What is Sophos Firewall?

Sophos Firewall
Version: 19.0v1

Sophos Firewall
FW0505: What is Sophos Firewall?

April 2022
Version: 19.0v1

© 2022 Sophos Limited. All rights reserved. No part of this document may be used or reproduced
in any form or by any means without the prior written consent of Sophos.

Sophos and the Sophos logo are registered trademarks of Sophos Limited. Other names, logos and
marks mentioned in this document may be the trademarks or registered trademarks of Sophos
Limited or their respective owners.

While reasonable care has been taken in the preparation of this document, Sophos makes no
warranties, conditions or representations (whether express or implied) as to its completeness or
accuracy. This document is subject to change at any time without notice.

Sophos Limited is a company registered in England number 2096520, whose registered office is at
The Pentagon, Abingdon Science Park, Abingdon, Oxfordshire, OX14 3YP.

What is Sophos Firewall - 1

 What is Sophos Firewall?

In this chapter you will learn the
key functions performed by
Sophos Firewall.
RECOMMENDED KNOWLEDGE AND EXPERIENCE
✓ Experience of Sophos Central and InterceptX
✓ Practical knowledge of networking, including
subnets, routing, VLANs, and VPNs​
✓ Experience configuring network security
devices​
✓ Knowledge of fundamental encryption and
hashing algorithms and certificates​

DURATION

10 minutes

in this chapter you will learn the key functions performed by Sophos Firewall.

What is Sophos Firewall - 2

 What is Sophos Firewall?

Next-Gen Firewall All-in-One Protection School Protection

Visibility, Protection, and Consolidate, Simplify, & Save Affordable, Simple Compliance
Response & Control

SD-WAN & Branch Endpoint Integration Public Cloud

Retail, Branch Office, ICS & Synchronized Security & Protection for Azure and Hybrid
SD-WAN Automated Response Networks

Sophos Firewall is a comprehensive network security device, with a zone-based firewall, and
identity-based policies at its core.

Sophos Firewall does not only protect wired networks, but as a wireless controller for Sophos
access points, can provide secure wireless networking functionality.

Protection is provided through a single cloud-based platform, making day-to-day management of

all your Sophos products (including Sophos Firewall) easy and scalable.

There are features purpose built to help universities, higher education, K-12, and primary or
secondary educational institutions overcome key challenges. For example, powerful web filtering
policies, built-in policies for child safety and compliance.

With Sophos Firewall and SD-RED you can connect sites across your geographically-distributed
network.

Sophos Firewall works together with Sophos Central and Intercept X in real time. So, when either
Sophos Firewall or Intercept X identifies a threat, they work together to provide health and threat
monitoring, lateral movement protection as well as synchronized application control and
synchronized user ID.

Sophos Firewall can be deployed using preconfigured virtual machines in the cloud where cloud
servers can be secured, protecting them against hacking attempts.

What is Sophos Firewall - 3

 What is Sophos Firewall?
Expose Hidden Risks
See it Superior visibility into risky activity, suspicious traffic, and
advanced threats helps you regain control of your network.

Stop Unknown Threats

Stop it Powerful next-gen protection technologies like deep learning
and intrusion prevention keep your organization secure.

Isolate Infected Systems

Secure it Automatic threat response instantly identifies and isolates
compromised systems on your network and stops threats from spreading.

Sophos Firewall includes a comprehensive built-in reporting engine, which allows you to easily drill
down into reports to find the information you need.

It also provides comprehensive next-generation firewall protection that exposes hidden risks,
blocks unknown threats, and automatically responds to incidents.

Superior visibility into risky activity, suspicious traffic, and advanced threats helps you regain
control of your network.

Powerful next-gen protection technologies, like deep learning and intrusion prevention, keep your
organization secure.

Automatic threat response instantly identifies, and isolates compromised systems on your network
and stops threats from spreading.

What is Sophos Firewall - 4

 See It

See it

Stop it

Secure it

The control center appears as soon as you sign in. It provides a single screen snapshot of the state
and health of the security system with its traffic-light style indicators, which immediately draw
attention to what matters most.

Immediately you can see your top risks related to heartbeat, apps, payloads, users, threats,
websites and attacks.

What is Sophos Firewall - 5

 Stop It
Next-Gen Firewall Web Application Firewall

Intrusion Prevention System Advanced Threat Protection

See it
Application Visibility and Control Synchronized Security

Web Protection & SSL Inspection Deep learning

Stop it
Sandboxing Email, DLP, Encryption

Wireless Protection RED and VPN

Secure it

Sophos Firewall analyzes incoming and outgoing network traffic (for example, DNS requests, HTTP
requests, and IP packets) for sophisticated attacks by using a full suite of protection technologies.

These include:

• Powerful zero-day protection sandboxing,

• Deep learning with artificial intelligence,
• Top performing IPS,
• Advanced threat and botnet protection,
• And web protection with dual AV, JavaScript emulation, and SSL inspection.

All benefit from over 30 years of threat intelligence data from Sophos Labs.

