Sophos XN553CTAA User Manual
Displayed below is the user manual for XN553CTAA by Sophos which is a product in the Software Licenses/Upgrades category. This manual has pages.
Related Manuals
XG Firewall Features
Sophos XG Firewall
Highlights
ÌPurpose-built user interface with
interactive control center
ÌOptimized three-clicks-to-anywhere navigation
ÌPolicy Control Center Widget monitors policy activity
for business, user and network policies and tracks
unused, disabled, changed and new policies
ÌNew unified policy model enabling all business, user
and network policies to be managed on a single
screen with powerful filtering and search options
ÌPolicy Templates for common business applications like
Microsoft Exchange, SharePoint, Lync, and much more
defined in XML enabling customization and sharing.
ÌStreamlined firewall rule management for
large rule sets with grouping with at-a-glance
rule feature and enforcement indicators
ÌCustom AV, Sandboxing, IPS, Web, App, Traffic
Shapping (QoS), routing, and Heartbeat settings
per user or network policy on a single screen
ÌSophos Security Heartbeat connecting Sophos
endpoints with the Firewall to share health status
and telemetry to enable instant identification
of unhealty or compromised endpoints
ÌFirewall rule support for Endpoint Health (Sophos
Security Heartbeat) to automatically isolate or limit
network access to compromised endpoints
ÌSynchronized App Control to automatically,
identify, classify and control all unknown
applications on the network
ÌPolicy test simulator tool to enable firewall rule and web
policy simulation and testing by user, IP and time of day
ÌUser Threat Quotient for identifying risky users based
on recent browsing behavior and ATP triggers
ÌApplication Risk Meter provides and overall risk factor
based on the risk level of applications on the network
ÌConfiguration API for all features
for RMM/PSA integration
ÌDiscover Mode (TAP mode) for seamless integration for
trials and PoCs with support for Synchronized Security
ÌFull-featured centralized management with
Sophos Firewall Manager available as a
hardware, software, or virtual appliance
ÌEasy streamlined setup wizard to enable quick out-
of-the box deployment in just a few minutes
Base Firewall
General Management
ÌPurpose-built streamlined user interface and firewall
rule management for large rule sets with grouping with
at-a-glance rule feature and enforcement indicators
ÌTwo-clicks-to-anywhere navigation
ÌAdvanced trouble-shooting tools in
GUI (e.g., Packet Capture)
ÌHigh Availability (HA) support clustering two
devices in active-active or active-passive mode.
ÌFull command-line-interface (CLI) accessible from GUI
ÌRole-based administration
ÌAutomated firmware update notification with easy
automated update process and roll-back features
ÌReusable system object definitions for
networks, services, hosts, time periods,
users and groups, clients and servers
ÌSelf-service user portal
ÌConfiguration change tracking
ÌFlexible device access control for services by zones
ÌEmail or SNMP trap notification options
ÌSNMP and Netflow support
ÌCentral managment support from Sophos Firewall
Manager or Sophos Cloud Firewall Manager
XG Firewall Features
ÌBackup and restore configurations: locally, via FTP
or email; on-demand, daily, weekly or monthly
ÌAPI for third party integration
ÌRemote access option for Sophos Support
ÌCloud-based license management via MySophos
Firewall, Networking, and Routing
ÌStateful deep packet inspection firewall
ÌFastPath Packet Optimization
ÌUser, group, time, or network based policies
ÌAccess time polices per user/group
ÌEnforce policy across zones, networks, or by service type
ÌZone isolation and zone-based policy support.
