Call a Specialist Today! 020 8138 5775
Free Delivery! Free Delivery!

Sophos XG 430
Unleash the full potential of your network


Sophos XG 430 Front and Back View

Interested in the NEW XGS Series? Check out the XGS 4300!


Sophos Products
XG 430 Security Appliance
XG 430 rev. 2 Security Appliance - EU/UK power cord
Special Pricing Requests Available. Please call or contact us!
#XG43T2HEUK
Our Price: Request a Quote

More pricing below, click here!

Please Note: All prices displayed are Ex-VAT. 20% VAT is added during the checkout process.

Overview:

Sophos XG Series 1U: Distributed Edge

Our 1U rackmount appliances are the ideal choice for mid-sized and distributed organizations looking for a choice of connectivity options and the flexibility to adapt the network as and when needs change. Our redundancy options in this range are second to none.

XG 430 and XG 450

The Sophos XG 430 and XG 450 offer optimal performance and efficiency for distributed organizations or larger midsized companies. The connectivity options are second to none for rack mountable appliances, with each model coming equipped with 8 GbE copper ports, 2 10 GbE SFP+ ports and 2 additional Flexi Port slots which you can configure with your choice of optional modules. For highavailability, the XG 450 also offers unparalleled redundancy features in a 1U appliance with a second SSD (RAID) integrated and an optional second power supply is available for both models.

  • 8 GbE copper ports plus 2 10 GbE SFP+ built-in
  • Two 'Flexi Port' modular bays to use with a range of optional LAN modules
  • 2nd SSD (RAID) integrated
  • Optional 2nd external power supply

Sophos XG Firewall

Sophos XG Firewall provides comprehensive next-generation firewall protection that exposes hidden risks, blocks unknown threats, and automatically responds to incidents.

Exposes hidden risks

Sophos XG Firewall provides unprecedented visibility into top risk users, unknown apps, advanced threats, suspicious payloads and much more. You also get rich on-box reporting included at no extra charge and the option to add Sophos iView for centralized reporting across multiple firewalls.

Blocks unknown threats

Sophos XG Firewall provides all the latest advanced technology you need to protect your network from ransomware and advanced threats including top-rated IPS, Advanced Threat Protection, Cloud Sandboxing, Dual AV, Web and App Control, Email Protection and a fullfeatured Web Application Firewall. And it's easy to setup and manage.

Automatically responds to incidents

XG Firewall is the only network security solution that is able to fully identify the source of an infection on your network and automatically limit access to other network resources in response. This is made possible with our unique Sophos Security Heartbeat™ that shares telemetry and health status between Sophos endpoints and your firewall.

Potent, powerful... fast

We've engineered XG Firewall to deliver outstanding performance and security efficiency for the best return on your investment. Our appliances are built using Intel multi-core technology, solid-state drives, and accelerated in-memory content scanning. In addition, Sophos FastPath packet optimization technology ensures you'll always get maximum throughput.

Simply manage multiple firewalls

Sophos Central is the ultimate cloud-management platform - for all your Sophos products. It makes day-to-day setup, monitoring, and management of your XG Firewall easy. It also provides helpful features such as alerting, backup management, one-click firmware updates and rapid provisioning of new firewalls. Optionally, Sophos Firewall Manager (SFM) provides powerful multi-device management tools for easy provisioning of consistent policies across your entire estate. And if you also want to consolidate reporting across multiple XG, SG, and Cyberoam appliances you can easily do that with Sophos iView.

Sophos XG Firewall

Security features you can't get anywhere else

XG Firewall includes a number of innovations that not only make your job a lot easier, but also ensure your network is more secure.

Synchronized Security

An industry first, Synchronized Security links your endpoints and your firewall to enable unique insights and coordination. Security Heartbeat™ relays Endpoint health status and enables your firewall to immediately identify and respond to a compromised system on your network. The firewall can isolate systems until they can be investigated and cleaned up. Another Synchronized Security feature, Synchronized App Control, also enables the firewall to query the endpoint to determine the source of unknown traffic on the network.

Unified Firewall Rules

User identity takes enforcement to a whole new layer with our identity based policy technology enabling user level controls over applications, bandwidth and other network resources regardless of IP-address, location, network or device. It literally takes firewall policy to a whole new layer.

A Firewall That Thinks Like You

Pre-defined policy templates let you protect common applications like Microsoft Exchange or SharePoint quickly and easily. Simply select them from a list, provide some basic information and the template takes care of the rest. It sets all the inbound/outbound firewall rules and security settings for you automatically - displaying the final policy in a statement in plain English.

Insights into Top Risk Users

The Sophos User Threat Quotient (UTQ) indicator is a unique feature which provides actionable intelligence on user behavior. Our firewall correlates each user's surfing habits and activity with advanced threat triggers and history to identify users with risk-prone behavior.

Flexible deployment, no compromise

Unlike our competitors, whether you choose hardware, software, virtual or Microsoft Azure, we don't make you compromise - every feature is available on every model and form-factor.

Security features you can't get anywhere else

The Xstream Advantage

The XG Firewall Xstream architecture is engineered to deliver extreme levels of visibility, protection, and performance to help address some of the greatest challenges facing network administrators today.

Xstream SSL Inspection

According to the latest statistics, approximately 80% of web traffic is encrypted, making it invisible to most firewalls. An increasing amount of malware and potentially unwanted apps exploit the fact that organizations are simply not using SSL inspection. Network administrators' main fears are that SSL inspection will have a performance impact or cause something to break, impacting the user experience. XG Firewall removes the blind spots caused by encrypted traffic by allowing you to use SSL inspection whilst maintaining performance efficiency.

