XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Office 365 corporate domain

    Dear Team,

    As you updated in 17.5 MR3 for Google app restriction in which customer can allow thier custom domain, can we expect the same platform for Office365 apps. As of now there is no workaround to restrict personal domain login on office 365 except corporate domain.

    We hoping the same in you future firmware release.

    Regards,
    Aasif

    1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • alphabetical

      It would be great if in the XG550 interface the services and host listings in the Firewall Rules were listed in alphabetical order. That way you would have to search through dozens of objects in a 6 line window.

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • sso
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • Harmonize log format

        Current log format has key=value pairs, which are easy to manage in certain centralized logging solutions. However, some of these values contains quotation marks " and some does not. As there are several longer values, a quotation mark is reasonable and thus every value should have quotation marks.

        1 vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • sso
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
        • Implement partial or wildcard filters in firewall user/network rule criteria

          Currently partial matches do not yield results if the filter doesn't start the same way as the criterion.

          Example:
          "and" will show "Andorra"
          "dorra" will not show anything (i.e. "Andorra" is not shown)

          "la" will show "LAN"
          "an" will not show "LAN"

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • sso
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
          • Firewall group should not close every time a rule is moved

            Every time a rule is moved (up or down) within a group that group is automatically closed.

            This is rather cumbersome if multiple rules need to be moved, or if you simply want to make sure the rule was moved to the right position.

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • sso
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
            • Specify authentication method for RADIUS/TACACS+ users

              On the SG firewall, an admin could create a user and specify which method of remote authentication would be used. This is not possible on the XG. As a result, a new admin must first authenticate on the User Portal, then an existing admin can change that newly created user to an admin. This is an unnecessary step that could be improved by allowing admins to specify which remote authentication method should be used per user.

              1 vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • sso
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
              • OpenSSL

                Can we please update OpenSSL to a newer version and also maybe compile it to use the AES extensions in the CPU for those of us that have processors that support it? 50 road warrior vpn users and 12 red devices, and 5 site to site tunnels can crush a 310.

                1 vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • sso
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
                • david.skingley@spicerhaart.co.uk

                  Would it be possible to enable SNMP on Sophos Wireless AP's?

                  2 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • sso
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • Allow Sandstorm to show every request to help debugging

                    Sometimes I find Web sites that appear to be unresponsive unless I add an exception to the XG to skip Sandstorm scanning for them (or create a clone rule that has "Scan for zero-day threats with Sandstorm" disabled.) I spent over three hours with Sophos tech support trying to figure out why this was happening because nothing was showing in the sandboxd log, and it couldn't be set to debug log level to confirm if this is a bug or if Sandstorm is working as designed.

                    So please add a debug log level option to sandboxd and allow it to…

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • sso
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • VPN PSK retrieval

                      Provide a mechanism by which a site to site VPN pre shared key could be retrieved.

                      2 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • sso
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
                      • vpn block

                        Requet to block the proxies and VPNs like thunder VPN and Psiphon Proxy directly from the XG firewall

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • sso
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
                        • it-support@transerv.co.in

                          Hi Team

                          We are looking for a audit logs , as MNC do audit of all the company including the servers & Network device . This time we got the new request from the auditor for the enable audit logs.

                          1 vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • sso
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                          • Allow for longer domain names in Parent Proxy field

                            Currently there is a limit of 40 characters in the Parent Proxy field:
                            Routing > Upstream Proxy > Parent Proxy > Domain Name/IPv4 Address

                            Support was unable/unwilling to fix, looking for XG firewall to allow for longer entries in this field. Anything more than 40 characters is truncated, which breaks the parent proxy operation.

                            Character limits in the upstream proxy field (currently capped at 40 characters), impacts use of upstream proxies with long names such as webdefence-pool-01.cluster-nyca.forcepoint.net

                            Support case for reference (not being fixed by sophos when case was opened 3-13-2019)
                            [#8693303] Parent Proxy field truncates at 40 Characters, need…

                            1 vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • sso
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                            • SFM API

                              Add ability to api import objects into SFM groups. Ability to import a csv style list of hosts, networks, services, groups,etc...

                              1 vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • sso
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                              • XG fw Qradar DSM

                                Make Qradar SIEM able to parse XG firewall logs.

                                1 vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • sso
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                                • need uptime reporting on wan interface

                                  Need to see uptime on an interface, or at least the WAN interface, so that when troubleshooting things like the VPN dropping we can see if there is an physical issue with WAN

                                  And / or an email alert when the WAN drops

                                  3 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • sso
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                  • FTP file path should be included in the FW Manager Maintenance Config Backup

                                    In the Firewall Manager (17.x.x) there is no file path option in the FTP configuration download when backing up the Firewall Manager configurations. This option is however present for the Firewall Config backups. It should be available for both.

                                    1 vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • sso
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • jquery

                                      Please upgrade jquery in the gui from 2.1.3 to something newer which will pass pci compliance with ControlScan

                                      1 vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • sso
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                                      • MAC Address Groups for WiFi with being able to add a Name to the MAC address for SG & XG

                                        This will be a well sought after feature as people often leave the company or upgrade their devices and searching for the old MAC address becomes a daunting task when we need to update it or remove it.

                                        Can you add the feature where it allows us to create a MAC group and in it able to create individual users with multiple MAC addresses. That we can assign to a Wifi network.

                                        As the current setup in the SG & XG, in MAC hosts we have to enter each mac address to a list, times how many users in that…

                                        1 vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • sso
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • IPv6

                                          Add OSPF support for IPv6. It's time to go to the futur !

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • sso
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 84 85
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.