SonicWall to XG Firewall Migration Planning Guide · A Soo Guide ul SonicWall to XG Firewall...

A Sophos Guide July 2018

SonicWall to XG Firewall Migration Planning GuideWhether you’re planning a migration from SonicWall to XG Firewall or simply investigating the merits of switching, this guide is for you. It provides a helpful overview of key areas of the firewall and outlines what’s similar and what’s different so you’re better prepared when the time comes to initiate your migration. We’ll cover:

Ì Licensing and deployment

Ì Navigation, dashboards and reports

Ì Security, policy and rules

Ì Diagnostics and troubleshooting

Ì Networking and VPN

We’ll also cover a few capabilities that XG Firewall offers that will be new you, that may help you start planning to further simplify and consolidate your IT security solution.

1A Sophos Guide July 2018

Contents

Licensing and Deployment 2

Navigation, Dashboards and Reports 3

Security, Policies, and Rules 7

Web Content Filtering 10

Application Control 11

Intrusion Prevention 13

Diagnostics and Trouble-shooting 13

Networking and VPN 15

Other Considerations 16

Web Application Firewall and Email Protection 16

Synchronized Security & Security Heartbeat 17

Comparison Checklist 19


Licensing and DeploymentAdding XG Firewall into your existing SonicWall network is easy. With the help of this guide,

you can probably be up and running with XG in just a few minutes. But if you’re not sure, or

want to migrate over a period of time, you can easily do that by running XG Firewall inline

with your SonicWall firewall or in parallel. Either option is super low risk and completely non-

disruptive. It’s a great way to explore the capabilities of XG Firewall while you migrate at your

own pace.

SonicWall licensing and XG Firewall licensing are more similar than different. You can buy

protection components separately or in bundles. Here are the SonicWall bundles and the XG

Firewall equivalents:

SonicWall Bundle XG Firewall Bundle

Advanced Gateway Support Suite (AGSSIncludes sandboxing, AV, IPS, App Control, Content Filtering, and 24x7 support

EnterpriseGuard PlusIncludes sandboxing, AV, IPS, App Control, Content Filtering, and 24x7 support

Includes full reporting at no-extra charge

Comprehensive Gateway Support Suite (CGSS)As above without Sandboxing.

EnterpriseGuardAs above without Sandboxing

FullGuard PlusIncludes all features of EnterpriseGuard Plus (above) and adds full email anti-spam, encryption, and DLP with a full-featured Web Application Firewall

Both SonicWall and Sophos offer Total package bundles with a hardware appliance, a

protection bundle (as above), and support.

XG Firewall offers a similar range of XG Series hardware appliances to SonicWall that allow

deployments that can fit nearly any size network from a small office to a large datacenter.

SonicWall Models XG Series Models

TZ Series – Entry level desktop devices XG Series Desktop

NSA Series – Mid-level 1U rackmount appliances XG Series 1U

SuperMassive Series – High-end 2U appliances XG Series 2U Models

All XG Series models have been recently refreshed to deliver added performance, faster

on-box solid-state storage, and unique features not available in other firewalls for added

flexibility, connectivity, and reliability including:

Ì Redundant power supplies across the full XG Series range (from entry level to high-end)

Ì Built-in fail-open bypass ports on all 1U XG Series Models (also available on 2U models)

Ì An extensive range of modular connectivity options including 3G/4G LTE

wireless radios, 802.11AC WiFi radios, and DSL modems (on desktop

devices) and a full range of copper, fiber, and PoE interface modules up to

10GbE and 40GbE for mid-range and high-end rack-mount appliances.

Like SonicWall’s recently announced support for virtualized environments and the

public cloud, XG Firewall has long offered broad support for software, virtual and cloud

deployments supporting popular virtual environments like VMware, Hyper-V, KVM, and Citrix.

XG Firewall can also be deployed on any existing x86 platform with at least two NICs. And

XG Firewall is also available on Microsoft Azure’s public cloud platform in a pay-as-you-

go model or bring your own license (BYOL) model. Amazon Web Services support is also

planned.


