A Sophos Guide March 2018
SonicWall to XG Firewall Migration Planning GuideWhether you’re planning a migration from SonicWall to XG Firewall or simply investigating the merits of switching, this guide is for you. It provides a helpful overview of key areas of the firewall and outlines what’s similar and what’s different so you’re better prepared when the time comes to initiate your migration. We’ll cover:
Ì Licensing and deployment
Ì Navigation, dashboards and reports
Ì Security, policy and rules
Ì Diagnostics and troubleshooting
Ì Networking and VPN
We’ll also cover a few capabilities that XG Firewall offers that will be new you, that may help you start planning to further simplify and consolidate your IT security solution.
1A Sophos Guide March 2018
Contents
Licensing and Deployment 2
Navigation, Dashboards and Reports 3
Security, Policies, and Rules 7
Web Content Filtering 10
Application Control 11
Intrusion Prevention 13
Diagnostics and Trouble-shooting 13
Networking and VPN 15
Other Considerations 16
Web Application Firewall and Email Protection 16
Synchronized Security & Security Heartbeat 17
Comparison Checklist 19
2A Sophos Guide March 2018
Licensing and DeploymentAdding XG Firewall into your existing SonicWall network is easy. With the help of this guide,
you can probably be up and running with XG in just a few minutes. But if you’re not sure, or
want to migrate over a period of time, you can easily do that by running XG Firewall inline
with your SonicWall firewall or in parallel. Either option is super low risk and completely non-
disruptive. It’s a great way to explore the capabilities of XG Firewall while you migrate at your
own pace.
SonicWall licensing and XG Firewall licensing are more similar than different. You can buy
protection components separately or in bundles. Here are the SonicWall bundles and the XG
Firewall equivalents:
SonicWall Bundle XG Firewall Bundle
Advanced Gateway Support Suite (AGSSIncludes sandboxing, AV, IPS, App Control, Content Filtering, and 24x7 support
EnterpriseGuard PlusIncludes sandboxing, AV, IPS, App Control, Content Filtering, and 24x7 support
Includes full reporting at no-extra charge
Comprehensive Gateway Support Suite (CGSS)As above without Sandboxing.
EnterpriseGuardAs above without Sandboxing
FullGuard PlusIncludes all features of EnterpriseGuard Plus (above) and adds full email anti-spam, encryption, and DLP with a full-featured Web Application Firewall
Both SonicWall and Sophos offer Total package bundles with a hardware appliance, a
protection bundle (as above), and support.
XG Firewall offers a similar range of XG Series hardware appliances to SonicWall that allow
deployments that can fit nearly any size network from a small office to a large datacenter.
SonicWall Models XG Series Models
TZ Series – Entry level desktop devices XG Series Desktop
NSA Series – Mid-level 1U rackmount appliances XG Series 1U
SuperMassive Series – High-end 2U appliances XG Series 2U Models
All XG Series models have been recently refreshed to deliver added performance, faster
on-box solid-state storage, and unique features not available in other firewalls for added
flexibility, connectivity, and reliability including:
Ì Redundant power supplies across the full XG Series range (from entry level to high-end)
Ì Built-in fail-open bypass ports on all 1U XG Series Models (also available on 2U models)
Ì An extensive range of modular connectivity options including 3G/4G LTE
wireless radios, 802.11AC WiFi radios, and DSL modems (on desktop
devices) and a full range of copper, fiber, and PoE interface modules up to
10GbE and 40GbE for mid-range and high-end rack-mount appliances.
Like SonicWall’s recently announced support for virtualized environments and the
public cloud, XG Firewall has long offered broad support for software, virtual and cloud
deployments supporting popular virtual environments like VMware, Hyper-V, KVM, and Citrix.
XG Firewall can also be deployed on any existing x86 platform with at least two NICs. And
XG Firewall is also available on Microsoft Azure’s public cloud platform in a pay-as-you-
go model or bring your own license (BYOL) model. Amazon Web Services support is also
planned.
3A Sophos Guide March 2018
XG Firewall also offers a number of flexible options to extend your secure network including
Sophos unique RED (Remote Ethernet Devices) which are low-cost, zero-touch, VPN
devices that can be deployed to remote locations, retail shops, or branch offices easily by
anyone to instantly establish a lightweight highly secure VPN tunnel with the remote site.
