Sold by: Sophos
Deployed on AWS
Sophos Firewall for AWS delivers advanced threat protection for AWS environments and assets. Protect networks, applications, ensure security of ingress and egress traffic, and maintain high web-application availability.
4.7
Overview
Sophos Firewall integrates leading technologies into a single next-generation solution without compromising security. Highlights include deep packet inspection with IPS, ATP, URL filtering, and in-depth reporting; Bidirectional AV for WAF with authentication offloading, path-based routing, country-level blocking; and self-service SSL and HTML5 VPRN technologies to make connecting from anywhere and on any device a reality - without administrative overhead.
Preconfigured templates and centralized policy management save time managing user, application and network policies, and provide pre-packaged web filtering, IPS, traffic shaping and app control policies for Active/Active and Active/Passive deployments spanning multiple availability zones.
Sophos synchronized security allows organizations to link endpoints, cloud workloads, and firewall to relay health status and immediately to respond to threats on your network.
Part of a complete SaaS security platform. A selection of Sophos AWS solutions are included below with more at https://www.sophos.com/en-us/public-cloud .
- Deploy auto scaling firewalls in dynamic environments: https://soph.so/utm-autoscaling-payg
- Monitor resource configurations and analyze AWS security groups with Cloud Optix: https://soph.so/cloud-optix
- Neutralize active cyber-attacks with a dedicated team https://soph.so/Rapid-Response
If you have questions about Sophos solutions or need assistance with deployment and configuration, contact us at aws.marketplace@sophos.com .
The cloud formation template to deploy Sophos Firewall will optionally collect Sophos Central account credentials (email and password used to login to https://central.sophos.com ). These credentials are used only once by the firewall to connect to Sophos Central and enable management services. This step is optional, and can be performed at any time after deployment, following the instructions available here.
Highlights
- Sophos XG Firewall combines advanced networking controls, protections such as Intrusion Prevention Systems (IPS) and Web Application Firewall (WAF), plus user and application controls. Saving time taken to deploy and integrate multiple products.
- Web App Firewall (WAF) protects your web apps against common threats like SQL injection and Cross-Site Scripting. Next-Gen Firewall protection and reporting with stateful traffic inspection, Layer-7 application control, secure proxies, and IPS.
- Sophos Firewall includes extensive reporting. Sophos Firewall provides full insights into user and network activity, surfaced using easy-to-understand indicators so you can take preventive measures before problems occur.
Details
Sold by
Categories
Delivery method
Delivery option
Sophos Standalone Firewall for AWS
Sophos Firewall GWLB (Deprecated - use PAYG)
Latest version
Operating system
OtherLinux 22.0 GA
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing and entitlements for this product are managed through an external billing relationship between you and the vendor. You activate the product by supplying a license purchased outside of AWS Marketplace, while AWS provides the infrastructure required to launch the product. AWS Subscriptions have no end date and may be canceled any time. However, the cancellation won't affect the status of the external license.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Vendor refund policy
Terminate the EC2 instance(s) at any time to stop incurring charges. You may email aws.marketplace@sophos.com for questions regarding Sophos XG Firewall charges and refund requests.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Sophos Standalone Firewall for AWS
This CloudFormation template allows you to deploy a Sophos XG Firewall Standalone. The template will bring up a single XG Firewall instance with two ENI network interfaces attached to the instance, each interface is in a distinct subnet. The first interface is dedicated to the private subnet to be protected by the XG Firewall, the second interface is dedicated to the public/external subnet. The IGW is automatically attache to the public subnet.
CloudFormation Template (CFT)
AWS CloudFormation templates are JSON or YAML-formatted text files that simplify provisioning and management on AWS. The templates describe the service or application architecture you want to deploy, and AWS CloudFormation uses those templates to provision and configure the required services (such as Amazon EC2 instances or Amazon RDS DB instances). The deployed application and associated resources are called a "stack."
Version release notes
Additional details
Usage instructions
You can manage your Sophos XG Firewall on AWS from the Web Interface using HTTPS (TCP port 4444), the command shell using SSH (TCP port 22), and via the API.
Sophos XG Firewall requires a valid email address for administration purposes. This email address is not used for any other purpose and remains local to the Sophos XG Firewall AMI.
Resources
Support
Vendor support
Sophos provides technical support via phone and web portal as part of your BYOL subscription. Phone: +1-844-591-2756 Web portal:
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Sophos Cloud UTM9 is nearing end-of-life and will not be supported after 30 June 2026. Sophos recommends using Sophos Firewall on AWS.
Sophos Firewall for AWS delivers advanced threat protection for AWS environments and assets. Protect networks, applications, ensure security of ingress and egress traffic, and maintain high web-application availability.
Sophos Cloud UTM9 is nearing end-of-life and will not be supported after 30 June 2026. Sophos recommends using Sophos Firewall on AWS.
Sophos Cloud UTM9 is nearing end-of-life and will not be supported after 30 June 2026. Sophos recommends using Sophos Firewall on AWS.
Customer reviews
Banking
Impeccable centralized administration with Sophos Central on Sophos Firewall.
Reviewed on Jun 17, 2026
Review provided by G2
What do you like best about the product?
What I like most about Sophos Firewall is its centralized management through Sophos Central, which facilitates the management of security policies, monitoring, and reporting from a single console.
What do you dislike about the product?
some advanced functions require a considerable learning curve to make the most of them.
What problems is the product solving and how is that benefiting you?
help protect the network against cyber threats such as malware, ransomware, intrusions, and unauthorized access.
Anonymous
Powerful and Easy-to-Configure, with Licensing Hiccups
Reviewed on Jun 17, 2026
Review provided by G2
What do you like best about the product?
