XG 106 EnterpriseGuard 12 Month Renewal with Enhanced Support


XG 106 EnterpriseGuard with Enhanced Support – 12 MOS – RENEWAL

SKU: NG1Z1CTEA Category:


XG 106 EnterpriseGuard 12 Month Renewal with Enhanced Support from CharTec

Buy this XG 106 EnterpriseGuard 12 Month Renewal with Enhanced Support. Sophos is a very reliable brand. Buy your Sophos XG 106 EnterpriseGuard 12 Month Renewal from CharTec, today!


Every XG firewall feature subscription comes with general management, networking and routing, base traffic shaping and quotas, secure wireless, authentication, self-serve user portal, base VPN options, Sophos Connect IPSec Client, and logging and reporting. When subscribing to EnterpriseGuard, you will also benefit from many more features. Subscribe to EnterpriseGuard to benefit from features like network protection and web protection. Each protection provides its own logging and reporting.

Base Firewall, General Management

  • Purpose-built, streamlined user interface and firewall rule management for large rule sets with grouping with at-a-glance rule feature and enforcement indicators
  • Two-factor authentication (One-time-password) support for administrator access, user portal, IPSec and SSL VPN
  • Advanced troubleshooting tools in GUI (e.g., Packet Capture)
  • High Availability (HA) support clustering two devices in active-active or active-passive mode
  • Full command line interface (CLI) accessible from GUI
  • Role-based administration
  • Automated firmware update notification with easy automated update process and roll-back features
  • Reusable system object definitions for networks, services, hosts, time periods, users and groups, clients, and servers
  • Jumbo frame support
  • Self-service user portal
  • Configuration change tracking
  • Flexible device access control for services by zones
  • Email or SNMP trap notification options
  • SNMP v3 and Netflow support
  • Central management support via Sophos Central
  • Backup and restore configurations: locally, via FTP or email; on-demand, daily, weekly or monthly
  • API for third-party integration
  • Interface renaming
  • Remote access option for Sophos Support
  • Cloud-based license management via MySophos

Firewall, Networking, and Routing

  • Stateful deep packet inspection firewall
  • Network Flow FastPath acceleration for trusted traffic
  • User, group, time, or network-based policies
  • Access time polices per user/group
  • Enforce policy across zones, networks, or by service type
  • Zone isolation and zone-based policy support
  • Default zones for LAN, WAN, DMZ, LOCAL, VPN, and WiFi
  • Custom zones on LAN or DMZ
  • Customizable NAT policies with IP masquerading and full object support to redirect or forward multiple services in a single rule
  • Flood protection: DoS, DDoS, and portscan blocking
  • Country blocking by geo-IP
  • Routing: static, multicast (PIM-SM), and dynamic (RIP, BGP, OSPF)
  • Upstream proxy support
  • Protocol-independent multicast routing with IGMP snooping
  • Bridging with STP support and ARP broadcast forwarding
  • VLAN DHCP support and tagging
  • VLAN bridge support
  • WAN link balancing: multiple Internet connections, auto-link health check, automatic failover, automatic and weighted balancing, and granular multipath rules
  • Wireless WAN support (n/a in virtual deployments)
  • 802.3ad interface link aggregation
  • Full configuration of DNS, DHCP, and NTP
  • Dynamic DNS (DDNS)
  • IPv6 Ready Logo Program Approval Certification
  • IPv6 tunneling support including 6in4, 6to4, 4in6, and IPv6 rapid deployment (6rd) through IPSec

Base Traffic Shaping and Quotas

  • Flexible network or user-based traffic shaping (QoS) (enhanced Web and App traffic shaping options included with the Web Protection subscription)
  • Set user-based traffic quotas on upload/download or total traffic and cyclical or non-cyclical
  • Real-time VoIP optimization
  • DSCP marking

Secure Wireless

  • Simple plug-and-play deployment of Sophos wireless access points (APs) — automatically appear on the firewall control center
  • Central monitoring and management of APs and wireless clients through the built-in wireless controller
  • Bridge APs to LAN, VLAN, or a separate zone with client isolation options
  • Multiple SSID support per radio including hidden SSIDs
  • Support for the latest security and encryption standards including WPA2 Personal and Enterprise
  • Channel width selection option
  • Support for IEEE 802.1X (RADIUS authentication) with primary and secondary server support
  • Support for 802.11r (fast transition)
  • Hotspot support for (custom) vouchers, password of the day, or T&C acceptance
  • Wireless guest Internet access with walled garden options
  • Time-based wireless network access
  • Wireless repeating and bridging meshed network mode with supported APs
  • Automatic channel selection background optimization
  • Support for HTTPS login


  • Synchronized User ID utilizes Synchronized Security to share currently logged in Active Directory user ID between Sophos endpoints and the firewall without an agent on the AD server or client
  • Authentication via: Active Directory, eDirectory, RADIUS, LDAP and TACACS+
  • Server authentication agents for Active Directory SSO, STAS, SATC
  • Single sign-on: Active directory, eDirectory, RADIUS Accounting
  • Client authentication agents for Windows, Mac OS X, Linux 32/64
  • Browser SSO authentication: Transparent, proxy authentication (NTLM) and Kerberos
  • Browser Captive Portal
  • Authentication certificates for iOS and Android
  • Authentication services for IPSec, SSL, L2TP, PPTP
  • Google Chromebook authentication support for environments with Active Directory and Google G Suite API-based authentication

User Self-Serve Portal

  • Download the Sophos Authentication Client
  • Download SSL remote access client (Windows) and configuration files (other OS)
  • Hotspot access information Ì Change username and password
  • View personal Internet usage
  • Access quarantined messages and manage user-based block/allow sender lists (requires Email Protection)