XG Firewall also offers a number of flexible options to extend your secure network including

Sophos unique RED (Remote Ethernet Devices) which are low-cost, zero-touch, VPN

devices that can be deployed to remote locations, retail shops, or branch offices easily by

anyone to instantly establish a lightweight highly secure VPN tunnel with the remote site.

This guide will dive into RED further in the section on Networking and VPN.

As with SonicWall, XG Firewall also includes an integrated wireless controller that supports

a variety of access points with the latest 802.11AC high performance wireless connectivity.

Navigation, Dashboards and ReportsIn SonicOS 6.5, SonicWall restructured the navigation in the firewall by organizing menu

items into three categories on three different screens:

Ì Monitor – Dashboard, Event Summaries, and System Status

Ì Investigate – Logs, Reports, and Diagnostics Tools

Ì Manage – Licensing, Firmware, Connectivity, Policies,

System Setup, and Security Configuration

You will find that XG Firewall offers a very familiar organization to its navigation with some

important differences.

Synchronized Application Control

Sandstorm

9 Apps in total detected

ATP UTQ

1

1Mapped Apps

8New Apps

3 1 2Suspect Malicious Clean

XG Firewall

MONITOR & ANALYZE

PROJECT

Current Activities

Reports

Diagnostics

Firewall

Intrusion Prevention

Web

Applications

Wireless

CONFIGURE

VPN

Network

Routing

Authentication

System Services

SYSTEM

Profiles

Hosts and Services

Administration

Backup & Firmware

Certificates

Email

Web Server

Advanced Threat

Synchronized Security

Log ViewerControl CenterXG230 (SFOS 17.0.0) C240773Y2QQXTCA

System Traffic Insight User & Device Insights

Performance

Interfaces

High Availability: Not configured

Sophos Firewall Manager: Not configured

Running for 3 day(s), 22 hour(s), 5 minute(s)

Services

VPN

Web Activity 2046 highest | 256 avg

Hits every 5 minutes

Security Heartbeat

1Warnings

3Connected

1Missing

How-To Guides Help adminSophos

RED Wireless APs

Live UsersConnected RemoteUsers

3/30/0

120

Bandwidth Sessions52KB 130

CPU Memory10% 34%

3K

2.4K

1.8K

1.2K

600

0

Allowed App Categories

Unclassified

Infrastructure

Software Update

General Internet

File Transfer

11,189.3M

840.53M

440.62M

395.4M

334.5M

Network Attacks

Allowed Web Categories Blocked App Categories

Web Services a...

Reconnaissance

Browsers

Operating Syst...

375

16

5

1

Information Te...

NoneAdvertisements

ParkedDomainGeneral Business

4.61K

4.16K

1.09K

1.09K

918

P2P

Instant Messen...General Internet

E-commerceSocial Network...

4.28K

21

16

11

9

Control Center

Click on widgets to open details

Messages

WarningHTTPS-based management is allowed from the WAN. ...

4d ago

ReportsActive Firewall Rules

Risky Apps seen

Objectionablewebsites seen

Used by Top 10Web users

Intrusion Attacks

Yesturday

Yesturday

Yesturday

Yesturday

12

0

254 MB

206

Network4

Total11

User5

Business2

Changed1

New0

Disabled1

Unused3

XG Firewall Control Center (home screen) with the menu on the left.

As with SonicOS, menu items are organized into major task-oriented areas but all main

menu items are visible on the left as soon as you login. The four sections of the menu

include:

Ì Monitor & Analyze – Control Center, Current Activity, Reporting and Diagnostics

Ì Protect – Firewall rules and all related security and control

Ì Configure – Networking and authentication setup

Ì System – Object and profile definitions, backup, firmware, and licensing.


XG Firewall also employs a tab based sub-navigation structure that means you are never

more than two clicks from where you want to be.

XG Firewall 2-clicks-to-anywhere navigation via main menu items and tabs.

The “Monitor” section in SonicOS 6.5, includes a new dashboard with a variety of widgets

and several main menu items to dig into the current appliance and network status.

XG Firewall also offers a convenient dashboard called the Control Center (see illustration

below) that’s presented whenever you login. It offers much of the same information

available in the “Monitor” section of the SonicOS product.