ÌDefault zones for LAN, WAN, DMZ, LOCAL, VPN, and WiFi
ÌCustom zones on LAN or DMZ
ÌCustomizable NAT policies with IP masquerading
and full object support to redirect or forward
multiple services in a single rule
ÌFlood protection: DoS, DDoS and portscan blocking
ÌCountry blocking by geo-IP
ÌRouting: static, multicast (PIM-SM)
and dynamic (RIP, BGP, OSPF)
ÌUpstream proxy support
Ì Protocol independent multicast
routing with IGMP snooping
ÌBridging with STP support and
ARP broadcast forwarding
ÌVLAN DHCP support and tagging
ÌMultiple bridge support
Ì WAN link balancing: multiple Internet connections,
auto-link health check, automatic failover, automatic
and weighted balancing, and granular multipath rules
ÌWireless WAN support (n/a in virtual deployments)
Ì 802.3ad interface link aggregation
Ì Full configuration of DNS, DHCP and NTP
ÌDynamic DNS
Ì IPv6 Ready Logo Program Approval Certification
ÌIPv6 tunnelling support including 6in4, 6to4, 4in6,
and IPv6 rapid deployment (6rd) through IPSec
Base Traffic Shaping and Quotas
ÌFlexible network or user based traffic shaping (QoS)
(enhanced Web and App traffic shaping options are
included with the Web Protection Subscription)
ÌSet user-based traffic quotas on upload/download
or total traffic and cyclical or non-cyclical
ÌReal-time VoIP optimization
ÌDSCP marking
Secure Wireless
ÌSimple plug-and-play deployment of Sophos
wireless access points (APs) — automatically
appear on the firewall control center
ÌCentral monitor and manage all APs and wireless
clients through the built-in wireless controller
ÌBridge APs to LAN, VLAN, or a separate
zone with client isolation options
ÌMultiple SSID support per radio including hidden SSIDs
ÌSupport for the latest security and encryption
including WPA2 Personal and Enterprise
ÌSupport for IEEE 802.1X (RADIUS authentication)
ÌSupport for 802.11r (fast transition)
ÌHotspot support for (custom) vouchers,
password of the day, or T&C acceptance
ÌWireless guest Internet access with
walled garden options
ÌTime-based wireless network access
ÌWireless repeating and bridging meshed
network mode with supported APs
ÌAutomatic channel selection background optimization
ÌSupport for HTTPS login
ÌRogue AP detection
Authentication
ÌTransparent, proxy authentication (NTLM/
Kerberos) or client authentication
ÌAuthentication via: Active Directory,
eDirectory, RADIUS, LDAP and TACACS+
ÌServer authentication agents for Active
Directory SSO, STAS, SATC
ÌClient authentication agents for
Windows, Mac OS X, Linux 32/64
XG Firewall Features
ÌAuthentication certificates for iOS and Android
ÌSingle sign-on: Active directory, eDirectory
ÌAuthentication services for IPSec, L2TP, PPTP, SSL
ÌCaptive Portal
User Self-Serve Portal
ÌDownload the Sophos Authentication Client
ÌDownload SSL remote access client (Windows)
and configuration files (other OS)
ÌHotspot access information
ÌChange user name and password
ÌView personal internet usage
ÌAccess quarantined messages
(requires Email Protection)
Base VPN Options
ÌSite-to-site VPN: SSL, IPSec, 256- bit AES/3DES,
PFS, RSA, X.509 certificates, pre-shared key
ÌL2TP and PPTP
ÌRemote access: SSL, IPsec, iPhone/iPad/
Cisco/Andriod VPN client support
ÌIKEv2 Support
ÌSSL client for Windows and configuration
download via user portal
IPSec Client (sold separately)
ÌAuthentication: Pre-Shared Key (PSK), PKI
(X.509), Smartcards, Token and XAUTH
ÌEncryption: AES (128/192/256), DES, 3DES
(112/168), Blowfish, RSA (up to 2048 Bit), DH
groups 1/2/5/14, MD5 and SHA-256/384/512
ÌIntelligent split-tunneling for optimum traffic routing
ÌNAT-traversal support
ÌClient-monitor for graphical overview
of connection status
ÌMultilingual: German, English, and French
Sandstom Protection Subscription
Sandstorm Cloud Sandbox Protection
ÌFull integration into your Sophos
security solution dashboard
ÌInspects executables and documents containing
executable content (including .exe, .com, and .dll, .doc,
.docx, docm and .rtf and PDF) and archives containing
any of the file types listed above (including ZIP, BZIP,
GZIP, RAR, TAR, LHA/LZH, 7Z, Microsoft Cabinet)
ÌMachine Learning technology with Deep
Learning scans all executable files
ÌIn-depth malicious file reports and
dashboard file release capability
ÌOptional data center selection and flexible
user and group policy options on file type,
exclusions, and actions on analysis
ÌSupports one-time download links
Network Protection Subscription