This guide will dive into RED further in the section on Networking and VPN.
As with SonicWall, XG Firewall also includes an integrated wireless controller that supports
a variety of access points with the latest 802.11AC high performance wireless connectivity.
Navigation, Dashboards and ReportsIn SonicOS 6.5, SonicWall restructured the navigation in the firewall by organizing menu
items into three categories on three different screens:
Ì Monitor – Dashboard, Event Summaries, and System Status
Ì Investigate – Logs, Reports, and Diagnostics Tools
Ì Manage – Licensing, Firmware, Connectivity, Policies,
System Setup, and Security Configuration
You will find that XG Firewall offers a very familiar organization to its navigation with some
important differences.
Synchronized Application Control
Sandstorm
9 Apps in total detected
ATP UTQ
1
1Mapped Apps
8New Apps
3 1 2Suspect Malicious Clean
XG Firewall
MONITOR & ANALYZE
PROJECT
Current Activities
Reports
Diagnostics
Firewall
Intrusion Prevention
Web
Applications
Wireless
CONFIGURE
VPN
Network
Routing
Authentication
System Services
SYSTEM
Profiles
Hosts and Services
Administration
Backup & Firmware
Certificates
Web Server
Advanced Threat
Synchronized Security
Log ViewerControl CenterXG230 (SFOS 17.0.0) C240773Y2QQXTCA
System Traffic Insight User & Device Insights
Performance
Interfaces
High Availability: Not configured
Sophos Firewall Manager: Not configured
Running for 3 day(s), 22 hour(s), 5 minute(s)
Services
VPN
Web Activity 2046 highest | 256 avg
Hits every 5 minutes
Security Heartbeat
1Warnings
3Connected
1Missing
How-To Guides Help adminSophos
RED Wireless APs
Live UsersConnected RemoteUsers
3/30/0
120
Bandwidth Sessions52KB 130
CPU Memory10% 34%
3K
2.4K
1.8K
1.2K
600
0
Allowed App Categories
Unclassified
Infrastructure
Software Update
General Internet
File Transfer
11,189.3M
840.53M
440.62M
395.4M
334.5M
Network Attacks
Allowed Web Categories Blocked App Categories
Web Services a...
Reconnaissance
Browsers
Operating Syst...
375
16
5
1
Information Te...
NoneAdvertisements
ParkedDomainGeneral Business
4.61K
4.16K
1.09K
1.09K
918
P2P
Instant Messen...General Internet
E-commerceSocial Network...
4.28K
21
16
11
9
Control Center
Click on widgets to open details
Messages
WarningHTTPS-based management is allowed from the WAN. ...
4d ago
ReportsActive Firewall Rules
Risky Apps seen
Objectionablewebsites seen
Used by Top 10Web users
Intrusion Attacks
Yesturday
Yesturday
Yesturday
Yesturday
12
0
254 MB
206
Network4
Total11
User5
Business2
Changed1
New0
Disabled1
Unused3
XG Firewall Control Center (home screen) with the menu on the left.
As with SonicOS, menu items are organized into major task-oriented areas but all main
menu items are visible on the left as soon as you login. The four sections of the menu
include:
Ì Monitor & Analyze – Control Center, Current Activity, Reporting and Diagnostics
Ì Protect – Firewall rules and all related security and control
Ì Configure – Networking and authentication setup
Ì System – Object and profile definitions, backup, firmware, and licensing.
4A Sophos Guide March 2018
XG Firewall also employs a tab based sub-navigation structure that means you are never
more than two clicks from where you want to be.
XG Firewall 2-clicks-to-anywhere navigation via main menu items and tabs.
The “Monitor” section in SonicOS 6.5, includes a new dashboard with a variety of widgets
and several main menu items to dig into the current appliance and network status.
XG Firewall also offers a convenient dashboard called the Control Center (see illustration
below) that’s presented whenever you login. It offers much of the same information
available in the “Monitor” section of the SonicOS product.
