Skip to content

HomeFirewalls / Sophos / Sophos XGS Rackmount Series

Sophos XGS 2100 / 2300

Choose from the available models below. By default the first in stock option is shown.




If you can't find the item you are after in stock, please chat to us.  Supply chain issues mean these are often ordered directly from Sophos for each customer with a lead time of around 14 days.

Chat 7am to 10pm - 7 days a week

We love what we do!

Shipping Costs From

Standard - $15 or Express - $20

Want The Best Prices?

Request a quote

Hardware Firewall with 1-GbE-SFP for medium-sized and distributed enterprise.


Powerful Protection & Performance
Sophos Firewall and the XGS Series appliances with dedicated Xstream Flow Processors enable the ultimate in application acceleration, high-performance TLS inspection, and powerful threat protection. The Sophos Firewall Xstream architecture is engineered to deliver extreme levels of visibility, protection, and performance to help address some of the greatest challenges facing network administrators today.


TLS 1.3 Inspection
According to the latest statistics, approximately 90% of web traffic is encrypted, making it invisible to most firewalls. An increasing amount of malware and potentially unwanted apps exploit the fact that organizations are simply not using SSL inspection. Network administrators' main fears are that SSL inspection will have a performance impact or cause something to break, impacting the user experience.

Sophos Firewall removes the blind spots caused by encrypted traffic by allowing you to use SSL inspection while maintaining performance efficiency.


Application Acceleration
A significant portion of your network traffic is important business application traffic destined for branch offices, remote users, or cloud application servers. This trusted traffic, which needs no additional security scanning for threats or malware, can be intelligently directed to the FastPath, reducing latency, and optimizing overall performance. This provides added capacity and headroom for traffic that does need deep packet inspection.

Sophos Firewall accelerates your SaaS, SD-WAN, and cloud traffic such as VoIP, video, and other trusted applications automatically or via your own policies - putting them on the FastPath through the new Xstream Flow Processors.


Deep Packet Inspection
We believe you should never have to decide between security and performance. Sophos Firewall includes a highspeed deep packet inspection (DPI) engine to scan your traffic for threats without a proxy slowing down the process.

The firewall stack can completely offload the processing to the DPI engine, significantly reducing latency and so improving overall efficiency. Sophos Firewall blocks the latest ransomware and breaches with high-performance streaming DPI including next-gen IPS, web protection, and app control, as well as deep learning and sandboxing powered by SophosLabs Intelix.



For networks in the range of 50-250 users/devices
9x 1-GbE-RJ45, 2x 1-GbE-SFP
30.0 Gbps (XGS 2100) or 35.0 Gbps (XGS 2300) Firewall Throughput
1.3 Gbps (XGS 2100) or 1.4 Gbps (XGS 2300) Threat Protection Throughput
120 GB Storage


The purchase price of your Sophos XGS 2100 / 2300 Firewall includes a perpetual base license. This includes basic firewall features such as IPSec VPN, SSL VPN, full wireless protection and cloud-based management and reporting with Sophos Central. Add individual protection modules and support depending on your requirements, or choose one of Sophos's license value bundles "Standard Protection Bundle" or "Xstream Protection Bundle".

  • What's in the Box
  • Datasheets and Guides

Click HERE to access the Datasheet

Click HERE to access the Installation Guide

subscriptions & accessories

Sophos Parts & Accessories

  • Which Model?
  • Which Subscription?
  • More protection?
  • Thinking  Wireless?

The Sophos Rackmount Series is currently made up of 8 models.  These are ideal for midsize and enterprise organizations looking for a rackmount form factor, strong throughput and enterprise-grade security.  The table below highlights the main features of each model.