I like that Sophos Firewall is powerful to use and has advanced administrative capabilities, but it's easy to configure. It lets me do fine tuning of web filtering, ensuring traffic isn't touched as it goes through if it is identified as clean website, which supports end-user success for our clients while also making sure that harmful things are shut down and not allowed through. The initial setup was pretty simple; we were able to deploy a virtual appliance quickly and input website safe list into the Sophos Firewall events easily.
What do you dislike about the product?
I think the way they do their licensing is a bit annoying. It bundles things together, but the specific items that I want are in different bundles. I have to buy more bundles to get the features i want, along with features i don't need.
What problems is the product solving and how is that benefiting you?
Sophos Firewall protects our end users from harmful internet browsing by inspecting and filtering the web, and it allows me to manage traffic and block threats effectively.
Carlos M.
Synchronized Security via Security Heartbeat Is a Standout in Sophos Firewalls
Reviewed on Jun 16, 2026
Review provided by G2
What do you like best about the product?
There is a lot to appreciate about how Sophos has engineered its firewall ecosystem, but from a technical and operational standpoint, the absolute best feature is Synchronized Security via Security Heartbeat
What do you dislike about the product?
While Sophos has made massive strides with its Xstream hardware (XGS series) and the integration into Sophos Central, any engineer who has spent long nights in production environments knows it is far from perfect. If you peel back the marketing, several consistent pain points irritate administrators and network architects.
What problems is the product solving and how is that benefiting you?
If you are coming from an environment like Fortinet (FortiGate) or traditional SonicWall, the way Sophos handles firewall rules and Network Address Translation (NAT) can feel incredibly clunky.
Rayudu D.
High-Performance Firewall with Intelligent Threat Correlation and Response
Reviewed on Jun 16, 2026
Review provided by G2
What do you like best about the product?
Here’s what I like most about Sophos Firewall, explained clearly:
Synchronized Security (top highlight): The firewall and endpoint security work together in real time.
Automatic threat response: Infected or risky devices can be automatically restricted or isolated, without requiring manual action.
Real-time visibility of device health: I can instantly see whether a system is “healthy” or compromised through Security Heartbeat.
Faster incident containment: Threats are contained at the network level right away, which helps reduce spread.
Less dependency on manual monitoring: Admins don’t need to constantly track every endpoint, because the system helps enforce the right actions.
Stronger layered defense model: It combines endpoint and network intelligence, rather than treating them as separate pieces.
Synchronized Security (top highlight): The firewall and endpoint security work together in real time.
Automatic threat response: Infected or risky devices can be automatically restricted or isolated, without requiring manual action.
Real-time visibility of device health: I can instantly see whether a system is “healthy” or compromised through Security Heartbeat.
Faster incident containment: Threats are contained at the network level right away, which helps reduce spread.
Less dependency on manual monitoring: Admins don’t need to constantly track every endpoint, because the system helps enforce the right actions.
Stronger layered defense model: It combines endpoint and network intelligence, rather than treating them as separate pieces.
What do you dislike about the product?
Nothing significant to dislike. Overall, the firewall meets my expectations in terms of security, performance, and usability.
What problems is the product solving and how is that benefiting you?
Solves fragmented security management by bringing firewall, endpoint, and network security into one unified system, which reduces the need to manage multiple tools separately.
It also improves threat detection and response speed. Security Heartbeat provides real-time device health visibility, helping me quickly identify and isolate compromised systems.
It reduces the manual security workload as well. Automated policies and synchronized response actions minimize constant monitoring and manual intervention.
Protection against modern threats is stronger, too. The IPS, web filtering, and malware protection help block advanced attacks before they spread.
Centralized control is simpler across multiple locations. Sophos Central makes it easier to manage distributed firewalls and endpoints from a single dashboard.
Network visibility is improved with clearer insights into traffic, applications, and user activity, which helps with decision-making and policy enforcement.
It also supports secure remote access. Reliable VPN solutions help ensure safe connectivity for remote users and branch offices.
It also improves threat detection and response speed. Security Heartbeat provides real-time device health visibility, helping me quickly identify and isolate compromised systems.
It reduces the manual security workload as well. Automated policies and synchronized response actions minimize constant monitoring and manual intervention.
Protection against modern threats is stronger, too. The IPS, web filtering, and malware protection help block advanced attacks before they spread.
Centralized control is simpler across multiple locations. Sophos Central makes it easier to manage distributed firewalls and endpoints from a single dashboard.
Network visibility is improved with clearer insights into traffic, applications, and user activity, which helps with decision-making and policy enforcement.
It also supports secure remote access. Reliable VPN solutions help ensure safe connectivity for remote users and branch offices.
Jose C.
Efficient Firewall with Intuitive Configuration
Reviewed on Jun 16, 2026
Review provided by G2
What do you like best about the product?
It seems to me that the rules of the Sophos Firewall are quite intuitive and work very precisely to control what enters and exits the network. Additionally, content filtering is important to define what can or cannot be done within the network. The initial setup was very easy; I had no problems, I just had to understand a bit of the logic of its operation. I also use it with SoftOS endpoints, which provides me with double security when an application is running and allows for good event correlation between the endpoint and the firewall. I am very satisfied, so much so that I would recommend Sophos Firewall with a probability of between 9 and 10.
What do you dislike about the product?
Mainly, I believe that the way the process for conducting tests or reviewing traffic is presented could be improved; it needs to be explored a bit more. And integrate artificial intelligence to have a better guide within the menu and the things that can be done within the console.
What problems is the product solving and how is that benefiting you?
I use Sophos Firewall to secure the perimeter, control access, and protect against attacks. Its rules are intuitive and precise for managing what comes in and goes out. It also helps me with content filtering to define what can be done on the network.