Packet Inspection of TCP UDP like Palo Alto does - Application Based Inspection
That ones those spent time with that stuff already know how easy it it, to open connections with BotNet Servers or with any other device just by opening an mos likely "common opened" port. BotNet Control, WebFilter, AV.... cant detect those traffic in most cases. We tested it ourselfs and were wondering that those old well known metasploit traffic is not detected.
Only the https connection made by metasploit was detected (aprox after 10 seconds) and was terminated. But could be endless reopened for 10 additional seconds and so on.
Its much more than easy to overcome an Sophos UTM / XG / SG whith hightest secure configuration to get that traffic trough the Firewall.
The only solution is to inspect not only HTTPS traffic like the WebFilter does with WebTraffic, instead inspecting all Ports, regardless of the port or connection type. A bit like the UTM/XG/SG Application control already does. But Application control is like nothing because the less implementations of Applications.
Just lets say.. if Sophos is build this into their Firewalls, its also wonderful for doing VLAN Segmentation. And the Appliance would detect almost any bad traffic going trough it. And also because the pricing of Sophos, compared with paloalto, it would be an giant selling possibility for Sophos.
At this time, it's almost equal "bad" than on other SMB vendors like Fortinet. - Sadly. I like Sophos Firewalls, but i really miss that forward-looking feature