Using set advanced-firewall bypass-stateful-firewall-config del sourcenetwork x.x.x.x sourcenetmask 255.255.255.0 destnetwork y.y.y.y destnetmask 255.255.255.0 works for Ipv4 but not Ipv6. Or if you can disable invalid packet blocking on Ipv6. This is especially needed when using asymmetric routing scenarios.

Allow users to be granted Sophos Connect access via AD Group rather than just by individual user access.

Please differentiate the site to site tunnel alerts from Sophos Connect tunnel alerts. The way it works now is that the same alerts (17801 Established and 17802 Terminated) are generated for site to site IPsec tunnels and Sophos Connect tunnels. I don't need to be notified when a Sophos Connect tunnel goes up/down, but I do need an alert for site to site up/down. The frequency of the Sophos Connect alerts makes it impossible to notice when a more important site to site tunnel goes up or down.

Shoviv EML to PST converter is efficient software to export EML files into Outlook. This software converts EML to PST, and MSG formats. EML to PST conversion tool can also export EML files to Office 365/Live Exchange Server. Shoviv EML to PST converter software provides a safe & secure conversion of EML files. This software supports all version of Outlook & Windows Operating System.
Software URL= https://www.shoviv.com/eml-converter.html

If the user wants to export MBOX files into PST, MSG, EML, Office 365, and Live Exchange server then, you can also try MBOX to PST converter from Shoviv which is a reliable solution for MBOX users and convert multiple MBOX files into PST format in one go. The tool supports 20 email clients that support MBOX file format such as Entourage, Thunderbird, Eudora, Seamonkey, Spicebird, Mulberry, etc.
For more info visit here:https://www.shoviv.com/mbox-converter.html

there should be an option that would check all security settings with a nice overview as well as recommendations with shortcuts to right place as well as a shortcut to a easy explanation.
this will tighten security for experts and first time users.

Many Customers have a CN Network to connect different company location. The CN network is a LAN interface.

What do we want?
If the Sophos XG detects a problem with a LAN interface, automatically starts a ipsec tunnel over the wan interface.

Many Customers have a CN Network to connect different company location. The CN network is a LAN interface.

What do we want?
If the Sophos XG detects a problem with a LAN interface, automatically starts a ipsec tunnel over the wan interface.

I am handling XG750 v18 sopohs firewall. WAF is also implemented. but WAF is unable to protect exe file upload in server. IWAFed website should protect to it(i.e. manage custom policy for to allow or deny upload any type of file in server . Even from server side exe upload is allowed, but from WAF it should be turned off.

Hello All,

I'm writing from in Turkey and I'm a technical guy.

In our country, we need Q-in-Q or using same Vlan in two braches.

For Example , The customer is using Vlan 100 ( 10.1.100.0 / 24 ) and They wants to use same Vlan their other branches.

Is there any roadmap about this solutions on the SD-RED ?

Maximum records are showing only 50 in scheduled mail alert of VPN Logs and due to this unable to get the complete reporting which is imbecile feature if not getting complete report.

Suggesting to you that increase maximum records as 200 in auto mail alert

The Quarantine Digest (QD) is currently an all or nothing affair short of deciding if individual users receive the QD . There is no setting for individual users to have questionable emails bypass the digest and be delivered directly to them if they do not wish to bother with the extra steps of logging into the User Portal.

Please add a feature to add ip host and fqdn host using cli

There is reporting constraints in Firewall .At a time only 200 Records can be dowloaded.
This is affecting for data analysis.Please make some update to download a report at one shot.

Changing the order (priority) of firewall rules is currently only possible by dragging and dropping.

Not only is it exceedingly cumbersome to move a rule this way if there are a lot of rules, is it not always clear where the rule will "land" after dragging it. This unpredictable behavior is unacceptable in many Change Management policies.

Please add an option to move the rule by entering a specific location.

Currently the following features are not available in the firewall. I hope that these features will be updated in the firewall in the future.
• If internet traffic exceeds the internet plan, the alerts e-mail should be automatically sent to admin from firewall.
• Currently live internet speeds cannot be checked in the firewall which should happen.
• If the speed of the internet is less than the plan of the internet, the alert email should be sent automatically to admin from the firewall.

You can define customized services, for example tcp/udp port from 1:65535 to 4444. Also you can define custom icmp services, but it's not possible choice options out of RFCs. If you want define a ICMP service of type 1 (in RFC type 1 and 2 are unassigned), simply, you can not do it. It's not sense you can define your own service, but a custom icmp service does not be. By definition it is a "custom" not "standard" service.

We need "IP Unnumberd" for Internet connection.

Because
1.it is very major function on Japan market.
2.Many competitors have already supported.
3.It is also useful function for managing network connection on IPv6 environment.

I noticed that when I am connected within the company, and if I try to connect the SSL Client it allows, the right thing was not to allow, as it can loop the network. A call was opened and the only solution is by MAC, but it becomes impossible to do this for everyone, I have to register one by one, it would have to be a simple solution, to identify that if it is connected to the local network, do not let the SSL Client connect VPN.