We are currently trying to migrate from a UTM-9 to a XG and I am especially missing some setting options for RAS with IPsec:
- no possibility to assign IP pools
- No certificate is generated for users

Current XG'S HA(-v18MR4) has SPOF against HA Link. Because HA link is available for only One-port/One-Link.

If HA-Link port can be assigned LAG port, it's become more robust configuration against HA Link failure.

Include the hardware revision number in the XG "model" column of the Sophos Central >> Firewall Management >> Firewalls page. It's helpful to have this info all on one screen.

It would be excellent if there could be a tab under "current activities" that showed a real time bandwidth monitor that updated every few seconds. This would include all the WAN interfaces showing at the same time in a line graph format. It could carry over the "interface name" so you knew which ISP was taking up bandwidth for better diagnosis of bandwidth usage.

My institution would use such a screen all day. We have had several products in previous years that had such real time graphs.

Add Sophos Connect ipsec vpn column to the Administration >> Device access >> Local service ACL matrix. This is missing on sfos up to the current 18.0.4 MR-4.

We know that Mozilla Thunderbird stores the data in an MBOX file format while Outlook supports PST file format. In such a situation, MailsDaddy Thunderbird to Outlook converter is a precise application tool that easily imports Thunderbird email into Outlook without any changes. The tool also helps the user to move Maildir files to Outlook PST format. It has several other conversion options that allow user to open Thunderbird data into PST, EML, MSG, HTML & various other mail formats.

For more info: https://www.mailsdaddy.com/thunderbird-to-outlook-converter/

When Data Anonymization is enabled, one would think that it was possible to see when and who has initiated an de-anonymization of anonymized data, however this seems to be missing. We need this for compliance, it is simply not enough to anonymize the data.

The only logs related to this is authorization events in the form of logins, but these events does not reflect an de-anonymization event.

We are using DHCP server from our XG firewall. IP leasing setting is 12 hrs. I am looking for some tools from which i can find the ghost IP ( IP which is not active) and clear it up from the DHCP pool in order to assign to new connection.

Secondly I want to know that how can i make a rule that if a device is not authorized to access internet should not get the IP from the DHCP server.

Currently, on XG firewalls one can disallow fragmented traffic via the CLI (fragmented-traffic deny). But this cannot be reduced to IPv6 UDP traffic only.

The Sophos role base profile when created and assigned to a user with very limited access privileges, the same user upon login-in can see all possible menu options available to the administrator access of the appliance. The user should only be shown the main menus (left hand side) to which it had been allowed access to. The same used to work with cyberoam but not with sophos which is supposed to be a much evolved product.

The Sophos role base profile when created and assigned to a user with very limited access privileges, the same user upon login-in can see all possible menu options available to the administrator access of the appliance. The user should only be shown the main menus (left hand side) to which it had been allowed access to. The same used to work with cyberoam but not with sophos which is supposed to be a much evolved product.

we need in the future to be able to set a group of WAN Links to performing load balancing
Example
I have 6 Wan links from different ISP's ( Vodafone, WE, TE-DATA, Nour, Orange, and Etisalat)
we need to be able to make ( Vodafone, We, and TE-DATA ) perform load balancing to serv specific Subnet and create another load balancing with the rest of ISP's ( Nour, Orang, and Etisalat ) to serv another subnet

Please rework the characteristics of the predefined applications. I.E. "Microsoft Teams" has the charactistic "Loss of productivity" and will be blocked in "Block generally unwanted apps". "GMX WebMail" has a risk of "4" whereas the "1 & 1 Webmail" has a risk of "2". "OCSP Protocol" is "Loss of productivity"? This doesn't make any sense.
It is nearly impossible to work with the predefined application filters because of wrong characteristics or risk levels. Please rework this!

Hi Sophos,

We would you to improve sophos xg for support usage monitoring every traffic shaping rules and provide the reporting tools also.

Because now sophos xg can limit bandwidth for users but for monitoring just provide from linux base its not informationable for common user, we need to monitoring in detail usage per vlan based/subnets, from system graph just inform for all traffic accumulation.

we hope sophos can improve that i trust its can be usefull tools.

Thankyou,
Adi

Please provide realtime bandwith usage information of individual Site2Site VPN connections

• via GUI (Report, Graph/24h/7d)


• via CLI (something like iftop for individual Site2Site VPNs)


• via SNMP


• ...

My 10+ year old router is able to provide current bandwith usage on every interface AND every vpn-connection using SNMP. This should be a basic feature of every utm!

It is submitted that in the firewall the DHCP Lease can not be download properly due to this admin user has facing the problem. So your are requested to please provide the function to import excel file of all DHCP Lease IPv4 so that all lease can be downloaded easily and maintain the DHCP logs by the admin user properly. Firewall>Network> DHCP>IPv4

It is submitted that the user provide the facility of disconnect the live user himself by their User Access Portal that. Right now their are 2 facility is available in the firewall to disconnect the user (1 is by the Firewall Admin> Current Activities> Live Users> Disconnect & 2 is user login the same pc and logout himself. User needs to extra facility to disconnect himself from any PC by the User Access Portal.