Skip to content

Sophos Silver Partner

We don't just sell them, we know them!

Qualified Technical Team

A team you can trust with the experience you need

20+ Years Experience

1000's of installs across AU, NZ and UK


HomeFirewalls / Sophos / XGS Rackmount Series

subscriptions & accessories

Sophos Parts & Accessories


  • Which Model?
  • Which Subscription?
  • More protection?
  • Thinking  Wireless?

The Sophos Rackmount Series is currently made up of 8 models.  These are ideal for midsize and enterprise organizations looking for a rackmount form factor, strong throughput and enterprise-grade security.  The table below highlights the main features of each model.


Options

Power over Ethernet

XGS 2100 / 2300 / 3100 / 3300 (1 x Optional Module - 4 x 1 GbE Max 60W Per Port)

XGS 4300 / 4500 (2 x Optional Module - 4 x 1 GbE Max 60W Per Port)

Storage

XGS 2100 / 2300 (128 GB SSD), XGS 3100 / 3300 (240 GB SSD)

XGS 4300 (240 GB SSD), XGS 4500 (2 x 240 GB SSD - Software RAID 1)

XGS 5500 / 6500 (2 x 480 GB SSD - Hardware RAID 1 Built In To CPU)

Redundant Power Supply

XGS 2100 / 2300 / 3100 / 3300 / 4300 (Optional External Redundant PSU)

XGS 4500 (Optional Internal Redundant PSU)
XGS 5500 / 6500 (2 x Internal Redundant PSU As Standard)

Throughput

Firewall Inspection

XGS 2100 (3 Gbps), XGS 2300 (3.5 Gbps), XGS 3100 (3.8 Gbps), XGS 3300 (40 Gbps)

XGS 4300 (75 Gbps), XGS 4500 (80 Gbps), XGS 5500 (100 Gbps), XGS 6500 (115 Gbps)

Threat Prevention

XGS 2100 (1.25 Gbps), XGS 2300 (1.4 Gbps), XGS 3100 (2 Gbps), XGS 3300 (2.7 Gbps)

XGS 4300 (4.8 Gbps), XGS 4500 (8.39 Gbps), XGS 5500 (12.39 Gbps), XGS 6500 (17.05 Gbps)

Firewall IMIX

XGS 2100 (15.9 Gbps), XGS 2300 (20 Gbps), XGS 3100 (22 Gbps), XGS 3300 (24.5 Gbps)

XGS 4300 (33 Gbps), XGS 4500 (37 Gbps), XGS 5500 (52 Gbps), XGS 6500 (60 Gbps)

Intrusion Prevention

XGS 2100 (5.8 Gbps), XGS 2300 (7 Gbps), XGS 3100 (9.82 Gbps), XGS 3300 (13.44 Gbps)

XGS 4300 (25 Gbps), XGS 4500 (35.69 Gbps), XGS 5500 (40 Gbps), XGS 6500 (48 Gbps)

NGFW

XGS 2100 (5.2 Gbps), XGS 2300 (6.3 Gbps), XGS 3100 (9 Gbps), XGS 3300 (12.5 Gbps)

XGS 4300 (23 Gbps), XGS 4500 (30 Gbps), XGS 5500 (38 Gbps), XGS 6500 (46.5 Gbps)

SSL / TLS Inspection

XGS 2100 (1.1 Gbps), XGS 2300 (1.45 Gbps), XGS 3100 (2.47 Gbps), XGS 3300 (3.13 Gbps)

XGS 4300 (8 Gbps), XGS 4500 (10.6 Gbps), XGS 5500 (13.5 Gbps), XGS 6500 (16 Gbps)

IPSec VPN Throughput

XGS 2100 (12 Gbps), XGS 2300 (15 Gbps), XGS 3100 (17 Gbps), XGS 3300 (21 Gbps)

XGS 4300 (51 Gbps), XGS 4500 (62 Gbps), XGS 5500 (78 Gbps), XGS 6500 (97 Gbps)

capacity

Interfaces

XGS 2100 / 2300 (8x 1GbE + 2 x SFP), XGS 3100 / 3300 (8 x 1GbE, 2 x SFP, 2 x SFP+)
XGS 4300 / 4500 (4 x 1GbE, 4 x 2.5GbE, 4 x SFP+)

