Please add a feature to add ip host and fqdn host using cli

There is reporting constraints in Firewall .At a time only 200 Records can be dowloaded.
This is affecting for data analysis.Please make some update to download a report at one shot.

Changing the order (priority) of firewall rules is currently only possible by dragging and dropping.

Not only is it exceedingly cumbersome to move a rule this way if there are a lot of rules, is it not always clear where the rule will "land" after dragging it. This unpredictable behavior is unacceptable in many Change Management policies.

Please add an option to move the rule by entering a specific location.

Currently the following features are not available in the firewall. I hope that these features will be updated in the firewall in the future.
• If internet traffic exceeds the internet plan, the alerts e-mail should be automatically sent to admin from firewall.
• Currently live internet speeds cannot be checked in the firewall which should happen.
• If the speed of the internet is less than the plan of the internet, the alert email should be sent automatically to admin from the firewall.

You can define customized services, for example tcp/udp port from 1:65535 to 4444. Also you can define custom icmp services, but it's not possible choice options out of RFCs. If you want define a ICMP service of type 1 (in RFC type 1 and 2 are unassigned), simply, you can not do it. It's not sense you can define your own service, but a custom icmp service does not be. By definition it is a "custom" not "standard" service.

We need "IP Unnumberd" for Internet connection.

Because
1.it is very major function on Japan market.
2.Many competitors have already supported.
3.It is also useful function for managing network connection on IPv6 environment.

I noticed that when I am connected within the company, and if I try to connect the SSL Client it allows, the right thing was not to allow, as it can loop the network. A call was opened and the only solution is by MAC, but it becomes impossible to do this for everyone, I have to register one by one, it would have to be a simple solution, to identify that if it is connected to the local network, do not let the SSL Client connect VPN.

The captive portal has an option to run in HTTP. But the self registration page by default shows up in HTTPS.Is there any way to make it work in HTTP?I want to avoid any certificate errors.

Under Current Activities (e.g. Live Connections) only the IP-address is shown.

This often requires navigating to different sections (e.g. DHCP) to hunt down the hostname.

Efficiency would be greatly enhanced if a column were to be added showing the hostname.

Add SFTP support under the connection options, so that files (particularly log files) can be downloaded from the XG on the LAN interface, so that they can be analysed off-system. It is a real inconvenience to try and do detailed searches of the log files while on the console. Not everyone has a syslog server.

Provide an option to reboot a RED device from the XG web GUI. Currently, the only way to reboot the device is to go to the site and power cycle the unit.

Provide an option to reboot a RED device from the XG web GUI. Currently, the only way to reboot the device is to go to the site and power cycle the unit.

Under IP Host, it would be great to have a Network List feature where we can add multiple networks, similar to IP List (which only allows for IP address' and not Networks).

MD5 checksum is not listed on the download site in the Hardware Installers and Virtual Installers of Firewall OS for XG Series.

MD5 should be written like SG from the viewpoint of security and installation failure.

it would be great to be able to manage multiple host on the same IP while creating a DNS record on the Sophos XG.

Right now we se the gateway as a DNS server and creating more than 100 records is no cool.

Allowing the use of wildcard would be even better.
*.domain.com A 192.168.0.1

Option require on load Balance with IPsec VPN

Dears ,

We need to have a Virtual domain in our XG firewall like in Fortigate & Palo alto . because sometime this feature kick us out from competition