I researched network security companies for several months before selecting Sophos Ltd as my partner of choice. The selection was based on a series of demos, analyst reviews, product pricing, and support for a managed service offering. I installed the Sophos XG-105 security appliance in my lab in January after getting enrolled as a partner and going through basic education on the product line. A security appliance is fundamentally a network firewall on steroids and usually offers layered services for intrusion prevention, web server protection, email protection, and often much more. This post is a brief recap on my experiences to-date with the XG-105 in my lab environment.
The Sophos XG family spans from 4 to 64 ports with the same software and capabilities across the entire line. The XG-105 has 4 configurable ports. My configuration has 1 primary WAN for my Time-Warner internet connection, 1 backup WAN connection for my Cradlepoint Cell Modem, 1 secure LAN for my office computers, and 1 “less secure LAN” that has my cameras, AV equipment, printers, and WiFi networks. Each LAN port is connected to one or more Netgear Ethernet switches to support the total network of over 1oo connected devices. This configuration provides the following benefits:
- Automatic switching of my internet connection to the Verizon network if my Time-Warner connection drops and automatic switching back when service is restored. Everything on my network stays connected to the internet and I don’t have to do anything. It is like magic!
- My business computers are isolated from the rest of my network, but they can access the printers, camera feeds, and the file server that houses my music collection. In the event that one of my many automation or entertainment devices gets corrupted, my business computers and data are protected.
In addition to the basic firewall configuration and network separation, I have the following services added:
- Intrusion Protection
- Web Filtering
- Email Protection
- Endpoint Protection
By adding Endpoint Protection on my PCs and Mac, I am able to protect my devices from viruses, malware, and ransomware. In addition, the XG-105 will automatically terminate network access for any device that becomes infected. I am also alerted through email and text if there are any issues on the network or networked devices.
Observations on Setup
Configuration of the XG-105 requires time, several hours for my network as I worked through the process for the first time. The menus are logical and the online help is robust. Basic network definition for WAN and LAN connections are straightforward. Adding DHCP servers and Failover Rules also was a relatively simple process. More time is required to configure the rules and policies controlling network access, web access, email linkage, peripheral control, and remote management. I was happy to have the luxury of time in my lab to work through the process before having to install in a customer environment. As a result, the first customer install was much faster.
How is this Different
My Sophos XG-105 replaced a Cisco router that had competitive firewall capability (it controlled traffic flow and blocked unwanted traffic). The Cisco router lacked the active intrusion protection, web filtering, and email protection services. And it lacked any intelligence about what was happening on the network.
In effect, the Cisco firewall served as a guard the controlled access to my building and stopped anyone from entering that lacked the appropriate credentials. In contrast, the Sophos XG-105 operates as a security force that examines everyone and everything entering and leaving my building to make sure that nothing gets in or out that shouldn’t. Packages and containers are x-rayed and suspicious items are blocked or sent to a safe area for further examination. All of this security is controlled by policies that determine the who, what, where, and when.
By replacing Norton anti-virus software on my Mac and PCs with Sophos Endpoint software, I maintained anti-virus protection while adding active protection against ransomware and all of these devices now coordinate with the XG-105 using a function that Sophos calls Heartbeat monitoring. The result is complete visibility and control of security across the network.
I have been impressed by the capabilities of the XG-105 and Endpoint software and their ability to work together. Setup takes time and some planning, but the result is a very capable security system for your network and business data. I am early in fully understanding all of the capabilities that are available, but I am more than satisfied with my selection of Sophos Ltd as my network security partner.