XG Firewall FeaturesSophos XG FirewallHighlightsÌ Xstream Architecture provides extreme levelsof visibility, protection, and performancethrough stream-based packet processingÌ Xstream TLS inspection offers high performance,support for TLS 1.3 with no downgrading, portagnostic, enterprise-grade polices, unique dashboardvisibility, and compatibility troubleshootingÌ Xstream DPI Engine provides stream scanningprotection for IPS, AV, Web, App Control, and TLSInspection in a single-high performance engineÌ XStream Network Flow FastPath deliverspolicy-driven and intelligent accelerationof trusted traffic automaticallyÌ Purpose-built user interface with interactive controlcenter utilizes traffic-light indicators (red, yellow, green)to instantly identify what needs attention at a glanceÌ Control Center offers instant insights into endpointhealth, unidentified Mac and Windows applications,cloud applications and Shadow IT, suspiciouspayloads, risky users, advanced threats, networkattacks, objectionable websites, and much moreÌ IPS, Web, App, and Traffic Shaping (QoS) policiessnap into firewall rules and can be edited inplace providing a powerful yet intuitive model forconfiguring and managing security and controlÌ Sophos Security HeartbeatTM connects Sophosendpoints with the firewall to share health statusand telemetry enabling instant identificationof unhealthy or compromised endpointsÌ Dynamic firewall rule support for endpoint health(Sophos Security Heartbeat) automatically isolatesand limits network access to compromised endpointsÌ Synchronized Application Control automatically,identifies, classifies, and controls all unknownMac/Windows applications on the networkÌ Cloud Application Visibility enables Shadow IT discoveryinstantly and offers one-click traffic shapingÌ Policy test simulator tool enables firewall rule and webpolicy simulation and testing by user, IP, and time of dayÌ User Threat Quotient identifies risky users basedon recent browsing behavior and ATP triggersÌ Configuration API for all featuresfor RMM/PSA integrationÌ Optimized two-clicks-to-anywhere navigationÌ Discover Mode (TAP mode) for seamless integration intrials and PoCs with support for Synchronized SecurityÌ Policy Control Center widget monitors policy activityfor business, user and network policies and tracksunused, disabled, changed, and new policiesÌ SD-WAN connects remote/branch sites acrossa geographically-distributed networkÌ Unified policy model combines all business, user,and network firewall rules onto a single screenwith grouping, filtering, and search optionsÌ Streamlined firewall rule management for large rulesets with custom auto and manual grouping plus at-aglance mouse-over feature and enforcement indicatorsÌ All firewall rules provide an at-a-glance summary ofthe applied security and control for AV, sandboxing,IPS, Web, App, Traffic Shapping (QoS), and HeartbeatÌ Pre-defined IPS, Web, App, and Traffic Shaping(QoS) policies enable quick setup and easycustomization for common deployment scenarios(e.g. CIPA, typical workplace policies, and more)Ì Remote Access VPN with a free andeasy client for Windows/MacsÌ Sophos Central cloud-based management and reportingfor multiple firewalls provides group policy managementand one console for all your Sophos IT security productsÌ Easy streamlined setup wizard enables fast outof-the box deployment in just a few minutesÌ Zero-touch deployment and configurationin Sophos Central for new firewalls

Base FirewallGeneral ManagementÌ Purpose-built, streamlined user interface and firewallrule management for large rule sets with grouping withat-a-glance rule feature and enforcement indicatorsÌ Two-factor authentication (One-time-password) supportfor administrator access, user portal, IPSec and SSL VPNÌ Advanced troubleshooting tools inGUI (e.g., Packet Capture)Ì High Availability (HA) support clustering twodevices in active-active or active-passivemode with plug-and-play Quick HA setupÌ Full command line interface (CLI) accessible from GUIÌ Role-based administrationÌ Automated firmware update notification with