However, what you may find different is that rather than implement a large list of menu
items to choose from, XG Firewall instead provides several graphical interactive widgets on
the control center that provide essential status at a glance. Each widget offers the option
to drill-down to access more detailed information and tools but the most essential status is
available without clicking anything.
Here’s an illustration calling out what’s visible at-a-glance on the XG Firewall Control Center
as soon as you login:
XG Firewall offers a wealth of information at-a-glance.
Next-gen Firewalls like these collect and correlate a massive amount of data and can often
be difficult to understand what’s important or what needs your attention. XG makes it
simple to focus on just what’s important using traffic-light-style indicators. Red means it
needs immediate attention, yellow is a warning, and green is good.
5A Sophos Guide March 2018
And every widget on the Control Center offers additional information that is easily revealed
simply by clicking that widget. For example, the status of interfaces on the device can be
easily obtained by simply clicking the “Interfaces” widget on the Control Center.
Clicking the interfaces widget reveals this flip-card view of the status of all interfaces on the device.
The host, user, and source of an advanced threat is also easily determined simply by
clicking the ATP (advanced threat protection) widget in the dashboard.
Clicking any of the system status items displays large graphs that show performance over
time with selectable timeframes, whether you want to look at the last two hours to the last
month or year. And they provide quick access to commonly used troubleshooting tools.
Clicking Control Center widgets reveals additional information and helpful tools.
6A Sophos Guide March 2018
If you’re like most network admins, you’ve probably wondered whether you have too many
firewall rules, and which ones are really necessary versus which ones are not actually being
used. With Sophos XG Firewall, you don’t need to wonder anymore.
The Active Firewall Rules widget shows a real-time graph of traffic being processed by the
firewall by rule type: Business Application, User, and Network Rules. It also shows an active
count of rules by status, including unused rules where you could have an opportunity to do
some housekeeping. As with other areas of the Control Center, clicking any of these will drill
down, in this case, to the firewall rule table sorted by the type or status of rule.
Active Firewall Rules Widget on the Control Center.
SonicWall, like most other firewall vendors, includes limited on-box reporting and offers
additional products like Analyzer or GSM to take care of the historical reporting needs.
One key difference is that XG Firewall provides comprehensive on-box reporting - included
at no extra charge. Of course, Sophos centralized reporting is also an option, but only if
required. All XG Series appliances include generous solid-state drive capacities for providing
high performance, long term data archival and reporting.
XG Firewall Reporting is intuitively organized and includes hundreds of built-in reports.
XG Firewall reporting is organized by type, with several built-in dashboards to choose from.
There are literally hundreds of reports with customizable parameters across all areas of
the firewall, including traffic activity, security, users, applications, web, networking, threats,
VPN, email, and compliance. You can easily schedule periodic reports to be emailed to your
or your designated recipients, and save reports as HTML, PDF, or CSV.
7A Sophos Guide March 2018
One unique report that is very popular with XG Firewall admins is Top Risk Users (or User
Risk Quotient). User Threat Quotient (UTQ) helps a security administrator spot users who
pose a risk based on suspicious web behavior and threat and infection history. A user’s
high UTQ risk score could be an indication of unintended actions due to lack of security
awareness, a malware infection, or intentional rogue actions.
The User Threat Quotient (UTQ) report provides at-a-glance insight into top risk users.
Knowing the users and their activities that increase risk can help you take action and either
educate your top risk users or enforce stricter or more appropriate policies to get their
behaviour under control.
Security, Policies, and RulesAs with most Firewalls, both SonicWall and XG Firewall offer similar next-gen firewall
protection capabilities including AV, sandboxing, ATP and botnet protection, IPS, web
content filtering, and application control. They also both utilize the concept of zones,
objects, policies, and rules. Where they differ is in the fundamental model in how you
establish, interact with, and maintain your security posture.
SonicWall employs a traditional approach that separates access rules, app control
policies, web content filtering, and most protection services (like AV, Sandboxing, ISP, SSL
inspection). Access rules and app control policies are setup separately under the “Policies”
section of the product and define what traffic can traverse the firewall. Web content filtering
is setup under the “Security Services” section along with global or zone based security
services like AV, IPS, and sandboxing.
As you’ve probably noticed, the challenge with the traditional approach SonicWall employs,
is that it’s impossible to assess your security posture at any one place in the product.
