Sophos XG Firewall create or modify any Firewall rules/web Policy/App policy by any admin users should get Email alerts, which admin are create or modify.

Do you mean that in reports section you see the user name and the ip address of the user but you are not able to see the mac address ??

Our reports does not show mac addresses.
It only shows the ip address and the user name

Ticket no [#9659603] Web support query [#99793330]

There should be the posibility to download the Connect Client from the User Portal and not only from Webadmin

Trying to bring a client up to NIST standards. While MS_CHAPv2 is provided with a Radius Authentication server, and a command is available to set allowed authentication methods for VPN clients. The same cannot be said about authenticating the user portal/ firewall and admin access. XG firewall defaults to PAP with no command or capability to set allowed authentication methods. So we've just lost a nice XG feature set because of this issue. :-(

There are various requests to get MS_CHAPv2 working with AD authentication servers. Just bumping that feature request with this one as well.

Why is there even on the control center page no reference to the firewall name.
I don't memorize all serial numbers.
If you manage different firewalls or have multiple firewall windows open, it is easy to make a mistake because you cannot easy see the name off the device you are working on.
At least the control center window should have the firewall name, but also on other pages this would be very helpful.

If you do “Add new item” on “Access Permission” then it does not show any IP host that are configured as “IP range” for example I wish to add host “IP-Group-1” which is there and shows correctly when you look in IP host section. But it allows you to create a new range at that point but not use existing. I think this is more of a bug than a request but support told me to log it here.

It is very useful for schools and colleges if Sophos enable the youtube education filter option in web policy.

How about showing the reason a website is blocked. You are doing the blocking so you know what the reason is. Display it to the user. If it's a rule then display the text of the description box for that rule. Or even the rule name would be of some help. That way users don't have to call IT to find out the reason they can't reach a site is because they have a typo or corporate policy won't allow it or....

I miss a Pre-Authentification Option for WAN 2 LAN Rules. Example for TS Access. ALL Sonicwall Boxes have/can this!

It would be great for audit unused firewall rules, if all rules had information with the last access date and time.

Regarding the MALWARE scan mechanism, many times we have complains from office users that emails are moved to Quarantined because some files in them fail to be scanned.

Can there be a discrimination on a future update, regarding the exact sub-reason of an attachment being unscannable ?

For example, due to an error differs fromfile being locked with a password or a modified pdf failed to open or do open but with a pop up error message that user can bypass and view/edit file.

To activate/deactivate above said parameters, based on specific Sender address / domain etc.

In SYSTEM > Hosts and services , there are group setting for IP host and FQDN host.
Please also add the group setting for MAC host.

Customer is using the Sophos wireless; when they configure "MAC filtering", they hope can select a MAC group rather than MAC list.

One specific name mapping to a MAC address , then grouping multiple MAC addresses to a group, for easy to maintain the MAC filter table.

The log retention report period start from 1 month. in our case , the log storage has not enough if i even keep 1 month for all the category. The same trouble to purge the report. I would suggest that the retention period set as number of days which helps to mention the days 10,20 or 25 as well as in purge settings.

Currently we have to way to find out from which source ip a rejected or accepted mail is coming.
Also for Outgoing emails we dont know which remote server received our email.
Please add to columns to the SMTP Log showing the SRC and DST IP.

In Sophos XG in there is no option to plan a Firmware Update. You just can update it manualy. I woul'd like to have the option to plan a installation of the Firmware Update.
It would be very helpful.

Load IP list from url.
It would be almost mandatory in any coporate firewall the ability to load an IP list from a URL to create an IP list in "host and services" to use it in a firewall rule

For example I want to load this IP list to use it in a rule to allow only this IP
https://s3-eu-west-1.amazonaws.com/plex-sidekiq-servers-list/sidekiqIPs.txt
This IP list gets updated frequently so it should include as well an option to autoupdate

Hide Protected by SOPHOS footer in website blocked page in SOPHOS firewalls to prevent from social engineering.

create traffic shaping firewall rule and check to Traffic speed for specific Protocol like 3389 port speed check.

source is LAN and Destination ANY but services is select to RDP and check it created firewall rules Implement or Not.