We Optimized Your Assets

Network Protection

Sophos Network Protection includes many fully integrated features: an intrusion prevention system, denial-of-service protection, a VPN gateway, an HTML5 VPN portal, advanced routing and more. We help protect your network by keeping bad traffic out and enabling secure access to authorized users.

Intrusion Prevention
Our Intrusion Prevention System identifies and stops threats that are hiding in incoming traffic. It analyzes approved traffic to protect your network from outside assaults.

Our Intrusion Prevention System protects your network against new and existing threats. Using deep-packet inspection the IPS identifies and removes packets that contain malicious content before they enter your network. Our signature database is updated every few minutes, ensuring protection against even new threats that do not yet have a patch available but do have a pattern. Our IPS can also prevent an infected machine from threatening others in IT environments that do not run their own servers.

We can help stop intruders and protect against even the most sophisticated threats with fast and reliable pattern scanning technologies:

  • Identifies and blocks application and protocol related probes and attacks through deep-packet inspection
  • Flood protection: DoS, DDoS and portscan blocking
  • Database of over 8,000 patterns and rules including:
  • Probing, port scans, interrogations, host sweeps
  • Attacks on application vulnerabilities
  • Protocol exploitations
  • Intrusion detection and prevention
  • Notify administrator and/or block traffic immediately
  • Powerful management interface
  • One click to enable or disable complete rule sets e.g. for email or web servers

Branch Office VPN
Our Branch Office VPN lets employees at different locations send and receive information through the Internet via a secure connection. And it’s so easy to use, you can link sites without any experience with VPNs.

Our Intrusion Prevention System protects your network against new and existing threats. Using deep-packet inspection the IPS identifies and removes packets that contain malicious content before they enter your network. Our signature database is updated every few minutes, ensuring protection against even new threats that do not yet have a patch available but do have a pattern. Our IPS can also prevent an infected machine from threatening others in IT environments that do not run their own servers.

We can help stop intruders and protect against even the most sophisticated threats with fast and reliable pattern scanning technologies:

  • Identifies and blocks application and protocol related probes and attacks through deep-packet inspection
  • Flood protection: DoS, DDoS and portscan blocking
  • Database of over 8,000 patterns and rules including:
  • Probing, port scans, interrogations, host sweeps
  • Attacks on application vulnerabilities
  • Protocol exploitations
  • Intrusion detection and prevention
  • Notify administrator and/or block traffic immediately
  • Powerful management interface
  • One click to enable or disable complete rule sets e.g. for email or web servers

Branch Office VPN
Our Branch Office VPN lets employees at different locations send and receive information through the Internet via a secure connection. And it’s so easy to use, you can link sites without any experience with VPNs.

We give you trouble-free, stable connectivity between remote sites and headquarters with flexible administration. Connect everything with public or private IP addresses using multiple Internet connections. Fully share computers in both networks or limit the traffic that can travel over the tunnels. Build VPN tunnels across dozens or hundreds of devices from a central console with Sophos RED, without the need for technical skill at the remote sites. Plus, our VPN supports host names for tunnels with a built-in Dynamic DNS client.

Support for a broad range of standardized tunneling protocols and technologies enable secure connections between multiple offices via the Internet:

We give you trouble-free, stable connectivity between remote sites and headquarters with flexible administration. Connect everything with public or private IP addresses using multiple Internet connections. Fully share computers in both networks or limit the traffic that can travel over the tunnels. Build VPN tunnels across dozens or hundreds of devices from a central console with Sophos RED, without the need for technical skill at the remote sites. Plus, our VPN supports host names for tunnels with a built-in Dynamic DNS client.

Support for a broad range of standardized tunneling protocols and technologies enable secure connections between multiple offices via the Internet:

  • Supports IPsec and SSL protocols
  • IPSec offers high interoperability with other devices
  • SSL allows for easy setup between two Sophos UTM appliances
  • Star, hub-and-spoke, and fully meshed configurations
  • Nat-Traversal for establishing tunnels between NAT devices
  • Supports all major encryption and many authentication methods
  • DES, 3DES, AES, Serpent, Blowfish, Twofish
  • MD5, SHA-1
  • XAUTH allows for integration of One-Time-Password systems
  • Full Public Key Infrastructure (PKI) support

Remote Access VPN
For workers in the field requiring easy but secure remote access to their company network, Sophos supports a broad set of industry-standard VPN technologies including IPSec, SSL, Cisco VPN, iOS and native Windows VPN clients.

