XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. AWS MarketPlace XG Firewall

    Hi,

    Right now, UTM 9.5 is available at AWS Marketplace.

    When will be available XG?

    Regards

    1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • Know where an object is in use

      Know where an object is in use. By selecting the object you have the option to report on which rules, policies, etc. are added.
      This will allow cleaning of objects, making it easier to manage and maintain them.

      2 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
      • Block Android USERS in DHCP

        Is there any possibility to block all ANDROID USERS in DHCP lease Temporarily or Permanently??

        1 vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • Needs to bind a MAC Address for an USER while logging from Windows Client

          Needs to bind a MAC Address for an USER while logging from Windows Client

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • Technical Resources online

            Sophos XG 16.05 and later,
            there is no guides on how to setup wireless guest access points neither is there guides to add a directory server. neither for obtaining the Self signed CA cert that you publish to users for HTTPS scanning ultimately just a bit more to work with on the newer version as the interface changed dramatically between the versions 15 through 16. Thanks

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • IPS Policy Name Length Limited to 15 Characters

              IPS Policy Name Length is Limited to 15 Characters. Expand it. Names should be 32 bit variables.

              1 vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
              • Source IP range for exception

                Currently in the web protection exceptions you can only add source IP addresses individually, I have a range of IP addresses that I'd like to exclude from HTTPS decrypt and scan and there's no way I'm adding 100s of IP addresses, my suggestion would be that you implement the ability to add a range here.

                I've managed to circumvent the requirement by adding a new firewall rule, however still think this exception range would be useful and relatively easy to implement.

                2 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • firewall rule edit

                  For SFOS V17-Beta

                  While in V16.05 Firewall Rule, we were able to EDIT the Rule by clicking on main Rule page directly but in V17 need to click on "..." Icon then need to edit,clone for firewall rule, please keep this as same was there in V16.05.

                  3 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • DOS bypass Rule on FQDN and Name\Description

                    Allow us to create DoS Bypass Rule on FQDN and add description for each rule for future reference purpose.

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                    • Enable OTP option for Default Admin Account

                      Allow to set OTP for default Admin account. If any how admin password is compromised entire firewall or Organization can be can bee breached.

                      2 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                      • Require OID to fetch the IP address of the XG interfaces

                        Require OID to fetch the IP address of the XG interfaces

                        0 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                        • VPN DNS advancements

                          It would be really good if we could have more flexibility around DHCP and DNS assignment. We have different parts of the company who come from different zones which have their own DNS server.

                          It would be great to be able to say this user when connected to VPN use this DNS server.

                          1 vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                          • Application control category should have option to block all streaming media rather than to block streaming media site that are in database

                            Application control category should have option to block all streaming media rather than to block streaming media site that are in database means once we include streaming media it should block all streaming media whatever in any site.

                            3 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
                            • Webadmin Changelog Reporting #7563384

                              Ability to export webadmin changelog at certain periods, changelog reporting is indispensable for Audit purposes.

                              Ticket #7563384

                              5 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                              • flip default application filter action

                                It does not seem possible to change the default action for an application filter once it has been created. While there may be little need for this in most use-cases, it would be tremendously helpful for one-off testing.

                                1 vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
                                • Suspicious search queries

                                  For schools it would be really useful if there was a report that could be scheduled to run say weekly, that lists any user who searches for specific words, such as bomb, gun, **** etc. that may indicate that the user / student needs to be monitored to satisfy child safeguarding requirements. Anything that would help to identify radicalisation links. Perhaps a user customisable group / list that the user could update to include the specific terms that are being monitored as that would make it more universal to other companies that are not schools.

                                  1 vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Captive Portal Timeout for mobile devices and workstations same value

                                    We spend more than one month with Sophos support for finding a timeout problem with Captive Portal and mobile devices (Android and iOS) because we ONLY set the timeout option under "Web Policy Actions for Unauthenticated Users (Captive Portal)", but we had to change to option at "Web Client Settings (iOS, Android and API)" also, but nowhere is any info about that. Please change the timeout time for mobile devices also, when I change the value under "Web Policy Actions for Unauthenticated Users (Captive Portal)".

                                    1 vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Captive Portal Timeout longer then 24 hours

                                      With the UTM it was possible to set a timeout time for the users longer than 24 hours. Please bring that feature back, for most of our school-customers 24 hours are so much too short!

                                      2 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                                      • 1 vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Collapse list of VPN connections

                                          Some sites have a failover group with 2 or more connections. Since only one connection is established per site, it would be nice if we could collapse the rest of the connections not used.

                                          When viewing the VPN connections, it would only show you one connection per site and if it’s connected or not.

                                          This would make it easier to see which sites are actually down.

                                          We have over 20 sites and growing and the list is getting harder to manage.

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 35 36
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.