Ultimate Sophos Firewall Buyers Guide

Our Ultimate Sophos Firewall Buyers Guide was designed to help small business owners, IT consultants, & network administrators understand the Sophos catalog so that buyers are confident in their network security decision. is committed to sharing plain-language product knowledge to our customers & partners.

Questions? Call toll-free at 317-225-4117 or email us at


Sophos firewalls offer unparalleled visibility into users, groups, PUAs, advanced threats, suspicious payloads, encrypted traffic, & more. All the most advanced technology you need to protect your network from ransomware is wrapped up in one unified threat protection platform. Tied into a greater Sophos Central platform with Sophos Synchronized Security, your network is protected in real-time.

Sophos Firewalls


Recommended User Counts – The most important consideration when buying a Sophos next-gen firewall is the number of users your network must support. User counts means more than just the number of employees in your organization. A user is defined as any desktop, laptop, printer, phone, tablet, or other Internet-connected device operating on your organization’s network.

For optimal security, get an accurate count of every user in your system. recommends leaving extra room for additional users in case your business grows or if you need to accommodate guest users. This also ensures there’s plenty of bandwidth for resource-heavy applications.

Throughput Speeds – A firewall’s throughput is a measure of the volume of Internet traffic that can pass through the firewall at any one time, based on the processing power of the hardware. Throughput is measured in Mbps (megabits per second) & Gbps (gigabits per second). Sophos datasheets list a variety of throughput statistics based on the types of security services, traffic, & protocols that the firewall is handling.

Max Firewall Throughput – Max Firewall Throughput is the highest throughput statistic you will see on any datasheet because it denotes the maximum possible processing speed of the hardware when no additional services are deployed. This is the “out of the box” speed &, for most usage cases, does not reflect how a firewall will perform in a real-world scenario.

SSL VPN Throughput – Secure Socket Layer (SSL) & Virtual Private Networks (VPN) refer to communication protocols that govern how information is encrypted & transmitted between a source & its destination. Utilizing SSL VPN tunnels is the most secure means for remote workers, outposts, & branch offices to access resources from the primary database. Because a VPN is a private connection, throughput speeds are dependent on the kinds of data being transferred as well as the performance potential of the gateway encrypting & decrypting the traffic that passes through it.

IMIX Throughput – IMIX, or Internet Mix, refers to simulated traffic passing through a firewall to emulate how the hardware would perform in a real-world environment. IMIX throughputs represent the performance a firewall was able to achieve while handling a variety of packet sizes & traffic patterns. Internet Mix profiles are based on real-world samples captured by a selection of Internet routers & security sensors. This statistic will closely reflect the actual performance you can expect on your network. Recommends:

Business data is most secure when utilizing advanced scanning functions like Deep Packet Inspection & dedicated secure VPN tunnels. Shopping for firewalls based on Full DPI Throughput & SSL VPN Throughput guarantees your organization has plenty of performance potential to accommodate advanced services. When in doubt, assume your network will perform at 50%-70% of the throughput speeds listed on datasheets, leaving ample space for your network to grow.

Site-to-Site VPN Tunnels – Site-to-site VPN tunnels allow fixed-location Local Area Networks (LANs) to extend secure conduits to the main office intranet. DPI-SSL is included standard with any current generation Sophos firewall. Sophos datasheets outline the maximum number of tunnels that a firewall can accept from remote LANs. These system specification tables will also include the max number of IPSec VPN clients supported.

Form Factor – The form factor of an appliance is the size & shape of the hardware. Most firewalls will have either a desktop form factor or rackmount form factor. Desktop form factor indicates that the firewall is a compact appliance, small enough to comfortably sit atop a desktop, while rackmount form factor specifies that the appliance was designed to be secured in a standard 19-inch server rack. Rackmount-sized appliances will sometimes indicate how many rack units (RU) the device occupies.

Wireless Support – Some organizations prefer wireless firewall solutions in lieu of appliances that must be connected via Cat5E/Cat6 cabling. Wired networking solutions are generally considered more reliable & more stable, especially because signals are not influenced or impeding by other connections. Wired appliances are generally much faster with data transfer speeds constantly improving thanks to the introduction of Gigabit interfaces. Wireless solutions such as Sophos wireless firewalls, however, do carry the benefit of additional mobility & flexibility of deployment, being able to reach any location without the limitations of physical cables. Wireless environments can also be installed more easily as they require less equipment & planning. Recommends:

Before making your cybersecurity investment, take stock of all the physical attributes of your facilities. Are building materials conducive or unfavorable to wireless signal transmission? Are power outlets plentiful & easy to reach? Are there certain areas that should be off-limits for Internet connectivity? Physical security should be an important concern when laying out your network & may impact the final hardware details you select.

Learn More About Firewall Tech Specs

Saving Money with Sophos

Sophos bundles their best-selling solutions together in comprehensive bundles so that customers can save money. Offered in 1-year, 3-year, & 5-year terms, bundles are progressively discounted to shave dollars off your expenses when you plan for long-term security.

In almost all situations, buyers should be looking to bundle their firewall with additional services or support. Appliance only purchases are typically only advisable if the hardware is going to be added to an existing network & should never be used for primary firewall protection.

FullGuard & FullGuard Plus – FullGuard bundles consist of Network Protection, Web Protection, Email Protection, Web Server Protection, & Enhanced Support. This is ideal for SMB businesses & enterprises that maintain their own online web servers or cloud-based servers. The inclusion of Web Server Protection secures your website & signals to customers that you’re serious about securing their data. The FullGuard Plus bundle includes Sandstorm Cloud-Sandbox Protection in addition to the services listed here.

