What is the difference between an XG and XGS firewall?

On April 21, 2021, Sophos introduced the new XGS Firewall Series. This is the successor to the XG Firewall series. The XG series is End-of-Sale. The countdown to the End-of-Life date for the XG series has begun. At the end of March 2025, the Sophos XG Firewall hardware will be End-of-Life.

The new XGS series features significant changes from the XG series and takes network protection to a whole new level. If you buy a new firewall from Sophos, you will naturally go for the XGS series without thinking twice. This article here is therefore much more for customers who still have an XG firewall and want to find out if it is even worth upgrading to the new XGS series.

The three main differences

The new XGS series may look similar to the XG series from the outside, but a completely new hardware platform presents itself under the hood.

• Dual processor architecture: Unlike the XG series, the new XGS series features a dual processor architecture that combines the multi-core CPU with the brand new Xstream Flow processor for hardware acceleration.
• Many ports and flexible connections: The new XGS series offers a range of integrated and optionally expandable connection options. Compared to the XG series, the new models basically offer more ports and partly more connection options for external modules. Sudden changes to the infrastructure can thus be better managed with the new XGS firewalls.
• Extra strong performance with full protection: An XGS series with SFOS v18 provides an enormous performance increase compared to an XG series with SFOS v18. Depending on which performance statistic you look at, the XGS series offers up to 3x better performance than the XG series. The performance difference is even greater for an XG firewall with v17 and an XGS firewall with v18.

The Xstream architecture

The XGS series features a new Xstream Flow processor that significantly improves the performance of the XGS over the XG Firewall. The reason for this is the Xstream architecture introduced in SFOS v18.

The Xstream architecture introduced in v18 is an efficient way to handle traffic by consolidating security into a single streaming deep packet inspection engine. It creates a virtual fast path to offload previously verified and trusted traffic and is of great use for applications with real-time data such as SaaS and cloud applications.

In the XG series, the Xstream architecture is entirely software-based, but in the XGS series, Sophos has added a hardware layer with the Xstream Flow processor. This offers a dedicated fast path for app acceleration. All this means less load on the CPU, which can focus all resources on core firewall and deep packet inspection tasks, significantly improving latency and providing much more efficient network protection.

Migration paths

If the advantages of the new XGS series have convinced you, you can pick out the corresponding equivalent of your XG in the following chart. Only the XG 750 does not have a direct counterpart at the moment. Due to the significant performance increase of the XGS series, the XGS 6500 can be used here without further ado, so there is no gap in the portfolio.

Note: The XGS 7500 and XGS 8500 models will follow in 2022.

The only true Sophos Firewall

At the time of this article’s publication, there is an SG series, an XG series, and now newly an XGS series. So when people talk about a “Sophos Firewall” at the moment, it’s never quite clear which series is meant. As can be seen on the Sophos website, in the future they want to talk only about the Sophos Firewall and the Sophos Firewall OS (SFOS). This then means an XGS firewall with the SFOS. So the SG and XG series will no longer play a role in Sophos’s plans.