Businesses that want to avoid the extra cost of on-premises hardware security appliances will find Sophos’ Firewall Virtual appealing. Supporting all the main hypervisors, including VMware, Hyper-V, Citrix, and KVM, it allows businesses to virtualize all their security services and extend protection to the network perimeter, endpoints, and virtual environments.
There are no compromises on features as it delivers the same tough security measures as Sophos’ XGS desktop and rackmount appliances. It’s flexible too, as you can choose from a wide range of virtual models with licensing based on the number of virtual CPUs (vCPUs) and memory.
Licensing starts with one vCPU core and 2GB of RAM and goes all the way up to unlimited cores and memory. Even better, you can upgrade them in the future if you need to increase performance.
Sophos Firewall Virtual review: Installation and deployment
Broadcom’s new VMware licensing strategy appears to have upset a lot of people so for our review, we opted to use Microsoft’s Hyper-V and installed Firewall Virtual on a Dell PowerEdge server running Windows Server 2022. The process is simple enough as we downloaded the ZIP file from Sophos’ support site which contained primary and auxiliary virtual hard disks (VHDs).
Virtual machine (VM) creation is swift as you assign the primary VHD and a virtual switch which is your LAN connection to the appliance. Next, you add the auxiliary VHD and a second switch for the appliance’s WAN connection and power it up.
From here on, deployment is no different to the hardware appliances as you point a browser at the VM’s LAN address and follow the quick start wizard. Commendably, it started by updating the firmware to the latest SFOS v20 and insisted we change the default admin password.
It then assists with setting up LAN and WAN port address assignments plus DHCP services. We opted for routed mode so the appliance provides all security functions and the wizard enabled a default set of firewall security policies which included web filtering, anti-malware, and zero-day protection. If you want to try it out, let the wizard assign a temporary serial number which enables a 30-day trial of the SFVUNL unlimited version with all security services enabled
Sophos Firewall Virtual review: Security features
Sophos offers a good range of flexible licensing options with the XStream Protection bundle enabling everything on its books. Along with the base firewall license, this includes the network, web, and zero-day protection modules, deep packet inspection, central orchestration, and enhanced 24/7 support.
There is one catch as the XGS hardware appliances employ a dual-processor architecture that uses Sophos’ Xstream flow processors to provide a dedicated hardware acceleration layer for the firewall, TLS 1.3 inspection, and IPsec VPNs. Called FastPath, the VMware version can use the VM’s vCPUs for firewall acceleration only and this function isn’t supported at all in Hyper-V with Sophos recommending turning it off from the CLI.
That aside, the virtual appliance offers all the same security measures and uses policies to combine firewall rules, service filters, and time schedules with other functions such as web and application filtering, intrusion detection, and email anti-spam for all common messaging protocols. A filtering feature makes it easy to find specific rules within complex policies and you can reset traffic counters back to zero without requiring an appliance reboot.
Application filters are extensive as Sophos currently provides over 3,600 predefined apps and you can create multiple custom policies that can be easily applied to specific firewall rules. Web filtering services are equally good as you have over 90 categories you can choose to block or allow and a predefined set of policies are included to get you started.
Sophos Firewall Virtual review: Monitoring and cloud services
The appliance’s web interface opens with the Control Center dashboard which tells you everything you need to know about your security posture. It shows network activity, appliance utilization plus security issues and provides graphs for blocked and allowed applications and web categories with the User and device Insights section revealing activity for SSL inspection, ATP (advanced threat protection), and zero-day protection.
Cloud application usage is closely monitored and a list of those identified by the appliance is presented in the Control Center. One-click takes you to the cloud app list so you can decide whether to allow them. Permitted apps must be sanctioned by an administrator, unsanctioned ones will be marked and blocked while tolerated apps can be allowed but with a QoS (quality of service) rule applied to control bandwidth usage
Remote management is enabled when you register and authorize the appliance with your Sophos Central cloud account which now offers customizable dashboards. The firewall management section provides a report hub for viewing all security and policy events and you can load the Control Center interface from here as well.
Sophos Central also brings the appliance’s Synchronized Security feature into play. This uses a heartbeat to monitor systems running the Sophos Intercept X endpoint agent and can isolate all systems in the same network zone if malware is detected on any of them.
Make sure you enable traffic logging on each firewall rule as this allows the appliance to gather information for its reporting services. It’s worth it as Control Center can provide a wealth of valuable information so you can keep a close eye on areas such as firewall, malware, threat, application, web content filtering, and spam activity.
Sophos Firewall Virtual review: Is it worth it?
For network perimeter security services, the Sophos Firewall Virtual is a cost-effective alternative to hardware appliances and makes a lot of sense for businesses already heavily invested in virtualization. The Hyper-V version we tested doesn’t support the FastPath feature but all the other security measures you’d expect to see in Sophos’ XGS hardware appliances are present and correct, it’s just as easy to deploy and can be easily upgraded with a new license to keep in step with demand.
Sophos Firewall Virtual requirements
Hypervisor – Microsoft Hyper-V, VMware ESXi 7, KVM, Citrix, Nutanix Prism
This post was originally published on the 3rd party site mentioned in the title of this this site