For example, it’s impossible to see what security and controls are being applied to the
Marketing Department or the Sales Team. Here’s a list of the areas of the product you need
to visit to get a clear picture of your security posture:
Ì Policies > Rules > Access Rules
Ì Policies > Rules> App Rules
Ì Security Configuration > Security Services > Content Filter
Ì System Setup > Network > Zones
8A Sophos Guide March 2018
XG Firewall utilizes an all-new rule and policy model that makes it easy to setup, assess and
manage your security posture in a single place. It integrates the concepts of Access Rules,
App Control Rules, Content Filtering, and all other Security Services together into a single
powerful but elegantly simple construct: The firewall rule.
The heart of XG Firewall – Firewall Rule Management.
You setup and manage all your firewall rules whether they are governing network traffic and
services, user activity, or NAT and business application protection together in one place and
often in a single rule.
XG Firewall Rule Definition includes flexible matching criteria by source, destination, and/or user identity.
Firewall rules are setup to match on source, destination, and/or users. And all of these are
infinitely flexible and definable to fit any rule definition requirement. You then add security
services and snap-in any mix of user activity, traffic shaping, or protection policies to govern
the affected traffic.
9A Sophos Guide March 2018
All the security services and settings you see below are defined on a firewall rule basis. For
example, SSL inspection on SonicWall is a global setting for web content filtering. With XG
Firewall it can be set granularly on a policy-by-policy basis. Sandboxing is set by traffic type
in SonicWall. On XG Firewall, you can set it on a rule-by-rule basis.
All your security services and polices are set and managed on a single screen for each
firewall rule as shown below.
XG Firewall per-rule security services and snap-in policies all configured on a single panel.
And what’s more, if you want to dig into the details of what your snap-in policies are
enforcing, you can simply bring up the policy in a pop-up window to assess or edit without
leaving the Firewall rule screen. This can be a huge time saver.
Pop-up any snap-in policy to review or edit in-place without leaving the firewall rule screen.
XG Firewall makes security simpler, more flexible and easier to manage.
10A Sophos Guide March 2018
Web Content FilteringWeb content filtering is one of the most common features deployed in every firewall for
compliance and productivity. Whether you’re blocking inappropriate websites, protecting
your network from web attacks, or looking to filter content for signs of problematic behavior,
web filtering is a critical component of your network protection.
Both SonicWall and XG Firewall offer flexible Web Content Filtering that allows you to build a
set of hierarchical user or group based content filtering policies.
A few differences with the way XG Firewall implements web filtering that may make this
feature easier to use include:
Ì Pre-packaged policy templates are provided out of the box for common
web filtering scenarios like a “Default Workplace Policy” or a “CIPA
Compliance Policy” etc. You can start with one of these policies and modify
it to suit your requirements quickly which can save a lot of time
Ì Multiple users or groups per web filtering policy and multiple
policies. It’s an extra level of structure and flexibility that allows
you to accommodate any situation easily and intuitively.
Ì Snap-in Polices to Firewall Rules: As mentioned earlier Web Policies snap-
in to firewall rules and thus form part of your overall firewall security posture
and make it easy to see what protections and controls are being applied to
any given traffic or user group at-a-glance. You can also edit or review web
policies directly from where they are applied on the Firewall rule screen.
Ì Browsing time quotas allow policies to be established that enforce
a limited amount of web surfing per user per day.
Ì Dynamic web content filtering enables keyword matching to identify
problematic online behaviour like bullying, self-harm, radicalization,
or other bad behavior regardless of web category or site.
Ì Web policy simulation and testing tools makes it easy to check that web policies are
performing as expected and quickly resolve help-desk inquiries from end-users.
Ì SSL Inspection is performed on a firewall rule basis and thus on a
web policy rule basis and is included at no extra charge.
Ì Potentially unwanted application blocking can easily block embedded
javascript objects and executable downloads that may not be malicious
but are generally unwanted such as cryptocurrency mining which has
become tremendously popular on compromised websites.
11A Sophos Guide March 2018
XG Firewall Web Policies include a number of pre-packed templates that you can use out of the box or easy customize.
