Sophos XGS 126w review: Easy deployment and deep security features

Only Wi-Fi 5 services, but it delivers Xstream power, lots of security measures, and great remote management

The Sophos XGS 126W on the ITpro background
(Image: © Future)

IT Pro Verdict


  • +


  • +

    Simple setup


  • -

    Dated Wi-Fi 5 access point

SMBs and branch offices looking for a powerful security appliance will find Sophos' XGS 126w a worthy candidate. Inside this compact desktop model lurk two processors, allowing Sophos to claim an impressively high firewall IMIX (internet mix) throughput of 10.3Gbits/sec and 0.9Gbits/sec with all threat protection services enabled.

This superpower is achieved by teaming up a 2.6GHz dual-core AMD Ryzen Embedded R1600 CPU with Sophos' Xstream flow processor. The latter provides a dedicated FastPath hardware layer that handles TLS 1.3 encrypted traffic plus deep packet inspection (DPI) and application acceleration, with the latest SFOS v19 firmware adding IPsec VPNs to FastPath.

Network ports are plentiful, with the appliance offering 12 copper gigabit ports with 30W PoE+ on the last two and two gigabit SFP fiber ports for longer connection distances. The triplet of external aerials indicates that wireless is on the menu, although this is the older dual-band 2.4/5GHz 11ac variety.

Sophos' new licensing scheme presents a pick-and-mix buffet of features so you can choose only those security services you need. We've gone the whole hog with a three-year Xstream subscription, which activates the base firewall, all Xstream features, the network, web and zero-day protection modules, central orchestration, and enhanced 24/7 support. Email and web server protection are optional, with each costing £365 for three-year licenses.

Sophos XGS 126w review: Setup

Installation is a pleasant experience, as the web console's deployment wizard automatically upgrades the firmware to the latest version. All you need to do is set a strong admin password. The wizard configures the LAN port zones as well as internet access and enables essential protection with a default set of firewall policy rules that include anti-malware and web content filtering.

The appliance's local Control Center web console keeps you firmly in touch with the action, presenting a detailed overview of network activity, security issues, web traffic, and detected network attacks, plus blocked and allowed applications and web categories. The "User & device insights" section keeps a tally of the advanced security measures, and clicking on the zero-day protection portion opens a report on downloaded files sent to the Sophos cloud sandbox for further analysis to see if they can be safely released.

Policies make light work of security configuration: they bring together firewall rules, service filters, time schedules, web and application filtering, intrusion detection, and email anti-spam. The web filtering service offers 130 URL categories to block or allow, and SafeSearch and YouTube restrictions can also be enabled.

Application filters are equally extensive, with Sophos currently providing 3,532 signatures, 73 specifically for all Facebook activities. For more control over users and groups, you can download the Windows, macOS, Linux, iOS, and Android authentication clients from the web console and apply extra policies with daily upload and download restrictions and limits on internet usage.


How the way we work will change the Office of the Future

(Image credit: Dell)

How the way we work will change the office of the future

Design a workspace that creates meaningful work experiences.


The internal wireless AP supports multiple SSIDs with client isolation, and their traffic can be placed in separate network zones with custom security policies. Guest users can be presented with hotspots and acceptable use policies, but this Wi-Fi 5 AP doesn't support the more secure WPA3 encryption.

We have a Sophos Central account and registering the firewall with it provides full remote management services as the portal presents the same Control Center console.

There's more to be gained with the appliance's Synchronized Security feature, which uses a heartbeat to monitor systems running the Sophos Intercept X endpoint agent and isolate them if malware is detected.

The XGS 126w impresses with its easy deployment and deep set of security features. The Wi-Fi 5 access point is dated, but the appliance works seamlessly with the Sophos Central cloud service and its smart Xstream architecture delivers an impressive performance.

Sophos XGS 126w specifications

Swipe to scroll horizontally
ChassisDesktop chassis
CPU2.6GHz dual-core AMD Ryzen Embedded R1600 CPU
Ports12 x copper gigabit ports (PoE+ on ports 11/12) 2 x SFP gigabit ports
Dave Mitchell

Dave is an IT consultant and freelance journalist specialising in hands-on reviews of computer networking products covering all market sectors from small businesses to enterprises. Founder of Binary Testing Ltd – the UK’s premier independent network testing laboratory - Dave has over 45 years of experience in the IT industry.

Dave has produced many thousands of in-depth business networking product reviews from his lab which have been reproduced globally. Writing for ITPro and its sister title, PC Pro, he covers all areas of business IT infrastructure, including servers, storage, network security, data protection, cloud, infrastructure and services.