XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. STAS + Multiple gropus Users

    It should be very important to permit the Sophos Firewall, configured with STAS, to map the users whit all the groups that the users join in the AD server, and not just with one of them.

    2 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
    • Translate notification sandstorm

      Sandstorm notification cannot be translated....
      Please add this feature... Users don't read message because it is not in french...

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
      • web-socket port check will not works with the sophos web-poxy

        I have sophos xg-115 with latest firmware. My web development team have block some categery but in firewall i put web filter for them and web-socket port check did not work.

        2 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • sandstorm for home users for free

          Please unlock Sandstorm for XG home but please let sophos xg be a free software!

          3 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • web realtime scanning notification

            When I switch the Webprotection Malware scanning mode to Realtime scanning, I dont see any Notification when a Virus is found.
            So maybe you can make it possible to recieve a notification when a Virus is found in Realtime scanning mode.

            8 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              3 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • Mail Server Settings - Need Authentication method Option

              Dear Support,

              We are using MDaemon Mail Server, As not able to configure Mail Server, Need Option for Authentication method

              In Mail Server Settings - Need Authentication method Option
              with Type : No authentication, Password, teansmitted insecurely, Encrypted password, Kerberos/GSSAPI, NTLM, oAuth2

              Regards,
              Kapil Sharma

              2 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
              • dhcp

                Add RED50 switch mode functionality.
                Normally RED15 forwards all VLAN tags so you can manage it by local L3 switch behind RED15, however RED50 it's DROPPING ALL VLAN tags in switch mode, so you can use only limited VLAN mode with RED50.

                I see this as a bug, support said it is a feature request ... You can see the issue #6361502.

                3 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • SIM card slot on smaller end appliance for connecting to internet.

                  Few remote locations does not have neither ILL ISP nor Broadband ISP. Customer asks for SIM Slots in hardware appliances, which as of now not available.

                  1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                  • Pption to clear (In:10GB & Out:20GB) of firewall rules, to check newly generated traffic is choosing the right policy or not. OR Rules sho

                    Option to clear (In:10GB & Out:20GB) of firewall rules, to check newly generated traffic is choosing the right policy or not. OR Rules should give live session information like how many sessions are going through per rule.

                    3 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                    • Multiple parameters filter options in Firewall Rules like Source IP, Destination IP, Port and multiple rules IDs selected at once.

                      Multiple parameters filter options in Firewall Rules like Source IP, Destination IP, Port and multiple rules IDs selected at once.

                      2 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                      • Delete all the connections from individual firewall rule. (We have only for SRC, DST, Proto & Connection ID).

                        Delete all the connections from individual firewall rule. Right now we have option only for SRC, DST, Proto & Connection ID.

                        2 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                        • RED

                          Could it possible to shutdown LAN ports on the RED via the configuration on the XG? We have installed a number of REDs in shared comms rooms and it would be good to stop people from having the ability to just plug in a LAN port on the RED and access a customer's remote network via the L2TP tunnel.

                          1 vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • Synchronizing PPPoE sessions

                            In SFOS version 16.05.4 MR 4, PPPoE sessions in HA mode are not synchronized.
                            PPPoE goes down and reconnects when switching occurs from Primary
                            PPPoE sessions are not inherited, so there is no point in configuring HA.

                            Make sure PPPoE sessions are synchronized.

                            2 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • separate option for admin to reset end user password

                              separate option for admin user profile to reset end user password only, same like disconnect live user

                              3 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
                              • Need Mac bounding with captiportal and auto mac find option

                                Need Mac bounding with captiportal and auto mac find option. if you implement the option bound with First mac use of user its so convenient for all user

                                2 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • Disable virtual mac address in HA mode

                                  Running the Sophos XG firewall in high availability mode in a virtualized environment (where virtual MAC addresses are not supported) is currently not possible. Please implement a feature to disable the usage of virtual MAC addresses (similar to what the UTM does when using the command 'cc set ha advanced virtual_mac 0'.

                                  Thanks.

                                  2 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Multiple PPPoE connections with one interface.

                                    Multiple PPPoE connection with one line by NTT specification of Japan. (example: IPVPN's ISP & Internet ISP connection)

                                    2 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Firewall rule re-ordering by using Up and Down buttons

                                      Drag and drop for firewall rules seems to be unreliable on some browsers and can be difficult to do if using a tablet or trackpad.
                                      Can we add the ability to click on "UP", "DOWN", "MOVE TO TOP" and "MOVE TO BOTTOM" buttons to move the selected firewall rule?

                                      4 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • RED Interface:"3G/UMTS Failover" setting is DHCP mode support

                                        XG is Cellular WAN IF IP assign mode is support DHCP client
                                        but RED WAN I/F is not supported.

                                        Please support similarly.

                                        2 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Failover default rule change

                                          I think the default rule should use an external IP, (we currently use 8.8.8.8) perhaps default to the DNS IP configured on the WAN interface for which the rule is written. Using the gateway IP is useless, as that will usually be hardcoded on the interface of the device. It will only be down if the device is off/disconnected. By using an external IP, you can actually see if the line is down. Using provider DNS may have other issues, but getting beyond the CPE is critical for monitoring.

                                          2 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 27 28
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.