Xstream DPI Engine

We believe you should never have to decide between security and performance. XG Firewall includes a highspeed Deep Packet Inspection (DPI) engine to scan your traffic for threats without a proxy slowing down the process. The firewall stack can completely offload the processing to the DPI engine, significantly reducing latency and so improving overall efficiency. XG Firewall provides robust deep packet threat protection in a single streaming engine for AV, IPS, Web, App Control and SSL inspection.

Xstream Network Flow FastPath

Traffic which is known to be secure can be offloaded to the Xstream Network Flow FastPath. This accelerated path for trusted traffic boosts performance dramatically by freeing up resources from unnecessary traffic inspection tasks. This is particularly important for voice and video applications which are very sensitive to latency and so can quickly lead to a degradation of the user experience. XG Firewall includes automatic and policy-based intelligent offloading for trusted traffic processing at wire speed.

Sophos XG Firewall Xstream

Sophos Central

Sophos Central is at the heart of everything we do. Our cloud management platform provides a single pane of glass to not only manage your firewalls, but also your full portfolio of Sophos security solutions.

Central Management

Simply manage multiple firewalls

Sophos Central is the ultimate cloud-management platform - for all your Sophos products. It makes day-to-day setup, monitoring, and management of your XG Firewall easy. It also provides helpful features such as alerting, backup management, one-click firmware updates and rapid provisioning of new firewalls.

  • Manage all your XG Firewalls and other Sophos products from a single console
  • Configure changes and apply them to a group of firewalls or manage each firewall individually
  • Create a backup schedule and store up to 5 backups in the cloud

Note: Central Management is available at no extra cost

Central Reporting

Firewall Reporting in the cloud

Sophos Central includes powerful reporting tools that enable you to visualize your network, web, application activity, and security over time. You get a flexible reporting experience that combines a variety of built-in reports with powerful tools to create your own custom reports - enabling you to report what you want, how you want.

  • Increase your visibility into network activity through analytics
  • Analyze data to identify security gaps, suspicious user behavior or other events requiring policy changes
  • Use the pre-defined modules or customize each report for specific use cases

Note: Central Reporting is available at no extra cost for the storage of up to 7 days of report data. Premium options with longer data retention are available for optional purchase.


What's New:


Xstream Architecture

Sophos is pleased to introduce the new Xstream Architecture for XG Firewall, a new streaming packet processing architecture that provides extreme levels of protection and performance. The new architecture includes:

  1. Xstream SSL Inspection: Organizations can enable SSL inspection on their networks without compromising network performance or user experience. It delivers highperformance, high connection-capacity support for TLS 1.3 and all modern cipher suites providing extreme SSL inspection performance across all ports, protocols, and applications. It also comes equipped with enterprise-grade controls to optimize security, privacy, and performance. A new widget on the Control Center provides unprecedented visibility into SSL-encrypted traffic enabling quick troubleshooting in the event of any compatibility issues, to maintain the ultimate user experience.
  2. Xstream DPI Engine: Enables comprehensive threat protection in a single highperformance streaming DPI engine with proxyless scanning of all traffic for AV, IPS, and web threats as well as providing Application Control and SSL Inspection. Pattern matching on decrypted traffic makes patterns more effective and provides increased protection from hash/pattern changing applications such as Psiphon proxy.
  3. Xstream Network Flow FastPath: Provides the ultimate in performance by intelligently accelerating traffic processing to transfer trusted traffic at wire speeds. The FastPath offloading can be controlled through policy to accelerate important cloud application traffic, or intelligently by the DPI engine based on traffic characteristics.


What's new in XG Firewall v18

Threat Intelligence Analysis

XG Firewall gains an added layer of artificial intelligence protection. All suspicious files are now subject to threat intelligence analysis in parallel with full sandbox analysis. Files are checked against SophosLabs’ massive threat intelligence database and subjected to our industry-leading deep learning, which identifies new and unknown malware quickly and efficiently - often rendering a verdict in seconds - to stop the latest zero-day threats before they get on the network. Threat Intelligence Analysis is a new feature that is included as part of the Sandstorm Protection license (all PLUS bundles) at no extra charge.

Threat Intelligence Reporting

Threat Intelligence Reporting adds a new Control Center widget to highlight all suspicious file downloads. The widget enables one-click drill-down to detailed forensics reports on all suspicious file activity. A quick summary view for each file provides a traffic-light style (red, yellow, green) indication of the analysis after antivirus scanning, threat intelligence analysis, and sandboxing. Detailed reports provide an-depth view of the verdict, including illustrated analysis by multiple machine learning models, details and screenshots of behaviors seen during Sandstorm analysis, and an in-depth breakdown of the file’s features and attributes, together with malware scan results and insight from VirusTotal.

Sophos Central Firewall Reporting and Management

This release includes support for new firewall reporting and management capabilities being launched simultaneously on Sophos Central, including a rich, powerful new reporting suite and group firewall management tools.

NAT Enhancements - Decoupled NAT Rules and Linked NAT Rule

XG Firewall’s NAT configuration receives some major updates. NAT rules are now decoupled from firewall rules, enabling more powerful and flexible configuration options, including Source (SNAT) and Destination (DNAT) in a single rule. A new NAT rule wizard enables you to quickly and easily create complex NAT rules with just a few clicks.

In addition, a new linked NAT rule feature follows the matching criteria of the Firewall Rule. Linked NAT Rule can also be added and edited in place while creating/editing firewall rules. Only the source translation configuration needs to be selected for Linked NAT Rule.

