Sophos XGS 116 review: A small and mighty appliance

This clever and compact security gateway brings outstanding security and remote management features at a tempting price

A photograph of the Sophos XGS 116

IT Pro Verdict


  • +

    Strong performance

  • +

    Robust policy controls

  • +

    Flexible licensing

  • +

    Easy deployment and management


  • -

    No built-in modem

Don’t be deceived by its modest dimensions: the Sophos XGS 116 is a security powerhouse. Aimed at busy SMBs and branch offices, this desktop appliance boasts a raw firewall throughput of 7,700Mbits/sec, and even with full threat protection enabled it keeps up a creditable 685Mbits/sec.

That’s largely thanks to Sophos’ dual-processor architecture. The Xstream Flow Processor provides a hardware acceleration layer that’s optimised for specific network tasks, ensuring the main AMD CPU doesn’t get bogged down.

Connection options abound. The rear panel presents eight Gigabit Ethernet ports – with PoE+ on the last one – plus one fibre port. While there’s no built-in modem, an expansion bay lets you add VDSL2 or 3G/4G modules, although Sophos’ Flexi network cards only work with larger rackmount models like the XGS 3300.

The flexible licensing model allows you to choose which features you want, and there are plenty on offer. We’ve shown the price of a three-year Xstream subscription above, which enables the base firewall licence along with Xstream TLS 1.3 SSL inspection, deep packet inspection, network, web and zero-day protection modules, central orchestration and enhanced 24/7 support. The email and web server protection modules are optional extras, each costing around £142 for a three-year licence.

Deployment is easy thanks to the appliance’s web console wizard, which guides you through the steps required to get secure internet access up and running. We chose routed mode as we wanted the appliance to provide all security functions; protection starts immediately, with the wizard enabling a standard set of firewall security policies including web filtering and anti-malware.

Henceforth, the Control Center dashboard provides everything you need to know about network activity and security issues. Graphs provide a clear visual overview of web traffic and network attacks, plus blocked and allowed applications and web categories. The User and Device Insights section keeps track of activity in modules such as SSL inspection, advanced threat protection and zero-day protection, and clicking on an icon takes you directly to a more detailed report.

A screenshot of the Sophos XGS 116's control software

Remote management comes into play too, via the Sophos Central portal. After we’d registered the appliance with our account, we were able to bring up live reports in a web browser, and to access the appliance’s Control Center console remotely for full configuration.

Businesses with home workers will love the Synchronised Security feature, which extends firewall protection to remote systems running the Sophos Intercept X endpoint agent. A heartbeat service monitors and automatically isolates any that are compromised, while the application control feature detects unknown applications running on endpoints and pushes out firewall policies to secure them.

All of this is controlled via policies that bring together firewall rules, service filters, schedules and specific settings for intrusion detection, email, applications and web filtering. That last feature is particularly impressive: the appliance comes with predefined settings to get you started, but you can choose to block or allow sites in over 90 categories. Application controls are equally extensive, with more than 3,500 predefined filters supplied, including 12 for Twitter and 73 for Facebook, so you can finely control social networking in the workplace.

A new filtering feature in the latest firmware also makes it easy to find specific rules within complex policies, and lets you reset traffic counters to zero with a click – a big improvement on the previous release, which required a reboot.

All told, the XGS 116 delivers strong gateway security measures at a great price. It has the power to cope with high demand, and the integration with Sophos’ endpoint security software will appeal to businesses that want to extend their protection to home workers.

Sophos XGS 116 specifications

Swipe to scroll horizontally
Chassis1U desktop chassis
CPU2.1GHz quad-core AMD RX-421ND CPU
Memory4GB DDR4
Storage included64GB SATA SSD
Network8 x GbE ports (PoE+ on port 8), SFP GbE
Other portsRJ45/micro-USB COM ports, USB 3, USB 2, expansion slot
ManagementSophos Control Center
Dimensions (WDH)320 x 213 x 44mm
Warranty1yr standard hardware warranty
Dave Mitchell

Dave is an IT consultant and freelance journalist specialising in hands-on reviews of computer networking products covering all market sectors from small businesses to enterprises. Founder of Binary Testing Ltd – the UK’s premier independent network testing laboratory - Dave has over 45 years of experience in the IT industry.

Dave has produced many thousands of in-depth business networking product reviews from his lab which have been reproduced globally. Writing for ITPro and its sister title, PC Pro, he covers all areas of business IT infrastructure, including servers, storage, network security, data protection, cloud, infrastructure and services.