Bring the old design of the Sophos SG UI into the XG and XGS as an optional button.
(Like other Vendors for there Switches ;) )

Add a comment field to the static routes would make handling easier. Cisco Meraki done so.

please I was using in my network Fortigate firewall and there is a feature called device inventory to discover all computers. and now we change the firewall to sophos and i configured all but i want to add all computers and deploy policies on them but it's too much, so I need to know how to discover all computer on the networks from Sophos xg

Mi piacerebbe venisse implementata la possibilità di installare o di avere già installato a bordo del software il deamon qemu-guest-agent usato in Proxmox per dare correttamente lo shutdown e il freze durante il backup alla VM Sophos XG Firewall

Should be possibile to set a Static ip for SSL VPN Users

In sfos 18 when bridging wireless to ethernet as outlined in https://support.sophos.com/support/s/article/KB-000035549 all vlan sub-interfaces of the physical interface are actually lost and must be recreated manually. These should be automatically retained or recreated during the bridge interface creation process.

Dear Team,

IPS Alerts in the email just have Hostname, Interface, Timestamp, Alert ID alone

Each time we need to open firewall to check the alert to check more info - so please add,

Source IP : ip and hostname
Destination : ip and hostname
From zone to To zone :
Firewall Rule ID :

so Cybersecurity made simple. :)

On Dashboard is no possibility to aknoweledge or disable Alerts that are not corresponding to the Costumer enviroment.

Example the "Change admin Password Alter" (Customer has already done)
Example the "RED Firmware Alert" (Customer has no REDs)
Example the "AP Firware Alert" (Customer has no APs)
Example the "Exim Upgrade Alert" (Fine that it`s be done, but no Case for an Alert)
Example the "Warning Managed from Sophos Central"

A firewall config lives for many years. So, after a few years, the certificate and encryption settings of the ssl vpn server aren't up-to-date anymore.
At the current state, if you change certificate or encryption settings, you'll have to redeploy the ovpn-files immediately. The old client settings and certificates become invalid.
But with multiple server instances you could migrate the users with legacy settings to the new instance next to one another.

Currently with the standalone SATC agent, adding web filtering rules and managing access via AD integrated groups only works for non-Chromium web browsers (ex: Firefox). Support informed me that a fix was coming out at the end of July 2021, but ONLY if you are using their Server Protection product.

This fix needs to be added to the standalone SATC agent as well.

The domain www.gcedonlinecampus.org is categorized in Gambling Category in Sophos firewall database. But this is an education website. So it should be in Educational category.

Hello Team,

We have customer here, requesting to allow three algorithm combination on ipsec policy aggressive mode under XG Firewall. Currently only one algorithm combination is being allowed under ipsec policy aggressive mode.

For your assistance please.

Thank You.

It would be great if there was a method or tool to use to test backup passwords work without actually restoring backups. We backup clients' units and have a record of backup passwords but no way to test they are valid. Unless anyone has suggestions of how we can test backups since support have no ideas.

FIRST REQUESTED SIX YEARS AGO.

SIX YEARS!!!!!!

IT'S A 5 MINUTE CHANGE.

PLEASE LISTEN TO YOUR PARTNERS!

https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/10828488-assigning-static-ip-to-ssl-vpn-users

Many a times we use Nessus or NMap like port scanning tools for our network. Thought that there might be lots of users who would be playing around with such tools and would be scanning someone else network. It might happen that unfortunately he get information of opened ports and would successful in penetrating.

To overcome such incidents I would request to implement feature which report admin about who, when and from where the UTM was scanned and did *********** happened etc...

Instead of configuring a complex way of detecting rogue switch which till date it out of hope, I would request to implement feature through which we can scan our local network for rogue switches.

This way we can protect our network and catch hold of rogue users who dare to bring such devices in organization

I would request to implement Port Knocking feature where in even though the admin has kept HTTPS open on WAN or any other ports, with help Port Knocking it will be dynamically opened and closed on demand.

By this there will be no need to configure HTTPS on any other unknown port or no worry of keeping open. Since as soon as admin knocks the port it will open and exits the port, it will get closed.