Firewall Rules Management Improvements

Firewall rules management includes a new ‘Add Filter’ option with several fields/ conditions from which to choose. Adding a filter makes it easier to find firewall rules based on the selected filter criteria. Once selected, filters stay selected even when the administrator moves to other configuration screens. Administrators can manage multiple firewall rules at the same time (e.g. select multiple rules to delete, enable/ disable, attach to a group, etc.). Movement of rules across screens is possible, providing ease of use and management for larger rule sets. Within the firewall rule there is an exclusion feature that provides a “negate” option in the matching criteria to reduce the management and ordering overhead of multiple rules. There’s also a UI option to reset the data transfer counter for a firewall rule to improve troubleshooting.

Enhanced DDNS Support

Provides support for enhanced DDC service HTTPS-based DDNS by adding five more DDNS providers - No-IP, DNS-O-Static, Google DNS, Namecheap, and FreeDNS.

SD-WAN Application Routing and Synchronized SD-WAN

Optimized application routing and path selection is often an important objective in SD-WAN implementations - to ensure important business applications are routed over preferred WAN links. This release adds user and group application-based traffic selection criteria to XG Firewall’s SD-WAN routing configuration. Synchronized SD-WAN, a new Sophos Synchronized Security feature, offers additional benefits with SD-WAN application routing. Synchronized SD-WAN leverages the added clarity and reliability of application identification that comes with the sharing of Synchronized Application Control information between Sophos-managed endpoints and XG Firewall. Synchronized Application Control can positively identify 100% of all networked applications, including evasive, encrypted, obscure, and custom applications and now these previously unidentified applications can also be added to SD-WAN routing policies. This provides a level of application routing control and reliability that other firewalls can’t match.

Alerts and Notifications

There is a new option to choose from dozens of system- and threatrelated alerts, and have notifications sent via email or SNMP. Intelligent IPS Signature Selection XG Firewall will receive IPS signatures based on a number of intelligent filtering criteria such as age, vendor, vulnerability type, and CVSS (Common Vulnerability Scoring System) to optimize protection and performance.

DKIM and BATV Anti-Spam Protection

Anti-spam protection is improved with support for DomainKeys Identified Mail (DKIM) which detects forged sender addresses and Bounce Address Tag Validation (BATV) to determine whether the bounce address specified in the received email is valid, and reject backscatter spam.

Kerberos Authentication and NTLM

This release adds Kerberos authentication alongside the existing NTLM support for Microsoft Active Directory SSO, extending the range of authentication tools available for customers.

Radius Timeout with Two-Factor Authentication (2FA)

For customers using 2FA with Radius Server Authentication, the timeout value is now configurable, allowing additional time to finish the authentication flow when necessary.

SNMPv3

Support for SNMPv3 is added providing more flexibility and security over SNMPv2.

Interface Renaming

Interfaces can be renamed, making networking configuration easier and more intuitive.

Improved Synchronized Application Control Verdict

In the event of a pattern-based match conflict, Synchronized Application Control Verdict will be adhered to for more accurate application control.

DHCP Relay Enhancements for Dynamic Routing

Synchronizes dynamic routing updates (learned routes from OSPF) to DHCP relay, eliminating the need for manual reconfiguration.

Secure Syslog and Logs in the Standard Syslog Format

Provides the option to fetch logs in the standard syslog format using secure TLS.

Dynamic GeoIP (IP to Country Mapping) Database

The GeoIP database is now updated dynamically in real time from Up2Date. Be sure to always use the appropriate country-specific filters and policies.

VMware Tools Upgrade and Integration with VMware Site Recovery Manager (SRM)

Supports virtual device integration of the latest VMware Tools version (v10.3.10) with reboot, shutdown, and clone-like functionalities. The release also supports integration with Site Recovery Manager (SRM), the disaster recovery and business continuity solution from VMware which automates the transfer of virtual machines to a local or remote recovery site.

Jumbo Frame Support

Jumbo frames with more than 1500 byte payloads are now supported for added networking flexibility in high-bandwidth environments.

Wildcard Domain Support in WAF

XG Firewall now supports wildcard domains for WAF (Web Application Firewall). Administrators can configure wildcard subdomains, (e.g. *.example.com) for both HTTP and HTTPS.

Log Viewer Enhancements

The log viewer gets several enhancements with one-click actions available right from the logs to narrow search results, filter log entries, or create or modify policies on the fly. Options include the choice to disable signatures, block a source IP address, edit interfaces, and modify IPS, App Control, or web filtering policies.

Web Policy Enhancements

Browsing quotas have been added to web policies, allowing administrators to set time quotas for browsing selected website categories. Users can choose how and when to consume their daily time quota.

High Availability (HA) Enhancements

New enhancements enable plug-and-play high availability deployments with greater flexibility and business redundancy. A preconfigured HA port on every device enables quick and easy HA deployments by simply connecting the two ports together and then acknowledging and activating HA. HA configurations also include a configurable failback strategy, ideal for remote-site HA deployments, with options for manual synchronization and time out tuning. It is now possible to perform firmware updates, rollbacks, and other tasks such as port monitoring lists and assigning multiple IP addresses to primary and auxiliary appliances while HA is active. In addition, deploying more than one HA pair in a single network is easier due to the elimination of conflicts arising from any dependency on a virtual MAC address HA architecture.

Features:

Network Protection

All the protection you need to stop sophisticated attacks and advanced threats while providing secure network access to those you trust.

Next-gen Intrusion Prevention System

Provides advanced protection from all types of modern attacks. It goes beyond traditional server and network resources to protect users and apps on the network as well.