Then snap your web policy into your firewall rules and review or edit in place by clicking the “pencil” icon if needed.
Application ControlApplication awareness and control are one of the key tenets of a next-generation firewall.
Unfortunately, most firewall’s app control engines are based on signatures and are failing
to provide suitable insight into network applications that are increasingly using encryption
and generic HTTP connections to communicate out through the firewall. The amount of
application traffic being classified as generic HTTPS or HTTP or SSL is rapidly increasing
to the point where application control solutions are largely ineffective. All firewalls using
signature based detection suffer from this. SonicWall, along with many others, are no
exception.
12A Sophos Guide March 2018
XG Firewall has an elegant and unique solution to this problem. If it cannot identify the
application generating the traffic using signatures at the network gateway, it will query the
endpoint. Because the endpoint knows exactly what executable or service is generating
every packet of traffic that leaves the device, it can provide 100% clarity and visibility
into applications generating traffic on the network. This capability is called Synchronized
Application Control and is exclusive to Sophos. It will reveal all the application traffic that is
currently going undetected on your network and automatically classify and control it where
possible, and allow you to categorize and control traffic manually if desired. It requires
Sophos Cloud Managed Endpoints or Intercept X to enable this capability. XG Firewall and
Sophos Endpoints or Intercept X also enable other features like Security Heartbeat™ that
provide a coordinated defense and response in the event of an incident. More on that later in
this guide.
The Synchronized App Control widget on the Control Center.
The Synchronized Application Control screen provides an overview of all the previously unseen applications on the network.
You can easily classify and control any newly discovered app.
13A Sophos Guide March 2018
Another key difference between SonicWall and XG Firewall’s application control is the
flexibility with which controls can be applied. SonicWall applies security services like App
Control on a zone-by-zone basis. This dramatically limits the types of controls that can be
applied to different users and groups. XG Firewall, on the other hand, applies app control
policies and other security services on a firewall rule basis. This provides more granular
control, enabling application controls such as allow or block as well as traffic shaping and
quality of service (QoS) to be applied based on user or group basis as well as zone, traffic,
source, destination, or type.
Intrusion PreventionBoth SonicWall and XG Firewall include IPS. The key differences between SonicWall and
XG Firewall’s application of IPS is similar to other security services. As outlined earlier,
SonicWall applies security services like IPS on a zone basis. XG Firewall applies IPS and
other security services on a firewall rule basis. This provides more granular control and can
improve performance as only the relevant IPS signature sets need to be associated with a
particular firewall rule.
IPS effectiveness and performance are often key trade-offs and considerations during
firewall design and security application. NSS Labs does exhaustive and rigorous testing
of all next-gen firewall IPS engines in their annual Next-Generation Firewall Group Test.
Readers are encouraged to download the latest rest results to see the relative security
effectiveness and price per protected Mbps for SonicWall and XG Firewall products.
Diagnostics and Trouble-shootingIn SonicOS 6.5, logging and trouble-shooting are located under the “Investigate” section
of the product. You can view the various logs here, view the application traffic report, and
access various trouble-shooting tools like the packet monitor.
XG Firewall offers a similar set of tools under the “Diagnostics” main menu item. However,
important tools like the log viewer are available from every screen in the system. When
you open the log viewer it pops-up in a separate window so you can monitor the logs
while working in the product. It offers a variety of flexible views as well as powerful sorting,
filtering, and search options to enable you to focus on just what’s important.
The tabular log view shows all events in structured format and you can easily select which log you want to view.
14A Sophos Guide March 2018
The aggregate log view shows all events with added detail to enables easy and powerful search and filtering.
When it comes to trouble-shooting firewall rules the powerful Policy Test tool allows you to
evaluate or simulate connections of nearly any type or protocol to evaluate if firewall rules
are working as expected. You can also use this tool to evaluate a web policy for a given user
to trouble-shoot website help-desk calls. It’s an extremely powerful time-saving tool.
The powerful Policy Test tool allows you to simulate or test neary any type of connection.
