IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Sophos XGS 3300 review: Xstream firewall performance

A powerful firewall appliance combining hardware acceleration with a vast array of security measures

A photograph of the Sophos XGS 3300
£16,385 exc VAT (Appliance with 3-year Xstream Protection Bundle)
  • Easy to deploy
  • Dual CPU Xstream architecture
  • Superb range of security features
  • Smart Sophos Central integration
  • Online support could be more helpful

The XGS family of security appliances represent a radical shift in direction for Sophos as they take over from the older XG models and deliver a new dual processor architecture. Built around Xstream flow processors, they provide a hardware acceleration layer which Sophos reckons can realise a minimum two-fold performance boost over equivalent XG models by removing much of the workload from the main CPU.

This is no idle claim: the XGS 3300 we have on review boasts a massive firewall IMIX (internet mix) throughput of 24.5Gbits/sec, dropping to 13.4Gbits/sec with IPS enabled. By contrast, the XG 330 it replaces could only muster equivalent throughputs of 12.5Gbits/sec and 8.5Gbits/sec respectively.

Intel gets the elbow too, as the Xeon E3 v5 CPUs in the XG range have been replaced by AMD’s Ryzen Embedded V1000 series, sporting a 3.35GHz quad-core V1780B SoC (System on Chip). This is partnered by 16GB of DDR4 memory while firmware, log and report storage is handled by an internal 240GB SATA SSD.

Sophos XGS 3300 review: Licensing and deployment

Aimed at distributed edge deployments in large SMBs and mid-sized organisations, this 1U rack appliance presents eight copper and two SFP fibre Gigabit, plus dual SFP+ fibre 10GbE ports. It offers one Flexi expansion slot which accepts two-, four- and eight-port Gigabit and 10GbE modules, but be aware that it doesn’t support those from the older XG range.

Licensing has changed quite a bit too and you can customize features by choosing which protection modules you want. The Xstream bundle enables base firewall features including Xstream Network Flow FastPath along with TLS 1.3 and deep packet inspection, and adds the network, web and zero-day protection modules, central orchestration and enhanced 24/7 support. This doesn’t include the email and web server protection modules though, which are available as optional extras.

A screenshot of the Sophos XGS 3300 firewall reporting console

A dedicated management port is provided and we found initial deployment via the browser-based quick-start wizard swift. After insisting we secured administrative access, it helped set up LAN and WAN port address assignments plus DHCP services and provide an email address for alerting.

We chose routed mode, as we wanted the appliance to provide all security functions including firewalling. Protection starts immediately, with a base set of firewall security policies created for you which enable web filtering and anti-malware.

Sophos XGS 3300 review: Management services

The local web console opens with a very informative Control Center dashboard presenting a detailed overview of network activity, security issues, web traffic, detected network attacks plus blocked and allowed applications and web categories. The User and device Insights section is particularly useful as it provides active icons for functions such as zero-day protection. Clicking on these shows downloaded files that have been sent to the Sophos cloud sandbox for detonation and analysis to see whether they are safe to release.

If you have a Sophos Central account, you can manage the firewall remotely as well. It’s dead easy, too; after registering the XGS 3300 with our cloud account, we were able to view live reports from the portal and configure it using exactly the same console as the local one.

Sophos Central has another trick up its sleeve, and its endpoint agents can be brought under the firewall’s control with the Synchronized Security feature. This uses a heartbeat service to monitor endpoints running the Intercept X agent and if any are compromised, a firewall policy with a minimum heartbeat setting isolates all systems in the same zone. 

The SAC (synchronized application control) feature also works with this service, as it detects unknown applications and pushes out firewall policies to control them. Cloud apps get the same tough love: the dashboard insights section lists all those detected and you can classify each one as sanctioned or unsanctioned and apply a traffic shaping policy to control their use.

A screenshot of the Sophos XGS 3300 Control Centre

Sophos XGS 3300 review: Security and reporting

The XGS 3300 is highly versatile, and you can place its ports in different zones and apply custom security policies to each one. Policies contain firewall rules for sources and destinations, service filters, blocking actions and time schedules and you can apply custom policies for web filtering, IPS and application controls.

The new filtering option makes it easy to find a specific rule in the list and firewall rule traffic counters for selected policies can now be reset back to zero from the web console without having to reboot the appliance. You don’t need to change rule priorities in policies with drag and drop either, as they can be reordered directly from the policy drop down menu.

There are plenty more security features to play with; web filtering offers 86 URL categories to block or allow while application controls currently provide 3,532 predefined apps. If you want Facebook gone from the workplace, you’ll be pleased to know Sophos provides 73 app categories covering every possible social activity. 

Reporting is a standard feature on all XGS models with the web console providing a wealth of information on all things security related. The reports option in the web console’s side menu loads a variety of dashboards and graphs showing detected threats, malware and web content filtering activities, offers reports for key compliance standards, and all their content can be exported in PDF, HTML and CSV formats.

Sophos XGS 3300 review: Verdict

The XGS 3300 is easy to deploy, although the sheer range of security features may present new users with a steep learning curve for ongoing configuration. Sophos does provide copious online documentation and videos but it’s a lot to wade through and it still refers to the XG firewalls.

Overall though, the XGS 3300 is clearly a very powerful and well-endowed firewall appliance. The network ports and zones make it very versatile, the latest SFOS 18.5 software adds many features designed to ease management, and integration with Sophos Central allows it to extend its protection umbrella to remote workers.

Sophos XGS 3300 specifications


1U rack


3.35GHz quad-core AMD Ryzen Embedded V1780B






8 x Gigabit copper, 2 x Gigabit SFP, 2 x 10GbE SFP+


1 x Flexi module slot

Other ports

2 x USB 3, 1 x USB 2, RJ45 MGMT, COM, micro-USB


Internal PSU, optional external redundant PSU


Web browser, Sophos Central


Included in subscription

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download


WatchGuard Firebox M290 review: Stiff security at a great price
unified threat management (UTM)

WatchGuard Firebox M290 review: Stiff security at a great price

23 Feb 2022
Ubiquiti Networks UniFi Dream Machine Pro review: All the security you need in one handy box

Ubiquiti Networks UniFi Dream Machine Pro review: All the security you need in one handy box

18 Nov 2021
Big zero-day flaw found in Palo Alto security appliance
internet security

Big zero-day flaw found in Palo Alto security appliance

11 Nov 2021
SonicWall warns of imminent ransomware campaign on VPN hardware
virtual private network (VPN)

SonicWall warns of imminent ransomware campaign on VPN hardware

16 Jul 2021

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Costa Rica declares state of emergency following Conti ransomware attack

Costa Rica declares state of emergency following Conti ransomware attack

10 May 2022
16 ways to speed up your laptop

16 ways to speed up your laptop

13 May 2022