Base VPN Options

  • Site-to-site VPN: SSL, IPSec, 256- bit AES/3DES, PFS, RSA, X.509 certificates, pre-shared key
  • L2TP and PPTP
  • Route-based VPN
  • Remote access: SSL, IPSec, iPhone/iPad/ Cisco/Andriod VPN client support
  • IKEv2 Support
  • SSL client for Windows and configuration download via user portal

Sophos Connect IPSec Client

  • Authentication: Pre-Shared Key (PSK), PKI (X.509), Token and XAUTH
  • Enables Synchronized Security and Security Heartbeat for remote connected users
  • Intelligent split-tunneling for optimum traffic routing
  • NAT-traversal support
  • Client-monitor for graphical overview of connection status
  • Mac and Windows Support

Network Protection

  • Network protection provided with the EnterpriseGuard subscription is inclusive of intrusion prevention (IPS), ATP and Security Heartbeat, remote ethernet device (RED) virtual private network, and clientless virtual private network.

Intrusion Prevention (IPS)

  • High-performance, next-gen IPS deep packet inspection engine with selective IPS patterns that can be applied on a firewall rule basis for maximum performance and protection
  • Top rated by NSS Labs
  • Thousands of signatures
  • Granular category selection
  • Support for custom IPS signatures
  • IPS Policy Smart Filters enable dynamic policies that automatically update as new patterns are added

ATP and Security Heartbeat

  • Advanced Threat Protection (detect and block network traffic attempting to contact command and control servers using multi-layered DNS, AFC, and firewall)
  • Sophos Security Heartbeat instantly identifies compromised endpoints including the host, user, process, incident count, and time of compromise
  • Sophos Security Heartbeat policies can limit access to network resources or completely isolate compromised systems until they are cleaned
  • Lateral Movement Protection further isolates compromised systems by having healthy Sophos -managed endpoints reject all traffic from unhealthy endpoints preventing the movement of threats even on the same broadcast domain

Remote Ethernet Device (RED) VPN

  • Central management of all RED devices
  • No configuration: Automatically connects through a cloud-based provisioning service
  • Secure encrypted tunnel using digital X.509 certificates and AES 256-bit encryption
  • Virtual Ethernet for reliable transfer of all traffic between locations
  • IP address management with centrally defined DHCP and DNS Server configuration
  • Remotely de-authorize RED devices after a select period of inactivity
  • Compression of tunnel traffic
  • VLAN port configuration options (RED 50)

Clientless VPN

Sophos unique encrypted HTML5 self-service portal with support for RDP, HTTP, HTTPS, SSH, Telnet, and VNC

Web Protection

Benefit from EnterpriseGuard and subscribe to receive web protection. Web protection with EnterpriseGuard provides synchronized application control, web protection and control, application protection and control, cloud application visibility, and web or app traffic shaping.

Web Protection and Control

  • Fully transparent proxy for anti-malware and web filtering
  • Enhanced Advanced Threat Protection
  • URL Filter database with millions of sites across 92 categories, backed by SophosLabs
  • Surfing quota time policies per user/group
  • Access time polices per user/group
  • Malware scanning: block all forms of viruses, web malware, trojans, and spyware on HTTP/S, FTP and web-based email
  • Advanced web malware protection with JavaScript emulation
  • Live Protection real-time, in-the-cloud lookups for the latest threat intelligence
  • Second independent malware detection engine (Avira) for dual-scanning
  • Real-time or batch mode scanning
  • Pharming protection
  • HTTP and HTTPS scanning and enforcement on any network and user policy with fully customizable rules and exceptions
  • SSL protocol tunneling detection and enforcement
  • Certificate validation
  • High performance web content caching
  • Forced caching for Sophos Endpoint updates
  • File type filtering by mime-type, extension, and active content types (e.g. Activex, applets, cookies, etc.)
  • YouTube for Schools enforcement per policy (user/group)
  • SafeSearch enforcement (DNS-based) for major search engines per policy (user/group)
  • Web keyword monitoring and enforcement to log, report or block web content matching keyword lists with the option to upload customs lists
  • Block Potentially Unwanted Applications (PUAs)
  • Web policy override option for teachers or staff to temporarily allow access to blocked sites or categories that are fully customizable and manageable by select users
  • User/Group policy enforcement on Google Chromebooks

Cloud Application Visibility

  • Control Center widget displays amount of data uploaded and downloaded to cloud applications categorized as new, sanctioned, unsanctioned or tolerated
  • Discover Shadow IT at a glance
  • Drill down to obtain details on users, traffic, and data
  • One-click access to traffic shaping policies
  • Filter cloud application usage by category or volume
  • Detailed customizable cloud application usage report for full historical reporting

Application Protection and Control

  • Synchronized App Control to automatically, identify, classify, and control all unknown Windows and Mac applications on the network by sharing information between Sophos-managed endpoints and the firewall
  • Signature-based application control with patterns for thousands of applications
  • Cloud Application Visibility and Control to discover Shadow IT
  • App Control Smart Filters that enable dynamic policies which automatically update as new patterns are added
  • Micro app discovery and control
  • Application control based on category, characteristics (e.g., bandwidth and productivity consuming), technology (e.g. P2P), and risk level
  • Per-user or network rule application control policy enforcement

Web and App Traffic Shaping

Enhanced traffic shaping (QoS) options by web category or application to limit or guarantee upload/download or total traffic priority and bitrate individually or shared


Go to Top