Advanced Threat Protection

Instant identification and immediate response to today's most sophisticated attacks. Multi-layered protection identifies threats instantly and Security Heartbeat™ provides an emergency response.

Security Heartbeat

Creates a link between your Sophos Central protected endpoints and your firewall to identify threats faster, simplify investigation and minimize impact from attacks. Easily incorporate Heartbeat status into firewall policies to automatically isolate compromised systems.

Advanced VPN technologies

Adds unique and simple VPN technologies including our clientless HTML5 self-service portal that makes remote access incredibly simple or utilize our exclusive light-weight secure RED (Remote Ethernet Device) VPN technology.

Web Protection

Unmatched visibility and control over all your user's web and application activity.

Powerful user and group web policy

Provides enterprise-level Secure Web Gateway policy controls to easily manage sophisticated user and group web controls. Apply policies based upon uploaded web keywords indicating inappropriate use or behavior.

Advanced Web Threat Protection

Backed by SophosLabs, our advanced engine provides the ultimate protection from today's polymorphic and obfuscated web threats. Innovative techniques like JavaScript emulation, behavioral analysis, and origin reputation help keep your network safe.

High performance transparent proxy

Optimized for top performance, our transparent proxy technology provides ultra-low latency inspection and HTTPS scanning of all traffic for threats and compliance.

Application Control and QoS

Enables user-aware visibility and control over thousands of applications with granular policy and traffic-shaping (QoS) options based on application category, risk, and other characteristics. Synchronized Application Control automatically identifies all the unknown, evasive, and custom application on your network.

Email Protection

Consolidate your email protection with anti-spam, DLP, and encryption.

Integrated Message Transfer Agent

Ensures always-on business continuity for your email, allowing the firewall to automatically queue mail in the event servers become unavailable.

Live Anti-Spam

Provides protection from the latest spam campaigns, phishing attacks, and malicious attachments.

Self-serve Quarantine

Gives employees direct control over their spam quarantine, saving you time and effort.

SPX Email Encryption

Unique to Sophos, SPX makes it easy to send encrypted email to anyone, even those without any kind of trust infrastructure using our patent-pending password-based encryption technology.

Data Loss Prevention

Policy-based DLP can automatically trigger encryption or block/notify based on the presence of sensitive data in emails leaving the organization.

Web Server Protection

Harden your web servers and business applications against hacking attempts while providing secure access.

Business Application Policy Templates

Pre-defined policy templates let you protect common applications like Microsoft Exchange Outlook Anywhere or SharePoint quickly and easily.

Protection from the latest hacks and attacks

With a variety of advanced protection technologies including URL and form hardening, deep-linking and directory traversal prevention, SQL injection and cross-site scripting protection, cookie signing and more.

Reverse proxy

With authentication options, SSL offloading, and server load balancing ensure maximum protection and performance for your servers being accessed from the internet.

Sandstorm Protection

AI-driven static and dynamic file analysis techniques combine to bring unprecedented threat intelligence to your firewall and so effectively identify and block ransomware, known and unknown threats.

Powered by SophosLabs

Powered by the industry-leading SophosLabs, the Sandstorm Protection subscription includes a fully cloudbased threat intelligence and threat analysis platform. This provides deep learning-based file analysis, detailed analysis reporting and a threat meter to show the risk summary for a file.

They use layers of analytics to identify known and potential threats, reduce unknowns and derive verdicts and intelligence reports for the most commonly used file types.

Static File Analysis

By harnessing the power of multiple machine learning models, global reputation, deep file scanning, and more, you can quickly identify threats without the need to execute the files in real time.

Dynamic File Analysis

Execute a file in a secure cloud-based sandbox to observe its behavior and intent. Screenshots provide added insight into any key events during the analysis.

Threat Intelligence Analysis Reporting

Rich intelligence reports provide you with much more than just a ‘good’, ‘bad’, or ‘unknown’ verdict. Full insight into the nature and capabilities of a threat are delivered through the use of data science and SophosLabs research.

Sandstorm Protection

How to Buy:

Every XG Firewall comes equipped with Base Firewall functionality including IPSec, SSL VPN, and Wireless Protection. You can extend protection with our bundles or by adding protection modules individually.

How to Buy

Sophos XG Firewall Value Bundles

For the ultimate in protection, value, and peace-of-mind, get one of our convenient Value Bundles.

What you get EnterpriseProtect Plus Bundle TotalProtect Plus Bundle
Base Firewall Firewall, IPsec and SSL VPN, Wireless Protection (APs sold separately)
Network Protection IPS, RED, HTML5 VPN, ATP, Security Heartbeat
Web Protection Anti-malware, Web and App visibility, control, and protection
Email Protection Anti-spam, SPX Email Encryption, and DLP
Web Server Protection Web Application Firewall and reverse proxy
Sandstorm Protection next-gen cloud-sandbox technology
Enhanced Support 24x7 support, security and software updates, adv. exchange warranty
XG Series Hardware Appliance Multi-core Intel processor, solid-state storage, flexible connectivity

Synchronized Security:

Security Heartbeat™ - Your firewall and your endpoints are finally talking

Sophos XG Firewall is the only network security solution that is able to fully identify the user and source of an infection on your network and automatically limit access to other network resources in response. This is made possible with our unique Sophos Security Heartbeat™ that shares telemetry and health status between Sophos endpoints and your firewall, and integrates endpoint health into firewall rules to control access and isolate compromised systems.

The good news is, this all happens automatically, and is successfully helping numerous businesses and organizations to save time and money in protecting their environments today.

