XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. MIME-Type recognition is sometimes wrong!

    I analysed MIME-Type recognition and found that MIME-Type recognition is not working proper. As example, DOCX-files are recognized as "application/msword". The right MIME-Type of DOCX-files is "application/vnd.openxmlformats-officedocument.wordprocessingml.document".

    I already opened a support case with request number 03058060 and got this answer:
    "Yes, the MIME recognization from XG for .docx is under applications/msword"

    So please change MIME-Type recognition, that it serves the MIME-Types, which are listed here:
    https://docs.microsoft.com/de-de/microsoft-365/compliance/supported-filetypes-datainvestigations?view=o365-worldwide

    or here:
    https://developer.mozilla.org/en-US/docs/Web/HTTP/BasicsofHTTP/MIMEtypes/Commontypes

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Utilize the weight value for WAN failover order of priority to become active

    Hello Team,

    We have customer here requesting to Utilize the weight value for WAN failover order of priority to become active. For your assistance please. Thank You

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Utilize  the weight value for WAN failover order of priority

    Hello Team,

    We have customer here requesting to Utilize  the weight value for WAN failover order of priority. For your assistance please. Thank You

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. change vlan base

    Please make it possible to move existing VLANs to another base interface without the need of deleting/reconfiguring. Almost every other manufacturer allows that and it really helps when we have to temporarily build a network on ports other than the ones that will be used in the end.

    13 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Implement RADIUS failover support for APX Access Points

    It has come to my attention that while the XG firewall allows you to enter two RADIUS servers for wireless authentication failover. The APX series access points do not support the secondary server.

    This creates a high risk for wireless service disruption in the event the primary server goes offline. The lack of support for this functionality requires an engineer to manually promote the secondary server as the primary in the event of a failure.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Web Policy Enhance Default Action

    XG Policies obliges to define a Default action to Block o Allow, which makes it less easy to define exceptions for certain users and web destinations or categories.
    For example, if a Defined a Base Policy for the whole enterprise, and I want a group of users to let visit a certain web category, I must edit the base policy and add a line for each user (groups doesn't work well with AD intergration and STAS) for the allowed category, or clone the policy and adjusting it accordingly.
    It would be so much easier to define a New Policy in…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. mimo

    enable mimo/mu-mimo feature on XG wifi similar to central managed

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Firewall rule locks

    Using Sophos XG 18.01 , had a recent issue where a LAN>>LAN rule was deleted automatically when a RED device interface was removed from the XG.

    It would be great, if "Tags" or "Locks" could be applied to Firewall rules, that either stops these rules from being deleted, or alternatively prompts for login credentials or a warning before the rule is deleted.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Detailed List of IPS rules used in the XG Firewall

    I want to get an IPS rule file(.csv) in Sophos XG firewall. It does not allow to export to a file as a .csv. Would be used in the SIEM solution as a detection rule.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. current Activities>Live Users

    Please Provide the MAC Address also in Current Activities>Live Users

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  11. Need option to export the all DHCP Leased Ip's to a file

    In Network>DHCP. Is it possible to have entire leased Ip's list to download in excel file.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  12. IPSEC interface tunnel is hided on LAG port

    When I established IP Sec tunnel Interaface with LAG on WAN, they can't show Virtual Interface of IPSEC tunnel. Please update to show ít on LAG port.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  13. IPSEC interface tunnel is hided on LAG port

    When I established IP Sec tunnel Interaface with LAG on WAN, they can't show Virtual Interface of IPSEC tunnel. Please update to show ít on LAG port.

    0 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  14. OSPF Routing Summarization

    OSPF dynamic routing should allow advertising of summarized routes. For reference Cisco's documentation refers to this behavior as "a key feature of OSPF".

    As an example, 10.0.1.0/24 and 10.0.2.0/24 in area 0.0.3.1 should be able to be advertised as only a part of the larger supernet 10.0.0.0/12 to 0.0.0.0; in this way only 10.0.0.0/12 is advertised with remote routers having no concept of the smaller subnets.

    What currently happens is if you add 10.0.0.0/12 to 0.0.3.1, it advertises only 10.0.1.0/24 and 10.0.2.0/24. This gets messy as internal routes get more complex and none of them need to be individually advertised.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Extend IPS/IDS content filter maximum file length

    The current file length limit for content filters is 2000 lines. It is important for us to extend it because many external lists are much longer than 2000 lines.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. admin log

    it is amazing, if any Firewall Rule deleted then sophos do not make logs. it is a basic report which every admin wants.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  17. Option to Generate Web Filtering Report For User's Visited Websites Only

    Hello Team,

    We have customer here requesting to have option to generate Web Filtering Report For User's Visited Websites Only. Customer advise that currently the customized web surfing report your isn’t end-user friendly at all. As a MSP, customer want and need the reporting to better align to what end-users want to see and most often that is quite simply:

    User friendly web surfing reports that clearly list the websites a user has been visiting and possibly and additionally categorize that information. Ultimately they just want the browsing history for that user.

    For your assistance please. Thank You.
     

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  18. AUTOMATIC VISIBLE DEFAULT DENY FIREWALL RULES FROM ZONE TO ZONE

    When a Network zone is added, firewall rules shoud be created with a specific "view" of zone to zone rules to help administrators to maintain firewall rules and add specific accept rules in the correct "view" of zone to zone scope by copying the default deny zone to zone rule and position with the good sequence number after verification to avoid traffic dismissing

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. flowspec alert DDOS to routing subsystems from IDS

    When DDOS attack is detected, a web page should authorize the admin to send after validation
    a BGP FLOWSPEC message with preformated tupples acl to upstream routers with network traffic limitation or drop
    just to load balance the security defense between routers and the target or intermediary firewall

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. L7, APPLICATION, AAA, self sourced firewall traffic

    self sourced traffic of the firewall services should be defined on a specific "micro service" address type loopback to simplify acl special security in the menu "system" "administration""device access" even if this special menu is greatfull

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 85 86
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.