Follow us :
Xen Bilişim
TR
Get a Quote
Next-Generation Firewall (NGFW) · Firewall

Sophos XGS 128 Firewall (2nd Gen)

Last reviewed:

Sophos XGS 128 is the upper segment of the 2nd Gen XGS SMB lineup. Designed for 100–150 user high-performance SMBs and mid-market. 19.1 Gbps firewall, 4.65 Gbps IPS, 1.45 Gbps TLS 1.3 inspection. 9x 2.5 GbE + 1x SFP + Gen.2 5G module slot. Sophos Central management, Synchronized Security, ZTNA, Cloud Sandbox and SD-WAN natively integrated.

19.1 Gbps Firewall + 4.65 Gbps IPS

Throughput for high-bandwidth growing SMBs.

TLS Inspection 1.45 Gbps

Performance + security balance; full HTTPS inspection.

SD-WAN Native + 5G

Multi-WAN load balancing + 5G primary/backup; application-based path.

Synchronized Security

Coordinated response with Intercept X + MDR + Email Protection.

Who is XGS 128 for?

Optimal for 100–150 user single-location HQs or HQ + 5–10 branches. High concurrent sessions, 1+ Gbps bandwidth, fibre+5G multi-link scenarios.

  • 100–150 active users
  • HQ + multiple branches
  • 1+ Gbps internet bandwidth
  • PCI DSS / ISO 27001 / KVKK strict compliance

High Availability + Multi-WAN

In production-critical environments two XGS 128 in Active-Passive HA cluster. SD-WAN load balancing + automatic failover across uplinks.

Licensing

License model

Hardware + Annual Subscription (Xstream Protection)

Commitment options
  • 1 year
  • 3 years (recommended)
  • 5 years

2nd Gen hardware. Redundant PSU optional. Premium Support + 24h RMA included.

Who is this for?

100–150 user mid-SMBProduction/logistics HQFinancial servicesMulti-site enterprise

Frequently Asked Questions

XGS 128 vs XGS 138?

XGS 128: 9x 2.5 GbE + SFP — fibre+copper mix. XGS 138: 4x GE + 2x 10 GbE SFP+ — fibre backbone for distributed edge.

Old XGS 126 vs XGS 128?

2nd Gen hardware: 2.5 GbE ports standard (was 1 GbE), 5G module support, higher IPS, redundant PSU.

HA licensing?

Sophos HA-friendly pricing: second device ~50% discount.

5G module operation?

Gen.2 5G module + carrier SIM. Backup or primary path; SD-WAN policy manages routing.

TLS 1.3 inspection KVKK?

Recognised as appropriate technical measure. Sensitive categories can be policy-exempted.

Xen Bilişim Deployment Process

  1. 1. Discovery & sizing: Current environment, user count, OS/cloud distribution and compliance requirements analysed; correct SKU and licence count proposed.
  2. 2. Pilot deployment: A 10-25 device subset goes live; integration with existing security stack tested; alerting + reporting configured.
  3. 3. Full rollout: Phased rollout across all endpoints; policy templates applied; user training and IT runbook delivered.
  4. 4. Optimisation & follow-up: 90-day post-launch tuning: false-positive triage, policy hardening, KPI review and quarterly health-checks.

Typical end-to-end timeline: 2-4 weeks (varies by user count and integration scope).

Get a tailored quote for Sophos XGS 128 Firewall (2nd Gen)

Get a Quote 0850 259 5949