Sophos IPsec Client: A powerful and feature rich client for IPsec based remote access from Windows XP, Windows Vista or Windows 7 based PCs (32 and 64 bit support).

Sophos IPsec Client provides the following features:

  • Authentication via pre-shared key (PSK), PKI (X.509), smartcards, tokens, XAUTH
  • Encryption: AES (128/192/256), DES, 3DES (112/168), Blowfish (128/448), RSA (up to 2048 Bit), DH groups 1/2/5/14, MD5, SHA-256/384/512
  • Intelligent split-tunneling for optimum traffic routing
  • NAT-Traversal support
  • Multilingual (English, German, French)
  • Works with any Sophos UTM appliance running a UTM Network Protection subscription

System requirements

  • 128 MB RAM
  • Hard Drive
  • Windows XP, Vista, 7

Sophos SSL Client: Easy-to-use client for transparent SSL access to all company applications (no “Webifier” required). Installs on Windows, Linux, MacOS and UNIX operating systems.

Sophos SSL Client provides the following features:

  • Proven SSL- (TLS) based security
  • Minimal system requirements
  • Supports MD5, SHA, DES, 3DES and AES
  • Works through all firewalls, regardless of proxies and NAT
  • Independent from browser
  • Offers transparent access to all resources and applications within the corporate network
  • Once installed, runs without requiring administrative rights
  • Available for free with any Sophos UTM appliance running a UTM Network Protection subscription

System requirements

  • 128 MB RAM
  • Hard Drive

HTML5 VPN Portal
Give controlled network access to third parties and IT staff who are outside of the office. Our HTML5 VPN Portal allows access from anywhere.

Giving remote access to your corporate resources has never been easier. Our HTML5 VPN Portal is the only solution of its kind with no need for ActiveX, Java or a client to install. Because it’s pure HTML5 technology it works on all platforms, from Windows and Macs to iOS and Android. And it’s easy to set up. Automatic login stores resource credentials on the device. There’s no need to give it out to third-party users.

The Sophos HTML5 VPN Portal includes the following features and capabilities:

  • Pure HTML5 based KVM (Keyboard Video Mouse) Client in Portal
  • Only uses HTML5 canvas, web sockets and JavaScript
  • No plugin or client to install
  • No files are stored on devices, keeping data secure
  • Access your network resources with:
  • VNC, RDP, Citrix, SSH, Telnet, WebUI and WebApps
  • Auto-Login makes old single-password devices multiuser capable

Advanced Routing
Advanced routing capabilities in Sophos Network Protection provide optimal path selection, load balancing and stability.

Sophos Network Protection offers different routing functions.

Static routing enables the manual entry of routers in the WebAdmin.

In policy routing, paths are independently defined by the source, target address and data type. This allows VoIP data to find the least low-lag path or unimportant information to find the cheapest connection route possible.

Dynamic OSPF routing enables the automated recognition of current network topologies and the selection of the most optimal route. Changes to the topology are automatically recognized.

Multicast routing allows for the distribution of single packets to many recipients, making (for example) the assignment of media streams more efficient.

Server Load balancing
Incoming data traffic can be dynamically divided over many servers in a cluster. The failure of a server in the list will be immediately recognized through a customizable availability test. Session persistence guarantees that clients are always connected with the same server.

WAN Link balancing
WAN Link Balancing enables the simple and simultaneous use of up to 32 Internet connections. You can easily balance your traffic across any mix of 3G/UMTS/Ethernet Ports. If your connections have different capacities you can also set different weights for each line to distribute the load accordingly.

Custom quality-of-service options
Sophos QoS can guarantee bandwidth availability for certain types of outgoing network traffic. Applications like P2P, Surfing, ERP or VoIP can be simply defined through a data selector and certain bandwidth pools with priorities can be allocated.

Sophos Network Protection offers the following routing functions:

  • Static/policy
  • Based on source/destination interface, network or service
  • Dynamic
  • OSPFv2 inclusive of MD5 and password authentication
  • BGP-4
  • Multicast
  • PIM-SM