Sophos XGS 2100 Next-Gen Firewall – US Power Cord (XG2ATCHUS)

The Sophos XGS 2100 is a high-performance 1U rackmount Next-Generation Firewall built for mid-to-large organisations and distributed enterprise environments that demand uncompromising network security without sacrificing performance. Powered by Sophos’ revolutionary Xstream Architecture — a dual-processor design combining a high-performance multi-core CPU with a dedicated Xstream Flow Processor — the XGS 2100 delivers hardware-accelerated TLS inspection, streaming deep packet inspection, and intelligent SD-WAN at wire speed, ensuring security and performance are never mutually exclusive.

Xstream Architecture — Hardware Acceleration at the Core

The XGS 2100’s dual-processor architecture is the defining feature that sets it apart from conventional firewalls. While the multi-core CPU handles complex policy processing, routing, and management tasks, the dedicated Xstream Flow Processor provides targeted hardware acceleration for the most demanding workloads — TLS decryption and re-encryption, IPsec VPN tunnel processing, and application-layer traffic inspection. This architecture delivers 30 Gbps firewall throughput with just 6 µs latency, and enables Xstream Network Flow FastPath to intelligently offload trusted, known-good traffic flows — such as SaaS application traffic, VPN tunnels, and SD-WAN paths — directly to the fast path, bypassing unnecessary reprocessing and dramatically improving overall network efficiency.

Xstream TLS Inspection — Full Visibility Into Encrypted Traffic

With over 90% of modern internet traffic encrypted, threat actors increasingly hide malware and exfiltration inside TLS tunnels. The XGS 2100’s Xstream TLS Inspection engine provides 1,100 Mbps of TLS decryption and re-encryption throughput with full support for TLS 1.3 — without requiring protocol downgrade — ensuring organisations maintain complete visibility into encrypted traffic flows without compromising security posture or compatibility. The intuitive policy engine with pre-packaged exceptions and a real-time TLS dashboard make deploying and managing SSL inspection straightforward, even at scale.

Xstream Deep Packet Inspection — Threat Protection Without Compromise

The high-performance Xstream DPI engine provides streaming deep packet inspection across all traffic flows without the latency penalty of traditional proxy-based architectures. The firewall stack completely offloads inspection processing to the DPI engine, delivering 5,800 Mbps IPS throughput, 5,200 Mbps NGFW throughput, and 1,250 Mbps threat protection throughput. This enables simultaneous next-gen IPS, web protection, application control, advanced malware protection, and sandboxing to run concurrently without creating bottlenecks — ensuring all threats are detected and blocked at line rate.

Advanced Threat Protection — Powered by SophosLabs Intelix

The XGS 2100 incorporates multi-layered threat protection powered by SophosLabs Intelix, Sophos’ cloud-based AI and deep learning threat intelligence platform. Real-time threat feeds, behavioural analytics, and static file analysis combine to detect and block the latest ransomware, zero-day exploits, advanced persistent threats (APTs), and sophisticated malware variants. Zero-Day Threat Protection (formerly Sandstorm) provides cloud sandbox analysis of suspicious files, detonating and analysing potential threats in an isolated environment before allowing them to reach end users. Deep learning models trained on hundreds of millions of samples provide proactive protection against both known and unknown threats.

Xstream SD-WAN — Intelligent, Application-Aware WAN

The integrated Xstream SD-WAN solution transforms the XGS 2100 into a powerful, cloud-managed SD-WAN edge device. Application-aware routing policies intelligently steer business-critical applications over the best available WAN link based on real-time performance metrics including latency, jitter, and packet loss. Zero-impact link transitions automatically and seamlessly reroute traffic during WAN disruptions without dropping sessions or impacting users. Support for SD-RED site-to-site tunnels enables cost-effective, secure branch connectivity. The Xstream FastPath acceleration of VPN tunnel traffic ensures SD-WAN overlays operate at hardware-accelerated speeds. Centralised cloud orchestration through Sophos Central simplifies multi-site SD-WAN deployment and management.

Flexible Connectivity and Modular Expansion

The XGS 2100 ships with 8 GbE copper ports (including 1 hardware bypass pair for continuous traffic flow during power cycles) and 2 SFP fiber uplink ports as fixed interfaces, providing a robust foundation for diverse network topologies. The single Flexi Port expansion slot accepts a wide range of optional modules — including 8-port GbE copper, 8-port GbE SFP fiber, 4-port 10GE SFP+ fiber for high-speed data centre uplinks, 4-port GbE bypass pairs for inline security deployments, and PoE+ modules for powering access points or cameras. Maximum total port density reaches 18 ports with a module installed. The multi-function LCD display with navigation buttons provides at-a-glance system status and local management capability without requiring a network connection.

