XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow the ability to download\manage Snort rulesets

    There is a plethora of Snort rulesets that should be of great value to XG users but implementing these at present seems horribly difficult.

    Snort users have a lot of flexibility in terms of managing the rulesets within the application - it would be great to have more of that here as well.

    1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • Allow upload of JPG, GIF, etc. to this Idea forum

      ...so we can possibly better describe some of the changes we would like to see - especially those that involve UI\UX changes. Picture is almost always worth 1,000 words.

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
      • 0 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
        • Disable HTTPs Interception based on client software that starts the request

          At first i think Sophos does a great job, but i have one realy missing feature.
          Actual the most traffic in the Internet is HTTPS based, because of that scanning is mandatory.
          But the XG Certificate that we import on the Client is oonly valid for request that are opend from a browser like Firefox; IE or Chrome.
          On the client itself i see more and more Software that does her own requests and do not use the browser engine. This software does her on Checks if the Certificate from the HTTPs site is what they expact, and they have…

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
          • Safesearch & YouTube alteration

            Move Safesearch from a global on / off function to on / off per firewall rule so staff can access non safesearch and it is enforced for students for example

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • Add Google/Gmail as an authentication server

              for some organization like my work place, my users have google email accounts that I would like to utilize as authentication credentials for them on the captive portal to gain access to the wireless network. However, I can only add LDAP, AD, edirectory and TACACS+ as authentication servers , but nothing related to google accounts. I think this is a very important feature to include ASAP

              1 vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
              • limit Internet access if endpoint isn’t installed

                If Sophos Endpoint Protection isn’t install machine cannot access the Internet

                This means if a rogue device comes into the network it cannot access the internet without it approval

                1 vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • Changing an interface from standard to VLAN with no need to delete and reconfiguration

                  It would be more comfortable to be able to simply change an interface from real to vlan and back witout deletion. So depending port and firewall configuration will not be lost and not need to be reconfigured.

                  1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                  • Syncronized Security without Sophos Cloud on own hardware

                    Possibiltiy to make a own environment for the Syncronized Security on our own hardware, to use it without Sophos Cloud like a management-server for communicating XG with Endpoint.
                    Thanks.

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Synchronized Security (Heartbeat)  ·  Flag idea as inappropriate…  ·  Admin →
                    • whitelist for safesearch

                      It would be nice if a particular URL can be exempted from Safesearch.
                      A whitelist for safesearch would be appreciated.

                      4 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • add support for sasl to the MTA upstream rely or smarthost function

                        It's been confirmed that the MTA Smarthost relay function does not support SASL with wraps the PLAIN LOGIN with TLS using STARTTLS. This request is for the support of SASL similar to the implementation of it on the administration notification settings form which does support SASL.

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • FQDN for quarantine notifications to avoid certificate errors for users

                          FQDN for quarantine notifications to avoid certificate errors for users

                          2 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • Possibility to set the units of measurement for flow rates.

                            Possibility to set the units of measurement for flow rates. Indeed, in France the reference unit of measure is the bit (and its counterpart, the byte).

                            1 vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                            • Improve Network Visibility

                              Can i recommend you further improve Network Visibility of the XG / SG devices by incorporating a Day-Glow orange stripe on the outside of the hardware? I'm certain this will improve visibility, especially in darkened server rooms.

                              1 vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • ftp Tracking

                                The Sophos XG able to track FTp on ports 21 and 2121. but there are a lot of customers who use other ports for FTp connections. now we have to make en exception to the sophos with the following command modprobe -r nf_nat_ftp
                                modprobe -r nf_conntrack_ftp
                                modprobe nf_conntrack_ftp ports=21,2121,***,***
                                modprobe nf_nat_ftp

                                but afther an update or a failover these setting are gone.
                                i would like it to be permenant

                                1 vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                                • host to host Ipsec tunnel, routing option does not show ipsec tunnel to use as gateway

                                  After creating point to point ipsec tunnel we require to add route but in routing it does not show ipsec tunnel in SFOS v 17.0

                                  1 vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Wireless Device Migration when AP overloaded

                                    In our environment we use more AP's than needed to help with device density issues. The average employee has 5 devices on our WiFi network, with our older Aerohive devices we moved away from we could specify max clients per AP, it would then steer the user to the next closest AP with available space. This allows for better overall performance and to allow for higher density AP's.

                                    1 vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • allow chromeexperiments.com to be accessed

                                      Please remove http://stars.chromeexperiments.com/# from blocked entertainment category

                                      1 vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • IKE v2 remote access support

                                        Now in firmware v17 there is support for IKE v2. But it is still not possible to use it for remote access.

                                        5 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Country

                                          Country Blocking Option should be added to the Existing Reporting List in the Logviewer. Currently Country Blocking logs is visible in web filtering logs, which is in appropriate and the block message displayed on the end user screen, says that the site is blocked because it falls under so and so category, instead of displaying a message the website is blocked because the country is blocked.

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 40 41
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.