XG Firewall
Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.
-
Admin login “failed password” error
We recently setup a new XG 115 firewall saved the config and then found ourselves unable to login “failed password”
We contacted support and spent time using keyboard and screen to reset the password - still no login, then fully resetting and evenntually the Sophos support person advised we had a corrupted image and the unit was replaced as DOA.
The new unit was setup with the same result we proceeded to wipe and reset using different passwords which all worked when using the keyboard and screen
Only after setting up another Sophos incident and booking another engineer did we…1 voteStarted ·AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
Thanks for your feedback. I’ve passed it on to our support team with a suggestion that they update their troubleshooting procedures for this kind of problem.
-
Export Rejected mail Log Option
We are using Sophos SXG310 and it is configured in transparent mode and for Mail, It is configured as MTA mode. So Mails which are been rejected based on RDNS or IP Address basis by Sophos, Neither recipients or Senders are aware of this failed delivery. So we want to export mail logs based on filter "rejected" for some specific time period from Sophos so that we can manually intimate the recipients regarding failure of Delivery.
Please consider this requirement in next release.3 votes -
My Sophos model -XG125 (SFOS 17.5.9 MR-9)
we are creating free wifi zone at our Mall. In that regards we have used your device and we would like to suggest that currently your Login page is coming first and later on the registration page. Our suggestion is that the Registration page should come first so that user registers first and then the login poge should appear where they can login and use the service.
1 vote -
Schedule WAF rules
Version 18 has changed how Business Application Rules work. DNAT is done by a combination of NAT policy and regular firewall rules, which can have scheduled on/off times.
WAF/Webserver Protection rules cannot currently be associated with schedules.
This item is created so that folk who previously supported the Business Rule schedule feature because of a WAF requirement can transfer their votes here.
4 votes -
Show WAN IP for RED devices
Show the public IP address of REDs in the network interfaces page in addition to the interface address of the WAN port on the RED. Currently, the only way to check the public IP is to grep for the RED device ID in /log/red.log in the advanced shell.
2 votes -
Per-user session timeouts
We need session time out after 10 minutes for specific user but this setting availed for all users not for one specific user so please add this feature in firewall.
I recommend you to add captive portal session in suffering quota where is Cycle hours.1 vote -
Shared Network Quota
I have a new request about issuing shared limit network quota for a group.
Now when I assign to network quota to group , that group each user will getting that particular data quota.Ex: User Group Name - Test and Allocated 200GB to group, The test group have 10 Users.
As now In sophos Each user will get 200GB. But I want to use this 200GB as a Shared Data bundle.2 votes -
WLAN Automatic Blacklisting after x attempts
Aruba’s Wireless APs have the possibility to block macs after a x attempts with wrong creds (psk or enterprise un/pw)
This is a good security feature and better than simple whitelisting.
2 votes -
Reporting
we need a Report based on the destination IP address, based on the destination we need to find the source IP address.
1 vote -
multiple WAN interface option in Ipsec client vpn settings
Need the Option to add multiple WAN interfaces in Sophos Connect client settings.
if there is 2 WAN connection and 1 connection is down then the remote client don't have any option to connect to VPN through 2nd available ISP. if this option is available then the user will have 2 profiles in their Sophos connect client.4 votes -
POP3 Prefetch
This is the only feature that is preventing me from migrating from UTM to XG
I use the POP3 prefetch mode heavily for mail hygeine, but it is not possible in XG, and as this is used at home, I cannot alter my MX records as my ISP's IP ranges are blacklisted
2 votes -
Group wise report with available data
I created few groups and enabled each group network traffic quota.
Now I want get each group allocated data and available data report.
Unfortunatly sophos not available that feature.
so i'm requesting to enable that feature.2 votes -
AD Password Change using user portal
I'm using AD as authentication service in my sophos xg.
But users can't change password using user portal.
So pls enable that option for the AD.5 votes -
Include trusted Certificate on sophos
I have a huge problem with doing HTTPS Decryption and Scaning.
Because in my enviroment haven't AD to push self-signed certificate.
So I want to add CA Author Signed certificate, But unfortunatley any of CA Authority not providing root certificate. Therefore I have new suggestion , Pls add sophos own CA Signed root certificate to sophos firewall. It will be helpful all of sophos users to enable HTTPS Decryption and Scaning without installing certificate manually. Because browser will trust certificate automatically. I still waiting for solution for this.8 votes -
Sophos XG Home Hardware limits
Considering the high internet connections already available to home users I think it would be important to at least increase the CPU's limit.
Currently is 4 threads, whichs is a problem because in most home installations the firewall is virtualized and this means that you can only use 2 cores (4 threads).
I think a limit of 8 threads would be fine. Right now the firewall with the IPS enable can hardly go above 300Mbps and I have 2 cores and 4 threads at 3.8 Mhz Zen2.7 votes -
Vpn failover hostname
I want to add second override hostname for vpn settings.
5 votes -
please support the Radius SSO feature for AP55C.
According to the Sophos KB 134148, the Radius SSO feature is supported by APX models.
But customer bought a lot of AP55C, please also support the Radius SSO feature for AP55C.1 vote -
VPN Email Alerts
Dear Sophos Developer Team,
Please develop a solution to customize the SSL VPN Email Notification Alerts in your next OS release. We are receiving Hundred of emails per day after enable the VPN Email Notification Alerts of up/down status. Please do the needful.
Thanks
Regards
Farrukh Naveed4 votes -
Hotspot "terms of service" customization
I serve a customer who uses XG firewalls in their chain of restaurants. They want to keep the customer hotspot sign-on process as clean and simple as possible. Vouchers etc. are a mission to manage - they just want to provide free Internet to their customers, limited by data or time.
My customer would like to their hotspot setup in such a way that when a user joins, they are presented with a branded captive portal with a splash page, with terms of service for the user to accept.
When the user accepts, they are granted Internet Access. The user…
76 votes -
DHCP options 81
If you use the Sophos DHCP Server and another DNS Server it is necessary that the option 81 is active to set and update the reverse zone pointer in the DNS Server.
It is possible to add per CLI options to the DHCP Server but just to set an option without to know which fields has to be set makes no sense.
Please add the option 81 to the DHCP Server.3 votes
- Don't see your idea?