Synchronized Application Control

Using Security Heartbeat we can do much more than just see the health status of an endpoint. We also have a solution to one of the biggest problems most network administrators face today - lack of visibility into network traffic.

Synchronized Application Control automatically identifies, classifies and controls encrypted, custom, evasive, and generic HTTP or HTTPS applications which are currently going unidentified.

Synchronized Security

Lateral Movement Protection

Lateral Movement Protection automatically isolates compromised systems at every point in the network to stop attacks dead in their tracks. Healthy endpoints assist by ignoring all traffic from unhealthy endpoints, enabling complete isolation, even on the same network segment, to prevent threats and active adversaries from spreading or stealing data.

Synchronized User ID

User authentication is critically important in a nextgeneration firewall but often challenging to implement in a seamless and transparent way. Synchronized User ID eliminates the need for client or server authentication agents by sharing user identity between the endpoint and the firewall through Security Heartbeat™. It's just another great benefit of having your firewall and endpoints integrated and sharing information.

Sophos XG Series Appliances - at a glance:

Our XG Series hardware appliances are purpose-built with the latest multi-core Intel technology, generous RAM provisioning, and solid-state storage. Whether you're protecting a small business or a large datacenter, you're getting industry leading performance.

Product Matrix

Model Tech. Specs Throughput¹
Revision # Form Factor Ports/Slots (Max Ports) w-model* Swappable Components Firewall (Mbps) VPN (Mbps) NGFW (Mbps) Threat Protection (Mbps) Xstream SSL (Mbps)
XG 86(w) 1 desktop 4 Wi-Fi 5 n/a 3,100 225 350 145 75
XG 106(w) 1 desktop 4 Wi-Fi 5 opt. ext. Power 3,550 330 400 150 75
XG 115(w) 3 desktop 4 Wi-Fi 5 opt. ext. Power 4,000 560 1,000 375 130
XG 125(w) 3 desktop 9/1 (9) Wi-Fi 5 opt. ext. Power, 3G/4G 7,000 1,500 1,275 400 170
XG 135(w) 3 desktop 9/1 (9) Wi-Fi 5 opt. ext. Power, 3G/4G, Wi-Fi** 7,500 1,700 1,800 600 210
XG 210 3 1U 8/1 (16) n/a opt. ext. Power 29,000 1,920 3,200 800 230
XG 230 2 1U 8/1 (16) n/a opt. ext. Power 32,000 2,100 4,500 1,000 280
XG 310 2 1U 12/1 (20) n/a opt. ext. Power 35,000 3,050 5,300 1,550 370
XG 330 2 1U 12/1 (20) n/a opt. ext. Power 38,000 3,940 9,300 2,100 560
XG 430 2 1U 10/2 (26) n/a opt. ext. Power 55,000 5,000 10,000 2,200 600
XG 450 2 1U 10/2 (26) n/a opt. int. Power 65,000 6,100 13,900 3,400 770
XG 550 2 2U 8/4 (32) n/a Power, SSD, Fan 75,000 8,500 15,300 6,000 1,000
XG 650 2 2U 8/6 (48) n/a Power, SSD, Fan 85,000 9,000 18,000 7,700 1,350
XG 750 2 2U 8/8 (64) n/a Power, SSD, Fan 100,000 12,500 19,200 9,400 1,400
* 802.11ac Wave 2
** 2nd Wi-Fi module option on 135w only (requires XG v17 MR6 or higher)

What you get with every XG Series appliance

  • Full Wireless Protection included in the Base License
  • On-box reporting or reporting for 7 days via Sophos Central
  • Free management via Sophos Central
  • The flexibility to add optional connectivity modules to adapt your firewall to changes in your environment

A simple approach to comprehensive support

We build products that are simple yet comprehensive. And, we take the same approach with our support. With options ranging from basic technical support to those including direct access to senior support engineers and customized delivery.

Licenses names Standard
Included with purchase
Enhanced
Included in all bundles
Enhanced Plus
Support
Via telephone and email
For 90 days
(business hours only)
Included
(24x7)
VIP Access
(24x7)
Security Updates & Patches
For the life of the product
Included with an active software subscription Included with an active software subscription Included with an active software subscription
Software Feature Updates & Upgrades Included 90-days Included Included
Consulting
Remote consultation on your firewall configuration and security with a Sophos Senior Technical Support Engineer
Included
(up to 4 hours)
Warranty and RMA
For all hardware appliances
1 year (return / replace) Advance Exchange
(max. 5 years)
Advance Exchange
(max. 5 years)
Technical Account Manager
Dedicated named technical account manager
Optional
(extra cost)
Optional
(extra cost)

XG 430, XG 450 Specifications:

XG 430 Specifications

The Sophos XG 430 and XG 450 offer enterprise performance for distributed organizations or larger mid-sized companies. The connectivity options are second to none for rack mountable appliances, with each model coming equipped with 8 GbE copper ports, 2 10 GbE SFP+ ports and 2 additional FleXi Port slots which you can configure with your choice of optional modules. For high-availability, the XG 450 also offers unparalleled redundancy features in a 1U appliance with a second SSD (RAID) integrated and an optional second power supply is available for both models.

