What is the difference between an XG and XGS firewall?
On 21 April 2021, Sophos introduced the new XGS firewall series. This is considered the successor to the XG firewall series, which will be withdrawn from sale by the end of 2021 at the latest.
The new XGS series offers significant changes compared to the XG series and takes network protection to a whole new level. Anyone who buys a new firewall from Sophos will naturally go for the XGS series without thinking twice. This article is therefore much more for customers who still have an XG firewall and would like to find out whether an upgrade to the new XGS series is worthwhile at all.
The three most important differences
The new XGS series may look similar to the XG series from the outside, but under the bonnet it presents a completely new hardware platform.
- Dual Processor Architecture: Unlike the XG Series, the new XGS Series features a dual processor architecture that combines the multi-core CPU with the brand new Xstream Flow processor for hardware acceleration.
- Many ports and flexible connectivity: The new XGS series offers a range of built-in and optional expandable connectivity options. Compared to the XG series, the new models offer fundamentally more ports and in some cases more connection options for external modules. Sudden changes to the infrastructure can thus be better mastered with the new XGS firewalls.
- Extra strong performance with full protection: An XGS series with SFOS v18 provides an enormous performance increase compared to an XG series with SFOS v18. Depending on which performance statistic you look at, the XGS series offers up to 3 times better performance than the XG series. For an XG firewall with v17 and an XGS firewall with v18, the performance difference is even greater.
The Xstream Architecture
The XGS series features a new Xstream Flow Processor that significantly improves the performance of the XGS over the XG Firewall. This is due to the Xstream architecture introduced in SFOS v18.
The Xstream architecture introduced in v18 is an efficient way to handle traffic by consolidating security into a single streaming deep packet inspection engine. It creates a virtual fast path to offload previously verified and trusted traffic and is of great benefit for applications with real-time data such as SaaS and cloud applications.
In the XG series, the Xstream architecture is entirely software-based, but in the XGS series Sophos has added a hardware layer with the Xstream Flow Processor. This provides a dedicated fast path for app acceleration. All this means less load on the CPU, which can focus all resources on core firewall tasks and deep packet inspection, significantly improving latency and providing much more efficient network protection.
If the advantages of the new XGS series have convinced you, you can find the equivalent of your XG in the following chart. Only the XG 750 does not have a direct counterpart at the moment. However, due to the significant increase in performance of the XGS series, the XGS 6500 can be used here without further ado, so there is no gap in the portfolio.
Note: The XGS 7500 and XGS 8500 models will follow in 2022.
The only true Sophos Firewall
At the time of publishing this article, there is an SG series, an XG series and now a new XGS series. So when people talk about a “Sophos Firewall” at the moment, it’s never quite clear which series is meant. As can be seen on the Sophos website, in future they only want to talk about the Sophos Firewall and the Sophos Firewall OS (SFOS). This will then be considered to be an XGS Firewall with the SFOS. The SG and XG series will therefore no longer play a role in Sophos’ plans.