TotalProtect & TotalProtect Plus – TotalProtect bundles are the most convenient way for organizations of all, sizes to deploy a new firewall & comprehensive services while saving both time & money by bundling. TotalProtect bundles include XG Firewall base licensing & all of the services outlined above in the FullGuard Bundles.

Note that you may also find bunded security services in FullGuard or EnteprriseGuard versions. A Sophos firewall bundle that contains the word "Protect" indicates a hardware bundle that includes a firewall appliance bundles with licensing. A Sophos bundle denoted by "Guard" includes only software.


Sophos offers a wide variety of security add-ons & upgrades to guarantee your business data is always safe. Offers may be either a one-time upgrade or a recurring subscription. Similar to bundled solutions, customers can save substantially by opting for 1-Year, 2-Year, or 3-Year subscriptions. Below you will find brief overviews of the individual services offered by Sophos.

Sophos Network Protection - Intrusion prevention, advanced threat protection, & the Sophos Security Heartbeat provide networks with robust perimeter defenses

Sophos Email Protection - Scans inbound & outbound inbox traffic & fully supports SMTP, POP3, & IMAP protocols

Sophos Web Protection - Real-time visibility & control, enhanced web filtering, pre-built URL blacklist, Smart Filters, & threat intelligence updates from SophosLabs

Sophos Web Server Protection - Reverse proxy & web application firewall that offers SSL offloading & authentication services to prevent data loss

Enhanced Support - 24x7 Sophos support via phone, email, or web portal, along with warrant repair/replace for malfunctions

Sophos Sandstorm - Cloud-based sandboxing that quarantines potentially dangerous code & detonates payloads in a safe virtual environment

Sophos Synchronized Security

GETTING MORE OUT OF YOUR SOPHOS FIREWALL Standard & Advanced Sophos Configurations – Just say no to the set-up wizard. It’s time to take the guesswork out of network security.’s in-house team of certified & specialized network architects completes all configuration work at our Indianapolis Security Operation Center (SOC), where full-time administrators optimize your network performance & security. Our team will complete a comprehensive survey of your network needs & configure your appliance to get the most out of your investment. By the time your hardware is delivered, it is fully loaded with a personalized configuration for an intelligent plug-n-play experience.

The team will set up VPN tunnels, access points, co-location lockdowns, remote access & VoIP, configure granular content filtering, integrate the active directory, & establish purpose-built firewall policies, along with much more. Our proprietary 99-step configuration methodology leaves no stone unturned when it comes to transforming your network into a cyber fortress.

Learn More About Configurations Managed Security Service – For small businesses, maintaining a robust IT staff may be a challenge. employs a team of dedicated Sophos professionals that can monitor, report, & mitigate attacks on your network around the clock, allowing you to get back to doing what you do best: running your business. Stop worrying about firmware updates & network downtime. Our peace-of-mind security services ensure a rapid response to whatever the bad guys throw at you. MSS delivers unlimited personalized support, proactive firmware updates, configuration changes, alerts, proactive threat detection, Web-based activity reporting, & equipment repair/replace. Managed Security Service is a month-to-month subscription service with no long-term commitments. Your network receives quarterly health checks to ensure your firewall is constantly evolving to meet the challenges of the threat landscape.

Learn More About Managed Security Services

Sophos Support – Sophos offers standalone support contracts to extend technical support, firmware updates, & an extended warrant for your Sophos firewall. SophosLabs support is delivered via email, telephone, or web-based portal so that help is always within arm’s reach.

Learn More About Sophos Support

About Sophos

Sophos evolves continuously, bringing together the most advanced network security appliances with industry-leading endpoint & EDR solutions that integrate seamelessly into a unified, end-to-end network security infrastructure.




Sophos Synchronized Security – Synchronized Security allows the individual aspects of your security setup to communicate in real time and& make decisions based on complete context. Providing instant insights into unidentified software, services like Synchronized App Control grant high levels of detailed oversight for your admin. This includes the ability to map unknown applications, organize them into categories, & prioritize bandwidth for mission-critical processes. Sophos Threat Cases provide authomated, guided incident response that shares information aross your systems to make instantaneous decisions about suspicious activity.

Learn More About Synchronized Security

Sophos Security Heartbeat - The Sopos Security Heartbeat is the real-time pulse that courses through every aspect of your network, allowing multiple appliances & services to communicate & reach automated security decisions. For example, if the Security Heartbeat detects that an endpoint on your network has been infected, that endpoint is immediately & autmatically isolated to prevent further infection. Sophos Heartbeat pumps information between endpoints such as desktops, laptops, mobile phones, tablets, Sophos firewalls, & all other security products to form the Synchronized Security system.

Learn More About Sophos Heartbeat

Why Choose Sophos?

Why choose a Sophos firewall? Don’t take our word for it. Below you’ll find just a handful of the industry awards lavished upon Sopos products, services, & vision. We use words like "industry-leading" & "award-winning" when we talk about Sophos Next Generation Firewalls, & below you'll find the proof in the pudding we're putting out.


Let’s face it: cybersecurity is complicated. encourages you to make an informed decision when purchasing any firewall because when the bad guys lose, we all win. Our account executives provide a low-pressure experience that’s heavy on product expertise & backed by decades of experience. wants you to be 100% confident in your network security investment before any transactions begin.

I'm Ready to Buy a Sophos Firewall

Also check out the Blog where you’ll find the latest Sophos news, our Cyber Threat Dictionary, & product knowledge that equips you to take on the cyber threat landscape.