General Management

  • Purpose-built streamlined user interface and firewall rule management for large rule sets with grouping with at-a-glance rule feature and enforcement indicators
  • Two-factor authentication (One-time-password) support for administrator access, user portal, IPSec and SSL VPN
  • Advanced trouble-shooting tools in GUI (e.g., Packet Capture)
  • High Availability (HA) support clustering two devices in active-active or active-passive mode.
  • Full command-line-interface (CLI) accessible from GUI
  • Role-based administration
  • Automated firmware update notification with easy automated update process and roll-back features
  • Reusable system object definitions for networks, services, hosts, time periods, users and groups, clients and servers
  • Self-service user portal
  • Configuration change tracking
  • Flexible device access control for services by zones
  • Email or SNMP trap notification options
  • SNMP and Netflow support
  • Central managment support from Sophos Firewall Manager or Sophos Cloud Firewall Manager
  • Backup and restore configurations: locally, via FTP or email; on-demand, daily, weekly or monthly
  • API for third party integration
  • Remote access option for Sophos Support
  • Cloud-based license management via MySophos

Base Traffic Shaping and Quotas

  • Flexible network or user based traffic shaping (QoS) (enhanced Web and App traffic shaping options are included with the Web Protection Subscription)
  • Set user-based traffic quotas on upload/download or total traffic and cyclical or non-cyclical
  • Real-time VoIP optimization
  • DSCP marking

Authentication

  • Synchronized User ID utilizes Synchronized Security to share currently logged in Active Directory user ID between Sophos endpoints and the firewall without an agent on the AD server or client
  • Authentication via: Active Directory, eDirectory, RADIUS, LDAP and TACACS+
  • Server authentication agents for Active Directory SSO, STAS, SATC
  • Single sign-on: Active directory, eDirectory, RADIUS Accounting
  • Client authentication agents for Windows, Mac OS X, Linux 32/64
  • Browser SSO authentication: Transparent, proxy authentication (NTLM)
  • Browser Captive Portal
  • Authentication certificates for iOS and Android
  • Authentication services for IPSec, SSL, L2TP, PPTP
  • Google Chromebook authentication support for environments with Active Directory and Google Gsuite
  • API based authentication

Cloud Application Visibility

  • Control Center widget displays amount of data uploaded and downloaded to cloud applications categorized as new, sanctioned, unsanctioned or tolerated
  • Discover Shadow IT at a glance
  • Drill down to obtain details on users, traffic and data
  • One-click access to traffic shaping policies
  • Filter cloud application usage by category or volume
  • Detailed customizable cloud application usage report for full historical reporting

Web Protection and Control

  • Fully transparent proxy for anti-malware and web-filtering
  • Enhanced Advanced Threat Protection
  • URL Filter database with millions of sites across 92 categories, backed by SophosLabs
  • Surfing quota time policies per user/group
  • Access time polices per user/group
  • Malware scanning: block all forms of viruses, web malware, trojans, and spyware on HTTP/S, FTP and web-based email
  • Advanced web malware protection with JavaScript emulation
  • Live Protection real-time, in-the-cloud lookups for the latest threat intelligence
  • Second independent malware detection engine (Avira) for dual-scanning
  • Real-time or batch mode scanning
  • Pharming Protection
  • HTTP and HTTPS scanning and enforcement on any network and user policy with fully customizable rules and exceptions
  • SSL protocol tunnelling detection and enforcment
  • Certificate validation
  • High performance web content caching
  • Forced caching for Sophos Endpoint updates
  • File type filtering by mime-type, extension and active content types (e.g. Activex, applets, cookies, etc.)
  • YouTube for Schools enforcement per policy (user/group)
  • SafeSearch enforcement (DNS-based) for major search engines per policy (user/group)
  • Web keyword monitoring and enforcement to log, report or block web content matching keyword lists with the option to upload customs lists
  • Block Potentially Unwanted Applications
  • Web policy override option for teachers or staff to temporarily allow access to blocked sites or categories that are fully customizable and manageable by select users
  • User/Group policy enforcement on Google Chromebooks

Logging and Reporting

  • Hundreds of on-box reports with custom report options: Dashboards (Traffic, Security, and User Threat Quotient), Applications (App Risk, Blocked Apps, Synchronized Apps, Search Engines, Web Servers, Web Keyword Match, FTP), Network and Threats (IPS, ATP, Wireless, Security Heartbeat, Sandstorm), VPN, Email, Compliance (HIPAA, GLBA, SOX, FISMA, PCI, NERC CIP v3, CIPA)
  • Current Activity Monitoring: system health, live users, IPsec connections, remote users, live connections, wireless clients, quarantine, and DoS attacks
  • Report anonymization
  • Report scheduling to multiple recipients by report group with flexible frequency options
  • Export reports as HTML, PDF, Excel (XLS)
  • Report bookmarks
  • Log retention customization by category
  • Full featured log viewer with column view and detailed view with powerful filter and search options, hyperlinked rule ID, and data view customization