Power over Ethernet

XGS 2100 / 2300 / 3100 / 3300 (1 x Optional Module - 4 x 1 GbE Max 60W Per Port)

XGS 4300 / 4500 (2 x Optional Module - 4 x 1 GbE Max 60W Per Port)


XGS 2100 / 2300 (128 GB SSD), XGS 3100 / 3300 (240 GB SSD)

XGS 4300 (240 GB SSD), XGS 4500 (2 x 240 GB SSD - Software RAID 1)

XGS 5500 / 6500 (2 x 480 GB SSD - Hardware RAID 1 Built In To CPU)

Redundant Power Supply

XGS 2100 / 2300 / 3100 / 3300 / 4300 (Optional External Redundant PSU)

XGS 4500 (Optional Internal Redundant PSU)
XGS 5500 / 6500 (2 x Internal Redundant PSU As Standard)


Firewall Inspection

XGS 2100 (3 Gbps), XGS 2300 (3.5 Gbps), XGS 3100 (3.8 Gbps), XGS 3300 (40 Gbps)

XGS 4300 (75 Gbps), XGS 4500 (80 Gbps), XGS 5500 (100 Gbps), XGS 6500 (115 Gbps)

Threat Prevention

XGS 2100 (1.25 Gbps), XGS 2300 (1.4 Gbps), XGS 3100 (2 Gbps), XGS 3300 (2.7 Gbps)

XGS 4300 (4.8 Gbps), XGS 4500 (8.39 Gbps), XGS 5500 (12.39 Gbps), XGS 6500 (17.05 Gbps)

Firewall IMIX

XGS 2100 (15.9 Gbps), XGS 2300 (20 Gbps), XGS 3100 (22 Gbps), XGS 3300 (24.5 Gbps)

XGS 4300 (33 Gbps), XGS 4500 (37 Gbps), XGS 5500 (52 Gbps), XGS 6500 (60 Gbps)

Intrusion Prevention

XGS 2100 (5.8 Gbps), XGS 2300 (7 Gbps), XGS 3100 (9.82 Gbps), XGS 3300 (13.44 Gbps)

XGS 4300 (25 Gbps), XGS 4500 (35.69 Gbps), XGS 5500 (40 Gbps), XGS 6500 (48 Gbps)


XGS 2100 (5.2 Gbps), XGS 2300 (6.3 Gbps), XGS 3100 (9 Gbps), XGS 3300 (12.5 Gbps)

XGS 4300 (23 Gbps), XGS 4500 (30 Gbps), XGS 5500 (38 Gbps), XGS 6500 (46.5 Gbps)

SSL / TLS Inspection

XGS 2100 (1.1 Gbps), XGS 2300 (1.45 Gbps), XGS 3100 (2.47 Gbps), XGS 3300 (3.13 Gbps)

XGS 4300 (8 Gbps), XGS 4500 (10.6 Gbps), XGS 5500 (13.5 Gbps), XGS 6500 (16 Gbps)

IPSec VPN Throughput

XGS 2100 (12 Gbps), XGS 2300 (15 Gbps), XGS 3100 (17 Gbps), XGS 3300 (21 Gbps)

XGS 4300 (51 Gbps), XGS 4500 (62 Gbps), XGS 5500 (78 Gbps), XGS 6500 (97 Gbps)



XGS 2100 / 2300 (8x 1GbE + 2 x SFP), XGS 3100 / 3300 (8 x 1GbE, 2 x SFP, 2 x SFP+)
XGS 4300 / 4500 (4 x 1GbE, 4 x 2.5GbE, 4 x SFP+)

XGS 5500 (8x 1GbE + 8 x SFP+), XGS 6500 (8 x 1GbE + 12 x SFP+)

Bypass Port Pairs

XGS 2100 / 2300 / 3100 / 3300 (1)
XGS 4300 / 4500 / 5500 / 6500 (2)

Flex Port Module Slots

XGS 2100 / 2300 / 3100 / 3300 (1)
XGS 4300 / 4500 (2) XGS 5500 / 6500 (2 + 1 High Density Module)