However, what you may find different is that rather than implement a large list of menu

items to choose from, XG Firewall instead provides several graphical interactive widgets on

the control center that provide essential status at a glance. Each widget offers the option

to drill-down to access more detailed information and tools but the most essential status is

available without clicking anything.

Here’s an illustration calling out what’s visible at-a-glance on the XG Firewall Control Center

as soon as you login:

XG Firewall offers a wealth of information at-a-glance.

Next-gen Firewalls like these collect and correlate a massive amount of data and can often

be difficult to understand what’s important or what needs your attention. XG makes it

simple to focus on just what’s important using traffic-light-style indicators. Red means it

needs immediate attention, yellow is a warning, and green is good.


And every widget on the Control Center offers additional information that is easily revealed

simply by clicking that widget. For example, the status of interfaces on the device can be

easily obtained by simply clicking the “Interfaces” widget on the Control Center.

Clicking the interfaces widget reveals this flip-card view of the status of all interfaces on the device.

The host, user, and source of an advanced threat is also easily determined simply by

clicking the ATP (advanced threat protection) widget in the dashboard.

Clicking any of the system status items displays large graphs that show performance over

time with selectable timeframes, whether you want to look at the last two hours to the last

month or year. And they provide quick access to commonly used troubleshooting tools.

Clicking Control Center widgets reveals additional information and helpful tools.


If you’re like most network admins, you’ve probably wondered whether you have too many

firewall rules, and which ones are really necessary versus which ones are not actually being

used. With Sophos XG Firewall, you don’t need to wonder anymore.

The Active Firewall Rules widget shows a real-time graph of traffic being processed by the

firewall by rule type: Business Application, User, and Network Rules. It also shows an active

count of rules by status, including unused rules where you could have an opportunity to do

some housekeeping. As with other areas of the Control Center, clicking any of these will drill

down, in this case, to the firewall rule table sorted by the type or status of rule.

Active Firewall Rules Widget on the Control Center.

SonicWall, like most other firewall vendors, includes limited on-box reporting and offers

additional products like Analyzer or GMS (Global Management System) to take care of the

historical reporting needs.

One key difference is that XG Firewall provides comprehensive on-box reporting - included

at no extra charge. Of course, Sophos centralized reporting is also an option, but only if

required. All XG Series appliances include generous solid-state drive capacities for providing

high performance, long term data archival and reporting.

XG Firewall Reporting is intuitively organized and includes hundreds of built-in reports.

XG Firewall reporting is organized by type, with several built-in dashboards to choose from.

There are literally hundreds of reports with customizable parameters across all areas of

the firewall, including traffic activity, security, users, applications, web, networking, threats,

VPN, email, and compliance. You can easily schedule periodic reports to be emailed to your

or your designated recipients, and save reports as HTML, PDF, or CSV.


One unique report that is very popular with XG Firewall admins is Top Risk Users (or User

Risk Quotient). User Threat Quotient (UTQ) helps a security administrator spot users who

pose a risk based on suspicious web behavior and threat and infection history. A user’s

high UTQ risk score could be an indication of unintended actions due to lack of security

awareness, a malware infection, or intentional rogue actions.

The User Threat Quotient (UTQ) report provides at-a-glance insight into top risk users.

Knowing the users and their activities that increase risk can help you take action and either

educate your top risk users or enforce stricter or more appropriate policies to get their

behaviour under control.

Security, Policies, and RulesAs with most Firewalls, both SonicWall and XG Firewall offer similar next-gen firewall

protection capabilities including AV, sandboxing, ATP and botnet protection, IPS, web

content filtering, and application control. They also both utilize the concept of zones,

objects, policies, and rules. Where they differ is in the fundamental model in how you

establish, interact with, and maintain your security posture.

SonicWall employs a traditional approach that separates access rules, app control

policies, web content filtering, and most protection services (like AV, Sandboxing, ISP, SSL

inspection). Access rules and app control policies are setup separately under the “Policies”

section of the product and define what traffic can traverse the firewall. Web content filtering

is setup under the “Security Services” section along with global or zone based security

services like AV, IPS, and sandboxing.

