XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Static Routes Should Be Top Precedence By Default

    Static route should always be the top precedence by default. I have several tunnels that have stopped working after updating to v18 and having newly migrated policy routes take precedence.

    Additionally, it would be nice to have a GUI-based option to change the precedence order, rather than needing to go and and make a CLI change for each device we upgrade.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. force uninstall of antivirus on machine from central management

    the ability to force an uninstall on a machine from the central management console...
    Right now I can force a scan a reinstall or delete it from the management console but I can't force a delete..
    One of my clients recently let a manager go but his personal laptop has the company's Intercept-x installed.. there is no way we can get this machine to uninstall the product...
    the only suggestion was to create a "block all" group and disable tamper protection so the user will not be able to go anywhere on the net and will be forced to uninstall…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  3. Broadcast Routing on Bridged Inteface

    I would like to configure the multicast forwardin on a Bridge interface.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  4. Send additional Quarantine Report

    In UTM it is possible to send a second quarantine report on a different date.

    When the Quarantine Setting is on daily there should be an option to enable a second time.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. DHCP Server Increase Subnet Size

    In Current version 18.0 Sophos XG doesn't allow to create DHCP server with more than /24 subnet size. it should be there otherwise there is no point of having DHCP server feature in bigger firewalls.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Request to change NIC order for XG on KVM

    Hello Team,

    We have customer here requesting to have option to change NIC order for XG on KVM.
    Customer advise that in the hosting environment, it is not possible to attach a network
    to a specific interface, he can only add networks, then it is completely up to the virtual machine to set the order.

    During the configuration, customer can define that KVM has 2 interfaces, but not the order.
    As a result, it is completely random if the cards are in the correct or the reverse order.

    In the UTM, he can do this by editing the udev/70-.rules file…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow IP/FQDN exceptions on proxy settings

    We intended to host our website on our LAN. A public IP(a.b.c.d) was NAT to local server and it was accessible from open internet but the same public IP(a.b.c.d) was inaccessible from inside the LAN.

    On testing further, it was figured that when this public IP(a.b.c.d) is added to exception list (in advanced settings of proxy in Windows OS) as a.b.c.d or a.b.c.* etc, it worked fine.

    Sophos needs to have settings in proxy configuration where exceptions can be added, so that we don't have to make changes on >1000 computers.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. ip sla for high latency failover

    we need ip sla feature for high latency fail over while we using two links if one link goes to high latency we need to switch over to secondary link automatically.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  9. Full tunnel VPN exceptions e.g. for Office 365 traffic

    Allow for exceptions to be created that will allow the traffic to go direct to the internet bypassing VPN configured as full tunnel for both SSL and IPsec VPN. This is recommended by Microsoft for Office 365 traffic.

    https://techcommunity.microsoft.com/t5/office-365-blog/how-to-quickly-optimize-office-365-traffic-for-remote-staff-amp/ba-p/1214571

    Alternatively it would be even better if Sophos can build in this functionality within the OS making it an option that can be enabled/disabled.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  10. SSL VPN with BSNL Link

    SSL VPN tunnel should be established with SUB Interface IP of BSNL which is public-facing and the main Interface IP is Connected to BSNL as L2 LAN.
    We can establish connectivity using Sub IP to IPSEC Tunnel and to Serve Internet to users but can not able to connect using SSL VPN as the Main interface IP is L2 LAN and Sub IP is public-facing.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  11. Support MLPPP

    Please allow XG Firewall to support MLPPP (Multi-LInk PPPoe) so we can bond two DSL connections together! I see Sophos UTM already supports this.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. full text search

    Possibility of full text search in firewall rules

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Notification Settings

    Functionality that allows you to tailor notifications.
    For example, a fault discovered and has maintained a fault for 15 minutes then sends out the notification instead of constant up/down notifications.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  14. Prioritize the primary or seconday public gateway option on sophos XG 230

    Dear Support,

    We need the following option on sophos XG Firewall.

    Suggetion: while connecting to sophos remote ssl VPN, we need the option of prioritizing the primary or secondary ISP on Firewall.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  15. Export Firewall/NAT Rules to CSV or PDF

    Add ability to export active (in case filtering is applied) firewall/NAT rules with their stats to CSV or PDF for external reporting requirements.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. country blocking

    Country Blocking should have an option for blocking the uncategorized Public IPs,
    These are noted as not belonging to a country, these do not get blocked by default, I would like an inclusion of a group called "Uncategorised", and this would block all the Public IPs that have no categorisation, and exception can always be made later if they are required, this also happens on the SG UTM boxes as well.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. How to Allow ICMP request from WAN on Public Alias IP Address in Sophos XG?

    We want to allow ICMP request from WAN on Public Alias IP address to check whether the internal host is up or down. Internet should not be able to ping the NAT public IP address if the host is down. Any ideas how to do it?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Policy Tester - Allow testing DNAT (published services)

    Hi all,

    It would be great if you could test published services in the "Policy Tester" section.

    Specially since you're trying to push v18, why not add that possiblity? The policy tester already can tell you rule and NAT of outgoing traffic to the internet.

    And since decoupling NAT and firewalls rules will cause a lot of NAT rules (specially mid to large companies), checking those in the little screen that SFOS provides its not great.

    Thanks!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Full width dashboard, not limited to max-width

    Hi,

    I've using firmware 18
    Up until now, there are no benefit using resolution higher than 1366x768 px
    Lets say you have FHD resolution, the dashboard capped at 1280px

    The CSS says

    wrapper.cp-wrapper {

    max-width: 1280px;
    

    }

    If I rule out that CSS, most of UI will have benefit with higher resolution

    Also with menu

    element.style {

    display: table;
    
    box-sizing: border-box;
    padding: 0px 10px;
    width: 1100px;
    height: 62px;

    }

    Change the width to

    element.style {

    display: table;
    
    box-sizing: border-box;
    padding: 0px 10px;
    width: calc(100% - 180px);
    height: 62px;

    }

    And you have full width header.

    I know you guys can…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. IPSec VPN Client Connections Need to generate a SIEM-compatible event

    Sophos Connect client IPSec connections generate separate log events for EVERY SUBNET mapped. There is no single event that any SIEM recognizes as a VPN login event. Every other firewall vendor we've tried doesn't have this issue.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 79 80
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.