Optional Add-On Connectivity

All Models - SFP DSL Module VDSL2

Optional Flexi Port Modules
XGS 2100 - 4500

8 port GbE copper, 8 port GbE SFP fiber, 4 port 10GE SFP+ fiber, 4 port GbE copper bypass (2 pairs), 4 port GbE copper PoE +, 4 port GbE copper, 4 port 2.5 GbE copper PoE, 2 port GbE Fiber (LC) bypass + 4 port GbE SFP Fiber

Optional Flexi Port Modules
XGS 5500 - 6500

8 port GbE copper, 8 port GbE SFP fiber, 4 port 10 GbE SFP+ fiber, 4 port GbE copper bypass (2 pairs), 2 port 40 GbE QSFP+ fiber, 8 port 10 GbE SFP+ fiber, 2 port GbE Fiber (LC) bypass + 4 port GbE SFP Fiber, 2 port 10 GbE Fiber (LC) bypass + 4 port 10 GbE SFP+ Fiber, High-density module (NIC): 12 port GE copper + 4 port 2.5 GE copper

Max Total Port Density (inc use of modules)

XGS 2100 / 2300 (18), XGS 3100 / 3300 (20), XGS 4300 / 4500 (28)
XGS 5500 (48), XGS 6500 (68)

VPN Tunnels & Licenses

SSL VPN Concurrent Tunnels

XGS 2100 / 2300 (2500),  XGS 3100 / 3300 (5000),  XGS 4300 (7500)

XGS 4500 (10000), XGS 5500 / 6500 (15000)

Our Serving suggestion

Internet Speed

< 1000 Mbps
XGS 2100 / 2300

<  1500 Mbps
XGS 3100 / 3300

< 5000 Mbps
XGS 4300 / 4500

Muliti Gbps
XGS 5500 / 6500

Number of Users

< 100

< 200

< 1000


Paul's Quick Tip

So here's my quick tip for selecting a Sophos Rackmount Series firewall to meet your needs.  Having sold and managed literally thousands of firewalls across the world since I started in 1999, I have noticed one thing - Our browsing and data consuming habits effect a firewall's throughput.  All the tests above were performed in labs and under controlled conditions.  

I would always recommend taking the slowest speed published - in this instance something like the Threat Protection value and then dividing it by three.   This will give you, from our experience, the worst speed you will get under the heaviest load conditions, with full protection turned on.   Make sure this speed is faster than your internet connection and you will be good to go.

Example using a Sophos XGS 2100

Threat Protection speed is 1250 Mbps, divide this by 3 which gives you 416 Mbps.  This is the slowest we believe this firewall will run under the heaviest of loads.  Obviously if you want to turn some of the security services off, then you will make it run faster.

The Tech Geeks - Paul Sillars

Gio's Advice

Your firewall is nothing without a live and updating subscription.  Viruses, Malware and network threats, change almost hourly.  Purchasing a security subscription means that your firewall will always be receiving the latest threat signatures, virus protection updates and filter block lists.

The best bit is that an active security subscription also gives you free firmware updates, technical support from Sophos and hardware warranty for the duration of the subscription.

Never view a security subscription like the warranty for a car.   It is not there just in case something goes wrong, it is actually needed to make sure nothing goes wrong.  You are only truly being protected if your firewall is auto updating and has an active subscription.

Base License

Every Sophos XG/XGS firewall comes with a base license as standard.  This gives you the basic features to get going, but no ongoing updates or support.

standard protection

The Standard Protection Bundle provides all

essential security services needed to protect against known, as well as firmware updates, hardware warranty and 24x7 support

Xstream protection

The Xstream Protection Bundle builds on the features available in Standard, but adds in protection against unknown threat, often called Zero-Day, along with advanced SD-WAN capabilities and an extended reporting period.




24x7 Enhanced Support

24/7 support, advanced replacement hardware warranty for the term of the subscription.

Fimware Updates

Keep your Sophos patched and up to date with regular firmware updates.