easyautomated update process and roll-back featuresÌ Reusable system object definitions fornetworks, services, hosts, time periods,users and groups, clients, and serversÌ Self-service user portalÌ Configuration change trackingÌ Flexible device access control for services by zonesÌ Email or SNMP trap notification optionsÌ SNMP v3 and Netflow supportÌ Central managment support via Sophos CentralÌ Backup and restore configurations: locally, via FTPor email; on-demand, daily, weekly or monthlyÌ Backup firmware management in Sophos Centralstores the last five configuration backup filesfor each firewall with one that can be pinnedfor permanent storage and easy accessÌ Firmware updates from Sophos Central offer oneclick firmware updates to be applied to any deviceÌ Zero-touch deployment enables the initialconfiguration to be performed in Sophos Centraland then exported for loading onto the devicefrom a flash drive at startup, automaticallyconnecting the device back to Sophos CentralFirewall, Networking, and RoutingÌ Stateful deep packet inspection firewallÌ Xstream packet processing architecture providesextreme levels of visibility, protection, and performancethrough stream-based packet processingÌ Xstream TLS inspection with high performance,support for TLS 1.3 with no downgrading, portagnostic, enterprise-grade polices, unique dashboardvisibility, and compatibility troubleshootingÌ Xstream DPI Engine provides stream scanningprotection for IPS, AV, Web, App Control, and TLSInspection in a single high-performance engineÌ XStream Network Flow FastPath deliverspolicy-driven and intelligent accelerationof trusted traffic automaticallyÌ User, group, time, or network-based policiesÌ Access time polices per user/groupÌ Enforce policy across zones, networks, or by service typeÌ API for third-party integrationÌ Zone isolation and zone-based policy support.Ì Interface renamingÌ Default zones for LAN, WAN, DMZ, LOCAL, VPN, and WiFiÌ Remote access option for Sophos SupportÌ Custom zones on LAN or DMZÌ Cloud-based license management via MySophosÌ Customizable NAT policies with IP masqueradingand full object support to redirect or forwardmultiple services in a single rule with a convenientNAT rule wizard to quickly and easily createcomplex NAT rules in just a few clicksSophos Central ManagementÌ Sophos Central cloud-based managementand reporting for multiple firewalls providesgroup policy management and a single consolefor all your Sophos IT security productsÌ Group policy management allows objects, settings,and policies to be modified once and automaticallysynchronized to all firewalls in the groupÌ Task Manager provides a full historical audit trailand status monitoring of group policy changesÌ Flood protection: DoS, DDoS, and portscan blockingÌ Country blocking by geo-IPÌ Routing: static, multicast (PIM-SM),and dynamic (RIP, BGP, OSPF)Ì Upstream proxy supportÌ Protocol-independent multicastrouting with IGMP snooping

Ì Bridging with STP support andARP broadcast forwardingÌ VLAN DHCP support and taggingÌ VLAN bridge supportÌ Jumbo frame supportÌ WAN link balancing: multiple Internet connections,auto-link health check, automatic failover, automaticand weighted balancing, and granular multipath rulesÌ Wireless WAN support (n/a in virtual deployments)Secure WirelessÌ Simple plug-and-play deployment of Sophoswireless access points (APs) — automaticallyappear on the firewall control centerÌ Central monitoring and management of APs andwireless clients through the built-in wireless controllerÌ Bridge APs to LAN, VLAN, or a separatezone with client isolation optionsÌ Multiple SSID support per radio including hidden SSIDsÌ 802.3ad interface link aggregationÌ Support for the latest security and encryptionstandards including WPA2 Personal and EnterpriseÌ Full configuration of DNS, DHCP, and NTPÌ Channel width seletion optionÌ Dynamic DNS (DDNS)Ì Support for IEEE 802.1X (RADIUS authentication)with primary and secondary server supportÌ IPv6 Ready Logo Program Approval CertificationÌ IPv6 tunnelling support including 6in4, 6to4, 4in6,and IPv6 rapid deployment (6rd) through IPSecSD-WANÌ Support for multiple WAN link options includingVDSL, DSL, cable, and 3G/4G/LTE cellular withessential monitoring, balancing, and failoverÌ Application path selection and routing, which isused to ensure quality and minimize latency formission-critical applications such as VoIPÌ Synchronized SD-WAN, a Synchronized Securityfeature, leverages the added clarity and reliability ofapplication identification that comes with the sharingof Synchronized Application Control informationbetween Sophos-managed endpoints and XG FirewallÌ Support for 802.11r (fast transition)Ì Hotspot support for (custom) vouchers,password of the day, or T&C acceptanceÌ Wireless guest Internet access withwalled garden optionsÌ Time-based wireless network accessÌ Wireless repeating and bridging meshednetwork mode with supported APsÌ Automatic channel selection background optimizationÌ Support for HTTPS loginAuthenticationÌ Application routing over preferred links viafirewall rules or policy-based routingÌ Synchronized User ID utilizes Synchronized Securityto share currently logged in Active Directory userID between Sophos endpoints and the firewallwithout an agent on the AD server or clientÌ Affordable, flexible, and zero-touchor low-touch deploymentÌ Authentication via: Active Directory,eDirectory, RADIUS, LDAP and TACACS Ì Robust VPN support including IPSec and SSL VPNÌ Server authentication agents for ActiveDirectory SSO, STAS, SATCÌ Centralized VPN orchestrationÌ Unique RED Layer 2 tunnel with routingBase Traffic Shaping and QuotasÌ Flexible network or user based traffic shaping (QoS)(enhanced Web and App traffic shaping optionsincluded with the Web Protection subscription)Ì Set user-based traffic quotas on upload/downloador total traffic and cyclical or non-cyclicalÌ Real-time VoIP optimizationÌ DSCP markingÌ Single sign-on: Active directory,eDirectory, RADIUS AccountingÌ Client authentication agents forWindows, Mac OS X, Linux 32/64Ì Browser SSO authentication: Transparent,proxy authentication (NTLM) and KerberosÌ Browser Captive PortalÌ Authentication certificates for iOS and AndroidÌ Authentication services for IPSec, SSL, L2TP, PPTP

Ì Google Chromebook authentication support forenvironments with Active Directory and Google G SuiteÌ API-based authenticationUser Self-Serve PortalÌ Download the Sophos Authentication ClientÌ Download SSL remote access client (Windows)and configuration files (other OS)Ì Hotspot access informationÌ Change user name and passwordÌ View personal Internet usageÌ Access quarantined messages and manage user-basedblock/allow sender lists (requires Email Protection)Base VPN OptionsÌ Site-to-site VPN: SSL, IPSec, 256- bit AES/3DES,PFS, RSA, X.509 certificates, pre-shared keyÌ Sophos RED site-to-site VPN tunnel(robust and light-weight)Ì L2TP and PPTPÌ Route-based VPNÌ Remote access: SSL, IPSec, iPhone/iPad/Cisco/Andriod VPN client supportÌ IKEv2 SupportÌ SSL client for Windows and configurationdownload via user portalSophos Connect ClientÌ Authentication: Pre-Shared Key (PSK),PKI (X.509), Token and XAUTHany of the file types listed above (including ZIP, BZIP,GZIP, RAR, TAR, LHA/LZH, 7Z, Microsoft Cabinet)Ì Aggressive behavioral, network, and memory analysisÌ Detects sandbox evasion behaviorÌ Machine Learning technology with DeepLearning scans all dropped executable filesÌ Includes exploit prevention and CryptoguardProtection technology from Sophos Intercept XÌ In-depth malicious file reports with screenshots and dashboard file release capabilityÌ Optional data center selection and flexibleuser and group policy options on file type,exclusions, and actions on analysisÌ Supports one-time download linksThreat Intelligence AnalysisÌ All files containing active code downloaded via theweb or coming into the firewall as email attachmentssuch as executables and documents containingexecutable content (including .exe, .com, and .dll, .doc,.docx, docm, and .rtf and PDF) and archives containingany of the file types listed above (including ZIP, BZIP,GZIP, RAR, TAR, LHA/LZH, 7Z, Microsoft Cabinet) areautomatically sent for Threat Intelligence AnalysisÌ Files are checked against SophosLabs’massive threat intelligence database andsubjected to multiple machine learning modelsto identify new and unknown malwareÌ Extensive reporting includes a dashboard widget foranalyzed files, a detailed list of the files that have beenanalyzed and the analysis results, and a detailed reportoutlining the outcome of each machine learning model.