XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. High Availability with Backup interface

    Hi,

    Can XG firewall have a Backup interface setting in High Availability function as like as SG firewall?

    It can prevent that both master and ***** become master at the same time because of a failure of the HA synchronization interface or an unplugged network cable suddenly.

    1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
    • DNS RPZ Support: DNS Spam protection by Response Policy Zones

      Please extend Sophos XG FW by DNS RPZ FW option to filter spam and malicious domains similar to mail reputation system (e.g. via SpamHaus).
      See: https://dnsrpz.info/ "Domain Name Service Response Policy Zones (DNS RPZ) is a method that allows a nameserver administrator to overlay custom information on top of the global DNS to provide alternate responses to queries. It is currently implemented in the ISC BIND nameserver (9.8 or later). Another generic name for the DNS RPZ functionality is "DNS firewall"."

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • Privoxy functionality

        Privoxy is able to supress redirects that google is placing on their search results. OR redirects to analytcs sites.
        Blocking categories makes the search sites not usable.

        1 vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • Ability to reboot access points remotely

          This should already be a feature! Please make it possible to reboot the access points from the firewall interface or at the very least from the web GUI of the access point. It should not require an SSH tunnel in order to do this!

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
          • Request to support Verizon network for USB dongle under XG

            Hello Team,

            We have customer here requesting to support Verizon network for USB dongle under XG.
            As Verizon, unable to see Sophos XG on their end when they connect dongle with verizon network

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • VPN - Authenticate and Run Domain GPO login scripts - Mapped Drives

              VPN Login Script

              Configure the VPN client to authenticate to the domain and allow GPO login scripts to be applied to the remote computer so that the user can connect to all network resources as they do when they are in the office.

              1 vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
              • A way to keep the dashboard active indefinitely without requiring re-logon

                I'd like to dedicate a monitor to showing the dashboard. unfortunately it keeps getting kicked off so it's not very dedicated. if worried about anyone coming in and changing things it could perhaps be a capability that can be associated with a role like 'read only' mode. in any case I find it odd that you kick the login out even if you have not selected the timeout feature to be turned on.

                3 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                • Email Alert for Heartbeat status + Customize the heartbeat block page

                  It would be good to have an email alert when any endpoint goes to critical "red" mode so that we know the reason for internet not working.

                  Also if we can customize the heartbeat block page it would be good.

                  1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Synchronized Security (Heartbeat)  ·  Flag idea as inappropriate…  ·  Admin →
                  • IPsec NAT

                    IPsec NAT: we need the possibility to NAT several local subnets to only one NAT-address and not 1 local subnet to 1 NAT-address. So that the remote peer has to configure only one ip-address as remote subnet.

                    This is still working with an unsupported workaround. One snat firewall rule translates all our subnets to one ip-address which is part of "Local Subnets" in the affected ipsec connection. To get routes and snat working correctly, we've added an ipsec_route on xg CLI.

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • Web Filtering Category with coinminer type website

                      In asia so many bitcoin miner case.
                      Taiwan was test target with many countrys.
                      so many business customer want to detect inside or outside problem with miner attcked.
                      but some miner website is normal and legal.
                      Just hacking category can't include all miner webside, just only inlegal webside is not enough.
                      Endpoint protection this product has application contral with miner type category.
                      so why in XG can't do this?

                      7 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • MSS Override on VLAN interfaces

                        There is currently no way to set MSS override on a VLAN interface. This is required for a WAN connection with less than 1500 byte MTU to deal with other internet hosts which have firewall misconfigurations that means PMTU discovery doesn't work.

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                        • "Skip Logging" for Web Filter Exceptions

                          It would be nice if there was the option to "Skip" Logging of specific web requests in the Web filter. For example, I see my logs spammed with certain domains, even if it's blocked, such as ( trouter.io ) and it's quite annoying to sort through.

                          1 vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • Upstream Proxy character check in username allow domain authentication possibility

                            In the Routing, Upstream Proxy configuratie it is not possible to configure a username with "special" characters. With special I mean dot's or backslashes. This makes it in many scenario's to direct the webtraffic to a proxy server which only allows Active Directory authentication. It is not possible to authenticate as "domain\username".

                            1 vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                            • S/MIME and OpenPGP Encryption

                              I am not sure if something is already known about it but when can we expect that feature? Some of our customers are convinced of the XG but want to have mail-encryption with S/MIME and OpenPGP.....

                              6 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • Delete Emails in SMTP Quarantine after xx days

                                At the moment Emails in SMTP Quarantine will only be deleted, if the Quarantine Area is full. Other Sophos products auto-delete these Emails after 30 days. It would be great, if the XG does that too.

                                1 vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • Public Access Need To Be Secure

                                  Hello Team,
                                  I have install XG 135 firewall to secure my network but my firewall is not secure yet, after enabling wan access my firewall then any budy can hack my firewall so take it seriously heir should be any advance login procedure like throw OTP or any other way.

                                  1 vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • file upload report

                                    Hello

                                    As such now there is no report available to show the file name uploaded to public cloud or web mail etc it only shows the total size uploaded. If we have the report along with file names will be added advantage.

                                    1 vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                    • 4 eyes

                                      Due to segregation of duties we would like to have an option for 4 eyes principle in the firewall configuration.

                                      It woold realy be nice if 1 person can create and prepare the firewall change and one other user should give an O.K. before the configuration take effect.

                                      1 vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                                      • HOTSPOT's Terms of use acceptance page clear out session

                                        Force a client to see the HOTSPOT's Terms of use acceptance page every time during testing? Or give us a way to clear out a session for testing he custom template.

                                        1 vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Log country rejected and/or dropped traffic

                                          Currently with a Country Block rule enabled the drop or reject traffic is not showing in the log.

                                          3 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 59 60
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.