Xstream SD-WAN and Networking

Includes all networking, routing, and SD-WAN capabilities including zone-based stateful firewall, NAT, VLAN, SDWAN profiles, performance-based WAN link selection and monitoring, zero-impact WAN link transitions, and Xstream FastPath acceleration of SD-WAN VPN traffic.

Secure Wireless

Built-in wireless controller for Sophos APX wireless access points. Plug-and-play access point discovery makes setup easy. Support for multiple SSIDs, hotspots, guest networks, and the diverse encryption and security standards.


Provides standards-based site-to-site and remote access VPN (free up to the capacity of the firewall) with support for IPsec and SSL. Sophos Connect remote access VPN client for Windows and Macs offers seamless and easy deployment and configuration options.


Extensive on-box reporting provides valuable insights into threats, users, applications, web activity, and much more. Note that specific reporting functionality may be dependent on other protection modules to get the full benefits (for example, Web Protection or web and app reports).  Please note the XGS 87 / 87 Wireless does not have enough onboard storage to provide on-box reporting.

Intrusion Prevention Service

Provides advanced protection from all types of modern attacks. It goes beyond traditional server and network resources to protect users and apps on the network as well.

Security Heart Beat

Creates a link between your Sophos Central protected endpoints and your firewall to identify threats faster, simplify investigation, and minimize impact from attacks. Easily incorporate Heartbeat status into firewall policies to automatically isolate compromised systems.

Advanced Threat Protection

Instant identification and immediate response to today’s most sophisticated attacks. Multi-layered protection identifies threats instantly and Security Heartbeat provides an emergency response.

Advanced VPN Technologies

Adds unique and simple VPN technologies, including our clientless HTML5 self-service portal that makes remote access incredibly simple or utilize our exclusive light-weight secure SD-RED (Remote Ethernet Device) VPN technology.

Application Control and QoS

Enables user-aware visibility and control over thousands of applications with granular policy and traffic-shaping (QoS) options based on application category, risk, and other characteristics. Synchronized Application Control automatically identifies all the unknown, evasive, and custom applications on your network.

Advanced Web Threat Protection

Backed by SophosLabs, our advanced engine provides the ultimate protection from today’s polymorphic and obfuscated web threats. Innovative techniques like JavaScript emulation, behavioral analysis, and origin reputation help keep your network safe.

High-performance traffic scanning

Optimized for top performance, our Xstream SSL inspection provides ultra-low latency inspection and HTTPS scanning while maintaining performance

Zero-Day Protection

Powered by the industry-leading SophosLabs, the Zero-Day Protection subscription includes a fully cloud-based threat intelligence and threat analysis platform. This provides deep learning-based file analysis, detailed analysis reporting, and a threat meter to show the risk summary for a file. We use layers of analytics to identify known and potential threats, reduce unknowns, and derive verdicts and intelligence reports for the most commonly used file types.

Sophos Central SD-WAN Orchestration

Makes VPN orchestration easy. Wizard-based tunnel configuration helps create full mesh networks, hub-and spoke models, or complex tunnel setups between multiple firewalls a quick point-and-click exercise. Seamlessly integrates multiple WAN link and SD-WAN functionality and routing optimizations to improve resilience and performance and also integrates with user authentication and Synchronized Security Heartbeat to control access.

Central Firewall Reporting Advanced (30-day)

Cloud-based reporting with several pre-packaged common reports for threats, compliance, and user activity. Includes advanced options for creating custom reports and views with the option to save, schedule or export your custom reports. Includes 30 days of log data retention with the option to add additional storage for additional historical reporting needs.


Sophos MTR provides optional 24/7 threat hunting, detection and response delivered by an expert team as a fully-managed service. Sophos XDR offers extended detection and response managed by your own team. Regardless of whether you manage it yourself, or Sophos manages it for you, your Sophos Firewall is ready to share the necessary threat intelligence and data to the cloud.

