Sophos XGS 116 review: A small and mighty appliance
This clever and compact security gateway brings outstanding security and remote management features at a tempting price
Don’t be deceived by its modest dimensions: the Sophos XGS 116 is a security powerhouse. Aimed at busy SMBs and branch offices, this desktop appliance boasts a raw firewall throughput of 7,700Mbits/sec, and even with full threat protection enabled it keeps up a creditable 685Mbits/sec.
That’s largely thanks to Sophos’ dual-processor architecture. The Xstream Flow Processor provides a hardware acceleration layer that’s optimised for specific network tasks, ensuring the main AMD CPU doesn’t get bogged down.
Connection options abound. The rear panel presents eight Gigabit Ethernet ports – with PoE+ on the last one – plus one fibre port. While there’s no built-in modem, an expansion bay lets you add VDSL2 or 3G/4G modules, although Sophos’ Flexi network cards only work with larger rackmount models like the XGS 3300.
The flexible licensing model allows you to choose which features you want, and there are plenty on offer. We’ve shown the price of a three-year Xstream subscription above, which enables the base firewall licence along with Xstream TLS 1.3 SSL inspection, deep packet inspection, network, web and zero-day protection modules, central orchestration and enhanced 24/7 support. The email and web server protection modules are optional extras, each costing around £142 for a three-year licence.
Deployment is easy thanks to the appliance’s web console wizard, which guides you through the steps required to get secure internet access up and running. We chose routed mode as we wanted the appliance to provide all security functions; protection starts immediately, with the wizard enabling a standard set of firewall security policies including web filtering and anti-malware.
Henceforth, the Control Center dashboard provides everything you need to know about network activity and security issues. Graphs provide a clear visual overview of web traffic and network attacks, plus blocked and allowed applications and web categories. The User and Device Insights section keeps track of activity in modules such as SSL inspection, advanced threat protection and zero-day protection, and clicking on an icon takes you directly to a more detailed report.
Remote management comes into play too, via the Sophos Central portal. After we’d registered the appliance with our account, we were able to bring up live reports in a web browser, and to access the appliance’s Control Center console remotely for full configuration.
Businesses with home workers will love the Synchronised Security feature, which extends firewall protection to remote systems running the Sophos Intercept X endpoint agent. A heartbeat service monitors and automatically isolates any that are compromised, while the application control feature detects unknown applications running on endpoints and pushes out firewall policies to secure them.
All of this is controlled via policies that bring together firewall rules, service filters, schedules and specific settings for intrusion detection, email, applications and web filtering. That last feature is particularly impressive: the appliance comes with predefined settings to get you started, but you can choose to block or allow sites in over 90 categories. Application controls are equally extensive, with more than 3,500 predefined filters supplied, including 12 for Twitter and 73 for Facebook, so you can finely control social networking in the workplace.
A new filtering feature in the latest firmware also makes it easy to find specific rules within complex policies, and lets you reset traffic counters to zero with a click – a big improvement on the previous release, which required a reboot.
All told, the XGS 116 delivers strong gateway security measures at a great price. It has the power to cope with high demand, and the integration with Sophos’ endpoint security software will appeal to businesses that want to extend their protection to home workers.
Sophos XGS 116 specifications
1U desktop chassis
2.1GHz quad-core AMD RX-421ND CPU
64GB SATA SSD
8 x GbE ports (PoE+ on port 8), SFP GbE
RJ45/micro-USB COM ports, USB 3, USB 2, expansion slot
Sophos Control Center
320 x 213 x 44mm
1yr standard hardware warranty
Three ways manual coding is killing your business productivity
...and how you can fix itFree Download
Goodbye broadcasts, hello conversations
Drive conversations across the funnel with the WhatsApp Business PlatformFree Download
Winning with multi-cloud
How to drive a competitive advantage and overcome data integration challengesFree Download
Talking to a business should feel like messaging a friend
Managing customer conversations at scale with the WhatsApp Business PlatformFree Download