Sophos XG Firewall innovations – FastPath packet optimization

XG FirewallHave you ever been in line at airport security and see someone skip the line and head straight for the security screening station? That’s called taking the fast path, and it’s just one of the many innovations in the new Sophos XG Firewall.

FastPath packet optimization dramatically improves firewall throughput performance by automatically putting trusted and secure packets on the fast path, meaning they don’t have to be processed by the firewall policy engine for identification and destination. Instead, the firewall forwards these packets directly to the security engine for scanning.

It’s directly analogous to what happens when you visit the airport. When you arrive, someone first checks your identity and ticket to determine your destination and whether you’re permitted to travel there. Packets are like groups of people, and if you have a large family or group traveling together, there’s no need for everyone to go through this identity and destination verification step.

After the leader has been cleared, the rest of this trusted group can proceed directly to security screening – they are put on the fast path. This can take a big load off the firewall policy engine and result in a significant increase in firewall throughput.

The next step at the airport is to go through security screening. And unlike some other firewall vendors, we don’t enable anyone (or any packets) to slip past this important part of the process without a thorough examination.

Some vendors use stream scanning, which compromises malware scanning effectiveness in the interest of improving performance. As you might imagine, at Sophos, we don’t make compromises on protection, so all content is subjected to a thorough security scan by one or two different AV engines at your request.

So with Sophos XG Firewall, you’re getting the best performance and the best protection, without compromise.

Read these other blog posts about the many innovations in Sophos XG Firewall:

xg-firewall

Leave a Reply

Your email address will not be published. Required fields are marked *