Email Protection

Consolidate your email protection with anti-spam, DLP, and encryption. We recommend Sophos Central Email Advanced for the best cloud-based email protection solution. If you require on-box email protection, this module offers essential anti-spam, DLP and encryption.

Optional Add-On

Optional Add-On

Web Server Protection

Harden your web servers and business applications against hacking attempts while providing secure access.

Optional Add-On

Optional Add-On

SOPHOS XGS rackmount Series - further information

The Sophos XGS Series Quick Intro

The XGS Series delivers Xstream performance at every price point to power the protection you need for today’s diverse, distributed, and encrypted networks.

Powered by Xstream

Accelerate and offload your important SaaS, SD-WAN, and cloud traffic at the hardware level, while adding performance headroom for TLS and deep packet inspection with integrated Xstream Flow Processors.

High-Speed Connectivity

Customize your firewall’s already versatile connectivity options with an extensive range of add-on modules for high-speed copper, fiber, Power over Ethernet (PoE), and Wi-Fi.

Sophos Central Cloud Management

Sophos Central - The ultimate cybersecurity cloud management platform. Free and easy.

One Console to Manage It All

Sophos Central provides a single cloud management console for all your Sophos products and includes group firewall management at no extra charge.

Reporting in the Cloud

Sophos Central maintains your firewall log data in the cloud with flexible reporting tools that enable you to analyze and visualize your network over time.

Sophos Synchronised Security

Synchronize Your Protection

Sophos Firewall integrates tightly with the rest of the Sophos ecosystem, including ZTNA and Intercept X Endpoint, to enable MTR, XDR, and Synchronized Security with incredible visibility, protection, and response benefits, whether you manage it yourself or let Sophos manage it for you.

Extend Your Network

Sophos Firewall enables you to extend your network anywhere, anyhow, easily and affordably, with a full portfolio of SD-WAN, cloud, and VPN secure access solutions that will integrate your distributed network together.

SOPHOS XGS DESKTOP Series - Out the box

The Sophos XGS 2300

The quick video will show you what you get in the box, when you purchase a Sophos XGS 2300.

Do make sure you purchase it with a subscription for full protection and you may like to consider adding wireless or even endpoint protection to the bundle to further enhance your network security.

Sophos XGS Optional External Redundant PSU

The quick video will show you what you get in the box, when you purchase the external redundant PSU for the XGS 2100 / 2300 / 3100 / 3300 / 4300.

information hub

What happens if I don't renew my Sophos Subscription?

For the best protection a firewall will always need an active and configured security subscription.   If this has lapsed or your are thinking about not renewing it, then the following will happen.

1 - You will loose the option to get free support from the Manufacturer

2 - You will loose all hardware warranty and if your physical unit fails, you will no longer be able to get a free replacement

3 - Any firewall polices that use subscription services will need to be updated to remove them, otherwise they will often switch in to blocking mode.

4 - Your firewall will return to the base license subscription

Is support included in the subscription?

Support is included as standard in the 2 main subscription offerings - Standard Protection and Xstream Protection.   This support includes telephone and email support direct with Sophos, Firmware Updates and Hardware Warranty.

Is hardware warranty included?

If you have a current Standard Protection or Xstream Protection, then hardware replacement is included for the length of time you keep that subscription current.  Please do note that in the case of hardware failure, Sophosl will ship you a replacement from outside of Australia.   You may like to consider additional next business day hardware warranty services to supplement this, to get you back and running as quickly as possible.

What options do I have to get additional support if I get stuck?

We know that sometimes we just need that extra little bit of help and support.   The Tech Geeks have a team that are qualified to assist you and get your back on track as quickly as possible.   We offer rates from $150 + GST per hour and would be happy to quote for any work that you need help with.

Real world performance tests

The below tests have been conducted on a dedicated 1:1 uncontended 1Gb/s fibre connection