Cyber Security

    Dedicated & Virtual
    Secure Firewalls

    Enterprise-grade firewall protection on the platform of your choice — Sophos XGS, pfSense or OPNsense. Self-managed for full control, or fully managed by our UK engineers, with built-in failover, IDS/IPS and free DDoS protection.

    • Sophos XGS, pfSense and OPNsense supported
    • Virtual or dedicated appliance options
    • 1Gbps and 10Gbps network ports
    • Multi-WAN load balancing & failover
    • Free 600Gbps Corero DDoS protection
    • 24/7 UK NOC and engineering support
    Talk to our security experts See DDoS protection
    0
    Supported platforms
    0%
    Uptime SLA
    0Gbps
    Free Corero DDoS
    0/7
    UK NOC monitoring
    Supported platforms

    Sophos XGS, pfSense and OPNsense

    Choose from three powerful platforms — from a vendor-backed next-gen firewall to flexible open-source — all deployed and supported in our Cambridge data centre.

    Next-Generation Firewall

    Sophos XGS

    Enterprise next-gen firewall with deep packet inspection, hardware-accelerated TLS inspection, sandboxing and synchronised security across endpoints. Available as a managed dedicated appliance.

    • XStream packet processing
    • Synchronised Security
    • Sophos Central management
    • Available as XGS or UTM
    Open-Source Powerhouse

    pfSense

    A mature, enterprise-grade open-source firewall on Netgate hardware or as a virtual appliance. No licence fees, huge plugin ecosystem and rock-solid stability.

    • No licensing fees
    • Snort/Suricata IDS/IPS
    • Wide plugin catalogue
    • Active community
    Modern Open-Source

    OPNsense

    A modern fork of pfSense with frequent updates, a clean web UI and rich reporting. Great for teams that want bleeding-edge features without a vendor licence.

    • Weekly security updates
    • Clean modern UI
    • Built-in WireGuard
    • Rich reporting
    Comprehensive platform

    Security, routing, VPN and reporting in one

    Our appliances ship with everything you'd expect from an enterprise security platform — and a few things you wouldn't.

    Firewall

    • Stateful Packet Inspection (SPI)
    • GeoIP blocking
    • Anti-spoofing
    • Captive portal for guest networks
    • Time-based rules & connection limits
    • Inbound & outbound NAT mapping

    Routing

    • Policy-based routing
    • Concurrent IPv4 & IPv6 support
    • Configurable static routes
    • IPv6 prefix translation & RAs
    • Multiple IPs per interface
    • Integrated PPPoE server

    Attack Prevention

    • Snort/Suricata IDS/IPS
    • Layer-7 application detection
    • Emerging threats & IP blacklist feeds
    • Pre-set rule profiles per interface
    • False-positive suppression
    • Deep Packet Inspection (DPI)

    VPN

    • IPsec, OpenVPN & WireGuard
    • Site-to-site and remote access
    • SSL encryption & split tunnelling
    • L2TP/IPsec for mobile clients
    • Multiple tunnels & VPN failover
    • RADIUS / LDAP authentication

    Proxy & Content Filtering

    • HTTP/HTTPS proxy (transparent or not)
    • Domain/URL & antivirus filtering
    • SafeSearch enforcement
    • HTTPS content screening
    • Website access reporting
    • DNSBL (DNS blacklisting)

    Network Services

    • Dynamic DNS (multi-provider)
    • Integrated DHCP & DHCPv6 server
    • DNS forwarding/caching with DNSSEC
    • Conditional / split DNS & mDNS reflection
    • Built-in NTP time server
    • Multi-WAN load balancing & failover

    Resilience & Reliability

    • Optional multi-node HA clustering
    • Multi-WAN load balancing & failover
    • Reverse proxy with auto failover
    • Bandwidth shaping & throttling wizard
    • Bandwidth reservation & user quotas
    • Configurable failover policies

    Reporting & Monitoring

    • Configurable dashboard widgets
    • Local & remote logging
    • Real-time traffic graphs
    • SNMP & hardware monitoring
    • Email/SMTP & Growl notifications
    • Built-in network diagnostic tools

    Access & Hardening

    • Local user & group database
    • External RADIUS authentication
    • Group-based privileges & expiry
    • Hardened web interface security
    • DNS rebinding protection & HSTS
    • Optional key-based SSH access
    Who it's for

    From office edge to multi-site failover

    Office Edge Security

    Replace ageing SonicWall or WatchGuard appliances with a managed Sophos, pfSense or OPNsense edge for your office.

    Colocation Perimeter

    A virtual firewall sitting in front of your colocated kit — segmenting VLANs, enforcing rules and terminating site-to-site VPNs.

    Multi-WAN Failover

    Bond DIA, broadband and 4G/5G into a single resilient WAN with policy-based routing and automatic failover.

    Secure Remote Access

    WireGuard, OpenVPN and IPsec remote access for hybrid teams — with RADIUS/LDAP integration for SSO.

    Technical specification

    At a glance

    Platforms
    Sophos XGS, pfSense, OPNsense
    Form factor
    Virtual appliance or dedicated hardware
    Network ports
    1Gbps and 10Gbps interfaces
    VLANs
    Multiple 802.1Q VLANs supported
    VPN
    IPsec, OpenVPN and WireGuard
    IDS/IPS
    Snort / Suricata with curated rule sets
    High availability
    Multi-node HA clustering
    DDoS
    600Gbps Corero SmartWall — included
    Management
    Self-managed or fully managed
    SLA
    99.99% uptime with proactive credits
    From scope to live

    A predictable delivery process

    1. 1

      Scope & design

      We review your topology, throughput, VPN users and HA needs, then recommend the right platform and sizing.

    2. 2

      Provision & licence

      We provision the virtual or dedicated appliance, apply licences (where required) and stage the base configuration.

    3. 3

      Configure & migrate

      Our engineers build out rules, VPNs, VLANs and IDS/IPS profiles, then migrate cutover from your existing firewall.

    4. 4

      Live & supported

      Go live with 24/7 monitoring, optional managed-rule changes and a single UK NOC for everything firewall-related.

    Explore Fast2host

    Related security & infrastructure

    Pair your firewall with DDoS protection, colocation, cloud onramps or dedicated servers — all from our Cambridge facility.

    FAQ

    Frequently asked questions

    Platform choice, HA clustering, managed vs self-managed and cloud VPN termination — what customers ask before deploying a perimeter firewall with Fast2host.

    • Sophos XGS, pfSense & OPNsense supported
    • Multi-node HA & multi-WAN failover
    • 600Gbps Corero DDoS included free

    Need help choosing a platform?

    Our UK security engineers will scope your topology and recommend the right appliance and HA design.

    Talk to our security experts

    6 common questions

    Sophos XGS is the best fit if you want a vendor-supported next-gen firewall with sandboxing, synchronised endpoint security and a polished management plane. pfSense is the workhorse choice for predictable, no-licence open-source firewalling with a huge plugin catalogue. OPNsense is great if you want a modern UI with weekly updates and built-in WireGuard. We're happy to advise based on your topology and throughput.

    Ready to deploy Sophos, pfSense or OPNsense with UK engineering support?

    Call on: 01480 26 00 00
    Sales 9am to 5pm - Support 24/7
    Email: sales@fast2host.com