Category Archives: Sophos

Sophos SG 230 Review



Our networks are critical to the smooth operation of our business and they can sometimes the weakest link in the chain, with more points of failure and at times extremely complex. We always need to make sure we put in a solid and reliable device at the perimeter of our networks.


I deal with a lot of large environments of anywhere from 800 to 5000 device networks that have a high demands on the perimeter security and the expectation that this security is always on and always working. They require Firewall’s in High Availability pairs and in a number of cases high end devices that have a level of redundancy build in. However a lot of of clients are also well served by the smaller devices such as the Sophos SG230.


In my experience the Sophos SG230 is a great UTM device that have deployed to provide unified threat management for clients across Australia. It provides a high level of defence against malware and works with well with their endpoint protection.


The UTM 230 provides protection against most malware attacks by default and streamlined configuration, The UTM’s are constantly updated from the Sophos database of virus threats providing quick response and updates. For a business running a mail server within its network (this is something quickly declining in popularity with the growth of office 365) the UTM 230 can provide a Simple Message Transfer Protocol relay which screens the content of messages for spam or malware before it hits the internal mail servers.


Crypto Locker, Spear Phishing scams and other threats have shown people that the internet (web browsing) is easily the most common pathway for botnets and other viruses and malware to infect users’ PCs. The UTM 230 can screen internet traffic, scanning for, and blocking both web-based malware attacks and visits to potentially malicious websites. It does this as well as enforcing web use policies by blocking inappropriate sites.


The Sophos UTM 230 helps build a range of defences for you, it’s not just a firewall and shouldn’t be restricted to just doing firewall tasks. It can be integrated with Sophos software agents that run on your clients to provide a range of defences against viruses attacks. It also provides intrusion prevention technologies to block attacks from outside the network or more importantly for school from a segment of the network to another, such as student to admin or staff.


Licencing is probably one of the most annoying and more configurable things, It provides the ability for a client to pick and choose the levels and types of protection, however it also means a recurring cost for operation.

This means that some of the features of the UTM 230 require additional Sophos hardware to work. For example, the UTM’s features can be extended to wireless network protection, enforcing a set of passwords and security settings across the schools network and watching for malicious traffic passing across the access points. Again this feature requires Sophos Access Points to work.



The Sophos SG 210 and SG 230 are designed to protect small to mid-sized businesses and branch offices. Based on the latest Intel technology and equipped with 6 GbE copper ports plus one FleXi Port slot to configure with an optional module, they provide high flexibility and throughput at an excellent price-to-performance ratio. As with all models, you can dynamically cluster up to 10 of these appliances.


SG Series Appliances: SG 210, SG 230      
Front View Performance SG 210 SG 230
Firewall throughput 11 Gbps 13 Gbps
  VPN throughput 1 Gbps 2 Gbps
  IPS throughput 2 Gbps 3 Gbps
  Antivirus throughput (proxy) 500 Mbps 800 Mbps
  Concurrent connections 2,000,000 2,500,000
  New connections/sec 20,000 22,000
  Maximum licensed users unrestricted unrestricted
Back View Physical interfaces    
Hard drive (local quarantine/logs) integrated HDD integrated SSD
  Ethernet interfaces (fixed) 6 GE copper 6 GE copper
  No. of FleXi Port slots 1 1
  FleXi Port modules (optional) 8 port GE copper

8 port GE SFP

2 port 10 GE SFP+

8 port GE copper

8 port GE SFP

2 port 10 GE SFP+

  I/O ports 2 x USB 3.0 (front)

1 x USB 2.0 (rear)

1 x COM (RJ45)


1 x VGA (rear)

2 x USB 3.0 (front)

1 x USB 2.0 (rear)

1 x COM (RJ45)


1 x VGA (rear)

  Display Multi-function

LCD module


LCD module

  Power supply Internal autoranging


48-62 Hz

Internal autoranging


48-62 Hz


Physical specifications   Environment  
Mounting 1U rack mount

(2 rackmount ears included)

Power consumption 52W, 180 BTU/hr, 0.61A@110V

(idle), 78W, 266 BTU/hr,

0.87A@110V (full load)


Width x Depth x Height

438 x 292 x 44mm

17.24 x 11.5 x 1.75 inches

Operating temperature 0-40°C (operating)

-20 to +80°C (storage)

Weight 5.1 Kg / 11.24 lbs (unpacked)

7.05 Kg / 15.54 lbs (packed)

Humidity 10%-90%, non-condensing
Safety Certifications      
Certifications CE, FCC Class A, CB, VCCI, C-Tick, UL    


Security Applications:

Our Linux-based OS includes a free Essential Network Firewall. It provides fundamental security like firewalling, networking tools, routing and secure remote access. And our modular approach lets you add layers of protection as your needs evolve.


UTM Network Protection stops sophisticated attacks that a firewall alone can’t stop.

Configurable intrusion protection system and flood protection against denial of service attacks

Sophos RED, IPsec and SSL tunnels provide flexible site-to-site and remote-access VPN connections


UTM Email Protection stops spam and viruses and keeps sensitive data safe.

Let users manage their spam quarantine and search a personalized mail log

Keep infected emails out of your mailbox and protect confidential emails against illegitimate access.


UTM Web Protection lets you protect your employees from web threats and control their time online.

Limit use of unwanted applications while giving priority to business critical resources

Create dynamic reports on the fly to check if your policy is working and make adjustments


UTM Webserver Protection hardens web servers and apps ensuring compliance with a web application firewall.

Protect personally identifiable information like credit card and social security numbers

Inspects information submitted via forms on your websites to prevent server exploits


UTM Wireless Protection gives you secure Wi-Fi in minutes.

Centrally manage access points through the UTM’s built-in wireless controller

Easily set up wireless hotspots and grant guest access with a simple voucher-based system


UTM Endpoint Protection provides desktops, laptops, and servers with antivirus, device and web control.

Scans files, webpages and devices blocking or cleaning threats

Device control reduces the risk of data loss and malware by managing removable devices

Built-in URL filtering ensures users get the same level of web protection outside of the office as they do inside


Add modules when you need them



I was lucky enough to be able to secure one of these devices for a unboxing and demo, I wanted to share some of the photos of the unboxing to give you an idea of what you get out of the box.


Unboxing I’ve cleaned up the desk and gotten ready to unbox and setup.


Box is well padded and study, easy to open and there is a easily accessible box of cables, quick guide and rack mounting parts sitting on top and nicely embedded into the packaging



All unpacked and presented, Comes with a power cable, network able, quick start guide as well as the rack mounting and sticky feet things if it will be sitting on a bench or rack shelf.



Front down view, showing the full front panel.



Modular slot – this is where you can install the optional FleXi Port modules increase your copper or fibre ports.


Blank Panel removed to show where the FleXi Port gets inserted.


We can see here the built in 6 x 1 GB copper ports, COM port, Dual USB ports, Reset button as well as the power and activity lights.


The display panel is quite useful with the simple button controls, this is where you can set the IP address for your initial config if you need to.



Finally these last 2 photo’s show the SG230 sitting ontop of a SG650 as a size comparision both in hight and depth.


You can clearly see that the SG 550 is double the height and almost twice as deep, you would need to keep this in mind for your rack space.



From this point, I would strong recommend that anyone who wants to delve deeper into the Sophos firewall platforms goes to the Sophos site and downloads their own free home version to run up and have a play with!



I would note that there is a new generation of the UTM called the Sophos XG series, this is has been avaiable for awhile now and is also worth looking at.




Thanks for reading, if you have any questions please feel free to reach out to me.