Ì Enables Synchronized Security and SecurityHeartbeat for remote connected usersNetwork Protection SubscriptionÌ Intelligent split-tunneling for optimum traffic routingIntrusion Prevention (IPS)Ì Client-monitor for graphical overviewof connection statusÌ High-performance, next-gen IPS deep packetinspection engine with selective IPS patternsthat can be applied on a firewall rule basis formaximum performance and protectionÌ Mac and Windows SupportÌ Top rated by NSS LabsÌ NAT-traversal supportSandstom Protection SubscriptionSandstorm Cloud Sandbox ProtectionÌ Full integration into your Sophossecurity solution dashboardÌ Inspects executables and documents containingexecutable content (including .exe, .com, and .dll, .doc,.docx, docm, and .rtf and PDF) and archives containingÌ Thousands of signaturesÌ Granular category selectionÌ Support for custom IPS signaturesÌ IPS Policy Smart Filters enable dynamic policies thatautomatically update as new patterns are added

ATP and Security HeartbeatÌ Advanced Threat Protection (detect and block networktraffic attempting to contact command and controlservers using multi-layered DNS, AFC, and firewall)Ì Sophos Security Heartbeat instantly identifiescompromised endpoints including the host, user,process, incident count, and time of compromiseÌ Sophos Security Heartbeat policies can limitaccess to network resources or completely isolatecompromised systems until they are cleanedÌ Lateral Movement Protection further isolatescompromised systems by having healthy Sophos-managed endpoints reject all traffic fromunhealthy endpoints preventing the movement ofthreats even on the same broadcast domainSD-RED Device ManagementÌ Central management of all SD-RED DeviceManagementÌ No configuration: Automatically connectsthrough a cloud-based provisioning serviceÌ Malware scanning: block all forms of viruses,web malware, trojans, and spyware onHTTP/S, FTP and web-based emailÌ Advanced web malware protectionwith JavaScript emulationÌ Live Protection real-time, in-the-cloudlookups for the latest threat intelligenceÌ Second independent malware detectionengine (Avira) for dual-scanningÌ Real-time or batch mode scanningÌ Pharming protectionÌ HTTP and HTTPS scanning and enforcementon any network and user policy with fullycustomizable rules and exceptionsÌ SSL protocol tunnelling detection and enforcmentÌ Certificate validationÌ High performance web content cachingÌ Forced caching for Sophos Endpoint updatesÌ Secure encrypted tunnel using digital X.509certificates and AES 256-bit encryptionÌ File type filtering by mime-type, extension, and activecontent types (e.g. Activex, applets, cookies, etc.)Ì Virtual Ethernet for reliable transfer ofall traffic between locationsÌ YouTube for Schools enforcementper policy (user/group)Ì IP address management with centrally definedDHCP and DNS Server configurationÌ SafeSearch enforcement (DNS-based) for majorsearch engines per policy (user/group)Ì Remotely de-authorize SD-RED devicesafter a select period of inactivityÌ Web keyword monitoring and enforcement to log,report or block web content matching keywordlists with the option to upload customs listsÌ Compression of tunnel trafficÌ VLAN port configuration optionsClientless VPNÌ Sophos unique encrypted HTML5 self-service portal withsupport for RDP, HTTP, HTTPS, SSH, Telnet, and VNCWeb Protection SubscriptionWeb Protection and ControlÌ Fully transparent proxy for anti-malwareand web filteringÌ Enhanced Advanced Threat ProtectionÌ URL Filter database with millions of sites across92 categories, backed by SophosLabsÌ Block Potentially Unwanted Applications (PUAs)Ì Web policy override option for teachers orstaff to