XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. sec_request_body_no_files_limit in GUI

    Allow setting secrequestbodynofiles_limit via the GUI for Web Protection policy.

    Having to set via CLI tblwafsecurityprofile settings every time a WAF setting changes is very bothersome and leads to more downtime for customers.

    https://community.sophos.com/sophos-xg-firewall/f/discussions/114221/413-request-entity-too-large

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. expand custom hostname Hotspots length limit

    currently the custom hostname Hotspots length is limited up to 30 characters. If Sophos expand the database-field to more than 30 characters this would be great

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. expand custom hostname Hotspots length limit to more than 30 characters

    currently the custom hostname Hotspots length is limited up to 30 characters. If Sophos expand the database-field to more than 30 characters this would be great

    0 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. port monitoring

    I know there was another idea post for Decryption port monitoring but I'd like to have full blown Port Monitoring as found on all managed or semi managed switches as well as most Ent grade Firewall apps from other developers so this would be a powerful addition for diagnostics / hunting over XG's own reporting functionality which Ive found isn't sufficient, Packet Capture is limited to 2MB at a time and their config and filtering doesn't have custom option facility.

    Hope this idea gets votes and would love to see it added to XG sometime in the future.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  5. port monitoring

    I know there was another idea post for Decryption port monitoring but I'd like to have full blown Port Monitoring as found on all managed or semi managed switches as well as most Ent grade Firewall apps from other developers so this would be a powerful addition for diagnostics / hunting over XG's own reporting functionality which Ive found isn't sufficient, Packet Capture is limited to 2MB at a time and their config and filtering doesn't have custom option facility.

    0 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  6. usable VPN App for Android

    We need a VPN app for Android that can be distributed and configured via Sophos Central and can connect to an XG. This must be able to handle "VPN on demand" (Android Enterprise).
    Central can already distribute certificates via SCEP, but neither the XG nor Central can create a useful, secure, easy-to-use VPN configuration for Android.
    This is ridiculous

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  8. mac vendor identifying

    It would be great if the DHCP table would check the MAC Vendor and Display it.

    This would make identifying certain devices in a Network so much easier.

    Small solutions like a WLAN Router or bigger solutions like certain Firewalls have this feature but Sophos XG is lacking it.

    Thank you beforehand.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Plz Allow PPPOE Client For Isp Provider

    Plz Allow Xg Firewall On pppoe Username And Password For Client Side Prove then We Can Provide PPOE account For Client Side Isp

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Hardware  ·  Flag idea as inappropriate…  ·  Admin →
  10. Log archiving in external server

    As per my company policy we have to retain 3 years log, is there any way in Sophos xg where we can archive daily log reports to external servers automatically without using GUI.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  11. Plz Allow Set Data Quata On Ip Rule

    Plz Allow Set Data Quata On Ip Rule

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  12. DNS host entry - NXDOMAIN for IPv4 OR IPv6 instead of resolving it externally

    For setting up a complex network scenario with split DNS it would be good if you could set also an NXDOMAIN entry/checkbox for IPv4 or IPv6.

    Example:

    Internally I want to have clients only connect to a specific service via IPv4, not via IPv6. Then I put in the DNS host entry for IPv4 and for IPv6 I set NXDOMAIN. Because if there is an external IPv6 entry the XG will deliver this one back as it can't resolve it internally.

    Also this is a big problem if the external DNS host entry is a CNAME because it resolves the…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Multiple nat on single ipsec tunnel

    Sophos XG210 failure to do Multiple NAT rules on IPsec Site-to-site VPN

    Description:

    We want to configure multiple NAT rules on IPsec site-to-site VPNs and the firewall only supports one NAT rule on each VPN. Please can we have advice on how to resolve this.

    Please refer to case:ref:00D301GN6a.5003Z1DegHy:ref where support mentioned is not supported at this stage.

    Also look at a previous request on this:
    https://community.sophos.com/sophos-xg-firewall/f/discussions/84062/multiple-nat-on-single-ipsec-tunnel

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Remove Erroneous Blocked Websites

    Please update the web protection categories to NOT block several legitimate websites. Several major software vendors are currently erroneously listed in the block list. This software is widely used and NOT a risk. Some example sites blocked are

    Google Chrome Enterprise browser, Intuit Quickbooks, Adobe Acrobat, Adobe *

    I could understand blocking these things if they were a risk but they are not. This is software that literally 100% of organizations use in one way, shape or form.

    Please update these web filtering lists to allow updated on these critical apps. We shouldn't have to create dozens of exceptions to…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Wireless PSK Max/Min Lenght

    The WPA2 field doesn't warn users if they input a value that is longer that what is allowed. Instead it saves the configuration and puts the wireless network in open mode without any security. All password fields within the XG should notify the user of the input restraints they have. They should notify a user of the min-max length. Complexity meter would also be helpful to improve users password choices.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Password Field

    All password fields within the XG should notify the user of the input restraints they have. They should notify a user of the min-max length.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. IPSec Remote Acess - Selection of other policy than the default one

    To summarize:


    Default re-key time for IPsec remote access is set to 4 hrs and does not have any option to change it from GUI.
- This usually happens in the backend without any interruption (with only one authentication). However, if we have configured MFA then it will prompt for the OTP after every 4 hours as it requires reconnecting.

    Administrators may be able to config this behaviour as well be able to associate the IPSec Remote Access to another Policy than the default one.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Implement proper ARP handling in multi-interfaces setup ( ARP FLUX problem )

    Dear Sophos!

    Implement proper ARP-FLUX problem handling in multi-interfaces setup.

    ARP-FLUX:
    The ARP Flux problem occurs when a host replies to ARP requests for interfaces on the same subnet, from any interface on that same subnet. ... However, in specific cases, ARP Flux generates unexpected behavior of applications due to incorrect mapping between IPv4 addresses and MAC addresses.

    FIX:
    echo 1 > /proc/sys/net/ipv4/conf/all/arp _ filter
    echo 1 > /proc/sys/net/ipv4/conf/all/arp _ ignore
    echo 2 > /proc/sys/net/ipv4/conf/all/arp _ announce

    echo 1 > /proc/sys/net/ipv4/conf/default/arp _ filter
    echo 1 > /proc/sys/net/ipv4/conf/default/arp _ ignore
    echo 2 > /proc/sys/net/ipv4/conf/default/arp _ announce

    Request:
    Make this settings default,…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. STAS support LDAPs on eDirectory mode

    This feature request is in response to the realization that the STAS Agent cannot establish encrypted LDAP communication to a backend eDirectory server.

    Problem: It is not possible to set up the STAS Agent in eDirectory mode with an encrypted (port 636/tcp) LDAP connection. Only a plain text LDAP over port 389/tcp is supported at this time. (We wrote the year 2021 for all readers).

    Function: Establish the configuration option and support encrypted LDAP communication to eDirectory server over port 636/tcp for the STAS agent of Sophos XG Firewall.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  20. report

    Dear Team

    currently not able to check user wise web and application report like who is using tor proxy or any other web or application.

    example i have downloaded movie from any web but there is no option to find which user have access which application.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 97 98
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.