XG Firewall
Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.
-
In XG-106, one box search option should be given
In XG-106 UI, a powerful functionality of one box search (like google) is required which can result search feature/option available in Firewall configuration application.
Eg
I need to search Protection Policies, it can search through all the menu/sub menu options, if possible it can search from the data also and result with the breadcrum path link where you can directly move.Purpose
there are multiple option /features available in the application and its difficult to remember where these options are located in the application as its not in daily use.I hope Sophos developers team can incorporate this powerful feature…
2 votes -
ipsec - IP pools
We are currently trying to migrate from a UTM-9 to a XG and I am especially missing some setting options for RAS with IPsec:
- no possibility to assign IP pools
- No certificate is generated for users1 vote -
TOP missing XG (basic) features
TOP missing XG (basic) features (all present in UTM9):
NAT rules: cloning, grouping
Static routing: cloning, descriptions, use objects
Objects: create object inside group (i.e. create IP host inside IP host group)
HA: Unliked status like in UTM9, Monitoring for VLAN interfaces (without physical interface IP set), Backup interface
Interfaces: Allow deconfigure interface without deleting all VLAN interface on that physical port
Registration process: automatic passive box registration via active XG during HA creation
Sophos Connect & SSL VPN: Allow use of IP host group insite resources
DHCP: allow Dynamic IP lease accross Statis IP MAC mapping (and exclude internally)…1 vote -
HA Link for LAG port
Current XG'S HA(-v18MR4) has SPOF against HA Link. Because HA link is available for only One-port/One-Link.
If HA-Link port can be assigned LAG port, it's become more robust configuration against HA Link failure.
1 vote -
include XG revision # in "model" column of Sophos Central
Include the hardware revision number in the XG "model" column of the Sophos Central >> Firewall Management >> Firewalls page. It's helpful to have this info all on one screen.
2 votes -
Better Bandwidth Monitor
It would be excellent if there could be a tab under "current activities" that showed a real time bandwidth monitor that updated every few seconds. This would include all the WAN interfaces showing at the same time in a line graph format. It could carry over the "interface name" so you knew which ISP was taking up bandwidth for better diagnosis of bandwidth usage.
My institution would use such a screen all day. We have had several products in previous years that had such real time graphs.
5 votes -
Sophos Connect ipsec vpn Local service ACL
Add Sophos Connect ipsec vpn column to the Administration >> Device access >> Local service ACL matrix. This is missing on sfos up to the current 18.0.4 MR-4.
1 vote -
A method to open Thunderbird email into Outlook window
We know that Mozilla Thunderbird stores the data in an MBOX file format while Outlook supports PST file format. In such a situation, MailsDaddy Thunderbird to Outlook converter is a precise application tool that easily imports Thunderbird email into Outlook without any changes. The tool also helps the user to move Maildir files to Outlook PST format. It has several other conversion options that allow user to open Thunderbird data into PST, EML, MSG, HTML & various other mail formats.
For more info: https://www.mailsdaddy.com/thunderbird-to-outlook-converter/
1 vote -
FourEyes - Data Anonymization - Audit logging
When Data Anonymization is enabled, one would think that it was possible to see when and who has initiated an de-anonymization of anonymized data, however this seems to be missing. We need this for compliance, it is simply not enough to anonymize the data.
The only logs related to this is authorization events in the form of logins, but these events does not reflect an de-anonymization event.
2 votes -
Ghost ip detection
We are using DHCP server from our XG firewall. IP leasing setting is 12 hrs. I am looking for some tools from which i can find the ghost IP ( IP which is not active) and clear it up from the DHCP pool in order to assign to new connection.
Secondly I want to know that how can i make a rule that if a device is not authorized to access internet should not get the IP from the DHCP server.
1 vote -
Block IPv6 UDP fragmentation
Currently, on XG firewalls one can disallow fragmented traffic via the CLI (fragmented-traffic deny). But this cannot be reduced to IPv6 UDP traffic only.
1 vote -
Role based access
The Sophos role base profile when created and assigned to a user with very limited access privileges, the same user upon login-in can see all possible menu options available to the administrator access of the appliance. The user should only be shown the main menus (left hand side) to which it had been allowed access to. The same used to work with cyberoam but not with sophos which is supposed to be a much evolved product.
1 vote -
Role based access
The Sophos role base profile when created and assigned to a user with very limited access privileges, the same user upon login-in can see all possible menu options available to the administrator access of the appliance. The user should only be shown the main menus (left hand side) to which it had been allowed access to. The same used to work with cyberoam but not with sophos which is supposed to be a much evolved product.
0 votes -
set group of wan links to perform load balancing
we need in the future to be able to set a group of WAN Links to performing load balancing
Example
I have 6 Wan links from different ISP's ( Vodafone, WE, TE-DATA, Nour, Orange, and Etisalat)
we need to be able to make ( Vodafone, We, and TE-DATA ) perform load balancing to serv specific Subnet and create another load balancing with the rest of ISP's ( Nour, Orang, and Etisalat ) to serv another subnet1 vote -
prioritize navigation elements loading in xg web ui
On lower end XG models such as 115's and 105's the web interface page load times tend to be very slow. The performance declines further with many features in use that factor into high cpu utilization. Upon login it's frustrating waiting for popup banners and all Control Center diagnostic data and graphics to load before being able to navigate into configuration areas of the system to get work done. This has been contributing to longer working hours with multiple XG's at different locations involved. The web code should be adjusted to load the navigation links at the left in a…
1 vote -
Rework Application control characteristics and risk levels
Please rework the characteristics of the predefined applications. I.E. "Microsoft Teams" has the charactistic "Loss of productivity" and will be blocked in "Block generally unwanted apps". "GMX WebMail" has a risk of "4" whereas the "1 & 1 Webmail" has a risk of "2". "OCSP Protocol" is "Loss of productivity"? This doesn't make any sense.
It is nearly impossible to work with the predefined application filters because of wrong characteristics or risk levels. Please rework this!1 vote -
Bandwidth Monitoring & Usage Reporting
Hi Sophos,
We would you to improve sophos xg for support usage monitoring every traffic shaping rules and provide the reporting tools also.
Because now sophos xg can limit bandwidth for users but for monitoring just provide from linux base its not informationable for common user, we need to monitoring in detail usage per vlan based/subnets, from system graph just inform for all traffic accumulation.
we hope sophos can improve that i trust its can be usefull tools.
Thankyou,
Adi2 votes -
Bandwith monitoring of individual Site2Site VPNs
Please provide realtime bandwith usage information of individual Site2Site VPN connections
- via GUI (Report, Graph/24h/7d)
- via CLI (something like iftop for individual Site2Site VPNs)
- via SNMP
- ...
My 10+ year old router is able to provide current bandwith usage on every interface AND every vpn-connection using SNMP. This should be a basic feature of every utm!
5 votes -
Dhcp lease Export in one Excel File
It is submitted that in the firewall the DHCP Lease can not be download properly due to this admin user has facing the problem. So your are requested to please provide the function to import excel file of all DHCP Lease IPv4 so that all lease can be downloaded easily and maintain the DHCP logs by the admin user properly. Firewall>Network> DHCP>IPv4
1 vote -
User Disconnect Facility Provide the User Access Portal
It is submitted that the user provide the facility of disconnect the live user himself by their User Access Portal that. Right now their are 2 facility is available in the firewall to disconnect the user (1 is by the Firewall Admin> Current Activities> Live Users> Disconnect & 2 is user login the same pc and logout himself. User needs to extra facility to disconnect himself from any PC by the User Access Portal.
1 vote
- Don't see your idea?