Synchronized Security — Sophos Ecosystem Integration

The XGS 2100 integrates seamlessly with Sophos’ broader security ecosystem through Sophos Security Heartbeat — a unique technology that enables the firewall and Sophos-managed endpoints to share real-time security intelligence. When an endpoint detects a threat or compromise, it instantly communicates its health status to the firewall, which can automatically isolate the affected device, preventing lateral movement and containing breaches before they spread. Active Threat Response automates containment and remediation actions, dramatically reducing incident response time and the potential blast radius of security incidents.

Centralised Cloud Management via Sophos Central

All XGS Series firewalls are fully manageable through Sophos Central, Sophos’ unified cloud management platform. Sophos Central enables centralised policy management, real-time monitoring, firmware updates, and historical reporting across all firewall deployments from a single pane of glass. Cloud-based reporting provides up to 30 days of data retention with multi-firewall consolidated reporting, scheduled reports, and export capabilities. On-box historical logging and reporting (7-day retention) ensures local visibility even when cloud connectivity is unavailable. Support for XDR (Extended Detection and Response) and MDR (Managed Detection and Response) connectors extends threat visibility and response capabilities across the entire security estate.

Local Storage for Quarantine and Logging

Unlike many competing firewalls that rely entirely on external logging infrastructure, the XGS 2100 includes an integrated 120 GB SATA-III SSD for local quarantine storage, traffic logs, and system events — ensuring critical security data is always available on-device, reducing dependency on external SIEM or logging systems for initial triage and investigation.

Redundancy and High Availability

The XGS 2100 supports optional external redundant power supply connectivity via dedicated rear-panel connectors, enabling dual-PSU configurations for mission-critical deployments. Hardware bypass port pairs ensure network traffic continues flowing even in the event of appliance power failure or software crash, maintaining business continuity in high-availability network designs.

Ideal Applications: Mid-to-large enterprise branch offices, distributed enterprise WAN edge, campus network perimeter, data centre edge security, managed service provider deployments, retail chain security infrastructure, healthcare network protection, financial services compliance environments, and any organisation requiring high-throughput next-generation firewall protection with integrated SD-WAN and centralised cloud management.

Backed by Sophos’ global support network and available with Enhanced or Enhanced Plus support plans, the XGS 2100 delivers enterprise-class security performance with the simplicity of centralised cloud management.

—

Technical Specifications

Performance

• Firewall Throughput: 30,000 Mbps (30 Gbps)
• Firewall IMIX: 15,900 Mbps
• Firewall Latency (64-byte UDP): 6 µs
• IPS Throughput: 5,800 Mbps
• Threat Protection Throughput: 1,250 Mbps
• NGFW Throughput: 5,200 Mbps
• IPsec VPN Throughput: 12,000 Mbps (12 Gbps)
• IPsec VPN Throughput (IMIX): 3,000 Mbps
• SSL VPN Concurrent Tunnels: 2,500
• Xstream TLS Inspection Throughput: 1,100 Mbps
• Xstream TLS Concurrent Connections: 18,432
• Concurrent Connections: 6,500,000
• New Connections/Second: 134,700
• Recommended Users: 200–300

Fixed Interfaces

• GbE Copper Ports: 8x GbE RJ45 (10/100/1000 Mbps)
• 1x hardware bypass pair (ports 1 & 2)
• SFP Fiber Ports: 2x SFP (transceivers sold separately)
• Bypass Port Pairs (Fixed): 1
• Management Port: 1x RJ45 MGMT (dedicated out-of-band)
• Console Ports:
• 1x COM RJ45
• 1x Micro-USB (cable included)
• USB Ports:
• 2x USB 3.0 (front panel)
• 1x USB 2.0 (rear panel)
• Display: Multi-function LCD module with navigation buttons

Storage

• Internal SSD: 120 GB SATA-III (minimum, integrated)
• Usage: Local quarantine, traffic logs, system events
• Access: Front-accessible SSD bay (on select configurations)

Expansion (Flexi Port)

• Flexi Port Slots: 1x expansion bay
• Optional Flexi Port Modules:
• 8-port GbE copper
• 8-port GbE SFP fiber
• 4-port 10GE SFP+ fiber
• 4-port GbE copper bypass (2 hardware bypass pairs)
• 4-port GbE copper PoE+
• 4-port GbE copper
• 4-port 2.5 GbE copper PoE
• 2-port GbE Fiber (LC) bypass + 4-port GbE SFP fiber
• Max Total Port Density: 18 ports (with Flexi Port module installed)
• Max PoE (with Flexi Port module): 4 ports, 60W maximum total