Environment
Power consumption XG 430: 28W, 96 BTU/hr (idle)
79W, 270 BTU/hr (full load)
XG 450: 31W, 107 BTU/hr (idle)
83W, 283 BTU/hr (full load)
Operating temperature 0-40°C (operating)
-20 to +80°C (storage)
Humidity 10%-90%, non-condensing
Product Certifications
Certifications CB, UL, CE, FCC Class A, ISED, VCCI, RCM, CCC, KC, BIS
Performance¹ XG 430 Rev. 2 XG 450 Rev. 2
Firewall throughput 55,000 Mbps 65,000 Mbps
Firewall IMIX 26,900 Mbps 34,000 Mbps
IPS throughput 10,800 Mbps 14,700 Mbps
NGFW Throughput 10,000 Mbps 13,900 Mbps
Threat Protection throughput 2,200 Mbps 3,400 Mbps
Concurrent connections 13,640,000 13,640,000
New connections/sec 146,000 187,000
IPsec VPN throughput 5,000 Mbps 6,100 Mbps
Xstream SSL decryption + Threat Protection 600 Mbps 770 Mbps
Xstream SSL Concurrent connections 102,400 102,400
Physical interfaces
Storage (local quarantine/logs) integrated SSD 2 x integrated SSD
Ethernet interfaces (fixed) 8 GbE copper (incl. 2 bypass pairs)
2 10 GbE SFP+*
No. of FleXi Port slots 2
FleXi Port modules (optional) 8 port GbE copper
8 port GbE SFP*
2 port 10 GbE SFP+*
4 port 10 GbE SFP+*
2 port 40 GbE QSFP+*
4 port GbE PoE
8 port GbE PoE
4 port GbE copper LAN bypass
I/O ports 2 x USB 3.0 (front)
1 x Micro USB (front)
1 x USB 3.0 (rear)
1 x COM (RJ45) (front)
1 x IPMI (front)
1 x HDMI (rear)
Display Multi-function LCD module
Power supply Internal autoranging
100-240VAC, 50-60 Hz
Redundant PSU
optional (external)
Internal autoranging
100-240VAC, 50-60 Hz
Hot Swap
Redundant PSU
optional (internal)
Physical specifications
Mounting 1U rackmount (sliding rails incl.)
Dimensions
Width x Depth x Height
438 x 507.7 x 44mm
17.24 x 19.99 x 1.75 inches
Weight 7.6 kg / 16.76 lbs (unpacked)
13.7 kg / 30.2 lbs (packed)
7.8 kg / 17.2 lbs (unpacked)
14.8 kg / 32.63 lbs (packed)
¹ General: Max. throughput measured under ideal test conditions using SF-OS 17.0 with App-classification disabled using industry standard Spirent /Avalanche performance test and Ixia test tools. Actual performance may vary depending on network conditions and activated services.* Transceivers (mini GBICs) sold separately

Documentation:

Download the Sophos XG Series Data Sheet (PDF).

It appears you don't have a PDF plugin for this browser. No biggie... you can click here to download the PDF file.

Download the Sophos XG Series Sizing Guidelines (PDF).

It appears you don't have a PDF plugin for this browser. No biggie... you can click here to download the PDF file.

Pricing Notes:

