Sophos XG-105 Security Appliance – Hands On

I researched network security companies for several months before selecting Sophos Ltd as my partner of choice.  The selection was based on a series of demos, analyst reviews, product pricing, and support for a managed service offering.  I installed the Sophos XG-105 security appliance in my lab in January after getting enrolled as a partner and going through basic education on the product line.  A security appliance is fundamentally a network firewall on steroids and usually offers layered services for intrusion prevention, web server protection, email protection, and often much more.  This post is a brief recap on my experiences to-date with the XG-105 in my lab environment.

Basic Configuration

The Sophos XG family spans from 4 to 64 ports with the same software and capabilities across the entire line.  The XG-105 has 4 configurable ports.  My configuration has 1 primary WAN for my Time-Warner internet connection, 1 backup WAN connection for my Cradlepoint Cell Modem, 1 secure LAN for my office computers, and 1 “less secure LAN” that has my cameras, AV equipment, printers, and WiFi networks.  Each LAN port is connected to one or more Netgear Ethernet switches to support the total network of over 1oo connected devices.  This configuration provides the following benefits:

  • Automatic switching of my internet connection to the Verizon network if my Time-Warner connection drops and automatic switching back when service is restored.  Everything on my network stays connected to the internet and I don’t have to do anything.  It is like magic!
  • My business computers are isolated from the rest of my network, but they can access the printers, camera feeds, and the file server that houses my music collection.  In the event that one of my many automation or entertainment devices gets corrupted, my business computers and data are protected.

In addition to the basic firewall configuration and network separation, I have the following services added:

  • Intrusion Protection
  • Web Filtering
  • Email Protection
  • Endpoint Protection

By adding Endpoint Protection on my PCs and Mac, I am able to protect my devices from viruses, malware, and ransomware.  In addition, the XG-105 will automatically terminate network access for any device that becomes infected.  I am also alerted through email and text if there are any issues on the network or networked devices.

Observations on Setup

Configuration of the XG-105 requires time, several hours for my network as I worked through the process for the first time.  The menus are logical and the online help is robust.  Basic network definition for WAN and LAN connections are straightforward.  Adding DHCP servers and Failover Rules also was a relatively simple process.  More time is required to configure the rules and policies controlling network access, web access, email linkage, peripheral control, and remote management.  I was happy to have the luxury of time in my lab to work through the process before having to install in a customer environment.  As a result, the first customer install was much faster.

How is this Different

My Sophos XG-105 replaced a Cisco router that had competitive firewall capability (it controlled traffic flow and blocked unwanted traffic).  The Cisco router lacked the active intrusion protection, web filtering, and email protection services.  And it lacked any intelligence about what was happening on the network.

In effect, the Cisco firewall served as a guard the controlled access to my building and stopped anyone from entering that lacked the appropriate credentials.  In contrast, the Sophos XG-105 operates as a security force that examines everyone and everything entering and leaving my building to make sure that nothing gets in or out that shouldn’t.  Packages and containers are x-rayed and suspicious items are blocked or sent to a safe area for further examination.  All of this security is controlled by policies that determine the who, what, where, and when.

By replacing Norton anti-virus software on my Mac and PCs with Sophos Endpoint software, I maintained anti-virus protection while adding active protection against ransomware and all of these devices now coordinate with the XG-105 using a function that Sophos calls Heartbeat monitoring.  The result is complete visibility and control of security across the network.


I have been impressed by the capabilities of the XG-105 and Endpoint software and their ability to work together.  Setup takes time and some planning, but the result is a very capable security system for your network and business data.  I am early in fully understanding all of the capabilities that are available, but I am more than satisfied with my selection of Sophos Ltd as my network security partner.

  • The Role of VPNs in Your Security Arsenal

    Virtual Private Networks or VPNs have been used for over 20 years to provide computer access to corporate networks for employees traveling or working remotely. Their adoption by both corporate and private users has boomed over the past 5 years as awareness has grown about privacy risks. In fact, “doing READ MORE

  • Fiber And The New Hargray

    Hargray has been busily installing fiber all over Hilton Head. We have it installed in a dozen clients and we finally have a fiber connection for our office/lab. Fiber is a game-changer for Hargray for several reasons, primarily speed and reliability. Prior to fiber, the fastest internet service available from READ MORE

  • Connected HHI Partners with Verizon for One Talk Business Voice Solutions

    Connected HHI is pleased to partner with Verizon Wireless to provide services for One Talk customers in the Lowcountry.  The One Talk voice-over-internet-protocol (VOIP) business phone solution is a natural fit for many businesses in our area.  And combining One Talk with our Always-On Network ensures that your phones and network READ MORE

  • Protecting Business Phones From Downtime

    Connected HHI is now offering Alway-On service for the new generation of Voice-Over Internet-Protocol (VOIP) phones that are being installed in more and more businesses.  Now your new VOIP phones can be protected from network downtime in the same way that we are protecting internet networks throughout the lowcountry.  One READ MORE

  • Reboot and Update !!

