XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. mimo

    enable mimo/mu-mimo feature on XG wifi similar to central managed

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Firewall rule locks

    Using Sophos XG 18.01 , had a recent issue where a LAN>>LAN rule was deleted automatically when a RED device interface was removed from the XG.

    It would be great, if "Tags" or "Locks" could be applied to Firewall rules, that either stops these rules from being deleted, or alternatively prompts for login credentials or a warning before the rule is deleted.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Detailed List of IPS rules used in the XG Firewall

    I want to get an IPS rule file(.csv) in Sophos XG firewall. It does not allow to export to a file as a .csv. Would be used in the SIEM solution as a detection rule.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. current Activities>Live Users

    Please Provide the MAC Address also in Current Activities>Live Users

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  5. Need option to export the all DHCP Leased Ip's to a file

    In Network>DHCP. Is it possible to have entire leased Ip's list to download in excel file.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  6. IPSEC interface tunnel is hided on LAG port

    When I established IP Sec tunnel Interaface with LAG on WAN, they can't show Virtual Interface of IPSEC tunnel. Please update to show ít on LAG port.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. IPSEC interface tunnel is hided on LAG port

    When I established IP Sec tunnel Interaface with LAG on WAN, they can't show Virtual Interface of IPSEC tunnel. Please update to show ít on LAG port.

    0 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  8. OSPF Routing Summarization

    OSPF dynamic routing should allow advertising of summarized routes. For reference Cisco's documentation refers to this behavior as "a key feature of OSPF".

    As an example, 10.0.1.0/24 and 10.0.2.0/24 in area 0.0.3.1 should be able to be advertised as only a part of the larger supernet 10.0.0.0/12 to 0.0.0.0; in this way only 10.0.0.0/12 is advertised with remote routers having no concept of the smaller subnets.

    What currently happens is if you add 10.0.0.0/12 to 0.0.3.1, it advertises only 10.0.1.0/24 and 10.0.2.0/24. This gets messy as internal routes get more complex and none of them need to be individually advertised.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Extend IPS/IDS content filter maximum file length

    The current file length limit for content filters is 2000 lines. It is important for us to extend it because many external lists are much longer than 2000 lines.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. admin log

    it is amazing, if any Firewall Rule deleted then sophos do not make logs. it is a basic report which every admin wants.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  11. Option to Generate Web Filtering Report For User's Visited Websites Only

    Hello Team,

    We have customer here requesting to have option to generate Web Filtering Report For User's Visited Websites Only. Customer advise that currently the customized web surfing report your isn’t end-user friendly at all. As a MSP, customer want and need the reporting to better align to what end-users want to see and most often that is quite simply:

    User friendly web surfing reports that clearly list the websites a user has been visiting and possibly and additionally categorize that information. Ultimately they just want the browsing history for that user.

    For your assistance please. Thank You.
     

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  12. AUTOMATIC VISIBLE DEFAULT DENY FIREWALL RULES FROM ZONE TO ZONE

    When a Network zone is added, firewall rules shoud be created with a specific "view" of zone to zone rules to help administrators to maintain firewall rules and add specific accept rules in the correct "view" of zone to zone scope by copying the default deny zone to zone rule and position with the good sequence number after verification to avoid traffic dismissing

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. flowspec alert DDOS to routing subsystems from IDS

    When DDOS attack is detected, a web page should authorize the admin to send after validation
    a BGP FLOWSPEC message with preformated tupples acl to upstream routers with network traffic limitation or drop
    just to load balance the security defense between routers and the target or intermediary firewall

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. L7, APPLICATION, AAA, self sourced firewall traffic

    self sourced traffic of the firewall services should be defined on a specific "micro service" address type loopback to simplify acl special security in the menu "system" "administration""device access" even if this special menu is greatfull

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. route map for route redistribution control between protocols

    route maps with acl defined subnets, interfaces, next hop should be usefull to mitigate routing table hijacking propagation inside severals IGPs and BGP

    "Should be used in conjonction with network namespace and vrf lite"

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. network namespaces or vrf lite

    network namespaces or vrf lite are a way to mitigate the internal private routing tables exposition to external public routing table when there is no way to build a multi level firewall architecture

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Show traffic summary in log view

    Make the log items in "Email / Log Viewer" expandable and show traffic details with time stamps like:
    - incoming connection from
    - mail from
    - mail to
    - blocked because of
    - outgoing connection

    These information is sometimes crucial to trouble shoot mail problems and is otherwise buried in log files.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Show deleted mails from quarantine in smtp log

    Please add a functionality, to show emails in smtp log, which were deleted from the smtp quarantine! If a mail gets quarantined, the smtp log shows "quarantined". But if I now delete the email, this action is not logged into the smtp log. Instead of this, if you delete mails from smtp spool, it gets logged into smtp log. Why? Please log this and show this in smtp log. If i release a mail from quarantine, this is logged to smtp log as "delivered"...

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow downloads from specific websites

    Allow the possibility to download files types from specific websites.

    i.e. Block all executable and compressed downloads except from the following websites.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. V18: option to disable SSH session idle timeout

    As per this thread V18 has 15 min. idle timeout for SSH sessions set for non specific security reasons.

    As likely most, if not all, IT professionals I always have my workstation locked, unless being right in front of it.

    Therefore there is no such security feature needed, instead is is very disrupting as it may disconnect a session half way through a configuration or troubleshooting.

    Yes, we all get interrupted at times or may need to prioritize sth. else, before returning to to our (hopefully still open) SSH session, at a later point in time.

    Idle disconnect on SSH…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 85 86
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.