  • All prices displayed are Ex-VAT. 20% VAT is added during the checkout process.
  • If your existing XG appliance does not have an active subscription or license, you will need to purchase a new license.
  • If you currently have an active subscription with an existing SG appliance, you can renew that subscription license by purchasing the renewal.
  • AP warranty is not included for the XG Wireless Subscriptions and will need to be purchased separately
  • TotalProtect includes: Appliance and FullGuard subscription (Network Protection, Web Protection, Email Protection, Webserver Protection and Enhanced Support). TotalProtect Plus additionally includes Sandstorm.
  • EnterpriseProtect includes:Appliance and EnterpriseGuard subscription (Network Protection, Web Protection and Enhanced Support). EnterpriseProtect Plus additionally includes Sandstorm.
  • FullGuard Subscription Includes: Network Protection, Web Protection, Email Protection, Webserver Protection and Enhanced Support. FullGuard Plus additionally includes Sandstorm.
  • EnterpriseGuard Subscription Includes: Network Protection, Web Protection and Enhanced Support. EnterpriseGuard Plus additionally includes Sandstorm.
  • Security Heartbeat functionality is available when XG Firewall Network Protection, EnterpriseGuard or FullGuard subscription is used in conjunction with Central Endpoint Advanced, Cloud Enduser Protection and Intercept X licences.
  • Pricing and product availability subject to change without notice.
Sophos Products
XG 430 Security Appliance
XG 430 rev. 2 Security Appliance - EU/UK power cord
Special Pricing Requests Available. Please call or contact us!
#XG43T2HEUK
Our Price: Request a Quote
XG Standard Protection
XG 430 Standard Protection - 1 Year
#SP430Z12ZZNCAA
List Price: £5,224.20
Our Price: Request a Quote
XG 430 Standard Protection - 2 Year
#XT432CSES
Our Price: Request a Quote
XG 430 Standard Protection - 3 Year
#XT433CSES
Our Price: Request a Quote
XG Xstream Protection
XG 430 Xstream Protection - 1 Year
#XS430Z12ZZNCAA
List Price: £7,052.40
Our Price: Request a Quote
XG 430 Xstream Protection - 2 Year
#XX432CSES
Our Price: Request a Quote
XG 430 Xstream Protection - 3 Year
#XX433CSES
Our Price: Request a Quote
XG 430 Network Protection - New License
XG 430 Network Protection - 1 Year
Special Pricing Requests Available. Please call or contact us!
#NS430Z12ZZNCAA
List Price: £2,115.60
Our Price: Request a Quote
XG 430 Network Protection - 2 Year
Special Pricing Requests Available. Please call or contact us!
#XN432CSAA
Our Price: Request a Quote
XG 430 Network Protection - 3 Year
Special Pricing Requests Available. Please call or contact us!
#XN433CSAA
Our Price: Request a Quote
XG 430 Web Protection - New License
XG 430 Web Protection - 1 Year
Special Pricing Requests Available. Please call or contact us!
#WS430Z12ZZNCAA
List Price: £2,821.20
Our Price: Request a Quote
XG 430 Web Protection - 2 Year
Special Pricing Requests Available. Please call or contact us!
#XB432CSAA
Our Price: Request a Quote
XG 430 Web Protection - 3 Year
Special Pricing Requests Available. Please call or contact us!
#XB433CSAA
Our Price: Request a Quote
XG 430 Email Protection - New License
XG 430 Email Protection - 1 Year
Special Pricing Requests Available. Please call or contact us!
#ES430Z12ZZNCAA
List Price: £1,057.80
Our Price: Request a Quote
XG 430 Email Protection - 2 Year
Special Pricing Requests Available. Please call or contact us!
#XM432CSAA
Our Price: Request a Quote
XG 430 Email Protection - 3 Year
Special Pricing Requests Available. Please call or contact us!
#XM433CSAA
Our Price: Request a Quote
XG 430 Webserver Protection - New License
XG 430 Webserver Protection - 1 Year
Special Pricing Requests Available. Please call or contact us!
#SS430Z12ZZNCAA
List Price: £1,057.80
Our Price: Request a Quote
XG 430 Webserver Protection - 2 Year
Special Pricing Requests Available. Please call or contact us!
#XS432CSAA
Our Price: Request a Quote
XG 430 Webserver Protection - 3 Year
Special Pricing Requests Available. Please call or contact us!
#XS433CSAA
Our Price: Request a Quote
XG 430 Sandstorm - New License
XG 430 Sandstorm - 1 Year
Special Pricing Requests Available. Please call or contact us!
#ZD430Z12ZZNCAA
List Price: £1,410.60
Our Price: Request a Quote
XG 430 Sandstorm - 2 Year
Special Pricing Requests Available. Please call or contact us!
#SX432CSAA
Our Price: Request a Quote
XG 430 Sandstorm - 3 Year
Special Pricing Requests Available. Please call or contact us!
#SX433CSAA
Our Price: Request a Quote
XG Standard Protection
XG 430 Standard Protection - 1 Year - Renewal
#SP430Z12ZZRCAA
List Price: £5,224.20
Our Price: Request a Quote
XG 430 Standard Protection - 2 Year - Renewal
#XT432CTES
Our Price: Request a Quote
XG 430 Standard Protection - 3 Year - Renewal
#XT433CTES
Our Price: Request a Quote
XG Xstream Protection
XG 430 Xstream Protection - 1 Year - Renewal
#XS430Z12ZZRCAA
List Price: £7,052.40
Our Price: Request a Quote
XG 430 Xstream Protection - 2 Year - Renewal
#XX432CTES
Our Price: Request a Quote
XG 430 Xstream Protection - 3 Year - Renewal
#XX433CTES
Our Price: Request a Quote
XG 430 Network Protection - Renewal
XG 430 Network Protection - 1 Year - Renewal
Special Pricing Requests Available. Please call or contact us!
#NS430Z12ZZRCAA
List Price: £2,115.60
Our Price: Request a Quote
XG 430 Network Protection - 2 Year - Renewal
Special Pricing Requests Available. Please call or contact us!
#XN432CTAA
Our Price: Request a Quote
XG 430 Network Protection - 3 Year - Renewal
Special Pricing Requests Available. Please call or contact us!
#XN433CTAA
Our Price: Request a Quote
XG 430 Web Protection - Renewal
XG 430 Web Protection - 1 Year - Renewal
Special Pricing Requests Available. Please call or contact us!
#WS430Z12ZZRCAA
List Price: £2,821.20