15A Sophos Guide March 2018
Networking and VPNAs with most firewalls, both SonicWall and XG Firewall offer a variety of network
configuration options and a full suite of VPN solutions to fit nearly any network. Both
products utilize a similar model for configuring the firewall such as interfaces and zones as
well as all the expected options for VLANs, DNS, DHCP servers, and routing. VPN offerings
are also similar with support for a variety of both site-to-site and remote access standards-
based VPN technologies including SSL VPN, IPSec, L2TP, PPTP.
XG Firewall provides familiar interface configuration tools.
XG Firewall offers two unique VPN solutions that you may wish to consider. The first is RED
(or Remote Ethernet Device) which we mentioned earlier. RED are low-cost, zero-touch,
VPN devices that can be deployed to remote locations, retail shops, or branch offices easily
by anyone to instantly establish a lightweight highly secure VPN tunnel with the remote
site. However, XG Firewall also supports the use of RED tunnels between firewalls for site-
to-site connectivity that’s stable, high performance, and light-weight. It can be effective in
cutting through nation-state firewalls where other protocols have difficulties.
Sophos RED are low cost, zero-touch deployment, remote site VPN devices.
XG Firewall also supports secure clientless HTML5 based VPN connections to specific
servers or services within the organization via the secure XG user portal that is more flexible
and easier to access than SonicWall’s implementation of Virtual Office Bookmarks.
16A Sophos Guide March 2018
Other ConsiderationsWeb Application Firewall and Email ProtectionXG Firewall offers the option to cost effectively consolidate additional IT security
infrastructure into a single appliance by offering a full-featured web application firewall
(WAF) and a more comprehensive email protection solution complete with anti-spam,
phishing protection, encryption and DLP.
XG Firewall Email Protection offers more functionality than what is available in SonicWall’s
firewall products, and is in fact better than what you get if you have their separate Email
Security Appliance. XG Firewall Email Features include:
Ì Self-serve quarantine: provides direct end-user control over their
individual spam quarantine via the secure user portal.
Ì Live AV Look-ups: XG Firewall consults the cloud infrastructure from SophosLabs in real-
time for possible threat matches. This in turn, greatly improves malware detection rates.
Ì SPX Email Encryption: Provides an elegant clientless and certificate free
solution to encrypting sensitive emails using a secure PDF exchange with
flexible password key creation that supports a variety of scenarios.
Ì DLP Engine: XG Firewall’s DLP Engine automatically scans emails for sensitive
or confidential content with the option to hold, notify, or encrypt.
Ì Per domain routing: Route incoming mail to the correct
destination server, based on the target domain
Ì Full MTA – Store and forward support: Enables business continuity, allowing
the firewall to store mail when target servers are unavailable
Ì Smart Host Outbound Relay: Allows re-routing of email via an alternate set
of servers (a smart host), rather than directly to the recipient’s server.
Ì Greylisting: Sophos XG firewall temporarily rejects the mail from unrecognized
sources. Only if the mail server resends it, will XG firewall accept, scans and adds
the mail server to the allow list based on the test results. Alternatively the admin
can update whitelist records manually or use inbuilt presets for common senders
Ì Recipient Verification: Allows XG Firewall to query the recipient’s
directory service via SMTP to check that a valid mailbox exists.
XG Firewall Web Server Protection offers a full-featured WAF to protect internal business
application assets such as Outlook Web Access and SharePoint from unauthorized access,
hacks and attacks. You get features like server hardening, reverse proxy authentication, AV
scanning, SSL offloading. And the best part is, XG Firewall includes business application
security rule templates that make it easy to configure protection easily and properly for
common services so you can be confident your organization’s key server resources are
accessible but secure.
17A Sophos Guide March 2018
SonicWall offers some WAF functionality but you need to buy their separate SRA product
adding cost and complexity.
XG Firewall’s WAF includes powerful protection templates that make setup quick and easy.
Synchronized Security & Security HeartbeatOne of the most requested firewall features from network administrators is the ability to
automatically respond to security incidents on the network.
Sophos XG Firewall is the only network security solution that is able to fully identify the
source of an infection on your network and automatically limit access to other network
resources in response. This is made possible with Security Heartbeat™ that shares
telemetry and health status between Sophos endpoints and XG Firewall.
XG Firewall uniquely integrates the health of connected hosts into your firewall rules,
enabling you to automatically limit access to sensitive network resources from any
compromised system until it’s cleaned up.
