Sophos SG vs XG vs XGS – What’s the diff?

Let’s start with the difference between Sophos SG firewalls and XG firewalls. It’s pretty simple; the XG series replaced the SG series. The SG’s are still quite serviceable, however.

Basically, the hardware on the Sophos SG and XG series are identical in terms of CPU, RAM, memory and ports. The main difference is that SG Series come with UTM 9 firmware while XG firewalls come with XG Firewall firmware. As a newer product, the XG’s Sophos Firewall Operating System (SFOS) is updated more frequently.

However, it is possible to install the SFOS of the XG Firewall on SG hardware. The license can then be migrated 1:1.

There are some technical advantages to the SFOS over the Sophos SG (UTM) operating system, however. For example, Firewall Rules are much clearer and more granular. Also, the Log Viewer is a real highlight of the XG operating system. It’s extremely quick and easy to check logs right through the GUI. And, with Synchronized Security on the XG firewall you can see the applications that are running on all the endpoints. So, based on this, if you own an SG appliance, you might not need to rush out and upgrade right away.

XGS – The next logical evolution

First thing is, Sophos’ new flagship line is now called, simply, Sophos Firewall. It may look similar to the XG series from the outside, but under the hood its’ a completely new hardware platform.

You see, unlike the XG Series, the new XGS Series features a dual processor architecture that combines the multi-core CPU with the brand new Xstream Flow processor for hardware acceleration. These multi-core processors just make everything faster. That includes heavy-lift security functions like…

TLS 1.3 Inspection

According to the latest statistics, approximately 90% of web traffic is encrypted. Who knew? Problem is, encryption makes traffic invisible to most firewalls. As a result, many organizations simply don’t use the SSL Inspection features on their firewalls. The concern is that SSL Inspection will impact performance. And that affects user experience. Predictably, an increasing amount of malware is taking advantage of this fact. The speedy new processors allow you to use SSL Inspection without sacrificing speed and efficiency.

Deep Packet Inspection

So, Sophos Firewall includes a fast Deep Packet Inspection engine. It scans your traffic without using a proxy, which tends to slow things down. The inspection processing is completely offloaded to the DPI engine. This reduces latency. In other words, it speeds things up.

Sophos Firewall blocks the latest ransomware and breaches with high-performance streaming DPI. This includes next-gen IPS, web protection, and app control. It also features deep learning and sandboxing.

Application Acceleration

Of course, a lot of your network traffic is important application traffic. Traffic that’s supposed to be there, headed for branch offices, remote users, and so on. This trusted traffic can now be directed to FastPath, which will optimize performance further. This provides extra capacity for intelligently scanning traffic that does need DPI for malware and other threats.

The Xstream Flow processor speeds up your SaaS, SD-WAN. So things like VoiP, video, and other trusted cloud traffic get pushed to FastPath either automatically, or by your own policies.

Better connectivity

The new XGS series offers a range of built-in and optional expandable connectivity options. Compared to the XG series, the new models offer fundamentally more ports and in some cases more connection options for external modules. Sudden changes to the infrastructure can thus be better mastered with the new XGS firewalls.

And lastly, An XGS series with SFOS v18 provides an enormous performance increase compared to an XG series with SFOS v18. Depending on which statistic you look at, XGS offers up to 3 times better performance than the XG series. For an XG firewall with v17 and an XGS firewall with v18, the performance difference is even greater.

So, the jump in performance from XG to XGS is greater than the jump from SG to XG was. And if you have any questions, please reach out to us here, or call Corporate Armor at 877-449-0458. We have tons of experience with the whole Sophos line of security and networking products. Thanks for reading!


Learn more!

Consider protecting your network with APC Uninterrupted Power Systems