As you’ve probably noticed, the challenge with the traditional approach SonicWall employs,

is that it’s impossible to assess your security posture at any one place in the product.

For example, it’s impossible to see what security and controls are being applied to the

Marketing Department or the Sales Team. Here’s a list of the areas of the product you need

to visit to get a clear picture of your security posture:

Ì Policies > Rules > Access Rules

Ì Policies > Rules> App Rules

Ì Security Configuration > Security Services > Content Filter

Ì System Setup > Network > Zones


XG Firewall utilizes an all-new rule and policy model that makes it easy to setup, assess and

manage your security posture in a single place. It integrates the concepts of Access Rules,

App Control Rules, Content Filtering, and all other Security Services together into a single

powerful but elegantly simple construct: The firewall rule.

The heart of XG Firewall – Firewall Rule Management.

You setup and manage all your firewall rules whether they are governing network traffic and

services, user activity, or NAT and business application protection together in one place and

often in a single rule.

XG Firewall Rule Definition includes flexible matching criteria by source, destination, and/or user identity.

Firewall rules are setup to match on source, destination, and/or users. And all of these are

infinitely flexible and definable to fit any rule definition requirement. You then add security

services and snap-in any mix of user activity, traffic shaping, or protection policies to govern

the affected traffic.


All the security services and settings you see below are defined on a firewall rule basis. For

example, SSL inspection on SonicWall is a global setting for web content filtering. With XG

Firewall it can be set granularly on a policy-by-policy basis. Sandboxing is set by traffic type

in SonicWall. On XG Firewall, you can set it on a rule-by-rule basis.

All your security services and polices are set and managed on a single screen for each

firewall rule as shown below.

XG Firewall per-rule security services and snap-in policies all configured on a single panel.

And what’s more, if you want to dig into the details of what your snap-in policies are

enforcing, you can simply bring up the policy in a pop-up window to assess or edit without

leaving the Firewall rule screen. This can be a huge time saver.

Pop-up any snap-in policy to review or edit in-place without leaving the firewall rule screen.

XG Firewall makes security simpler, more flexible and easier to manage.


Web Content FilteringWeb content filtering is one of the most common features deployed in every firewall for

compliance and productivity. Whether you’re blocking inappropriate websites, protecting

your network from web attacks, or looking to filter content for signs of problematic behavior,

web filtering is a critical component of your network protection.

Both SonicWall and XG Firewall offer flexible Web Content Filtering that allows you to build a

set of hierarchical user or group based content filtering policies.

A few differences with the way XG Firewall implements web filtering that may make this

feature easier to use include:

Ì Pre-packaged policy templates are provided out of the box for common

web filtering scenarios like a “Default Workplace Policy” or a “CIPA

Compliance Policy” etc. You can start with one of these policies and modify

it to suit your requirements quickly which can save a lot of time

Ì Multiple users or groups per web filtering policy and multiple

policies. It’s an extra level of structure and flexibility that allows

you to accommodate any situation easily and intuitively.

Ì Snap-in Polices to Firewall Rules: As mentioned earlier Web Policies snap-

in to firewall rules and thus form part of your overall firewall security posture

and make it easy to see what protections and controls are being applied to

any given traffic or user group at-a-glance. You can also edit or review web

policies directly from where they are applied on the Firewall rule screen.

Ì Browsing time quotas allow policies to be established that enforce

a limited amount of web surfing per user per day.

Ì Dynamic web content filtering enables keyword matching to identify

problematic online behaviour like bullying, self-harm, radicalization,

or other bad behavior regardless of web category or site.

Ì Web policy simulation and testing tools makes it easy to check that web policies are

performing as expected and quickly resolve help-desk inquiries from end-users.

Ì SSL Inspection is performed on a firewall rule basis and thus on a

web policy rule basis and is included at no extra charge.

Ì Potentially unwanted application blocking can easily block embedded

javascript objects and executable downloads that may not be malicious

but are generally unwanted such as cryptocurrency mining which has

become tremendously popular on compromised websites.


XG Firewall Web Policies include a number of pre-packed templates that you can use out of the box or easy customize.

