IT Pro Verdict
Well-rounded dashboard and reporting tools
CAA installation is a touch awkward
Sophos’ newest SMB security appliance comes straight in at the top of the range. Taking performance to new heights, the XG 135w Rev. 3 quotes a huge raw firewall throughput of 8Gbits/sec, and a decent 1.2Gbits/sec with all security services enabled.
It’s not just fast, but versatile too. In addition to eight copper Gigabit Ethernet ports and one SFP fibre port, it presents dual-band 802.11ac wireless services, while an expansion slot allows you to add optional DSL, 3G/4G or Gigabit SFP cards – or a second Wi-Fi module.
Another strength is the price. The figure we’ve shown above includes a one-year TotalProtect Plus subscription, which covers the network, web, email and web server protection modules, along with Sophos’ Sandstorm cloud sandbox and a FullGuard Plus support subscription. You don’t necessarily have to keep paying that, though: the cost of the base appliance includes a perpetual licence for firewall, VPN, authentication and secure wireless management services.
The browser-based installation wizard helps you hit the ground running, stepping you through the business of securing admin access, sorting out the LAN and WAN ports, creating main and guest wireless networks, installing the latest firmware and setting a base security policy so your users are protected from the outset.
You’re then taken to the main dashboard, which presents an informative overview of network activity and security issues, with graphs and charts detailing traffic statistics and blocked applications. Reporting options are excellent: Sophos’ iView platform provides a wealth of graphical information about security services, app and web activity, threats, mail usage and more.
If you need to divide your users into different security groups, that’s no problem. The appliance’s ports can be assigned to different zones, each with its own firewall rules and policies for web filtering, IPS and application controls. These are easy to set up, as the appliance comes with 91 predefined website categories and over 3,400 predefined app profiles, including 73 solely relating to Facebook activities.
For finer control, it’s also possible to apply identity-based rules to specific users and groups, including daily bandwidth restrictions and limits on daily, weekly, monthly and even yearly internet usage. Sophos provides a free Client Authentication Agent (CAA) for Windows, although you have to download the certificate from the appliance and import it on all workstations.
A third way to segment your protection is by using more than one wireless network: the appliance can broadcast up to eight SSIDs, each with its own encryption scheme, DHCP, client isolation and masking settings. Placing these SSIDs in separate network zones lets you provision guest wireless access and apply firewall rules and security policies.
One last strength of the XG 135w Rev. 3 is that it’s fully manageable via the cloud. After we’d registered the appliance with the Sophos Central web portal, it presented exactly the same interface as the local console. It’s even possible to manage endpoints outside of your local network through Sophos’ Synchronised Security service. The dashboard shows all remote devices running the endpoint agent, and if any get compromised, you can automatically quarantine the network zone they’re located in.
The XG 135w Rev.3 impressed us mightily. It offers a good breadth of security features, yet is easy to set up, and to manage remotely – and it delivers great performance at a reasonable price.
Sophos XG 135w Rev. 3 specifications
|CPU||2.2GHz quad-core Intel Atom C3558|
|Storage included||64GB SATA SSD|
|Network||8 x Gigabit Ethernet, 1 x Gigabit SFP, 2.4/5GHz 802.11ac wireless, 3x3 MIMO, 3 x external aerials|
|Other ports||HDMI, 2 x USB 2, micro-USB, RJ-45 serial, expansion slot|
|Management||Sophos Central web console, cloud|
|Dimensions (WDH)||320 x 212 x 44mm (WDH)|
Dave is an IT consultant and freelance journalist specialising in hands-on reviews of computer networking products covering all market sectors from small businesses to enterprises. Founder of Binary Testing Ltd – the UK’s premier independent network testing laboratory - Dave has over 45 years of experience in the IT industry.
Dave has produced many thousands of in-depth business networking product reviews from his lab which have been reproduced globally. Writing for ITPro and its sister title, PC Pro, he covers all areas of business IT infrastructure, including servers, storage, network security, data protection, cloud, infrastructure and services.