We’ve just updated the XG sales collateral with the latest v18 datasheet numbers.

Find the latest XG Firewall assets, including the new datasheet, brochure and product matrix, on the partner portal asset library.

These documents are currently in translation and the web pages are in the process of being updated.

This blog explains the new performance data and gives you further context to better understand the numbers and why a direct comparison with prior XG Firewall (SFOS) versions is not always possible.

How much faster is v18 than v17?
Overall, we come to a performance improvement of about 25%. This varies by model and performance test mode, as you can see in the graphic below.

If you compare the datasheets, you will see that a few numbers are lower than in the previous datasheet. The lower concurrent connections and connection rates (connections per second) are simply a reflection of the different way in which v18 uses resources: less plain firewall, more security processing. If you were to compare v17 and v18 for the concurrent connections for decrypted traffic, or the per-connection state for Synchronized Security processing, you would see a significant improvement.

The v18 concurrent connections and connection rates:

• Exceed the demands of the real world AND
• Beat the competition in equivalent models.

The Xstream Architecture and Firewall Performance
Over the past months, you’ve hopefully been following our updates about the new Xstream Architecture, particularly the new DPI Engine and FastPath technology. If you’re new to Sophos or want to refresh your memory, check out the current blog series covering the highlights.

XG v18 has been built from the ground up with software architecture to get the best performance out of our current x86 hardware appliances, and in the future, will take advantage of new hardware technology to offer continued performance improvements.

In short, FastPath offers a smarter way to handle trusted traffic and, particularly in high traffic environments, can reduce the load on the CPU. The DPI Engine optimizes process handling by combining processes which would have been handled in sequence in v17, such as IPS, Web, SSL and App Control, into a single engine. This means more traffic gets where it needs to go faster (improved throughput) and with as little delay (latency) as possible.

What do the performance numbers mean and how are they measured?
We’ve made some changes to our test methodology and now include new datapoints – most notably, we’ve added Threat Protection and SSL decryption throughput. This not only makes our performance easier to reproduce, should someone conduct similar tests, but also makes it easier to compare us with our key NGFW competitors.

These changes are all part of our ongoing shift as we grow from our UTM roots and claim our stake in the Next-Gen Firewall space.

• Firewall: Plain firewall throughput using a single packet size, in our case, 512K. This will always be the highest number.
• Firewall IMIX: UDP throughput measured using different packet sizes (66, 570 and 1518 bytes).
• NGFW: IPS + Application Control, with HTTP traffic using a default IPS ruleset and 512KB object size.
• IPS: Measured using a default IPS ruleset and 512KB object size.
• IPsec VPN: HTTP throughput using multiple tunnels and a 512KB response size.
• Threat Protection: Measured with Firewall + IPS + Application Control + malware prevention using HTTP 200KB response size.
• Xstream SSL Decryption: Measured with IPS + Threat Prevention enabled using HTTP traffic with a 192KB response size.

A friendly reminder:
Datasheet numbers represent performance testing under ideal lab conditions and are not to be confused with real-world numbers, which will be made available via your local Sophos SEs once that testing is complete.

What’s coming next?
We will soon be releasing a sizing tool, which will also be available to partners. Watch out for more news on that very soon.