Sophos Security Heartbeat shares intelligence in real time using a secure link between
your endpoints and your firewall. This simple step of synchronizing security products that
previously operated independently creates more effective protection against advanced
malware and targeted attacks.
Security Heartbeat™ provides a traffic-light-style status for your endpoint health on the Control Center.
Drilling down reveals the user and host that’s at risk.
18A Sophos Guide March 2018
Security Heartbeat can not only identify the presence of advanced threats instantly, it can
also be used to communicate important information about the nature of the threat, the
host system, and the user. And perhaps most importantly, Security Heartbeat can also be
used to automatically take action to isolate or limit access to compromised systems until
they can be cleaned up. It’s exciting technology that is revolutionizing the way IT security
solutions identify and respond to advanced threats.
Security Heartbeat for managed endpoints behind your firewall can be in one of three
states:
Green Heartbeat status indicates the endpoint system is healthy and will be allowed to
access all appropriate network resources.
Yellow Heartbeat status indicates a warning that a system may have a potentially
unwanted application (PUA), out of compliance, or some other issue. You can choose
which network resources a yellow heartbeat is allowed to access until the issue is
resolved.
Red Heartbeat status indicates a system that is at risk of being infected with an
advanced threat and may be attempting to call home to a botnet or command-and-
control server. Using the Security Heartbeat policy settings in your Firewall, you can easily
isolate systems with a red heartbeat status until they can be cleaned up to reduce the risk
of data loss or further infection.
XG Firewall is the only firewall that offers dynamic access rules based on endpoint health.
Only Sophos can provide a solution like Security Heartbeat because only Sophos is a leader
in both endpoint and network security solutions. While other vendors are starting to realize
this is the future of IT security and are scrambling to implement something similar, they are
all at a distinct disadvantage: they don’t own both an industry leading endpoint solution and
an industry leading firewall solution to integrate together.
19A Sophos Guide March 2018
Comparison ChecklistSOPHOS XG SONICWALL NSA
NEXT-GEN FIREWALL FEATURES
Firewall Rule and Web Policy Test Simulator
Dual Antivirus Engines
FastPath Packet Optimization
Intrusion Protection System
Application Control
Synchronized App Control (using Endpoint telemetry)
Block Potentially Unwanted Applications (PUAs)
Web Protection and Control
Web Keyword Monitoring and Enforcement
User and App Risk Visibility (UTQ)
Filtering of HTTPS data
ADVANCED THREAT PROTECTION
Advanced Threat Protection
Compromised System Detection
Compromised System Isolation
Sandboxing
SERVER and EMAIL PROTECTION
Full-Featured WAF +1 Box*
Complete Email: AV, AS, Encryption, DLP +1 Box*
CONNECTING USERS/ REMOTE OFFICES
IPSec & SSL VPN ($)
HTML5 VPN Portal
Wireless Mesh Networks
Plug and Protect Remote Office Security (RED)
EASE OF DEPLOYMENT AND USE
Flexible Deployment (HW,SW,VM,IaaS) No SW/IaaS
Integrates With Other IT Security Products (e.g. Endpoint)
Synchronized Security in Discover (TAP) Mode Deployments
Full Historical Reporting +1 Box*
Free Central Management
Central Management for Partners
User Self-Serve Portal
LICENSING AND SUPPORT
Consistent Feature Set on All Models
Ability to Add Additional License Modules as and When Required
Multiple Technical Support Options
Simple Licensing With No Hidden Cost
* This feature requires a separate product
Request PricingRequest a no-obligation quote customized to your needs at sophos.com/firewall-quote
United Kingdom and Worldwide SalesTel: +44 (0)8447 671131Email: [email protected]
North American SalesToll Free: 1-866-866-2802Email: [email protected]
Australia and New Zealand SalesTel: +61 2 9409 9100Email: [email protected]
Asia SalesTel: +65 62244168Email: [email protected]
© Copyright 2018. Sophos Ltd. All rights reserved.Registered in England and Wales No. 2096520, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, UKSophos is the registered trademark of Sophos Ltd. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.
18-03-02 NA (2954-DD)