Our Price: Request a Quote
XG 430 Web Protection - 2 Year - Renewal
Special Pricing Requests Available. Please call or contact us!
#XB432CTAA
Our Price: Request a Quote
XG 430 Web Protection - 3 Year - Renewal
Special Pricing Requests Available. Please call or contact us!
#XB433CTAA
Our Price: Request a Quote
XG 430 Email Protection - Renewal
XG 430 Email Protection - 1 Year - Renewal
Special Pricing Requests Available. Please call or contact us!
#ES430Z12ZZRCAA
List Price: £1,057.80
Our Price: Request a Quote
XG 430 Email Protection - 2 Year - Renewal
Special Pricing Requests Available. Please call or contact us!
#XM432CTAA
Our Price: Request a Quote
XG 430 Email Protection - 3 Year - Renewal
Special Pricing Requests Available. Please call or contact us!
#XM433CTAA
Our Price: Request a Quote
XG 430 Webserver Protection - Renewal
XG 430 Webserver Protection - 1 Year - Renewal
Special Pricing Requests Available. Please call or contact us!
#SS430Z12ZZRCAA
List Price: £1,057.80
Our Price: Request a Quote
XG 430 Webserver Protection - 2 Year - Renewal
Special Pricing Requests Available. Please call or contact us!
#XS432CTAA
Our Price: Request a Quote
XG 430 Webserver Protection - 3 Year - Renewal
Special Pricing Requests Available. Please call or contact us!
#XS433CTAA
Our Price: Request a Quote
XG 430 Sandstorm - Renewal
XG 430 Sandstorm - 1 Year - Renewal
Special Pricing Requests Available. Please call or contact us!
#ZD430Z12ZZRCAA
List Price: £1,410.60
Our Price: Request a Quote
XG 430 Sandstorm - 2 Year - Renewal
Special Pricing Requests Available. Please call or contact us!
#SX432CTAA
Our Price: Request a Quote
XG 430 Sandstorm - 3 Year - Renewal
Special Pricing Requests Available. Please call or contact us!
#SX433CTAA
Our Price: Request a Quote
XG 430 Enhanced Support
For new purchases only
XG 430 Enhanced Support - 1 Year
Special Pricing Requests Available. Please call or contact us!
#SE430Z12ZZNCAA
List Price: £642.00
Our Price: Request a Quote
XG 430 Enhanced Support - 2 Year
Special Pricing Requests Available. Please call or contact us!
#EN432CEAA
Our Price: Request a Quote
XG 430 Enhanced Support - 3 Year
Special Pricing Requests Available. Please call or contact us!
#EN433CEAA
Our Price: Request a Quote
XG 430 Enhanced Support - Renewal
XG 430 Enhanced Support - 1 Year - Renewal
Special Pricing Requests Available. Please call or contact us!
#SE430Z12ZZRCAA
List Price: £642.00
Our Price: Request a Quote
XG 430 Enhanced Support - 2 Year - Renewal
Special Pricing Requests Available. Please call or contact us!
#EN432CFAA
Our Price: Request a Quote
XG 430 Enhanced Support - 3 Year - Renewal
Special Pricing Requests Available. Please call or contact us!
#EN433CFAA
Our Price: Request a Quote
XG 430 Enhanced to Enhanced Plus Support Upgrade
XG 430 Enhanced to Enhanced Plus Support Upgrade - 1 Year
Special Pricing Requests Available. Please call or contact us!
#UP430Z12ZZNCAA
List Price: £428.04
Our Price: Request a Quote
XG 430 Enhanced to Enhanced Plus Support Upgrade - 2 Year
Special Pricing Requests Available. Please call or contact us!
#EP432CEUP
Our Price: Request a Quote
XG 430 Enhanced to Enhanced Plus Support Upgrade - 3 Year
Special Pricing Requests Available. Please call or contact us!
#EP433CEUP
Our Price: Request a Quote
XG 430 Enhanced to Enhanced Plus Support Upgrade - Renewal
XG 430 Enhanced to Enhanced Plus Support Upgrade - 1 Year - Renewal
Special Pricing Requests Available. Please call or contact us!
#UP430Z12ZZRCAA
List Price: £428.04
Our Price: Request a Quote
XG 430 Enhanced to Enhanced Plus Support Upgrade - 2 Year - Renewal
Special Pricing Requests Available. Please call or contact us!
#EP432CFUP
Our Price: Request a Quote
XG 430 Enhanced to Enhanced Plus Support Upgrade - 3 Year - Renewal
Special Pricing Requests Available. Please call or contact us!
#EP433CFUP
Our Price: Request a Quote
Hardware Mounting Kits
SG/XG 310/330/430/450 rev.2 Rackmount Sliding Rails
#RMEZTCH4U
List Price: £145.50
Our Price: Request a Quote
LAN Modules
2 port 10GbE SFP+ FleXi Port module (for SG/XG 2xx/3xx/4xx only)
#SGIZTCHF2
List Price: £795.50
Our Price: Request a Quote
2 port 40GbE QSFP+ Flexi Port Module (SG/XG 210 rev.3 & 230/3xx/4xx rev.2 )
#SGSZT2HF2
List Price: £1,593.50
Our Price: Request a Quote
4 port GbE copper - 2 Bypass groups FleXi Port module (for XG 2xx/3xx/4xx only)
#SGCZTCHF4
List Price: £351.00
Our Price: Request a Quote
4 port GbE PoE Flexi Port module + Power Supply Kit (for SG/XG 210 rev.3 & 230/3xx/4xx rev.2) with EUK Power Cord
#SGIZT2JEUK
List Price: £695.00
Our Price: Request a Quote
8 port GbE copper FleXi Port module (for SG/XG 2xx/3xx/4xx only)
#SGIZTCHC8
List Price: £695.00
Our Price: Request a Quote
8 port GbE PoE Flexi Port module + Power Supply Kit (for SG/XG 210 rev.3 & 230/3xx/4xx rev.2) with EUK Power Cord
#SGIZT2HEUK
List Price: £994.00
Our Price: Request a Quote
8 port GbE SFP FleXi Port module (for SG/XG 2xx/3xx/4xx only)
#SGIZTCHF8
List Price: £695.00
Our Price: Request a Quote
Power Supplies
XRP200 External Redundant Power Supply (for SG/XG 210 rev.3 & 230/3xx/430 rev.2) with EUK Power Cord
#SGXZT2HEUK
List Price: £395.00
Our Price: Request a Quote
Transceivers
1000Base-LX Fiber Transceiver (GBIC) - for UTM/SG/XG SFP ports
#ITFZTCHLX
List Price: £497.50
Our Price: Request a Quote
1000Base-SX Fiber Transceiver (GBIC) - for UTM/SG/XG SFP ports
#ITFZTCHSX
List Price: £186.50
Our Price: Request a Quote
1000Base-T Copper Transceiver (GBIC) - for UTM/SG/XG SFP ports
#ITFZTCHTC
List Price: £288.50
Our Price: Request a Quote
Dual Rate 10GBase-LR 10GbE Fiber Transceiver (GBIC), for UTM/SG/XG SFP+ ports
#ITFZTCHLR
List Price: £887.50
Our Price: Request a Quote
Dual Rate 10GBase-SR 10GbE Fiber Transceiver (GBIC), for UTM/SG/XG SFP+ ports
#ITFZTCHXF
List Price: £678.00
Our Price: Request a Quote