XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Auto create blacklist locally on the firewall on detection

    When a detection event is triggered by an outside IP address, the firewall should immediately block the source IP address and place it in a blacklist on the firewall itself. We had several detections on our firewall, and when I checked the IP addresses at Sophos Labs, they came back as green IPs. This means that the firewall will not block repeated attempts to compromise an internal system. They can try a different attack vector after waiting for a cooldown. This is common for hackers. They probe a system until they either get in, or the firewall blocks the communication.…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. SG Gui to XG&XGS

    Bring the old design of the Sophos SG UI into the XG and XGS as an optional button.
    (Like other Vendors for there Switches ;) )

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. Comment route

    Add a comment field to the static routes would make handling easier. Cisco Meraki done so.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. DEVICE SCAN

    please I was using in my network Fortigate firewall and there is a feature called device inventory to discover all computers. and now we change the firewall to sophos and i configured all but i want to add all computers and deploy policies on them but it's too much, so I need to know how to discover all computer on the networks from Sophos xg

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  5. qemu

    Mi piacerebbe venisse implementata la possibilità di installare o di avere già installato a bordo del software il deamon qemu-guest-agent usato in Proxmox per dare correttamente lo shutdown e il freze durante il backup alla VM Sophos XG Firewall

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. Request to hide dummy interface on WAN Link Manager when WAN is configured as dummy for VLAN

    Customer has WAN interface with VLAN configured on it
    When WAN interface is configured VLAN, the only active interface that will work is the VLAN interface
    The WAN interface will act as a dummy interface
    On WAN Link Manager , the dummay interface will have red status and the active VLAN interface will have green status
    This will also give orange interface status on the dashaboard on GUI of XG

    Customer is requesting, Ask our developers to simply update the Display Dashboard with the options to hide DUMMY Interface that is not active, in failed state so they will not…

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. ssl dhcp

    Should be possibile to set a Static ip for SSL VPN Users

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  8. vlan sub-interfaces should be retained during wireless access point bridge to ethernet

    In sfos 18 when bridging wireless to ethernet as outlined in https://support.sophos.com/support/s/article/KB-000035549 all vlan sub-interfaces of the physical interface are actually lost and must be recreated manually. These should be automatically retained or recreated during the bridge interface creation process.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. IPS Reports

    Dear Team,

    IPS Alerts in the email just have Hostname, Interface, Timestamp, Alert ID alone

    Each time we need to open firewall to check the alert to check more info - so please add,

    Source IP : ip and hostname
    Destination : ip and hostname
    From zone to To zone :
    Firewall Rule ID :

    so Cybersecurity made simple. :)

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  10. Dashboard Alerts

    On Dashboard is no possibility to aknoweledge or disable Alerts that are not corresponding to the Costumer enviroment.

    Example the "Change admin Password Alter" (Customer has already done)
    Example the "RED Firmware Alert" (Customer has no REDs)
    Example the "AP Firware Alert" (Customer has no AP
    s)
    Example the "Exim Upgrade Alert" (Fine that it`s be done, but no Case for an Alert)
    Example the "Warning Managed from Sophos Central"

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Multiple SSL VPN server instances with separate certificate an encryption setting

    A firewall config lives for many years. So, after a few years, the certificate and encryption settings of the ssl vpn server aren't up-to-date anymore.
    At the current state, if you change certificate or encryption settings, you'll have to redeploy the ovpn-files immediately. The old client settings and certificates become invalid.
    But with multiple server instances you could migrate the users with legacy settings to the new instance next to one another.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  12. SATC: Compatibility with Chromium based browsers for web filtering

    Currently with the standalone SATC agent, adding web filtering rules and managing access via AD integrated groups only works for non-Chromium web browsers (ex: Firefox). Support informed me that a fix was coming out at the end of July 2021, but ONLY if you are using their Server Protection product.

    This fix needs to be added to the standalone SATC agent as well.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  13. Recategorization of domain www.gcedonlinecampus.org

    The domain www.gcedonlinecampus.org is categorized in Gambling Category in Sophos firewall database. But this is an education website. So it should be in Educational category.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Request to allow three algorithm combination on ipsec policy aggressive mode

    Hello Team,

    We have customer here, requesting to allow three algorithm combination on ipsec policy aggressive mode under XG Firewall. Currently only one algorithm combination is being allowed under ipsec policy aggressive mode.

    For your assistance please.

    Thank You.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  15. Tool to test restoration of backups to verify password is correct

    It would be great if there was a method or tool to use to test backup passwords work without actually restoring backups. We backup clients' units and have a record of backup passwords but no way to test they are valid. Unless anyone has suggestions of how we can test backups since support have no ideas.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Assigning static ip to SSL VPN users

    FIRST REQUESTED SIX YEARS AGO.

    SIX YEARS!!!!!!

    IT'S A 5 MINUTE CHANGE.

    PLEASE LISTEN TO YOUR PARTNERS!

    https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/10828488-assigning-static-ip-to-ssl-vpn-users

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add pages or jump to end under users

    I would like to request the addition of a jump to the end option under Authentication\Users on the Sophos XG firewall. Case in point, we have a client that has 62 pages of users and we have to click through each page to get to the end of the list for various users. Clicking the arrow, waiting for the page to load, scrolling down to the bottom and then clicking to the next page (60 times) surely adds up. Ideally it would have the ability to select a page but at least being able to jump to the first and…

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Someone has scanned my network

    Many a times we use Nessus or NMap like port scanning tools for our network. Thought that there might be lots of users who would be playing around with such tools and would be scanning someone else network. It might happen that unfortunately he get information of opened ports and would successful in penetrating.

    To overcome such incidents I would request to implement feature which report admin about who, when and from where the UTM was scanned and did *********** happened etc...

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Rogue switch detection

    Instead of configuring a complex way of detecting rogue switch which till date it out of hope, I would request to implement feature through which we can scan our local network for rogue switches.

    This way we can protect our network and catch hold of rogue users who dare to bring such devices in organization

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Port Knocking

    I would request to implement Port Knocking feature where in even though the admin has kept HTTPS open on WAN or any other ports, with help Port Knocking it will be dynamically opened and closed on demand.

    By this there will be no need to configure HTTPS on any other unknown port or no worry of keeping open. Since as soon as admin knocks the port it will open and exits the port, it will get closed.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 101 102
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.