XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. In XG-106, one box search option should be given

    In XG-106 UI, a powerful functionality of one box search (like google) is required which can result search feature/option available in Firewall configuration application.

    Eg
    I need to search Protection Policies, it can search through all the menu/sub menu options, if possible it can search from the data also and result with the breadcrum path link where you can directly move.

    Purpose
    there are multiple option /features available in the application and its difficult to remember where these options are located in the application as its not in daily use.

    I hope Sophos developers team can incorporate this powerful feature…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. ipsec - IP pools

    We are currently trying to migrate from a UTM-9 to a XG and I am especially missing some setting options for RAS with IPsec:
    - no possibility to assign IP pools
    - No certificate is generated for users

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  3. TOP missing XG (basic) features

    TOP missing XG (basic) features (all present in UTM9):
    NAT rules: cloning, grouping
    Static routing: cloning, descriptions, use objects
    Objects: create object inside group (i.e. create IP host inside IP host group)
    HA: Unliked status like in UTM9, Monitoring for VLAN interfaces (without physical interface IP set), Backup interface
    Interfaces: Allow deconfigure interface without deleting all VLAN interface on that physical port
    Registration process: automatic passive box registration via active XG during HA creation
    Sophos Connect & SSL VPN: Allow use of IP host group insite resources
    DHCP: allow Dynamic IP lease accross Statis IP MAC mapping (and exclude internally)…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. HA Link for LAG port

    Current XG'S HA(-v18MR4) has SPOF against HA Link. Because HA link is available for only One-port/One-Link.

    If HA-Link port can be assigned LAG port, it's become more robust configuration against HA Link failure.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Hardware  ·  Flag idea as inappropriate…  ·  Admin →
  5. include XG revision # in "model" column of Sophos Central

    Include the hardware revision number in the XG "model" column of the Sophos Central >> Firewall Management >> Firewalls page. It's helpful to have this info all on one screen.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  6. Better Bandwidth Monitor

    It would be excellent if there could be a tab under "current activities" that showed a real time bandwidth monitor that updated every few seconds. This would include all the WAN interfaces showing at the same time in a line graph format. It could carry over the "interface name" so you knew which ISP was taking up bandwidth for better diagnosis of bandwidth usage.

    My institution would use such a screen all day. We have had several products in previous years that had such real time graphs.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Sophos Connect ipsec vpn Local service ACL

    Add Sophos Connect ipsec vpn column to the Administration >> Device access >> Local service ACL matrix. This is missing on sfos up to the current 18.0.4 MR-4.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  8. A method to open Thunderbird email into Outlook window

    We know that Mozilla Thunderbird stores the data in an MBOX file format while Outlook supports PST file format. In such a situation, MailsDaddy Thunderbird to Outlook converter is a precise application tool that easily imports Thunderbird email into Outlook without any changes. The tool also helps the user to move Maildir files to Outlook PST format. It has several other conversion options that allow user to open Thunderbird data into PST, EML, MSG, HTML & various other mail formats.

    For more info: https://www.mailsdaddy.com/thunderbird-to-outlook-converter/

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. FourEyes - Data Anonymization - Audit logging

    When Data Anonymization is enabled, one would think that it was possible to see when and who has initiated an de-anonymization of anonymized data, however this seems to be missing. We need this for compliance, it is simply not enough to anonymize the data.

    The only logs related to this is authorization events in the form of logins, but these events does not reflect an de-anonymization event.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  10. Ghost ip detection

    We are using DHCP server from our XG firewall. IP leasing setting is 12 hrs. I am looking for some tools from which i can find the ghost IP ( IP which is not active) and clear it up from the DHCP pool in order to assign to new connection.

    Secondly I want to know that how can i make a rule that if a device is not authorized to access internet should not get the IP from the DHCP server.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Block IPv6 UDP fragmentation

    Currently, on XG firewalls one can disallow fragmented traffic via the CLI (fragmented-traffic deny). But this cannot be reduced to IPv6 UDP traffic only.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Role based access

    The Sophos role base profile when created and assigned to a user with very limited access privileges, the same user upon login-in can see all possible menu options available to the administrator access of the appliance. The user should only be shown the main menus (left hand side) to which it had been allowed access to. The same used to work with cyberoam but not with sophos which is supposed to be a much evolved product.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Role based access

    The Sophos role base profile when created and assigned to a user with very limited access privileges, the same user upon login-in can see all possible menu options available to the administrator access of the appliance. The user should only be shown the main menus (left hand side) to which it had been allowed access to. The same used to work with cyberoam but not with sophos which is supposed to be a much evolved product.

    0 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. set group of wan links to perform load balancing

    we need in the future to be able to set a group of WAN Links to performing load balancing
    Example
    I have 6 Wan links from different ISP's ( Vodafone, WE, TE-DATA, Nour, Orange, and Etisalat)
    we need to be able to make ( Vodafone, We, and TE-DATA ) perform load balancing to serv specific Subnet and create another load balancing with the rest of ISP's ( Nour, Orang, and Etisalat ) to serv another subnet

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. prioritize navigation elements loading in xg web ui

    On lower end XG models such as 115's and 105's the web interface page load times tend to be very slow. The performance declines further with many features in use that factor into high cpu utilization. Upon login it's frustrating waiting for popup banners and all Control Center diagnostic data and graphics to load before being able to navigate into configuration areas of the system to get work done. This has been contributing to longer working hours with multiple XG's at different locations involved. The web code should be adjusted to load the navigation links at the left in a…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Rework Application control characteristics and risk levels

    Please rework the characteristics of the predefined applications. I.E. "Microsoft Teams" has the charactistic "Loss of productivity" and will be blocked in "Block generally unwanted apps". "GMX WebMail" has a risk of "4" whereas the "1 & 1 Webmail" has a risk of "2". "OCSP Protocol" is "Loss of productivity"? This doesn't make any sense.
    It is nearly impossible to work with the predefined application filters because of wrong characteristics or risk levels. Please rework this!

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  17. Bandwidth Monitoring & Usage Reporting

    Hi Sophos,

    We would you to improve sophos xg for support usage monitoring every traffic shaping rules and provide the reporting tools also.

    Because now sophos xg can limit bandwidth for users but for monitoring just provide from linux base its not informationable for common user, we need to monitoring in detail usage per vlan based/subnets, from system graph just inform for all traffic accumulation.

    we hope sophos can improve that i trust its can be usefull tools.

    Thankyou,
    Adi

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  18. Bandwith monitoring of individual Site2Site VPNs

    Please provide realtime bandwith usage information of individual Site2Site VPN connections


    • via GUI (Report, Graph/24h/7d)

    • via CLI (something like iftop for individual Site2Site VPNs)

    • via SNMP

    • ...

    My 10+ year old router is able to provide current bandwith usage on every interface AND every vpn-connection using SNMP. This should be a basic feature of every utm!

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Dhcp lease Export in one Excel File

    It is submitted that in the firewall the DHCP Lease can not be download properly due to this admin user has facing the problem. So your are requested to please provide the function to import excel file of all DHCP Lease IPv4 so that all lease can be downloaded easily and maintain the DHCP logs by the admin user properly. Firewall>Network> DHCP>IPv4

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. User Disconnect Facility Provide the User Access Portal

    It is submitted that the user provide the facility of disconnect the live user himself by their User Access Portal that. Right now their are 2 facility is available in the firewall to disconnect the user (1 is by the Firewall Admin> Current Activities> Live Users> Disconnect & 2 is user login the same pc and logout himself. User needs to extra facility to disconnect himself from any PC by the User Access Portal.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 94 95
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.