Intrusion Prevention (IPS)
ÌHigh-performance, next-gen IPS deep packet
inspection engine with selective IPS patterns
for maximum performance and protection
ÌTop rated by NSS Labs
ÌThousands of signatures
ÌSupport for custom IPS signatures
ÌIPS Policy Smart Filters that enable dynamic policies
which automatically update as new patterns are added
ÌFlexible IPS policy deployment as part of any
network or user policy with full customization
ATP and Security Heartbeat™
ÌAdvanced Threat Protection (Detect and block network
traffic attempting to contact command and control
servers using multi-layered DNS, AFC, and firewall)
ÌSophos Security Heartbeat™ instantly identifies
compromised endpoints including the host, user,
process, incident count, and time of compromise
ÌSophos Security Heartbeat™ policies can limit
access to network resources or completely isolate
compromised systems until they are cleaned up
Remote Ethernet Device (RED) VPN
ÌCentral Management of all RED devices
ÌNo configuration: Automatically connects
through a cloud-based provisioning service
ÌSecure encrypted tunnel using digital X.509
certificates and AES256-encryption
ÌVirtual Ethernet for reliable transfer of
all traffic between locations
XG Firewall Features
ÌIP address management with centrally defined
DHCP and DNS Server configuration
ÌRemotely de-authorize RED devices
after a select period of inactivity
ÌCompression of tunnel traffic
ÌVLAN port configuration options (RED 50)
Clientless VPN
ÌSophos unique encrypted HTML5 self-service portal with
support for RDP, HTTP, HTTPS, SSH, Telnet, and VNC
Web Protection Subscription
Web Protection and Control
ÌFully transparent proxy for anti-
malware and web-filtering
ÌEnhanced Advanced Threat Protection
ÌURL Filter database with millions of sites across
92 categories, backed by SophosLabs
ÌSurfing quota time policies per user/group
ÌAccess time polices per user/group
ÌMalware scanning: block all forms of viruses,
web malware, trojans, and spyware on
HTTP/S, FTP and web-based email
ÌAdvanced web malware protection
with JavaScript emulation
ÌLive Protection real-time, in-the-cloud
lookups for the latest threat intelligence
ÌSecond independent malware detection
engine (Avira) for dual-scanning
ÌReal-time or batch mode scanning
ÌPharming Protection
ÌHTTP and HTTPS scanning and enforcement
on any network and user policy with fully
customizable rules and exceptions
ÌSSL protocol tunnelling detection and enforcment
ÌCertificate validation
ÌHigh performance web content caching
ÌForced caching for Sophos Endpoint updates
ÌFile type filtering by mime-type, extension and active
content types (e.g. Activex, applets, cookies, etc.)
ÌYouTube for Schools enforcement
ÌSafeSearch enforcement (DNS-based)
for major search engines
ÌWeb keyword monitoring and enforcement to log,
report or block web content matching keyword
lists with the option to upload customs lists
ÌBlock Potentially Unwanted Applications
Application Protection and Control
Ì Synchronized App Control to automatically,
identify, classify and control all unknown
applications on the network
ÌSignature-based application control with
patterns for thousands of applications
ÌApp Control Smart Filters that enable dynamic policies
which automatically update as new patterns are added
ÌMicro app discovery and control
ÌApplication control based on category, characteristics
(e.g., bandwidth and productivity consuming),
technology (e.g., P2P) and risk level
ÌPer-user or network rule application
control policy enforcement
Web and App Traffic Shaping
ÌEnhanced traffic shaping (QoS) options by web category
or application to limit or guarantee upload/download or
total traffic priority and bitrate individually or shared
Email Protection Subscription
Email Protection and Control
ÌE-mail scanning with SMTP, POP3, and IMAP support
ÌReputation service with spam outbreak
monitoring based on patented Recurrent-
Pattern-Detection technology
ÌBlock spam and malware during the SMTP transaction
ÌSpam greylisting
ÌRecipient verification for mistyped email addresses
ÌSecond independent malware detection
engine (Avira) for dual-scanning
ÌLive Protection real-time, in-the-cloud
lookups for the latest threat intelligence
ÌAutomatic signature and pattern updates
ÌSmart host support for outbound relays
ÌFile-Type detection/blocking/scanning of attachments
XG Firewall Features
ÌAccept, reject or drop over-sized messages
