and high availability with weighting options and fail-over rules

Discover Mode allows deployment without any network changes to monitor network traffic in either bridge mode or while connected to a switch mirror port

Zone Segmentation

Zones rise above the traditional interface-based configuration model to provide a more intuitive, powerful, and simple way to secure and segment your network and create policy.

Default Zones for LAN, WAN, DMZ, LOCAL, VPN, and Wi-Fi make it easy to get up and running quickly and easily

Custom Zones are easily created on the LAN or DMZ with a variety of options for admin service access, as well as authentication and various network services

Zone Isolation ensures zones are isolated until firewall rules are explicitly created to enable secure exchange of application, user, and network traffic to pass between them

Zone-based Policies enable simple but powerful firewall rules that anyone can immediately interpret and understand

Traffic Shaping (QoS)

Flexible, powerful, but easy-to-use traffic shaping (also known as quality of service or QoS) controls enable configuration by application, category, user, group, or policy rule.

Network or User-based Traffic Shaping prioritizes bandwidth allocation to critical applications and limits bandwidth for non-business applications on any network or user-based policy

Web Category Traffic Shaping prioritizes bandwidth allocation and/or limits based on website category

Network Traffic Quotasv allow unlimited customization for total or individual network traffic quotas

Real-time VoIP Optimization ensures real-time traffic for Voice over IP and other communications are given prioritization

Wireless Controller

Integrated wireless controllers in XG Firewalls enables easy secure wireless deployments managed from a single console.

Plug-and-play deployment enables quick installation and configuration with just a few clicks since the firewall automatically recognizes the Sophos Wireless Access Point as soon as it’s connected

High Performance with the latest 802.11ac and powerful radios, offering maximum coverage and throughput

Flexible Configuration with options for isolation, bridging, zones, hotspots, and multiple SSIDs per radio

Secure Encryption with support for all the latest standards including WPA2 Personal and Enterprise


Sophos combines performance optimized technologies at every point in the firewall processing chain that leverage Intel’s multi-core processing platform.

FastPath Packet Optimization improves firewall scanning performance by 200% or more by automatically putting secure traffic on the fast path after the initial content is identified, scanned, and determined to be safe and compliant

High-performance Proxy supporting thousands of simultaneous connections, enforces web policy with millisecond latency

High-speed Interfaces and Switches come with plenty of GigE ports on every appliance and optional FlexiPort expansion modules for 10GbE copper or fiber connectivity

High Availability with active-active load balancing or active-passive fail-over and WAN Link balancing lets you easily double your performance when you need it


Select from a full range of VPN technologies for secure site-to-site and remote access.

Full Standards-based VPN support includes IPSec, SSL, PPTP, L2TP, Cisco VPN (iOS), and OpenVPN (iOS and Android)

Clientless Portal using Sophos unique encrypted HTML5 self-service portal provides support for RDP, HTTP, HTTPS, SSH, Telnet, and VNC for quick access to essential business applications

RED VPN, a Sophos exclusive, uses an affordable Remote Ethernet Device (RED) at the remote site to easily establish a secure VPN connection


A unique Sophos Remote Ethernet Devices (RED) makes extending your secure network to other locations as easy as plugging in a box.

Plug-and-play VPN means you simply enter the RED ID into your firewall and ship it

No Technical Skills Required. As soon as it’s plugged in, the device automatically establishes the VPN connection with the firewall

Traffic Routing allows you to direct all network traffic from the remote location back to your firewall for complete protection or to only route inter-office network traffic via RED

Secure Encryption all traffic between the RED and your firewall is encrypted to provide a secure private connection


XG Firewall offers immediate deployment support for IPv6 or all the future-proofing you need when you’re ready.

Management Consistency lets you easily configure all key interfaces and services with IPv6 right where you would otherwise configure IPv4

Flexible Deployment with full support for IPv6 interfaces, routing, and tunneling, including 6in4, 6to4, 4in6, IPv6 rapid deployment (6rd), and IPv6 through IPSec tunneling

Full User and App Policy Support works consistently, regardless of the underlying addressing