Optional Add-On Connectivity

• SFP DSL module (VDSL2)
• SFP/SFP+ Transceivers (sold separately)
• External Redundant PSU (sold separately)

Xstream Architecture

• Processor Design: Dual-processor architecture
• High-performance multi-core x86 CPU
• Dedicated Xstream Flow Processor (hardware acceleration)
• FastPath Acceleration:
• Xstream Network Flow FastPath
• IPsec VPN tunnel traffic acceleration
• TLS/SSL decryption acceleration
• SaaS and SD-WAN traffic offload
• DPI Engine: High-performance streaming DPI (proxy-free)

Security Features

• Firewall:
• Stateful packet inspection (SPI)
• DoS/DDoS protection
• Advanced IPv4/IPv6 firewall
• Application-aware policy engine
• Intrusion Prevention:
• Next-Gen IPS (signature + behavioural)
• Custom IPS rules
• Protocol anomaly detection
• TLS/SSL Inspection:
• Xstream TLS Inspection engine
• TLS 1.3 full inspection (no downgrade)
• Latest cipher suite support
• Pre-packaged exceptions policy
• Encrypted traffic visibility dashboard
• Threat Protection:
• Deep learning malware detection (SophosLabs Intelix)
• Zero-Day Protection (cloud sandbox — formerly Sandstorm)
• Advanced Malware Protection (AMP)
• Behavioural threat analysis
• Ransomware protection
• Botnet/C&C blocking
• Web Protection:
• URL filtering (80+ categories)
• Web policy with HTTPS inspection
• Google/Bing SafeSearch enforcement
• YouTube educational filter
• Content filtering
• Application Control:
• 4,500+ application signatures
• Application-aware QoS
• Micro-app control
• Shadow IT visibility
• Email Protection: (with subscription)
• Anti-spam
• SPX email encryption
• Email DLP
• Lateral Movement Protection:
• Sophos Security Heartbeat
• Compromised host detection
• Automatic device isolation
• Active Threat Response (automated)
• Zero-Day Protection: Cloud sandbox file analysis (SophosLabs Intelix)

VPN

• IPsec VPN:
• Site-to-site (unlimited tunnels)
• Remote access IPsec
• IKEv1/IKEv2
• AES 128/256-bit encryption
• SHA-1/SHA-2 authentication
• PFS (Perfect Forward Secrecy)
• Dead Peer Detection (DPD)
• NAT-Traversal (NAT-T)
• Hardware-accelerated (Xstream FastPath)
• Throughput: 12,000 Mbps
• SSL VPN:
• Remote access (concurrent tunnels: 2,500)
• Browser-based clientless access
• Sophos Connect VPN client
• Split tunneling
• MFA/OTP support
• SD-RED Tunnels:
• Site-to-site SD-RED connectivity
• Simplified branch office VPN
• Zero-touch deployment
• VPN Protocols: IPsec, SSL/TLS, L2TP, PPTP (legacy)

SD-WAN

• Solution: Xstream SD-WAN (integrated)
• Link Selection: Performance-based (latency, jitter, packet loss, bandwidth)
• Routing: Application-aware policy-based routing
• Load Balancing: Per-session, per-packet, weighted
• Link Failover: Zero-impact seamless failover
• Orchestration: Sophos Central cloud orchestration
• FastPath: Xstream FastPath acceleration for VPN overlays
• WAN Types: Ethernet, DSL (with SFP module), LTE (with USB modem)
• Monitoring: Real-time WAN performance monitoring

Networking Features

• Routing:
• Static routing (IPv4/IPv6)
• Dynamic routing: OSPF, BGP, RIP
• Policy-based routing
• Multicast routing (PIM-SM, IGMP)
• IPv6: Full dual-stack IPv4/IPv6
• DHCP: Server, client, relay
• DNS: Proxy, split DNS, custom DNS
• NAT: Full NAT, PAT, DNAT, SNAT, NPT (IPv6)
• QoS: Application-aware QoS, traffic shaping, priority queuing
• VLAN: 802.1Q (unlimited VLANs)
• High Availability:
• Active-Active
• Active-Passive
• Session synchronisation
• Automatic failover

Management & Reporting

• On-Box Management: Sophos WebAdmin GUI (HTTPS)
• CLI: Console (RJ45/Micro-USB), SSH
• Cloud Management: Sophos Central
• SD-WAN Orchestration: Sophos Central (SFOS 18.5 MR1+)
• API: REST API
• SNMP: v1/v2c/v3
• Syslog: Local and remote (syslog server)
• Reporting:
• On-box: 7-day historical logs and reports
• Sophos Central: 30-day cloud reporting
• Multi-firewall consolidated reporting
• Scheduled reports and export
• XDR/MDR Connector: Sophos XDR and MDR service integration
• Zero-Touch Deployment: Sophos Central provisioning
• Firmware Updates: Centralised via Sophos Central or on-box

