Sophos Firewall Threat Feeds
Avanet’s Sophos Firewall Threat Feeds extends Sophos Firewall v21+ with automated blocklists (threat feeds) from third-party providers. This allows Indicators of Compromise (IoCs) – such as malicious IP addresses, domains or URLs – to be automatically stored and blocked in the firewall without administrators having to manually maintain each threat. This increases security by using current community and OSINT data to proactively block malware domains, botnet controlServer or phishing websites, for example.
Topics
What are threat feeds?
Threat feeds are lists of indicators of compromise (IoCs), such as malicious IP addresses, domains and URLs. These feeds come from external sources, such as security organizations, industry consortiums or open source communities, and allow your Sophos Firewall to automatically block traffic from known threats. Integrating these feeds into your firewall provides a proactive defense that stops attacks before they reach your network. In Sophos Firewall v21, this feature has been enhanced with support for third-party feeds implemented via the Active Threat Response framework.
The advantages are clear:
- Proactive protection: block threats before damage occurs.
- Flexibility: Use feeds from different providers, tailored to individual requirements.
- Automation: The firewall blocks automatically; manual intervention is no longer necessary.
Requirements for threat feeds
To be able to use the Threat Feeds function, you need the Xstream Protection bundle license for Sophos Firewall. This bundle includes advanced security features that enable the firewall to efficiently process and respond to threat information. Without this bundle, the use of third-party feeds is not possible, as it provides the necessary modules for processing the IoCs.
Standard vs. Premium Threat Feed – by Avanet
We understand how important reliable and up-to-date threat information is for your network security. That’s why we offer two carefully curated threat feed options specifically optimized for Sophos Firewalls.
Our feeds are compiled from a variety of reputable sources to ensure comprehensive and reliable threat detection. The Standard Feed offers a free way to improve your security, while the Premium Feed, with its higher update frequency and larger number of feeds, is ideal for organizations that require maximum security.
The following table compares the two options in detail:
| Standard feed | Premium Feed | |
|---|---|---|
| 💰 Price | free of charge | free of charge for subscription customers, otherwise chargeable |
| 🔁 Update interval | every 24 h | every 1 h |
| 🛡️ IPv4 feeds | 3 lists (≈37,000 IPs) | 20+ lists for maximum security (≈75,000 IPs) |
| 🌐 Domain / URL feeds | 2 curated lists | 10+ curated lists for maximum security |
| 🔓 Access | publicly available | exclusively for customers |
To summarize: The Standard Feed offers solid basic protection with minimal administration – ideal for entry-level or smaller environments. The Premium Feed is aimed at demanding environments that require comprehensive protection: Here, significantly more threat sources are subscribed to and updated much more frequently to block newly emerging IoCs in near real time.
The integration of our Sophos Firewall threat feeds is straightforward and user-friendly. Our feeds are fully compatible with the third-party threat feed function of Sophos Firewall and can be easily added via the firewall’s web interface. We provide you with the required feed URLs and detailed configuration instructions to make the process as smooth as possible.
How can I add a threat feed?
- Open menu Protect → Active threat response → Third-party threat feeds → Add
- Enter basic data
- Name: avanet-basic-ipv4
- Description: Avanet Feed – Free Version
- Define indicator type & rules
- Indicator type: IPv4 address, domain or URL
- Action: Block
- Store feed URL
- Insert the appropriate address from the Avanet feed list in the External URL field.
- Set polling interval
- Polling interval: 24 h (for the free version)
- A shorter line does not help, we only update the standard feed every 24 hours.
- Polling interval: 24 h (for the free version)
- Configure authentication (optional)
- Authorization: None
- Test & save connection
- Execute test connection → Save.
For step-by-step setup instructions, we recommend the Sophos documentation.
Conclusion
With Sophos Firewall threat feeds, you can take network security to the next level. Our curated feeds eliminate the complexity of feed management. Whether you choose the free standard feed or the comprehensive premium feed, both provide reliable, regularly updated threat information and protect your network.
Further details or registration for the premium feed can be found on the contact page.