Official logo for Sophos Firewall (XGS)

Sophos Firewall (XGS)

by Sophos Ltd.

Free Tier Available
3.8
WAFPlanet Rating

Next-gen firewall (SFOS on XGS appliances) with a built-in reverse-proxy Web Application Firewall via its Web Server Protection module; the active successor to the end-of-life Sophos UTM.

Visit Website Documentation View Pricing
Company: Sophos Ltd.
Pricing: Appliance plus subscription (varies by appliance and subscription bundle)
Founded: 1985

Overview

Sophos Firewall is the company's next-generation firewall platform, running Sophos Firewall OS (SFOS) on XGS Series hardware appliances, as well as virtual, software, and cloud deployments (including Firewall in AWS and Azure). It is the active successor to the now end-of-life Sophos UTM, consolidating network security, threat protection, and management through Sophos Central.

Its Web Application Firewall is delivered through the Web Server Protection module, which runs as an Apache-based reverse proxy in front of internal or external web servers. The WAF provides form hardening, URL hardening, cookie signing, antivirus scanning, and protection against common web attacks such as SQL injection, cross-site scripting, and directory traversal. WAF rules let administrators publish virtual web servers, apply reverse-proxy authentication, and restrict client networks without manually configuring DNAT and firewall rules.

The WAF is one module within a broader firewall platform rather than a standalone cloud WAF, so it is best suited to organizations that want application protection alongside their network security in a single appliance.

Ratings Breakdown

Ease of Use 3.9/5
Value for Money 4.0/5
Customer Support 3.8/5
Features 3.7/5

Key Features

Reverse-Proxy WAF

Apache-based reverse proxy that protects published web servers against SQL injection, cross-site scripting, directory traversal, and other common web attacks.

Form Hardening

Signs and validates form fields to prevent manipulation of submitted web forms.

URL Hardening

Restricts accessible URLs based on the learned structure of the protected application.

Cookie Signing

Cryptographically signs cookies to detect and block tampering.

Reverse-Proxy Authentication

Adds basic or form-based authentication policies in front of published web servers via WAF rules.

Antivirus Scanning

Scans uploads and traffic to protected web servers for malware as part of Web Server Protection.

Pros & Cons

Pros

  • Active, supported platform

    The current Sophos Firewall (SFOS on XGS) replaces the end-of-life UTM and continues to receive updates and new features.

  • WAF bundled with the firewall

    Web Server Protection adds reverse-proxy application security without buying a separate product.

  • Free Home Edition

    Full-featured, non-commercial Home Edition runs on your own hardware or VM with no IP limit.

  • Centralized management

    Managed through Sophos Central alongside other Sophos security products.

Cons

  • Not a dedicated WAF

    The WAF is a module within a network firewall, not a purpose-built or cloud-native WAF.

  • Opaque pricing

    No public flat pricing; commercial licensing is quote-based through partners and varies by appliance and subscription.

  • Appliance-centric

    Best suited to on-premises or self-managed deployments rather than fully cloud-native application stacks.

Pricing

Pricing model: Appliance plus subscription (varies by appliance and subscription bundle)

Home Edition

Free

Free for non-commercial home, lab, and educational use; full SFOS feature set on your own hardware or VM, with no 50-IP cap that the old UTM Home Edition had.

  • Full Sophos Firewall (SFOS) feature set
  • Web Server Protection WAF module included
  • Runs on your own hardware or virtual machine
  • Non-commercial use only

Xstream Protection (Commercial)

Custom pricing

Appliance plus subscription bundle sold through Sophos partners and resellers; pricing varies by appliance model and term, with quotes provided on request.

  • Base firewall license
  • Network Protection
  • Web Protection and Web Server Protection (WAF)
  • Zero-Day Protection and AI-powered threat detection
  • Central Orchestration and enhanced support

Our Verdict

Sophos Firewall (SFOS on XGS) is the active successor to Sophos UTM and bundles a capable reverse-proxy Web Application Firewall through its Web Server Protection module. For organizations that already run Sophos for network security, it adds solid application protection without a separate product.

Our verdict: A strong choice as an integrated WAF layer within a Sophos firewall deployment, but not a substitute for a dedicated, cloud-native WAF on high-scale public web properties.

CVE Coverage

Sophos Firewall (XGS) can detect and block attacks matching 105K+ known CVEs based on its supported rule sets.

13K+
Critical
25K+
High
44K+
Medium
1.7K+
Low

Coverage by Attack Type

Cross-Site Scripting (XSS) High
45K+ CVEs
SQL Injection High
19K+ CVEs
Improper Input Validation Medium
12K+ CVEs
Path Traversal High
9.1K+ CVEs
Code Injection Medium
6.5K+ CVEs
OS Command Injection High
5.9K+ CVEs
Unrestricted File Upload Medium
4.1K+ CVEs
Command Injection High
3.6K+ CVEs
Open Redirect Medium
1.5K+ CVEs
XML External Entity (XXE) High
1.2K+ CVEs

Latest Blockable CVEs

CVE Severity
CVE-2026-49294 UNKNOWN
CVE-2026-20262 MEDIUM
CVE-2026-9863 UNKNOWN
CVE-2026-9862 UNKNOWN
CVE-2025-15659 UNKNOWN
CVE-2025-15658 UNKNOWN
CVE-2026-52704 UNKNOWN
CVE-2019-25746 HIGH
CVE-2018-25436 CRITICAL
CVE-2016-20084 HIGH
Browse all CVEs →

Frequently Asked Questions

Is Sophos Firewall the replacement for Sophos UTM?

Yes. Sophos Firewall, running Sophos Firewall OS (SFOS) on XGS Series appliances, is the active successor to the end-of-life Sophos UTM. Sophos has migrated its development and support to this platform, so new deployments should use Sophos Firewall rather than UTM.

Does Sophos Firewall include a WAF?

Yes. Sophos Firewall includes a Web Application Firewall through its Web Server Protection module, an Apache-based reverse proxy that protects published web servers with form hardening, URL hardening, cookie signing, antivirus scanning, and protection against attacks such as SQL injection and cross-site scripting.

Is there a free version of Sophos Firewall?

Yes. The Sophos Firewall Home Edition is free for non-commercial home, lab, and educational use. It provides the full SFOS feature set on your own hardware or virtual machine, including the WAF module, and unlike the old UTM Home Edition it has no 50-IP limit.

How is the WAF different from a dedicated cloud WAF?

The Sophos WAF is a module within a network firewall appliance, operating as a reverse proxy in front of your web servers, rather than a standalone cloud-delivered service. It is ideal for adding application protection to an existing Sophos deployment, but it is not a cloud-native WAF/CDN platform for large public web properties.

How much does Sophos Firewall cost?

Commercial pricing is not published as a flat rate. It uses an appliance plus subscription model, typically the Xstream Protection bundle, and varies by appliance model and term. Quotes are provided through Sophos partners and resellers. The Home Edition is free for non-commercial use.

Ready to try Sophos Firewall (XGS)?

Start with the free tier and upgrade as you grow.

Visit Website View Pricing