Professional Documents
Culture Documents
What Is Sophos Firewall?
What Is Sophos Firewall?
Sophos Firewall
Version: 19.0v1
Sophos Firewall
FW0505: What is Sophos Firewall?
April 2022
Version: 19.0v1
© 2022 Sophos Limited. All rights reserved. No part of this document may be used or reproduced
in any form or by any means without the prior written consent of Sophos.
Sophos and the Sophos logo are registered trademarks of Sophos Limited. Other names, logos and
marks mentioned in this document may be the trademarks or registered trademarks of Sophos
Limited or their respective owners.
While reasonable care has been taken in the preparation of this document, Sophos makes no
warranties, conditions or representations (whether express or implied) as to its completeness or
accuracy. This document is subject to change at any time without notice.
Sophos Limited is a company registered in England number 2096520, whose registered office is at
The Pentagon, Abingdon Science Park, Abingdon, Oxfordshire, OX14 3YP.
In this chapter you will learn the RECOMMENDED KNOWLEDGE AND EXPERIENCE
key functions performed by ✓ Experience of Sophos Central and InterceptX
Sophos Firewall. ✓ Practical knowledge of networking, including
subnets, routing, VLANs, and VPNs
✓ Experience configuring network security
devices
✓ Knowledge of fundamental encryption and
hashing algorithms and certificates
DURATION
10 minutes
in this chapter you will learn the key functions performed by Sophos Firewall.
Sophos Firewall is a comprehensive network security device, with a zone-based firewall, and
identity-based policies at its core.
Sophos Firewall does not only protect wired networks, but as a wireless controller for Sophos
access points, can provide secure wireless networking functionality.
There are features purpose built to help universities, higher education, K-12, and primary or
secondary educational institutions overcome key challenges. For example, powerful web filtering
policies, built-in policies for child safety and compliance.
With Sophos Firewall and SD-RED you can connect sites across your geographically-distributed
network.
Sophos Firewall works together with Sophos Central and Intercept X in real time. So, when either
Sophos Firewall or Intercept X identifies a threat, they work together to provide health and threat
monitoring, lateral movement protection as well as synchronized application control and
synchronized user ID.
Sophos Firewall can be deployed using preconfigured virtual machines in the cloud where cloud
servers can be secured, protecting them against hacking attempts.
Sophos Firewall includes a comprehensive built-in reporting engine, which allows you to easily drill
down into reports to find the information you need.
It also provides comprehensive next-generation firewall protection that exposes hidden risks,
blocks unknown threats, and automatically responds to incidents.
Superior visibility into risky activity, suspicious traffic, and advanced threats helps you regain
control of your network.
Powerful next-gen protection technologies, like deep learning and intrusion prevention, keep your
organization secure.
Automatic threat response instantly identifies, and isolates compromised systems on your network
and stops threats from spreading.
See it
Stop it
Secure it
The control center appears as soon as you sign in. It provides a single screen snapshot of the state
and health of the security system with its traffic-light style indicators, which immediately draw
attention to what matters most.
Immediately you can see your top risks related to heartbeat, apps, payloads, users, threats,
websites and attacks.
Secure it
Sophos Firewall analyzes incoming and outgoing network traffic (for example, DNS requests, HTTP
requests, and IP packets) for sophisticated attacks by using a full suite of protection technologies.
These include:
All benefit from over 30 years of threat intelligence data from Sophos Labs.
See it Phishing
Servers
Sophos Firewall
Infected Host
Secure it
Ransomware Attack
Threats like Emotet, and targeted ransomware, such as Matrix and SamSam, demonstrate the ways
cybercriminals are constantly changing their tactics to stay effective and profitable.
The next-gen advancements of Sophos Firewall and Intercept X, combined with the intelligence of
Synchronized Security, (which is covered in another chapter), and easy management of all products
within Sophos Central, are essential for maintaining protection and responding quickly to any
attack.
TLS inspection provides transparency into all the encrypted traffic on the network.
Deep packet threat protection is provided in a single engine for anti-virus, intrusion protection,
web protection, application control and TLS inspection.
Network Fastpath accelerates SaaS, SD-WAN, cloud traffic such as VoIP and video and other trusted
applications automatically or via defined policies. These are placed on the Xstreme Fastpath to
optimize performance.
Traditionally cybersecurity has involved creating a security perimeter and trusting that everything
inside that perimeter is secure. This is a vulnerable design as once an attacker or unauthorized user
gains access to a network, that individual has easy access to everything inside the network, where
they can progressively search for the key data and assets that are ultimately the target of their
attack.
Zero Trust is a relatively new and evolving approach to network design, but it's also part of a wider
mind-set based on the principle of trusting nothing and checking everything. With zero trust, no
user is trusted, whether inside or outside of the network.
SaaS
The number of users, who wish to work remotely, and use their own personal devices to access
corporate data and resources on untrusted networks, such as those in coffee shops, is increasing.
The use of SaaS apps, cloud platforms, and services, leaves some data outside of the corporate
perimeter. The use of public cloud platforms, means that many of the devices or services that once
ran within the corporate perimeter, are now run outside of it.
The principle of Zero Trust is to secure every device as if it was connected to the Internet.
ZT ZTNA
SD-RED
Service Edge Access
SD-WAN VPN
AWS Azure
Switch
Applications
Switch
Internet
Sophos Firewall
Users
On the firewall side, network segmentation or even micro-segmentation around your users,
devices, apps, networks, and so on, provides one of the key benefits of the Zero Trust strategy.
Dynamic policies are at the center of Sophos Firewall, with multiple sources of data available to
leverage as part of a policy. Identity, time of day, network location, device health, network packet
analysis – and more. All these different sources of data can be used in different combinations
depending on the scenario.
As a key example, Server Protection and Intercept X can be used to assign every device a health
status. In the event one is compromised, the devices can be automatically isolated.
Infected Host
Switch
Internet
Endpoint
Sophos Firewall
Application Server
Sophos Firewall uniquely integrates the health of connected hosts into your firewall rules, enabling
you to automatically limit access to sensitive network resources from any compromised system,
until it’s cleaned up.
This is made possible by Synchronized Security, which is our cross-portfolio approach to analyze
system and network activity, adapt to scenarios through dynamic policy, and automate complex
tasks like isolating machines and more.
Can expose hidden risks, stop unknown threats and isolate infected systems
Here are the three main things you learned in this chapter.
Sophos Firewall is a comprehensive network security device, with a zone-based firewall, and
identity-based policies at its core.
The firewall can expose hidden risks, use next-gen protection technologies to stop unknown
threats, while automatic threat response identifies, and isolates compromised systems.
Sophos Firewall can support ZTNA by providing network segmentation and lateral movement
protection.