Sophos XGS 136w review: A desktop security dynamo

Targeting SMB and branch office security, Sophos' XGS 136w firewall appliance delivers a specification that belies its small stature. This compact 1U desktop model packs in ten Gigabit, dual 2.5GbE multi-Gigabit with Power over Ethernet (PoE) plus two Gigabit fibre SFP ports and dual-band Wi-Fi 5 services.

What lies beneath is of equal interest as the XGS 136w employs a dual-processor architecture that uses Sophos' Xstream flow processors to provide a dedicated hardware acceleration layer. This has a pleasing impact on performance as the appliance claims a high firewall IMIX (internet mix) throughput of 11.2Gbps and 3.9Gbps with IPS enabled.

Sophos moved from Intel to AMD for its security appliances a couple of years ago and the XGS 136w sports a 2.6GHz dual-core AMD Ryzen Embedded R1606G CPU. This is partnered by 8GB of DDR4 memory while an integrated 64GB SATA SSD looks after firmware, log and report storage.

Sophos XGS 136w review: Deployment and licensing

Installation is simple as we connected a PC to one of the appliance's LAN ports, added internet access on the WAN port and followed the browser quick start wizard. Commendably, the first thing it does is run a firmware upgrade to the latest SFOS version and requires the default admin password to be changed.

It then assists with setting up LAN and WAN port address assignments plus DHCP services. We opted for routed mode so the appliance provides all security functions and the wizard enables a default set of firewall security policies which include web filtering and anti-malware.

The flexible licensing allows you to select individual modules or choose the Standard and Xstream Protection bundles. We test the latter which activates the base firewall licence along with the Xstream TLS 1.3 SSL inspection, FastPath application acceleration and deep packet inspection.

This bundle includes the network, web and zero-day protection modules, central orchestration and enhanced 24/7 support. The email and web server protection modules are optional extras with each costing around £560 for a 3-year subscription.

Sophos XGS 136w review: Security services

The appliance uses policies to control all security services and these neatly combine firewall rules, service filters and time schedules with other functions such as web and application filtering, intrusion detection and email anti-spam for all common messaging protocols. Firewall traffic logging is disabled by default and needs to be enabled for each rule to allow the appliance to compile reports on all security services.

Application filters are extensive as Sophos currently provides 3,550 predefined apps and you can create multiple custom policies that can be easily applied to specific firewall rules. Built-in search facilities help locate an app of interest and controlling social networking usage in the workplace is easy as you have 73 Facebook and 12 Twitter activity filters included.

The appliance keeps a close eye on cloud application usage and lists all those it identifies so you can decide what to do with them. Permitted apps need to be sanctioned by an administrator, unsanctioned ones will be marked as such and blocked while tolerated apps can be allowed but with a QoS (quality of service) rule applied so they don't waste bandwidth. 

The installation wizard activates a basic web filtering policy but you can easily create new ones and choose from 130 URL categories to block or allow. SafeSearch and YouTube restrictions can be enabled in a policy and applying a quota to certain categories allows you to decide how long each user can browse their content for.

Wireless services are configured from the Control Center console where you can create multiple SSIDs, enable either or both radios and keep wireless traffic in a separate network zone with its own firewall policies. Hotspots can be presented with AUPs (acceptable use policies) and password authentication but as the appliance's wireless AP is the Wi-Fi 5 variety, it only supports the weaker WPA2 encryption.

Sophos XGS 136w review: Management and monitoring

The appliance's Control Center web console presents a smartly designed and informative dashboard with an overview of all network activity and security issues. The traffic insights graphs show a running tally of web traffic, detected network attacks and cloud applications, blocked and allowed applications plus web categories and clicking on any of them transports you to a report page for more detail.

Appliances can be remotely managed if you have a Sophos Central account. Once we had registered and authorised the XGS 136w, we were presented with exactly the same Control Center console from our Sophos Central portal and could load its report hub to view all security and policy events.

Another benefit of Sophos Central is the Synchronized Security feature which allows its Intercept X endpoint protection agents to be brought under the appliance's control. A heartbeat service is used to monitor all agents and if any are compromised, a firewall policy with a minimum heartbeat setting isolates all systems in the same zone. 

In practice it worked well as all our Windows endpoints running the Intercept X agent appeared in the dashboard's User and device insights section as connected. When we introduced malware and PUPs (potentially unwanted programs) to them, they were moved to the 'At risk' category and we were able to remediate them from the Sophos Central console. The SAC (synchronized application control) feature also works with this service as it detects unknown applications and pushes out firewall policies to control them. 

Sophos XGS 136w review: Verdict

Wi-Fi 6 services would add extra appeal but the XGS 136w is nonetheless a powerful and port-rich desktop firewall appliance with an impressive range of tough security features. It's easy to deploy, the Xstream technology allows it to handle a heavy demand and tight integration with the Sophos Central cloud portal adds new dimensions to remote management and endpoint protection.

Sophos XGS 136w specifications