Then snap your web policy into your firewall rules and review or edit in place by clicking the “pencil” icon if needed.

Application ControlApplication awareness and control are one of the key tenets of a next-generation firewall.

Unfortunately, most firewall’s app control engines are based on signatures and are failing

to provide suitable insight into network applications that are increasingly using encryption

and generic HTTP connections to communicate out through the firewall. The amount of

application traffic being classified as generic HTTPS or HTTP or SSL is rapidly increasing

to the point where application control solutions are largely ineffective. All firewalls using

signature based detection suffer from this. SonicWall, along with many others, are no

exception.


XG Firewall has an elegant and unique solution to this problem. If it cannot identify the

application generating the traffic using signatures at the network gateway, it will query the

endpoint. Because the endpoint knows exactly what executable or service is generating

every packet of traffic that leaves the device, it can provide 100% clarity and visibility

into applications generating traffic on the network. This capability is called Synchronized

Application Control and is exclusive to Sophos. It will reveal all the application traffic that is

currently going undetected on your network and automatically classify and control it where

possible, and allow you to categorize and control traffic manually if desired. It requires

Sophos Cloud Managed Endpoints or Intercept X to enable this capability. XG Firewall and

Sophos Endpoints or Intercept X also enable other features like Security Heartbeat™ that

provide a coordinated defense and response in the event of an incident. More on that later in

this guide.

The Synchronized App Control widget on the Control Center.

The Synchronized Application Control screen provides an overview of all the previously unseen applications on the network.

You can easily classify and control any newly discovered app.


Another key difference between SonicWall and XG Firewall’s application control is the

flexibility with which controls can be applied. SonicWall applies security services like App

Control on a zone-by-zone basis. This dramatically limits the types of controls that can be

applied to different users and groups. XG Firewall, on the other hand, applies app control

policies and other security services on a firewall rule basis. This provides more granular

control, enabling application controls such as allow or block as well as traffic shaping and

quality of service (QoS) to be applied based on user or group basis as well as zone, traffic,

source, destination, or type.

Intrusion PreventionBoth SonicWall and XG Firewall include IPS. The key differences between SonicWall and

XG Firewall’s application of IPS is similar to other security services. As outlined earlier,

SonicWall applies security services like IPS on a zone basis. XG Firewall applies IPS and

other security services on a firewall rule basis. This provides more granular control and can

improve performance as only the relevant IPS signature sets need to be associated with a

particular firewall rule.

Diagnostics and Trouble-shootingIn SonicOS 6.5, logging and trouble-shooting are located under the “Investigate” section

of the product. You can view the various logs here, view the application traffic report, and

access various trouble-shooting tools like the packet monitor.

XG Firewall offers a similar set of tools under the “Diagnostics” main menu item. However,

important tools like the log viewer are available from every screen in the system. When

you open the log viewer it pops-up in a separate window so you can monitor the logs

while working in the product. It offers a variety of flexible views as well as powerful sorting,

filtering, and search options to enable you to focus on just what’s important.

The tabular log view shows all events in structured format and you can easily select which log you want to view.


The aggregate log view shows all events with added detail to enables easy and powerful search and filtering.

When it comes to trouble-shooting firewall rules the powerful Policy Test tool allows you to

evaluate or simulate connections of nearly any type or protocol to evaluate if firewall rules

are working as expected. You can also use this tool to evaluate a web policy for a given user

to trouble-shoot website help-desk calls. It’s an extremely powerful time-saving tool.

The powerful Policy Test tool allows you to simulate or test neary any type of connection.


Networking and VPNAs with most firewalls, both SonicWall and XG Firewall offer a variety of network

configuration options and a full suite of VPN solutions to fit nearly any network. Both

products utilize a similar model for configuring the firewall such as interfaces and zones as

well as all the expected options for VLANs, DNS, DHCP servers, and routing. VPN offerings

are also similar with support for a variety of both site-to-site and remote access standards-

based VPN technologies including SSL VPN, IPSec, L2TP, PPTP.

XG Firewall provides familiar interface configuration tools.