Firewall, Networking, and Routing

  • Stateful deep packet inspection firewall
  • FastPath Packet Optimization
  • User, group, time, or network based policies
  • Access time polices per user/group
  • Enforce policy across zones, networks, or by service type
  • Zone isolation and zone-based policy support.
  • Default zones for LAN, WAN, DMZ, LOCAL, VPN, and WiFi
  • Custom zones on LAN or DMZ
  • Customizable NAT policies with IP masquerading and full object support to redirect or forward multiple services in a single rule
  • Flood protection: DoS, DDoS and portscan blocking
  • Country blocking by geo-IP
  • Routing: static, multicast (PIM-SM) and dynamic (RIP, BGP, OSPF)
  • Upstream proxy support
  • Protocol independent multicast routing with IGMP snooping
  • Bridging with STP support and ARP broadcast forwarding
  • VLAN DHCP support and tagging
  • Multiple bridge support
  • WAN link balancing: multiple Internet connections, auto-link health check, automatic failover, automatic and weighted balancing, and granular multipath rules
  • Wireless WAN support (n/a in virtual deployments)
  • 802.3ad interface link aggregation
  • Full configuration of DNS, DHCP and NTP
  • Dynamic DNS
  • IPv6 Ready Logo Program Approval Certification
  • IPv6 tunnelling support including 6in4, 6to4, 4in6, and IPv6 rapid deployment (6rd) through IPSec

User Self-Serve Portal

  • Download the Sophos Authentication Client
  • Download SSL remote access client (Windows) and configuration files (other OS)
  • Hotspot access information
  • Change user name and password
  • View personal internet usage
  • Access quarantined messages and manage user-based block/allow sender lists (requires Email Protection

Base VPN Options

  • Site-to-site VPN: SSL, IPSec, 256- bit AES/3DES, PFS, RSA, X.509 certificates, pre-shared key
  • L2TP and PPTP
  • Remote access: SSL, IPsec, iPhone/iPad/Cisco/Andriod VPN client support
  • IKEv2 Support
  • SSL client for Windows and configuration download via user portal
  • Sophos Connect IPSec Client
  • Authentication: Pre-Shared Key (PSK), PKI (X.509), Token and XAUTH
  • Enables Synchronized Security and Security Heartbeat for remote connected users
  • Intelligent split-tunneling for optimum traffic routing
  • NAT-traversal support
  • Client-monitor for graphical overview of connection status
  • Mac and Windows Support

Intrusion Prevention (IPS)

  • High-performance, next-gen IPS deep packet inspection engine with selective IPS patterns that can be applied on a firewall rule basis for maximum performance and protection
  • Top rated by NSS Labs
  • Thousands of signatures
  • Granular category selection
  • Support for custom IPS signatures
  • IPS Policy Smart Filters that enable dynamic policies which automatically update as new patterns are added

Sandstorm Cloud Sandbox Protection

  • Full integration into your Sophos security solution dashboard
  • Inspects executables and documents containing executable content (including .exe, .com, and .dll, .doc, .docx, docm and .rtf and PDF) and archives containing any of the file types listed above (including ZIP, BZIP, GZIP, RAR, TAR, LHA/LZH, 7Z, Microsoft Cabinet)
  • Aggressive behavioral, network, and memory analysis
  • Detects sandbox evasion behavior
  • Machine Learning technology with Deep Learning scans all dropped executable files
  • Includes exploit prevention and Cryptoguard Protection technology from Sophos Intercept X
  • In-depth malicious file reports and dashboard file release capability
  • Optional data center selection and flexible user and group policy options on file type, exclusions, and actions on analysis
  • Supports one-time download links

Application Protection and Control

  • Synchronized App Control to automatically, identify, classify and control all unknown Windows and Mac applications on the network by sharing information between Sophos Endpoints and the firewall
  • Signature-based application control with patterns for thousands of applications
  • Cloud Application Visibility and Control to discover Shadow IT
  • App Control Smart Filters that enable dynamic policies which automatically update as new patterns are added
  • Micro app discovery and control
  • Application control based on category, characteristics (e.g., bandwidth and productivity consuming), technology (e.g., P2P) and risk level
  • Per-user or network rule application control policy enforcement
  • Enhanced traffic shaping (QoS) options by web category or application to limit or guarantee upload/download or total traffic priority and bitrate individually or shared

 

+27 21 673 6756