temporarily allow access to blockedsites or categories that are fully customizableand manageable by select usersÌ User/Group policy enforcement on Google ChromebooksCloud Application VisibilityÌ Control Center widget displays amount of data uploadedand downloaded to cloud applications categorizedas new, sanctioned, unsanctioned or toleratedÌ Discover Shadow IT at a glanceÌ Drill down to obtain details on users, traffic, and dataÌ Surfing quota time policies per user/groupÌ One-click access to traffic shaping policiesÌ Access time polices per user/groupÌ Filter cloud application usage by category or volumeÌ Detailed customizable cloud applicationusage report for full historical reporting

Application Protection and ControlÌ Synchronized App Control to automatically, identify,classify, and control all unknown Windows and Macapplications on the network by sharing informationbetween Sophos-managed endpoints and the firewallÌ Signature-based application control withpatterns for thousands of applicationsÌ Cloud Application Visibility andControl to discover Shadow ITÌ App Control Smart Filters that enable dynamic policieswhich automatically update as new patterns are addedÌ Micro app discovery and controlÌ Application control based on category, characteristics(e.g., bandwidth and productivity consuming),technology (e.g. P2P), and risk levelÌ Per-user or network rule applicationcontrol policy enforcementWeb and App Traffic ShapingEnhanced traffic shaping (QoS) options by web categoryor application to limit or guarantee upload/download ortotal traffic priority and bitrate individually or sharedÌ File type detection/blocking/scanning of attachmentsÌ Accept, reject or drop over-sized messagesÌ Detects phishing URLs within e-mailsÌ Use pre-defined content scanning rules or createyour own custom rules based on a variety of criteriawith granular policy options and exceptionsÌ TLS encryption support for SMTP, POP, and IMAPÌ Append signature automatically toall outbound messagesÌ Email archiverÌ Individual user-based block and allow senderlists maintained through the user portalEmail Quarantine ManagementÌ Spam quarantine digest and notifications optionsÌ Malware and spam quarantines with search andfilter options by date, sender, recipient, subject, andreason with option to release and delete messagesÌ Self-serve user portal for viewing andreleasing quarantined messagesEmail Encryption and DLPEmail Protection SubscriptionEmail Protection and ControlÌ Email scanning with SMTP, POP3, and IMAP supportÌ Patent-pending SPX encryption forone-way message encryptionÌ Recipient self-registration SPX password managementÌ Add attachments to SPX secure repliesÌ Reputation service with spam outbreakmonitoring based on patented RecurrentPattern-Detection technologyÌ Completely transparent, no additionalsoftware or client requiredÌ Block spam and malware during the SMTP transactionÌ DLP engine with automatic scanning of emailsand attachments for sensitive dataÌ DKIM and BATV anti-spam protectionÌ Spam greylisting and Sender PolicyFramework (SPF) protectionÌ Recipient verification for mistyped email addressesÌ Second independent malware detectionengine (Avira) for dual scanningÌ Live Protection real-time, in-the-cloudlookups for the latest threat intelligenceÌ Automatic signature and pattern updatesÌ Smart host support for outbound relaysÌ Pre-packaged sensitive data type contentcontrol lists (CCLs) for PII, PCI, HIPAA, andmore, maintained by SophosLabsWeb Server Protection SubscriptionWeb Application Firewall ProtectionÌ Reverse proxyÌ URL hardening engine with deep-linkingand directory traversal preventionÌ Form hardening engineÌ SQL injection protectionÌ Cross-site scripting protectionÌ Dual-antivirus engines (Sophos and Avira)