    The FBI is strongly recommending that all routers be rebooted and that your router firmware is up to the latest release.    Additionally, I recommend that you make sure that all of your phone, tablet, and PCs are at the latest release in order to provide the latest protection against READ MORE

  • Yacht Hop Fundraiser powered by Connected HHI Always-On Network

    Connected HHI was proud to provide the WiFi and networking in support of Hospice Care of the Lowcountry’s signature fundraising event – Yacht Hop of Hilton head Island. With Internet connections from Hargray and Verizon, Connected HHI employed equipment from Luxul and Cradlepoint to ensure that all of the Hospice READ MORE

  • Connected HHI Featured on WHHI Talk of the Town

    Joe Chappell of Connected HHI was featured on WHHI’s Talk of the Town program that aired 10/10/17 through 10/17/17.  Joe provided an update on Smart Home Management and reasons that more and more homeowners are adding Smart Home Management capabilities to their homes and rental properties.  You can find a READ MORE

  • Giuseppi’s Pizza and Pasta HHI Stays Connected

    Giuseppi’s has been serving residents and visitors since 1981 from their landmark location in Shelter Cove.  Known for great food, friendly service, and a little bit of Pittsburgh, this spot is always one of the top-rated restaurants on the island.   Managing Partner Jim Loniero and his team rely on their READ MORE

  • Curry Printing / FastSigns HHI Chooses Connected HHI

    This high-tech printing and graphics business selected Connected HHI and its ALWAYS-ON Network service to protect against any downtime due to a lost internet connection.  Time is money and nowhere is this truer than in the deadline-intensive graphics and printing business.  Owner Chuck Lobaugh and his team of professionals rely READ MORE

  • Netgear Orbi – Whole Home WiFi That Works

    I have installed over 100 WiFi routers in homes and signal coverage is the biggest issue I encounter.  This is especially true in our area due to the sprawling layout of  our homes.  And now that we want fast WiFi connections for our streaming devices wherever we happen to be READ MORE

  • Approaching Technology for Home – Incrementalism vs One Big Project

    Home improvement projects can usually be divided into those that need to be tackled as one big project and those that can be tackled in pieces.  Remodeling a kitchen is best done as one big project while upgrading the landscaping can be done in smaller chunks over time.  In both READ MORE

  • Comfortable In Her Own Home

    As a recent widow, I worried about living alone.  Joe Chappell at Connected HHI made me comfortable staying in my home.  I chose SimpliSafe’s security system for ease of use and it performs well and is easy to use.  I travel a fair amount and chose Nest thermostats for convenience READ MORE

  • PCI Compliance – A Primer

    If credit and debit cards are important to your business, you need to understand three things: What is PCI Compliance What is your potential cost for Non-Compliance How to be sure that your business stays compliant This paper will provide a brief overview of these three topics and provide a READ MORE

  • Trattoria Divina for ALWAYS-ON Network

    After months of experiencing intermittent connectivity through the local internet supplier we contacted Joe Chappell at Connected HHI. Connected HHI provides that “missing link” to make sure that our restaurant is always connected to the internet. This ensures that our Open Table reservation system, our point-of-sale (POS) system, and our READ MORE

  • Digital Security for your Business

    Do you wonder or even worry about risks to your business from hacking, viruses, ransomware, client data breaches, exploits, and other digital attacks? Do you understand all of the threats and potential risks to your business? Are you confident that you have the necessary protection in place to protect your READ MORE

  • ALWAYS-ON – Keep your business up and running

    Many businesses rely on their internet connection to place and receive orders, process sales transactions, accept reservations, and even stream music. If your business can’t afford to lose your internet connection, we have the solution. Our ALWAYS-ON Network service provides an always-on safety net for your internet connection. This new service READ MORE

  • Connected HHI Adds Sophos as Network Security Partner

    Connected HHI is proud to add Sophos as our partner for Network Security.  Sophos is recognized as a market leader* in network security for business.  With Sophos, we can provide business protection from viruses, malware, ransomware, and hacking across your servers, PCs, tablets, and phones.  Sophos products control what gets READ MORE

  • Observations on Amazon’s Echo

    Amazon released their voice-directed assistant Amazon Echo in November, 2014 and it has been an amazing sales success.  There have been over 5 million units sold since the introduction and there are now 3 different versions to choose from.  We have been an Echo home since 2016 and I have READ MORE

  • Connected HHI Selects Verizon as Data Network Provider

    Connected HHI has selected Verizon as the data network provider for our ALWAYS-ON Network service.  Verizon is recognized for their network coverage, performance, and reliability.  Our customers benefit from having the best network today and will continue to take advantage of improved performance as Verizon rolls out their Advanced LTE service READ MORE

  • Connected HHI Adds Cradlepoint as Partner

    After researching and testing many different solutions for our ALWAYS-ON Network service for business, we selected Cradlepoint,  The Cradlepoint product line allows Connected HHI to offer the right solution for every size business.  We installed Cradlepoint cellular data modems and failover routers in a number of our customer sites after six READ MORE