XGS 5500 (8x 1GbE + 8 x SFP+), XGS 6500 (8 x 1GbE + 12 x SFP+)

Bypass Port Pairs

XGS 2100 / 2300 / 3100 / 3300 (1)
XGS 4300 / 4500 / 5500 / 6500 (2)

Flex Port Module Slots

XGS 2100 / 2300 / 3100 / 3300 (1)
XGS 4300 / 4500 (2) XGS 5500 / 6500 (2 + 1 High Density Module)

Optional Add-On Connectivity

All Models - SFP DSL Module VDSL2

Optional Flexi Port Modules
XGS 2100 - 4500

8 port GbE copper, 8 port GbE SFP fiber, 4 port 10GE SFP+ fiber, 4 port GbE copper bypass (2 pairs), 4 port GbE copper PoE +, 4 port GbE copper, 4 port 2.5 GbE copper PoE, 2 port GbE Fiber (LC) bypass + 4 port GbE SFP Fiber

Optional Flexi Port Modules
XGS 5500 - 6500

8 port GbE copper, 8 port GbE SFP fiber, 4 port 10 GbE SFP+ fiber, 4 port GbE copper bypass (2 pairs), 2 port 40 GbE QSFP+ fiber, 8 port 10 GbE SFP+ fiber, 2 port GbE Fiber (LC) bypass + 4 port GbE SFP Fiber, 2 port 10 GbE Fiber (LC) bypass + 4 port 10 GbE SFP+ Fiber, High-density module (NIC): 12 port GE copper + 4 port 2.5 GE copper

Max Total Port Density (inc use of modules)

XGS 2100 / 2300 (18), XGS 3100 / 3300 (20), XGS 4300 / 4500 (28)
XGS 5500 (48), XGS 6500 (68)

VPN Tunnels & Licenses

SSL VPN Concurrent Tunnels

XGS 2100 / 2300 (2500),  XGS 3100 / 3300 (5000),  XGS 4300 (7500)

XGS 4500 (10000), XGS 5500 / 6500 (15000)

Our Serving suggestion

Internet Speed

< 1000 Mbps
XGS 2100 / 2300

<  1500 Mbps
XGS 3100 / 3300

< 5000 Mbps
XGS 4300 / 4500

Muliti Gbps
XGS 5500 / 6500

Number of Users

< 100

< 200

< 1000

1000's

Paul's Quick Tip

So here's my quick tip for selecting a Sophos Rackmount Series firewall to meet your needs.  Having sold and managed literally thousands of firewalls across the world since I started in 1999, I have noticed one thing - Our browsing and data consuming habits effect a firewall's throughput.  All the tests above were performed in labs and under controlled conditions.  


I would always recommend taking the slowest speed published - in this instance something like the Threat Protection value and then dividing it by three.   This will give you, from our experience, the worst speed you will get under the heaviest load conditions, with full protection turned on.   Make sure this speed is faster than your internet connection and you will be good to go.


Example using a Sophos XGS 2100

Threat Protection speed is 1250 Mbps, divide this by 3 which gives you 416 Mbps.  This is the slowest we believe this firewall will run under the heaviest of loads.  Obviously if you want to turn some of the security services off, then you will make it run faster.


The Tech Geeks - Paul Sillars

Gio's Advice

Your firewall is nothing without a live and updating subscription.  Viruses, Malware and network threats, change almost hourly.  Purchasing a security subscription means that your firewall will always be receiving the latest threat signatures, virus protection updates and filter block lists.


The best bit is that an active security subscription also gives you free firmware updates, technical support from Sophos and hardware warranty for the duration of the subscription.


Never view a security subscription like the warranty for a car.   It is not there just in case something goes wrong, it is actually needed to make sure nothing goes wrong.  You are only truly being protected if your firewall is auto updating and has an active subscription.