Ì HTTPS (TLS/SSL) encryption offloadingÌ Cookie signing with digital signaturesÌ Path-based routingÌ Outlook anywhere protocol supportÌ Reverse authentication (offloading) for form-basedand basic authentication for server accessÌ Virtual server and physical server abstractionÌ Integrated load balancer spreadsvisitors across multiple serversÌ Skip individual checks in a granular fashion as requiredOn-box ReportingNOTE: XG Firewall reporting is included at no extra chargebut individual log, report, and widget availability may bedependent on their respective protection module licenses.Ì Hundreds of on-box reports with custom reportoptions: Dashboards (Traffic, Security, and UserThreat Quotient), Applications (App Risk, BlockedApps, Synchronized Apps, Search Engines, WebServers, Web Keyword Match, FTP), Network andThreats (IPS, ATP, Wireless, Security Heartbeat,Sandstorm), VPN, Email, Compliance (HIPAA,GLBA, SOX, FISMA, PCI, NERC CIP v3, CIPA)Ì Match requests from source networksor specified target URLsÌ Current Activity Monitoring: system health, live users,IPSec connections, remote users, live connections,wireless clients, quarantine, and DoS attacksÌ Support for logical and/or operatorsÌ Report anonymizationÌ Assists compatibility with various configurationsand non-standard deploymentsÌ Report scheduling to multiple recipients byreport group with flexible frequency optionsÌ Options to change Web AppliactionFIrewall performance parametersÌ Export reports as HTML, PDF, Excel (XLS)Ì Scan size limit optionÌ Allow/Block IP rangesÌ Wildcard support for server paths and domainsÌ Automatically append a prefix/suffix for authenticationCentral Firewall ReportingNOTE: Cloud-based Central Firewall Reporting for XGFirewall v18 is included at no additional cost.Ì Pre-defined reports with flexible customization optionsÌ Reporting for Sophos XG Firewalls hardware, software, virtual, and cloudÌ Intuitive user interface providesgraphical representation of dataÌ Report dashboard provides an at-a-glanceview of events over the past 24 hoursÌ Easily identify network activities,trends, and potential attacksÌ Easy backup of logs with quick retrieval for audit needsÌ Simplified deployment without theneed for technical expertiseÌ Sophos MTR Connector enables analyststo receive alerts from XG FirewallÌ Report bookmarksÌ Log retention customization by categoryÌ Full-featured log viewer with column view anddetailed view with powerful filter and search options,hyperlinked rule ID, and data view customization

XG Firewall Features by Subscription SummaryFullGuard Plus (included in TotalProtect Plus)FullGuard (included in TotalProtect)EnterpriseGuard Plus(included in EnterpriseProtect Plus)Features(as listed above)EnterpriseGuard(included in EnterpriseProtect)BaseFirewallGeneral Management (incl. HA) Xstream Architecture Firewall, Networking and Routing Base Traffic Shaping and Quotas Secure Wireless Authentication Self-Serve User Portal Base VPN Options RED Site-to-Site VPN Sophos Connect VPN Client SandstormProtectionSandstorm Protection Threat Intelligence Analysis NetworkProtectionIntrusion Prevention (IPS) ATP and Security Heartbeat SD-RED Device Management Clientless VPN WebProtectionSynchronized Application Control Web Protection and Control Application Protection and Control Cloud Application Visibility Web and App Traffic Shaping EmailProtectionEmail Protection and Control Email Quarantine Management Email Encryption and DLP Web Application Firewall ProtectionWeb ServerProtection Logging and Reporting Sophos Central Management United Kingdom and Worldwide SalesTel: 44 (0)8447 671131Email: [email protected] American SalesToll Free: 1-866-866-2802Email: [email protected] Copyright 2020. Sophos Ltd. All rights reserved.Registered in England and Wales No. 2096520, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, UKSophos is the registered trademark of Sophos Ltd. All other product and company names mentioned aretrademarks or registered trademarks of their respective owners.20-04-20 FLNA (MP)Australia and New Zealand SalesTel: 61 2 9409 9100Email: [email protected] SalesTel: 65 62244168Email: [email protected]

center utilizes traffic-light indicators (red, yellow, green) to instantly identify what needs attention at a glance Ì Control Center offers instant insights into endpoint health, unidentified Mac and Windows applications, cloud applications and Shadow IT, suspicious