Sophos Switch – What you need to know about the new product
Right now there are two really exciting topics around Sophos: Zero Trust Network Access and the new switches. This post is about the latter, and by now we have gathered almost all relevant information.
Hardware: 10 models
Let’s start with what we already know about the hardware of the Sophos Switches. To make sure no one feels overwhelmed by the product names or has to piece together all the differences from the product table, the naming scheme and the main hardware differences are explained first. The names of the Sophos switch models already reveal quite a bit about the technical specifications. The CS110-48FP switch in the following image is an example:
There will be the following 10 Sophos switch models:
100 Series – 1 Gbps
- 8-port models: CS101-8, CS101-8FP
- 24-port models: CS110-24, CS110-24FP
- 48-port models: CS110-48, CS110-48P, CS110-48FP
200 Series – 2.5 Gbps
- 8-port models: CS210-8FP
- 24-port models: CS210-24FP – available mid 2022
- 48-port models: CS210-48FP – available mid 2022
You can find all technical specifications in the Sophos Switch datasheet or on the individual product pages for the switches.
Thanks to Sophos for the test device 🙏
Back in October we received a Sophos Switch CS110-48P from Sophos as a test device. Many thanks to Sophos for giving us the opportunity to try out and test this great device ourselves. Here are a few photos of the CS110-48P switch:
Hardware only or with a license
The Sophos Switches can be purchased with or without a license. If you choose the hardware only option (without a license), the following features are included:
Local web management – The Sophos Switch can be managed directly in the browser without any restrictions.
Command line interface (CLI) – The Sophos Switch can also be managed via the console, again without any restrictions.
Limited lifetime warranty – The Sophos Switch is covered by the warranty until it reaches its end-of-life. When Sophos talks about “lifetime” here, this refers to how long Sophos supports the product. At the moment, you can expect at least five years.
Added value of the subscription
At the moment, the added value of the subscription consists of the following points:
- Sophos Central management – The Sophos Switch can be managed via Sophos Central.
- Advanced RMA support – Fast processing in the event of a hardware defect
- 24 × 7 phone support
- Firmware updates
If the subscription is not renewed, there is no longer any phone support, the warranty reverts to the standard level, Central management becomes read-only and firmware updates have to be installed locally again.
Subscription price
Sophos sets the price for service and support at 10% of the hardware price, or 8% for a three‑year license.
Admittedly, at the moment the subscription features are still rather weak. It is a bit like choosing the autopilot when buying a Tesla. You are mainly buying the potential that is still to come. For the switch this would be features such as Synchronized Security or XDR/MTR functions.
Local GUI
Now that the models and purchase options have been covered, let’s look at switch management. We have been running the device productively in our environment for a few weeks already. The hardware makes a solid impression, as expected, but it is the software that can really make the hardware stand out. Even in this early version, it already feels excellent and stable. The GUI is available in nine languages: English, Spanish, Italian, German, French, Portuguese, Chinese, Japanese and Korean.
There is also a dark mode, and the interface is more responsive than what many are used to from other Sophos products. In some places, loading times are still a bit slow, but these have already improved significantly with the latest firmware and should be fully fixed by the final release.
Here are a few impressions of the web interface:
Switch management via Sophos Central
Sophos offers several ways to manage the new switches. They can be configured locally via the web interface or CLI (command line) and, if needed, via SNMP as well. The easiest and most convenient option, however, is clearly the Sophos Central integration. This means firewalls, Access Points and switches – together with all other Central solutions – can all be managed from a single console.
Here are some initial impressions of what is currently possible with Central:
Availability
We know that quite a few people are already waiting for the Sophos Switches. Sophos is expected to deliver the first models in mid‑December 2021, but quantities will still be very limited. The situation is not expected to ease until February/March.
Conclusion
We have been dreaming of a Sophos Switch for several years. The product makes complete sense in the portfolio and rounds off the network range. In recent years, Sophos has mainly acquired software companies. Other vendors have had central dashboards for switches and Access Points for some time, but the firewall or endpoint was sometimes missing. With the switches, Sophos is adding an important product to its ecosystem.
There have been rumours for quite a while that Sophos was working on a switch series. All the more pleasing that the market launch has now gone ahead, even if only very small quantities will be available initially. Launching a new product in the middle of a global chip crisis is certainly a bold move and not an easy task.
Central Switch
The product name starts with CS, which stands for Central Switch. If you only buy the switch without the service and support subscription, you lose the Central part – which is exactly what makes the switch so interesting. Without Central management, the obvious question is why you should buy a Sophos Switch instead of another vendor’s product. Managing switches via Central, alongside firewalls, Access Points and the other Central modules in a single console, is therefore a major selling point for everyone already in this ecosystem or planning to build on it.
At the same time, the software will not be completely finished at the time of the switch launch. Exciting “killer features” such as Synchronized Security or XDR/MTR connectors are not expected until later on. In most cases, however, a switch is a long‑term purchase that will be used for more than three to four years. If Sophos delivers these functions within a reasonable timeframe, it is easy to overlook the initial gaps. In line with the motto “connecting points”, this central device in the network opens up a huge range of possibilities, and the upcoming features are only the beginning. 😎
Sophos Switches as the new standard
We already have several customers who have shown strong interest in the new Sophos Switches, and as soon as they become available we will be able to gain even more experience in additional environments. Based on what we have seen and tested so far, we can already say that Sophos Switches will be our first choice for suitable projects in future. Up to now we have mainly used switches from Ubiquiti, which have absolutely nothing wrong with them. But we like the Sophos ecosystem immensely, and the new switches make it even more powerful.
Update: The Sophos Switches were a good idea, but the portfolio has gaps (core switch) and the price–performance ratio is not quite right. Some promised features have still not been delivered a year later. You definitely get more for your money with other vendors.
Avanet opinion 2023‑12