Base License

Every Sophos XG/XGS firewall comes with a base license as standard.  This gives you the basic features to get going, but no ongoing updates or support.

standard protection

The Standard Protection Bundle provides all

essential security services needed to protect against known, as well as firmware updates, hardware warranty and 24x7 support

Xstream protection

The Xstream Protection Bundle builds on the features available in Standard, but adds in protection against unknown threat, often called Zero-Day, along with advanced SD-WAN capabilities and an extended reporting period.

base

standard

xstream

24x7 Enhanced Support

24/7 support, advanced replacement hardware warranty for the term of the subscription.

Fimware Updates

Keep your Sophos patched and up to date with regular firmware updates.

Xstream SD-WAN and Networking

Includes all networking, routing, and SD-WAN capabilities including zone-based stateful firewall, NAT, VLAN, SDWAN profiles, performance-based WAN link selection and monitoring, zero-impact WAN link transitions, and Xstream FastPath acceleration of SD-WAN VPN traffic.

Secure Wireless

Built-in wireless controller for Sophos APX wireless access points. Plug-and-play access point discovery makes setup easy. Support for multiple SSIDs, hotspots, guest networks, and the diverse encryption and security standards.

VPN

Provides standards-based site-to-site and remote access VPN (free up to the capacity of the firewall) with support for IPsec and SSL. Sophos Connect remote access VPN client for Windows and Macs offers seamless and easy deployment and configuration options.

Reporting

Extensive on-box reporting provides valuable insights into threats, users, applications, web activity, and much more. Note that specific reporting functionality may be dependent on other protection modules to get the full benefits (for example, Web Protection or web and app reports).  Please note the XGS 87 / 87 Wireless does not have enough onboard storage to provide on-box reporting.

Intrusion Prevention Service

Provides advanced protection from all types of modern attacks. It goes beyond traditional server and network resources to protect users and apps on the network as well.

Security Heart Beat

Creates a link between your Sophos Central protected endpoints and your firewall to identify threats faster, simplify investigation, and minimize impact from attacks. Easily incorporate Heartbeat status into firewall policies to automatically isolate compromised systems.

Advanced Threat Protection

Instant identification and immediate response to today’s most sophisticated attacks. Multi-layered protection identifies threats instantly and Security Heartbeat provides an emergency response.

Advanced VPN Technologies

Adds unique and simple VPN technologies, including our clientless HTML5 self-service portal that makes remote access incredibly simple or utilize our exclusive light-weight secure SD-RED (Remote Ethernet Device) VPN technology.

Application Control and QoS

Enables user-aware visibility and control over thousands of applications with granular policy and traffic-shaping (QoS) options based on application category, risk, and other characteristics. Synchronized Application Control automatically identifies all the unknown, evasive, and custom applications on your network.

Advanced Web Threat Protection

Backed by SophosLabs, our advanced engine provides the ultimate protection from today’s polymorphic and obfuscated web threats. Innovative techniques like JavaScript emulation, behavioral analysis, and origin reputation help keep your network safe.

High-performance traffic scanning

Optimized for top performance, our Xstream SSL inspection provides ultra-low latency inspection and HTTPS scanning while maintaining performance

Zero-Day Protection

Powered by the industry-leading SophosLabs, the Zero-Day Protection subscription includes a fully cloud-based threat intelligence and threat analysis platform. This provides deep learning-based file analysis, detailed analysis reporting, and a threat meter to show the risk summary for a file. We use layers of analytics to identify known and potential threats, reduce unknowns, and derive verdicts and intelligence reports for the most commonly used file types.

Sophos Central SD-WAN Orchestration

Makes VPN orchestration easy. Wizard-based tunnel configuration helps create full mesh networks, hub-and spoke models, or complex tunnel setups between multiple firewalls a quick point-and-click exercise. Seamlessly integrates multiple WAN link and SD-WAN functionality and routing optimizations to improve resilience and performance and also integrates with user authentication and Synchronized Security Heartbeat to control access.

Central Firewall Reporting Advanced (30-day)

Cloud-based reporting with several pre-packaged common reports for threats, compliance, and user activity. Includes advanced options for creating custom reports and views with the option to save, schedule or export your custom reports. Includes 30 days of log data retention with the option to add additional storage for additional historical reporting needs.

