Sophos XG-105 Security Appliance – Hands On

I researched network security companies for several months before selecting Sophos Ltd as my partner of choice.  The selection was based on a series of demos, analyst reviews, product pricing, and support for a managed service offering.  I installed the Sophos XG-105 security appliance in my lab in January after getting enrolled as a partner and going through basic education on the product line.  A security appliance is fundamentally a network firewall on steroids and usually offers layered services for intrusion prevention, web server protection, email protection, and often much more.  This post is a brief recap on my experiences to-date with the XG-105 in my lab environment.

Basic Configuration

The Sophos XG family spans from 4 to 64 ports with the same software and capabilities across the entire line.  The XG-105 has 4 configurable ports.  My configuration has 1 primary WAN for my Time-Warner internet connection, 1 backup WAN connection for my Cradlepoint Cell Modem, 1 secure LAN for my office computers, and 1 “less secure LAN” that has my cameras, AV equipment, printers, and WiFi networks.  Each LAN port is connected to one or more Netgear Ethernet switches to support the total network of over 1oo connected devices.  This configuration provides the following benefits:

  • Automatic switching of my internet connection to the Verizon network if my Time-Warner connection drops and automatic switching back when service is restored.  Everything on my network stays connected to the internet and I don’t have to do anything.  It is like magic!
  • My business computers are isolated from the rest of my network, but they can access the printers, camera feeds, and the file server that houses my music collection.  In the event that one of my many automation or entertainment devices gets corrupted, my business computers and data are protected.

In addition to the basic firewall configuration and network separation, I have the following services added:

  • Intrusion Protection
  • Web Filtering
  • Email Protection
  • Endpoint Protection

By adding Endpoint Protection on my PCs and Mac, I am able to protect my devices from viruses, malware, and ransomware.  In addition, the XG-105 will automatically terminate network access for any device that becomes infected.  I am also alerted through email and text if there are any issues on the network or networked devices.

Observations on Setup

Configuration of the XG-105 requires time, several hours for my network as I worked through the process for the first time.  The menus are logical and the online help is robust.  Basic network definition for WAN and LAN connections are straightforward.  Adding DHCP servers and Failover Rules also was a relatively simple process.  More time is required to configure the rules and policies controlling network access, web access, email linkage, peripheral control, and remote management.  I was happy to have the luxury of time in my lab to work through the process before having to install in a customer environment.  As a result, the first customer install was much faster.

How is this Different

My Sophos XG-105 replaced a Cisco router that had competitive firewall capability (it controlled traffic flow and blocked unwanted traffic).  The Cisco router lacked the active intrusion protection, web filtering, and email protection services.  And it lacked any intelligence about what was happening on the network.

In effect, the Cisco firewall served as a guard the controlled access to my building and stopped anyone from entering that lacked the appropriate credentials.  In contrast, the Sophos XG-105 operates as a security force that examines everyone and everything entering and leaving my building to make sure that nothing gets in or out that shouldn’t.  Packages and containers are x-rayed and suspicious items are blocked or sent to a safe area for further examination.  All of this security is controlled by policies that determine the who, what, where, and when.

By replacing Norton anti-virus software on my Mac and PCs with Sophos Endpoint software, I maintained anti-virus protection while adding active protection against ransomware and all of these devices now coordinate with the XG-105 using a function that Sophos calls Heartbeat monitoring.  The result is complete visibility and control of security across the network.

Conclusion

I have been impressed by the capabilities of the XG-105 and Endpoint software and their ability to work together.  Setup takes time and some planning, but the result is a very capable security system for your network and business data.  I am early in fully understanding all of the capabilities that are available, but I am more than satisfied with my selection of Sophos Ltd as my network security partner.

  • The Role of VPNs in Your Security Arsenal

    Virtual Private Networks or VPNs have been used for over 20 years to provide computer access to corporate networks for employees traveling or working remotely. Their adoption by both corporate and private users has boomed over the past 5 years as awareness has grown about privacy risks. In fact, “doing READ MORE

  • Fiber And The New Hargray

    Hargray has been busily installing fiber all over Hilton Head. We have it installed in a dozen clients and we finally have a fiber connection for our office/lab. Fiber is a game-changer for Hargray for several reasons, primarily speed and reliability. Prior to fiber, the fastest internet service available from READ MORE

  • Netgear Orbi – Whole Home WiFi That Works

    I have installed over 100 WiFi routers in homes and signal coverage is the biggest issue I encounter.  This is especially true in our area due to the sprawling layout of  our homes.  And now that we want fast WiFi connections for our streaming devices wherever we happen to be READ MORE

  • PCI Compliance – A Primer

    If credit and debit cards are important to your business, you need to understand three things: What is PCI Compliance What is your potential cost for Non-Compliance How to be sure that your business stays compliant This paper will provide a brief overview of these three topics and provide a READ MORE

  • Digital Security for your Business

    Do you wonder or even worry about risks to your business from hacking, viruses, ransomware, client data breaches, exploits, and other digital attacks? Do you understand all of the threats and potential risks to your business? Are you confident that you have the necessary protection in place to protect your READ MORE

  • Connected HHI Adds Sophos as Network Security Partner

    Connected HHI is proud to add Sophos as our partner for Network Security.  Sophos is recognized as a market leader* in network security for business.  With Sophos, we can provide business protection from viruses, malware, ransomware, and hacking across your servers, PCs, tablets, and phones.  Sophos products control what gets READ MORE

  • Observations on Amazon’s Echo

    Amazon released their voice-directed assistant Amazon Echo in November, 2014 and it has been an amazing sales success.  There have been over 5 million units sold since the introduction and there are now 3 different versions to choose from.  We have been an Echo home since 2016 and I have READ MORE

  • Security Steps That We Can Take

    With all of the news on hacking attacks and identity theft, it is important to take steps ourselves to protect our data and our systems.  Three areas that we control are our passwords, our networks, and our devices.   The following is an overview of password hygiene and the role that READ MORE

  • Hurricane Matthew Visit

    My wife and I were in Napa when we heard that Matthew was forming and was a potential threat to Hilton Head Island.

  • Launching HHI

    I am happy to announce the launch of CON- NECTED HHI, a new technology service company serving homes and businesses on Hilton Head Island and the adjacent Lowcountry.

  • Business

    Technology is now an integral part of business today and most business technology is reliant on an internet connection. Connected HHI specializes in making sure that your network connection is reliable and secure today and tomorrow. Technology is an arms race and we provide the expertise, the technology, and the READ MORE