Hi,

Can XG firewall have a Backup interface setting in High Availability function as like as SG firewall?

It can prevent that both master and ***** become master at the same time because of a failure of the HA synchronization interface or an unplugged network cable suddenly.

Please extend Sophos XG FW by DNS RPZ FW option to filter spam and malicious domains similar to mail reputation system (e.g. via SpamHaus).
See: https://dnsrpz.info/ "Domain Name Service Response Policy Zones (DNS RPZ) is a method that allows a nameserver administrator to overlay custom information on top of the global DNS to provide alternate responses to queries. It is currently implemented in the ISC BIND nameserver (9.8 or later). Another generic name for the DNS RPZ functionality is "DNS firewall"."

Privoxy is able to supress redirects that google is placing on their search results. OR redirects to analytcs sites.
Blocking categories makes the search sites not usable.

This should already be a feature! Please make it possible to reboot the access points from the firewall interface or at the very least from the web GUI of the access point. It should not require an SSH tunnel in order to do this!

Hello Team,

We have customer here requesting to support Verizon network for USB dongle under XG.
As Verizon, unable to see Sophos XG on their end when they connect dongle with verizon network

VPN Login Script

Configure the VPN client to authenticate to the domain and allow GPO login scripts to be applied to the remote computer so that the user can connect to all network resources as they do when they are in the office.

I'd like to dedicate a monitor to showing the dashboard. unfortunately it keeps getting kicked off so it's not very dedicated. if worried about anyone coming in and changing things it could perhaps be a capability that can be associated with a role like 'read only' mode. in any case I find it odd that you kick the login out even if you have not selected the timeout feature to be turned on.

It would be good to have an email alert when any endpoint goes to critical "red" mode so that we know the reason for internet not working.

Also if we can customize the heartbeat block page it would be good.

IPsec NAT: we need the possibility to NAT several local subnets to only one NAT-address and not 1 local subnet to 1 NAT-address. So that the remote peer has to configure only one ip-address as remote subnet.

This is still working with an unsupported workaround. One snat firewall rule translates all our subnets to one ip-address which is part of "Local Subnets" in the affected ipsec connection. To get routes and snat working correctly, we've added an ipsec_route on xg CLI.

In asia so many bitcoin miner case.
Taiwan was test target with many countrys.
so many business customer want to detect inside or outside problem with miner attcked.
but some miner website is normal and legal.
Just hacking category can't include all miner webside, just only inlegal webside is not enough.
Endpoint protection this product has application contral with miner type category.
so why in XG can't do this?

There is currently no way to set MSS override on a VLAN interface. This is required for a WAN connection with less than 1500 byte MTU to deal with other internet hosts which have firewall misconfigurations that means PMTU discovery doesn't work.

It would be nice if there was the option to "Skip" Logging of specific web requests in the Web filter. For example, I see my logs spammed with certain domains, even if it's blocked, such as ( trouter.io ) and it's quite annoying to sort through.

In the Routing, Upstream Proxy configuratie it is not possible to configure a username with "special" characters. With special I mean dot's or backslashes. This makes it in many scenario's to direct the webtraffic to a proxy server which only allows Active Directory authentication. It is not possible to authenticate as "domain\username".

I am not sure if something is already known about it but when can we expect that feature? Some of our customers are convinced of the XG but want to have mail-encryption with S/MIME and OpenPGP.....

At the moment Emails in SMTP Quarantine will only be deleted, if the Quarantine Area is full. Other Sophos products auto-delete these Emails after 30 days. It would be great, if the XG does that too.

Hello Team,
I have install XG 135 firewall to secure my network but my firewall is not secure yet, after enabling wan access my firewall then any budy can hack my firewall so take it seriously heir should be any advance login procedure like throw OTP or any other way.

Hello

As such now there is no report available to show the file name uploaded to public cloud or web mail etc it only shows the total size uploaded. If we have the report along with file names will be added advantage.

Due to segregation of duties we would like to have an option for 4 eyes principle in the firewall configuration.

It woold realy be nice if 1 person can create and prepare the firewall change and one other user should give an O.K. before the configuration take effect.

Force a client to see the HOTSPOT's Terms of use acceptance page every time during testing? Or give us a way to clear out a session for testing he custom template.

Currently with a Country Block rule enabled the drop or reject traffic is not showing in the log.