Lightbulb Illustration

Sophos Ideas

Sophos XG Firewall

How can we improve Sophos XG Firewall

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. File extension cause some URLs to get blocked

    There is an issue blocking .dll extensions causes problems with websites that use ISAPI.dll on their URL. Sample scenario web policy containing a block for System files which include dll on file type when enable is blocking the URL for ebay http://my.ebay.com.au/ws/eBayISAPI.dll?MyEbay&gbh=1

    2 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • Improved VPN Access Reporting

      Needs a report that shows the time a vpn user logged in or connects and disconnects from the VPN. Historical data for VPN usage, current VPN reporting is not enough as it doesn't show connect/disconnect times.

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
      • Broadcom NIC driver support in XG

        From experience and from forum post Broadcom NIC driver support is lacking or not working.
        Many Dell and HP servers use NICs from Broadcom.

        1 vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
        • Orderly Shutdown of XG HA Cluster from GUI

          Orderly Shutdown of XG HA Cluster from GUI
          When the admin selects shutdown in the GUI if the XG Firewall is part of a HA arrangement either Active/Passive or Active/Active it would be a good idea to automatically conduct an orderly shutdown / restart of the HA cluster in a seamless manner. This could avert the potential for any corruption related to sync failures etc.

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • Keep the upn added to the userid for multiple domain authentication

            In case of a multiple domain environment, it would be nice to route the users authentication requests to the right authentication server based on their UPN (@domain.local).
            Unfortunately, the Sophos XG will removef the UPN, and will only send the userid to the authentication server.
            So for example, using radius proxy for sending the authentication requests to the right AD server will not work, as we can not make a routing desicion based on the UPN.
            This is for many customers a big issue.
            In Cyberoam OS 10.6.2, the UPN is untouched, but from releases higher than that or Sophos…

            14 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
            • Option to change the host ip address into a name under reports

              Option to change the host ip address into a name under reports for easier identification

              2 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
              • 1 vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
                • SCEP to renew certificates

                  When you need to manage multiple XG devices, you can use SFM to simplify your life.
                  If you need to use a certificate (on IPsec VPN, WAF, etc...) it's possible to upload or create a CSR under System > Certificates.

                  But, you need t manually renew all certificates when it's close to expire! If you manage 300 XG devices, you will need to manually renew all certificates, and access each device, to update and remember where you used a certificate that needs to be renewed.

                  There is the SCEP (https://www.ietf.org/proceedings/69/slides/pkix-3.pdf), supported by a wide range of CA (Cisco,…

                  4 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                  • dns group

                    On Sophos SG you can create a definition for a "DNS Group", which is a really useful feature when needing to define multiple IPs for firewall rules, device access and so. It would be nice to have this on XG.

                    3 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                    • eDirectory Single Sign on via secure ldap

                      missing the edirectory single sign on from sophos utm (aua.bin) on xg firewall.

                      2 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • Have a preferred master option for HA pairs active/passive

                        Submitting on behalf of client:
                        Like the UTM 9 HA engine it allowed us to select a "preferred master" which in the event of a failover the node will attempt to switch back once it comes back up.

                        Due to the way the XG licensing works in HA this would be an important feature as only ONE firewall has the "master" subscription license and the other is just a base (passive).

                        2 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                        • Socks proxy

                          As in UTM 9.x there was an option to use the utm as socks5 proxy using port 1080, that was very helpful when you try to connect lan computers to remote servers over the internet without the need to open firewall rules o natting, ie. bank applications to transfer data between pc and bank office using secured channel instead of web browsing.
                          We used to run Hummingbird socks proxy client.

                          1 vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • Azure and AWS subnet host groups

                            Hello.
                            Azure (and I think AWS does the same) releases weekly an updated xml file containing all the subnets related to Azure services and region.

                            It would be great if Sophos XG could maintain an updated "Host Group" with all the Azure (or AWS) subnets to use them in firewall rules, routing etc...

                            Everyone is moving to the cloud, Sophos XG should consider it!

                            1 vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                            • Proxy Pathing

                              Provide the facility to publish sub-directories in path selection as well as static 'web server'. This is useful for many different reasons and has traditionally been known as proxy pathing. This allows a user to enter an FQDN and to have that transparently connect to a sub-directory of the web server. Also, it allows virtual directories of a single FQDN to transparently map to different sub-directories of the same server, or even a different web server entirely.

                              4 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • Sophos XG weekly backup email notification subject

                                Hi Sophos ,

                                For the XG model weekly backup email notification can't change subject name.

                                Because during the email backup we received multiple device with serial number. We hope can change the subject from Serial number to company name.

                                thank you
                                Ray
                                I hope future be improve

                                1 vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                • Remove support for TLS v1.0 and Insecure Cyphers or Allow them to be disabled

                                  The XG still supports protocols that are insecure and fail PCI compliance scans. These protocols such as TLS v1.0, 64-bit block ciphers, etc should be able to be disabled through at a minimum the CLI and preferably the UI.

                                  6 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    2 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Download/upload report for Web

                                    Ability to report on downloaded and uploaded executables (.exe, .bat, .ps1) for each user, which website.

                                    1 vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Monitor UPS health and orderly shutdown

                                      Most home/business firewalls are on a UPS (or should be, IMHO).

                                      It would be nice to have a software that monitored UPS health and could do a orderly shutdown if power loss was imminent.

                                      2 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Multiple IP/Networks on same physical interface

                                        If I have two different public ip range with the corresponding gateways with XG I must use two different physical interfaces or create a VLan interface in additition to the physical. Please give us the ability to add multiple networks to the same physical interface.

                                        I posted the problem here:
                                        https://community.sophos.com/products/xg-firewall/f/sophos-xg-firewall-general-discussion/89777/multiple-ip-subnets-on-wan-physical-interface

                                        2 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • cco

                                          شكرا

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 24 25
                                          • Don't see your idea?

                                          Feedback and Knowledge Base