What is Sophos Firewall - 6

 Secure It
Malware Server
Sophos Firewall Sophos Central

See it Phishing
Servers

Email

Sophos Firewall
Infected Host

Stop it Security Heartbeat™

Internet
Devices

Secure it

Ransomware Attack

Threats like Emotet, and targeted ransomware, such as Matrix and SamSam, demonstrate the ways
cybercriminals are constantly changing their tactics to stay effective and profitable.

The next-gen advancements of Sophos Firewall and Intercept X, combined with the intelligence of
Synchronized Security, (which is covered in another chapter), and easy management of all products
within Sophos Central, are essential for maintaining protection and responding quickly to any
attack.

What is Sophos Firewall - 7

 Xstream Architecture

TLS 1.3 Decryption

Deep Packet Inspection Engine

Xstreme Network Fastpath

TLS inspection provides transparency into all the encrypted traffic on the network.

Deep packet threat protection is provided in a single engine for anti-virus, intrusion protection,
web protection, application control and TLS inspection.

Network Fastpath accelerates SaaS, SD-WAN, cloud traffic such as VoIP and video and other trusted
applications automatically or via defined policies. These are placed on the Xstreme Fastpath to
optimize performance.

What is Sophos Firewall - 8

 Zero Trust Overview
Trusted

Zero Trust is a cybersecurity mindset

based on the principle of
trust nothing, check everything

Traditionally cybersecurity has involved creating a security perimeter and trusting that everything
inside that perimeter is secure. This is a vulnerable design as once an attacker or unauthorized user
gains access to a network, that individual has easy access to everything inside the network, where
they can progressively search for the key data and assets that are ultimately the target of their
attack.

Zero Trust is a relatively new and evolving approach to network design, but it's also part of a wider
mind-set based on the principle of trusting nothing and checking everything. With zero trust, no
user is trusted, whether inside or outside of the network.

What is Sophos Firewall - 9

 Zero Trust Overview
Remote Users Trusted

SaaS

The number of users, who wish to work remotely, and use their own personal devices to access
corporate data and resources on untrusted networks, such as those in coffee shops, is increasing.

The use of SaaS apps, cloud platforms, and services, leaves some data outside of the corporate
perimeter. The use of public cloud platforms, means that many of the devices or services that once
ran within the corporate perimeter, are now run outside of it.

The principle of Zero Trust is to secure every device as if it was connected to the Internet.

What is Sophos Firewall - 10

 ZTNA and Firewalls
Sophos Central

ZT ZTNA
SD-RED
Service Edge Access

SD-WAN VPN
AWS Azure

APX Core Network Access Switch

ZTNA is complimentary to a firewall, just as VPN is complimentary to a firewall. Of course, the

firewall still plays a critically important role in protecting corporate network and data center assets
from attacks, threats, and unauthorized access. ZTNA bolsters a firewall, by adding granular
controls and security for networked applications, in the cloud or on-premise.

What is Sophos Firewall - 11

 Devices
Network Segmentation !

Switch
Applications

Switch
Internet
Sophos Firewall

Users

On the firewall side, network segmentation or even micro-segmentation around your users,
devices, apps, networks, and so on, provides one of the key benefits of the Zero Trust strategy.

Dynamic policies are at the center of Sophos Firewall, with multiple sources of data available to
leverage as part of a policy. Identity, time of day, network location, device health, network packet
analysis – and more. All these different sources of data can be used in different combinations
depending on the scenario.

As a key example, Server Protection and Intercept X can be used to assign every device a health
status. In the event one is compromised, the devices can be automatically isolated.

What is Sophos Firewall - 12

 Lateral Movement Protection
Local Area Network

Infected Host

Switch
Internet
Endpoint
Sophos Firewall

Application Server

Lateral Movement Protection effectively provides an adaptive micro-segmentation solution. With

Lateral Movement Protection, each individual endpoint is effectively on its own segment – able to
be isolated in response to an attack or threat – regardless of the network topology.

Sophos Firewall uniquely integrates the health of connected hosts into your firewall rules, enabling
you to automatically limit access to sensitive network resources from any compromised system,
until it’s cleaned up.

This is made possible by Synchronized Security, which is our cross-portfolio approach to analyze
system and network activity, adapt to scenarios through dynamic policy, and automate complex
tasks like isolating machines and more.

What is Sophos Firewall - 13

 Chapter Review

A comprehensive network security device, with a zone-based firewall, and identity-

based policies at its core

Can expose hidden risks, stop unknown threats and isolate infected systems

Supports ZTNA by providing network segmentation and lateral movement protection.

Here are the three main things you learned in this chapter.

Sophos Firewall is a comprehensive network security device, with a zone-based firewall, and
identity-based policies at its core.

The firewall can expose hidden risks, use next-gen protection technologies to stop unknown
threats, while automatic threat response identifies, and isolates compromised systems.

Sophos Firewall can support ZTNA by providing network segmentation and lateral movement
protection.

What is Sophos Firewall - 18

What is Sophos Firewall - 19