XG Firewall offers two unique VPN solutions that you may wish to consider. The first is RED

(or Remote Ethernet Device) which we mentioned earlier. RED are low-cost, zero-touch,

VPN devices that can be deployed to remote locations, retail shops, or branch offices easily

by anyone to instantly establish a lightweight highly secure VPN tunnel with the remote

site. However, XG Firewall also supports the use of RED tunnels between firewalls for site-

to-site connectivity that’s stable, high performance, and light-weight. It can be effective in

cutting through nation-state firewalls where other protocols have difficulties.

Sophos RED are low cost, zero-touch deployment, remote site VPN devices.

XG Firewall also supports secure clientless HTML5 based VPN connections to specific

servers or services within the organization via the secure XG user portal that is more flexible

and easier to access than SonicWall’s implementation of Virtual Office Bookmarks.


Other ConsiderationsWeb Application Firewall and Email ProtectionXG Firewall offers the option to cost effectively consolidate additional IT security

infrastructure into a single appliance by offering a full-featured web application firewall

(WAF) and a more comprehensive email protection solution complete with anti-spam,

phishing protection, encryption and DLP.

XG Firewall Email Protection offers more functionality than what is available in SonicWall’s

firewall products, and is in fact better than what you get if you have their separate Email

Security Appliance. XG Firewall Email Features include:

Ì Self-serve quarantine: provides direct end-user control over their

individual spam quarantine via the secure user portal.

Ì Live AV Look-ups: XG Firewall consults the cloud infrastructure from SophosLabs in real-

time for possible threat matches. This in turn, greatly improves malware detection rates.

Ì SPX Email Encryption: Provides an elegant clientless and certificate free

solution to encrypting sensitive emails using a secure PDF exchange with

flexible password key creation that supports a variety of scenarios.

Ì DLP Engine: XG Firewall’s DLP Engine automatically scans emails for sensitive

or confidential content with the option to hold, notify, or encrypt.

Ì Per domain routing: Route incoming mail to the correct

destination server, based on the target domain

Ì Full MTA – Store and forward support: Enables business continuity, allowing

the firewall to store mail when target servers are unavailable

Ì Smart Host Outbound Relay: Allows re-routing of email via an alternate set

of servers (a smart host), rather than directly to the recipient’s server.

Ì Greylisting: Sophos XG firewall temporarily rejects the mail from unrecognized

sources. Only if the mail server resends it, will XG firewall accept, scans and adds

the mail server to the allow list based on the test results. Alternatively the admin

can update whitelist records manually or use inbuilt presets for common senders

Ì Recipient Verification: Allows XG Firewall to query the recipient’s

directory service via SMTP to check that a valid mailbox exists.

XG Firewall Web Server Protection offers a full-featured WAF to protect internal business

application assets such as Outlook Web Access and SharePoint from unauthorized access,

hacks and attacks. You get features like server hardening, reverse proxy authentication, AV

scanning, SSL offloading. And the best part is, XG Firewall includes business application

security rule templates that make it easy to configure protection easily and properly for

common services so you can be confident your organization’s key server resources are

accessible but secure.


SonicWall offers some WAF functionality but you need to buy their separate SRA product

adding cost and complexity.

XG Firewall’s WAF includes powerful protection templates that make setup quick and easy.

Synchronized Security & Security HeartbeatOne of the most requested firewall features from network administrators is the ability to

automatically respond to security incidents on the network.

Sophos XG Firewall is the only network security solution that is able to fully identify the

source of an infection on your network and automatically limit access to other network

resources in response. This is made possible with Security Heartbeat™ that shares

telemetry and health status between Sophos endpoints and XG Firewall.

XG Firewall uniquely integrates the health of connected hosts into your firewall rules,

enabling you to automatically limit access to sensitive network resources from any

compromised system until it’s cleaned up.

Sophos Security Heartbeat shares intelligence in real time using a secure link between

your endpoints and your firewall. This simple step of synchronizing security products that

previously operated independently creates more effective protection against advanced

malware and targeted attacks.

Security Heartbeat™ provides a traffic-light-style status for your endpoint health on the Control Center.

Drilling down reveals the user and host that’s at risk.


