It has come to my attention that while the XG firewall allows you to enter two RADIUS servers for wireless authentication failover. The APX series access points do not support the secondary server.

This creates a high risk for wireless service disruption in the event the primary server goes offline. The lack of support for this functionality requires an engineer to manually promote the secondary server as the primary in the event of a failure.

enable mimo/mu-mimo feature on XG wifi similar to central managed

Using Sophos XG 18.01 , had a recent issue where a LAN>>LAN rule was deleted automatically when a RED device interface was removed from the XG.

It would be great, if "Tags" or "Locks" could be applied to Firewall rules, that either stops these rules from being deleted, or alternatively prompts for login credentials or a warning before the rule is deleted.

I want to get an IPS rule file(.csv) in Sophos XG firewall. It does not allow to export to a file as a .csv. Would be used in the SIEM solution as a detection rule.

Please Provide the MAC Address also in Current Activities>Live Users

In Network>DHCP. Is it possible to have entire leased Ip's list to download in excel file.

When I established IP Sec tunnel Interaface with LAG on WAN, they can't show Virtual Interface of IPSEC tunnel. Please update to show ít on LAG port.

When I established IP Sec tunnel Interaface with LAG on WAN, they can't show Virtual Interface of IPSEC tunnel. Please update to show ít on LAG port.

OSPF dynamic routing should allow advertising of summarized routes. For reference Cisco's documentation refers to this behavior as "a key feature of OSPF".

As an example, 10.0.1.0/24 and 10.0.2.0/24 in area 0.0.3.1 should be able to be advertised as only a part of the larger supernet 10.0.0.0/12 to 0.0.0.0; in this way only 10.0.0.0/12 is advertised with remote routers having no concept of the smaller subnets.

What currently happens is if you add 10.0.0.0/12 to 0.0.3.1, it advertises only 10.0.1.0/24 and 10.0.2.0/24. This gets messy as internal routes get more complex and none of them need to be individually advertised.

The current file length limit for content filters is 2000 lines. It is important for us to extend it because many external lists are much longer than 2000 lines.

it is amazing, if any Firewall Rule deleted then sophos do not make logs. it is a basic report which every admin wants.

Hello Team,

We have customer here requesting to have option to generate Web Filtering Report For User's Visited Websites Only. Customer advise that currently the customized web surfing report your isn’t end-user friendly at all. As a MSP, customer want and need the reporting to better align to what end-users want to see and most often that is quite simply:

User friendly web surfing reports that clearly list the websites a user has been visiting and possibly and additionally categorize that information. Ultimately they just want the browsing history for that user.

For your assistance please. Thank You.
 

When a Network zone is added, firewall rules shoud be created with a specific "view" of zone to zone rules to help administrators to maintain firewall rules and add specific accept rules in the correct "view" of zone to zone scope by copying the default deny zone to zone rule and position with the good sequence number after verification to avoid traffic dismissing

When DDOS attack is detected, a web page should authorize the admin to send after validation
a BGP FLOWSPEC message with preformated tupples acl to upstream routers with network traffic limitation or drop
just to load balance the security defense between routers and the target or intermediary firewall

self sourced traffic of the firewall services should be defined on a specific "micro service" address type loopback to simplify acl special security in the menu "system" "administration""device access" even if this special menu is greatfull

route maps with acl defined subnets, interfaces, next hop should be usefull to mitigate routing table hijacking propagation inside severals IGPs and BGP

"Should be used in conjonction with network namespace and vrf lite"

network namespaces or vrf lite are a way to mitigate the internal private routing tables exposition to external public routing table when there is no way to build a multi level firewall architecture

Make the log items in "Email / Log Viewer" expandable and show traffic details with time stamps like:
- incoming connection from
- mail from
- mail to
- blocked because of
- outgoing connection

These information is sometimes crucial to trouble shoot mail problems and is otherwise buried in log files.

Please add a functionality, to show emails in smtp log, which were deleted from the smtp quarantine! If a mail gets quarantined, the smtp log shows "quarantined". But if I now delete the email, this action is not logged into the smtp log. Instead of this, if you delete mails from smtp spool, it gets logged into smtp log. Why? Please log this and show this in smtp log. If i release a mail from quarantine, this is logged to smtp log as "delivered"...