Authentication

• Local Database: Users and groups
• LDAP/Active Directory: Integration (AD SSO)
• RADIUS: Authentication and accounting
• TACACS+: Authentication
• SAML 2.0: Single Sign-On
• MFA/OTP: Time-based OTP, hardware tokens
• Captive Portal: Guest and user authentication
• Sophos Transparent Authentication Suite (STAS): Transparent AD authentication
• 802.1X: RADIUS-based port authentication

Physical Specifications

• Form Factor: 1U Rackmount
• Rack Size: 19-inch standard rack
• Dimensions (W x H x D): 438 x 44 x 405 mm (17.2″ x 1.73″ x 15.9″)
• Weight:
• Unpacked: 4.7 kg / 10.36 lbs
• Packed: 7 kg / 15.43 lbs
• Mounting: 2x rackmount ears included (rack rails sold separately — recommended for data centre use)
• Display: Multi-function LCD with navigation buttons (front panel)
• Cooling: Active (internal fans)

Power

• Power Supply: Internal auto-ranging AC-DC
• Input: 100-240V AC, 3-6A, 50-60 Hz
• Power Cord: US power cord included (XG2ATCHUS)
• Redundant PSU: Optional external redundant power supply connector (rear panel)
• Power Consumption (XGS 2100):
• Idle: 43W / 146.86 BTU/hr
• Maximum: 162W / 533.5 BTU/hr
• PoE addition (max): +76W / 260 BTU/hr

Environmental

• Operating Temperature: 0°C to 40°C (32°F to 104°F)
• Storage Temperature: -20°C to +70°C (-4°F to +158°F)
• Humidity: 10% to 90% non-condensing

Certifications

• CB, CE, UL, FCC, ISED (Canada), VCCI (Japan), CCC (China), KC (Korea), BSMI (Taiwan), RCM (Australia/NZ), NOM (Mexico), Anatel (Brazil)
• RoHS compliant

Software (Sophos Firewall OS — SFOS)

• Base License (Included with Hardware):
• Core firewall (stateful, NAT, routing)
• Site-to-site IPsec VPN (unlimited)
• SSL VPN (unlimited)
• SD-RED tunnels
• Basic WiFi controller
• On-box reporting (7-day)
• Sophos Central management

Subscription Bundles (Sold Separately)

• Standard Protection:
• Base License
• Network Protection (IPS, ATP, security heartbeat)
• Web Protection (URL filtering, app control, SSL inspection)
• Enhanced Support
• Xstream Protection:
• All Standard Protection features
• Xstream TLS Inspection
• Zero-Day Threat Protection (cloud sandbox)
• Sophos Central Cloud Reporting (30-day)
• XDR/MDR Connector
• AI-powered threat intelligence
• Enhanced Support
• Support Options:
• Enhanced Support (included with bundles)
• Enhanced Plus Support (upgrade — direct senior support access + appliance warranty)

Package Contents

• 1x Sophos XGS 2100 Firewall Appliance
• 1x US power cord
• 1x Micro-USB console cable
• 2x Rackmount ears
• 1x Quick Start Guide
• Note: SFP transceivers and rack rails sold separately

Warranty

• Hardware Warranty: Standard limited hardware warranty
• Extended Coverage: Available via Enhanced Plus Support subscription
• RMA: Available with valid support subscription

Ordering Information

• Part Number (Hardware Only): XG2ATCHUS (with US power cord)
• Related Models (Same Tier):
• XGS 2300 (higher performance, same form factor)
• Smaller Model: XGS 1300 / XGS 1500 (1U, lower throughput)
• Larger Model: XGS 3100 / XGS 3300 (1U, higher throughput)
• 2U Models: XGS 4300 / XGS 4500 (highest performance)

—

Important Notes:

• Performance figures measured under ideal conditions using Keysight-Ixia BreakingPoint test tools — actual performance varies based on configuration, active features, and traffic mix
• Hardware only — Standard Protection or Xstream Protection subscription required for advanced security features (IPS, web filtering, sandboxing, TLS inspection)
• SFP transceivers (mini-GBICs) for fiber ports sold separately — verify Sophos compatibility list
• Rack rails recommended (rather than included rack ears) for stable data centre deployment
• External redundant PSU sold separately — connector provided on rear panel
• Requires SFOS 18.5 MR1 or later for Sophos Central SD-WAN Orchestration
• PoE functionality requires compatible Flexi Port PoE module (sold separately)