Static route should always be the top precedence by default. I have several tunnels that have stopped working after updating to v18 and having newly migrated policy routes take precedence.

Additionally, it would be nice to have a GUI-based option to change the precedence order, rather than needing to go and and make a CLI change for each device we upgrade.

I would like to configure the multicast forwardin on a Bridge interface.

In UTM it is possible to send a second quarantine report on a different date.

When the Quarantine Setting is on daily there should be an option to enable a second time.

In Current version 18.0 Sophos XG doesn't allow to create DHCP server with more than /24 subnet size. it should be there otherwise there is no point of having DHCP server feature in bigger firewalls.

We intended to host our website on our LAN. A public IP(a.b.c.d) was NAT to local server and it was accessible from open internet but the same public IP(a.b.c.d) was inaccessible from inside the LAN.

On testing further, it was figured that when this public IP(a.b.c.d) is added to exception list (in advanced settings of proxy in Windows OS) as a.b.c.d or a.b.c.* etc, it worked fine.

Sophos needs to have settings in proxy configuration where exceptions can be added, so that we don't have to make changes on >1000 computers.

we need ip sla feature for high latency fail over while we using two links if one link goes to high latency we need to switch over to secondary link automatically.

Allow for exceptions to be created that will allow the traffic to go direct to the internet bypassing VPN configured as full tunnel for both SSL and IPsec VPN. This is recommended by Microsoft for Office 365 traffic.

https://techcommunity.microsoft.com/t5/office-365-blog/how-to-quickly-optimize-office-365-traffic-for-remote-staff-amp/ba-p/1214571

Alternatively it would be even better if Sophos can build in this functionality within the OS making it an option that can be enabled/disabled.

SSL VPN tunnel should be established with SUB Interface IP of BSNL which is public-facing and the main Interface IP is Connected to BSNL as L2 LAN.
We can establish connectivity using Sub IP to IPSEC Tunnel and to Serve Internet to users but can not able to connect using SSL VPN as the Main interface IP is L2 LAN and Sub IP is public-facing.

Please allow XG Firewall to support MLPPP (Multi-LInk PPPoe) so we can bond two DSL connections together! I see Sophos UTM already supports this.

Possibility of full text search in firewall rules

Functionality that allows you to tailor notifications.
For example, a fault discovered and has maintained a fault for 15 minutes then sends out the notification instead of constant up/down notifications.

Dear Support,

We need the following option on sophos XG Firewall.

Suggetion: while connecting to sophos remote ssl VPN, we need the option of prioritizing the primary or secondary ISP on Firewall.

Add ability to export active (in case filtering is applied) firewall/NAT rules with their stats to CSV or PDF for external reporting requirements.

Country Blocking should have an option for blocking the uncategorized Public IPs,
These are noted as not belonging to a country, these do not get blocked by default, I would like an inclusion of a group called "Uncategorised", and this would block all the Public IPs that have no categorisation, and exception can always be made later if they are required, this also happens on the SG UTM boxes as well.

We want to allow ICMP request from WAN on Public Alias IP address to check whether the internal host is up or down. Internet should not be able to ping the NAT public IP address if the host is down. Any ideas how to do it?

Hi all,

It would be great if you could test published services in the "Policy Tester" section.

Specially since you're trying to push v18, why not add that possiblity? The policy tester already can tell you rule and NAT of outgoing traffic to the internet.

And since decoupling NAT and firewalls rules will cause a lot of NAT rules (specially mid to large companies), checking those in the little screen that SFOS provides its not great.

Thanks!

Sophos Connect client IPSec connections generate separate log events for EVERY SUBNET mapped. There is no single event that any SIEM recognizes as a VPN login event. Every other firewall vendor we've tried doesn't have this issue.