ÌDetects phishing URLs within e-mails
ÌUse pre-defined content scanning rules or create
your own custom rules based on a variety of criteria
ÌTLS Encryption support for SMTP, POP, and IMAP
ÌAppend signature automatically to
all outbound messages
ÌEmail archiver
Email Quarantine Management
ÌSpam quarantine digest and notifications options
ÌMalware and spam quarantines with search and
filter options by date, sender, recipient, subject, and
reason with option to release and delete messages
ÌSelf-serve user portal for viewing and
releasing quarantined messages
Email Encryption and DLP
ÌPatent-pending SPX encryption for
one-way message encryption
ÌRecipient self-registration SPX password management
ÌAdd attachments to SPX secure replies
ÌCompletely transparent, no additional
software or client required
ÌDLP engine with automatic scanning of emails
and attachments for sensitive data
ÌPre-packaged sensitive data type content
control lists (CCLs) for PII, PCI, HIPAA, and
more, maintained by SophosLabs
Web Server Protection Subscription
Web Application Firewall Protection
ÌReverse proxy
ÌURL hardening engine with deep-linking
and directory traversal prevention
ÌForm hardening engine
ÌSQL injection protection
ÌCross-site scripting protection
ÌDual-antivirus engines (Sophos and Avira)
ÌHTTPS (SSL) encryption offloading
ÌCookie signing with digital signatures
ÌPath-based routing
ÌOutlook anywhere protocol support
ÌReverse authentication (offloading) for form-based
and basic authentication for server access
ÌVirtual server and physical server abstraction
ÌIntegrated load balancer spreads
visitors across multiple servers
ÌSkip individual checks in a granular fashion as required
ÌMatch requests from source networks
or specified target URLs
ÌSupport for logical and/or operators
ÌAssists compatibility with various configurations
and non-standard deployments
ÌOptions to change Web Appliaction
FIrewall performance parameters
ÌScan size limit option
ÌAllow/Block IP ranges
ÌWildcard support for server paths
ÌAutomatically append a prefix/suffix for authentication
Logging and Reporting
NOTE: Individual log, report, and widget availability depends
on enabled software subcriptions.
ÌHundreds of on-box reports with custom report
options: Dashboards (Traffic, Security, and User
Threat Quotient), Applications (App Risk, Blocked
Apps, Synchronized Apps, Search Engines, Web
Servers, Web Keyword Match, FTP), Network and
Threats (IPS, ATP, Wireless, Security Heartbeat,
Sandstorm), VPN, Email, Compliance (HIPAA,
GLBA, SOX, FISMA, PCI, NERC CIP v3, CIPA)
ÌCurrent Activity Monitoring: system health, live users,
IPsec connections, remote users, live connections,
wireless clients, quarantine, and DoS attacks
ÌReport anonymization
ÌReport scheduling to multiple recipients by
report group with flexible frequency options
ÌExport reports as HTML, PDF, Excel (XLS)
ÌReport bookmarks
ÌFull log viewer with retention customization by category
XG Firewall Features
XG Firewall Features by Subscription Summary
Features
(as listed above)
FullGuard Plus
FullGuard
EnterpriseGuard Plus
EnterpriseGuard
Base Firewall
Sandstorm
Protection
Network
Protection Web Protection Email Protection
Web Server
Protection
General Management (incl. HA) ●
Firewall, Networking and Routing ●
Base Traffic Shaping and Quotas ●
Secure Wireless ●
Authentication ●
Self-Serve User Portal ●
Base VPN Options ●
IPSec Client Sold seperately
Sandstorm Protection ●
Intrusion Prevention (IPS) ●
ATP and Security Heartbeat™ ●
Remote Ethernet Device (RED) VPN ●
Clientless VPN ●
Web Protection and Control ●
Application Protection and Control ●
Web and App Traffic Shaping ●
Email Protection and Control ●
Email Quarantine Management ●
Email Encryption and DLP ●
Web Application Firewall Protection ●
Logging and Reporting ●●●●●●
United Kingdom and Worldwide Sales
Tel: +44 (0)8447 671131
Email: sales@sophos.com
North American Sales
Toll Free: 1-866-866-2802
Email: nasales@sophos.com
Australia and New Zealand Sales
Tel: +61 2 9409 9100
Email: sales@sophos.com.au
Asia Sales
Tel: +65 62244168
Email: salesasia@sophos.com
© Copyright 2017. Sophos Ltd. All rights reserved.
Registered in England and Wales No. 2096520, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, UK
Sophos is the registered trademark of Sophos Ltd. All other product and company names mentioned are
trademarks or registered trademarks of their respective owners.
17-09-22 FL-NA (2815-DD)