Security Heartbeat can not only identify the presence of advanced threats instantly, it can

also be used to communicate important information about the nature of the threat, the

host system, and the user. And perhaps most importantly, Security Heartbeat can also be

used to automatically take action to isolate or limit access to compromised systems until

they can be cleaned up. It’s exciting technology that is revolutionizing the way IT security

solutions identify and respond to advanced threats.

Security Heartbeat for managed endpoints behind your firewall can be in one of three

states:

Green Heartbeat status indicates the endpoint system is healthy and will be allowed to

access all appropriate network resources.

Yellow Heartbeat status indicates a warning that a system may have a potentially

unwanted application (PUA), out of compliance, or some other issue. You can choose

which network resources a yellow heartbeat is allowed to access until the issue is

resolved.

Red Heartbeat status indicates a system that is at risk of being infected with an

advanced threat and may be attempting to call home to a botnet or command-and-

control server. Using the Security Heartbeat policy settings in your Firewall, you can easily

isolate systems with a red heartbeat status until they can be cleaned up to reduce the risk

of data loss or further infection.

XG Firewall is the only firewall that offers dynamic access rules based on endpoint health.

Only Sophos can provide a solution like Security Heartbeat because only Sophos is a leader

in both endpoint and network security solutions. While other vendors are starting to realize

this is the future of IT security and are scrambling to implement something similar, they are

all at a distinct disadvantage: they don’t own both an industry leading endpoint solution and

an industry leading firewall solution to integrate together.


Comparison ChecklistSOPHOS XG SONICWALL NSA

NEXT-GEN FIREWALL FEATURES

Associate policies for IPS, QoS, Web, and App Control on a firewall rule basis

Dynamic firewall rules based on endpoint health

Firewall Rule and Web Policy Test Simulator

Dual Antivirus Engines

FastPath Packet Optimization

Intrusion Protection System

Application Control

Synchronized App Control (using Endpoint telemetry)

Block Potentially Unwanted Applications (PUAs)

Web Protection and Control

Web Keyword Monitoring and Enforcement

User and App Risk Visibility (UTQ)

Filtering of HTTPS data

ADVANCED THREAT PROTECTION

Advanced Threat Protection

Compromised System Detection

Compromised System Isolation

Sandboxing

SERVER and EMAIL PROTECTION

Full-Featured WAF +1 Box*

Complete Email: AV, AS, Encryption, DLP +1 Box*

CONNECTING USERS/ REMOTE OFFICES

IPSec & SSL VPN ($)

HTML5 VPN Portal

Wireless Mesh Networks

Plug and Protect Remote Office Security (RED)

EASE OF DEPLOYMENT AND USE

Flexible Deployment (incl. SW and IaaS Marketplace)

Integrates with Endpoint for status and auto isolation of threats

Synchronized Security in Discover (TAP) Mode Deployments

Full Historical Reporting +1 Box*

Free Central Management

Central Management for Partners

User Self-Serve Portal

LICENSING AND SUPPORT

Consistent Feature Set on All Models

Ability to Add Additional License Modules as and When Required

Multiple Technical Support Options

Simple Licensing With No Hidden Cost

* This feature requires a separate product

Request PricingRequest a no-obligation quote customized to your needs at sophos.com/firewall-quote

United Kingdom and Worldwide SalesTel: +44 (0)8447 671131Email: [email protected]

North American SalesToll Free: 1-866-866-2802Email: [email protected]

Australia and New Zealand SalesTel: +61 2 9409 9100Email: [email protected]

Asia SalesTel: +65 62244168Email: [email protected]

© Copyright 2018. Sophos Ltd. All rights reserved.Registered in England and Wales No. 2096520, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, UKSophos is the registered trademark of Sophos Ltd. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.

18-07-17 NA (2954-MP)

https://secure2.sophos.com/en-us/products/next-gen-firewall/get-pricing.aspx



Date post:	10-Jan-2019
Category:	Documents
Upload:	doancong
View:	221 times
Download:	1 times

SonicWall to XG Firewall Migration Planning Guide · A Soo Guide ul SonicWall to XG Firewall...

Documents