MTR/XDR Ready

Sophos MTR provides optional 24/7 threat hunting, detection and response delivered by an expert team as a fully-managed service. Sophos XDR offers extended detection and response managed by your own team. Regardless of whether you manage it yourself, or Sophos manages it for you, your Sophos Firewall is ready to share the necessary threat intelligence and data to the cloud.

Email Protection

Consolidate your email protection with anti-spam, DLP, and encryption. We recommend Sophos Central Email Advanced for the best cloud-based email protection solution. If you require on-box email protection, this module offers essential anti-spam, DLP and encryption.

Optional Add-On

Optional Add-On

Web Server Protection

Harden your web servers and business applications against hacking attempts while providing secure access.

Optional Add-On

Optional Add-On

SOPHOS XGS rackmount Series - further information

The Sophos XGS Series Quick Intro

The XGS Series delivers Xstream performance at every price point to power the protection you need for today’s diverse, distributed, and encrypted networks.


Powered by Xstream

Accelerate and offload your important SaaS, SD-WAN, and cloud traffic at the hardware level, while adding performance headroom for TLS and deep packet inspection with integrated Xstream Flow Processors.


High-Speed Connectivity

Customize your firewall’s already versatile connectivity options with an extensive range of add-on modules for high-speed copper, fiber, Power over Ethernet (PoE), and Wi-Fi.

Sophos Central Cloud Management

Sophos Central - The ultimate cybersecurity cloud management platform. Free and easy.


One Console to Manage It All

Sophos Central provides a single cloud management console for all your Sophos products and includes group firewall management at no extra charge.


Reporting in the Cloud

Sophos Central maintains your firewall log data in the cloud with flexible reporting tools that enable you to analyze and visualize your network over time.

Sophos Synchronised Security

Synchronize Your Protection

Sophos Firewall integrates tightly with the rest of the Sophos ecosystem, including ZTNA and Intercept X Endpoint, to enable MTR, XDR, and Synchronized Security with incredible visibility, protection, and response benefits, whether you manage it yourself or let Sophos manage it for you.


Extend Your Network

Sophos Firewall enables you to extend your network anywhere, anyhow, easily and affordably, with a full portfolio of SD-WAN, cloud, and VPN secure access solutions that will integrate your distributed network together.

SOPHOS XGS DESKTOP Series - Out the box

The Sophos XGS 2300

The quick video will show you what you get in the box, when you purchase a Sophos XGS 2300.


Do make sure you purchase it with a subscription for full protection and you may like to consider adding wireless or even endpoint protection to the bundle to further enhance your network security.

Sophos XGS Optional External Redundant PSU

The quick video will show you what you get in the box, when you purchase the external redundant PSU for the XGS 2100 / 2300 / 3100 / 3300 / 4300.

information hub

What happens if I don't renew my Sophos Subscription?

For the best protection a firewall will always need an active and configured security subscription.   If this has lapsed or your are thinking about not renewing it, then the following will happen.


1 - You will loose the option to get free support from the Manufacturer

2 - You will loose all hardware warranty and if your physical unit fails, you will no longer be able to get a free replacement

3 - Any firewall polices that use subscription services will need to be updated to remove them, otherwise they will often switch in to blocking mode.

4 - Your firewall will return to the base license subscription

Is support included in the subscription?

Support is included as standard in the 2 main subscription offerings - Standard Protection and Xstream Protection.   This support includes telephone and email support direct with Sophos, Firmware Updates and Hardware Warranty.

Is hardware warranty included?

If you have a current Standard Protection or Xstream Protection, then hardware replacement is included for the length of time you keep that subscription current.  Please do note that in the case of hardware failure, Sophosl will ship you a replacement from outside of Australia.   You may like to consider additional next business day hardware warranty services to supplement this, to get you back and running as quickly as possible.

What options do I have to get additional support if I get stuck?

We know that sometimes we just need that extra little bit of help and support.   The Tech Geeks have a team that are qualified to assist you and get your back on track as quickly as possible.   We offer rates from $150 + GST per hour and would be happy to quote for any work that you need help with.

Real world performance tests

The below tests have been conducted on a dedicated 1:1 uncontended 1Gb/s fibre connection