XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Hide network attack count for added exceptions

    It appears that the Sophos dashboard displays network attacks even for vulnerabilites that have been given an exception.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. virustotal scanning option on reports or logs

    I use VirusTotal often either manually or via 3rd party apps or even via the API, so it would be ideal if we could use VirusTotal within Sophos XG v18 Web UI somewhere for diagnostics or threat hunting as an option on live logs or reports.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. XG Firewall Web Portal Pages and Config loading too slow

    The Sophos XG Firewall routers need the web interface config pages speeded up - all units are much slower than the Cyberoam UTM pages load at and adding and changing a config can take from 5 to 15 seconds to load. Makes configuring a sophos from scratch a slow and tedious process.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. IGMP version

    Possibility to change the highest supported version of IGMP. Prohibition of use of IGMPv3 version.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. IPSec Remote Acess - Selection of other policy than the default one

    To summarize:


    Default re-key time for IPsec remote access is set to 4 hrs and does not have any option to change it from GUI.
- This usually happens in the backend without any interruption (with only one authentication). However, if we have configured MFA then it will prompt for the OTP after every 4 hours as it requires reconnecting.

    Administrators may be able to config this behaviour as well be able to associate the IPSec Remote Access to another Policy than the default one.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Support user authentication in rules from WAN to LAN using 2-factor authentication as we do when connecting to user portal

    Currently LAN to WAN is supported, but not WAN to LAN. Checking known users, selecting users, and having them login if they are an unknown user will be a replacement for the https bookmarks removed from the user portal.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Revert subject of gateway status notification e-mails back to SFOS 17 style

    We use a RMM that allows us to assign an incoming alert e-mail to a specific client based on the subject, which we labeled the gateway name on the Sophos appliance based on the client ID and ISP, for example "XYZ Comcast". When a client's Sophos appliance with SFOS 17 would report an interface is down via e-mail, the ticket would be assigned to client XYZ in our RMM due to the subject: Gateway XYZ Comcast Went Down or Gateway XYZ Comcast Went Up

    With SFOS 18 the subject is now "ALERT Sophos XG Firewall - Gateway status" and…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Better filter search in the add new item

    In the different rules creation fileds it's not very easy to find your objects in the "Add new item" button. The search is effective only if you know the beginning of the word you are searching but it's not always the case. Please add the possibility to search a word or a partial term of an object like it was possible in SG. It will make your product much more user friendly...

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Being able to filter rules with keyword in views

    It's very difficult to find your rules in XG compared to SG. In SG there was a textbox search who was very efficient because it was filtering rules on any fields with the text entered. Please add this functionality into the different XG views !

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Better interface with adjustable column size

    In the firewall rules the column are too small and it's difficult to look for the desired rule as their name are troncated with "...". It would be much more easier if the size of the column were adjustable or even filterable like in SG....

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow to enter a partial MAC-Address to filter for Vendors

    It would be great to be able to enter a partial MAC-Address as eg. 00:1A:E8:* within the MAC Address Definition section.
    The MAC-Address in this example would involve every device from the vendor Unify.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow netflow to be assigned to a specific zone

    It would be great to be able to assign the netflow service to zones the same as you can with most other services: SNMP, SSL portal, ping, user portal, etc..
    You cannot truly segregate all management traffic/duties with the current implementation without rewiring the default Lan port to be a dedicated management interface

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Ghost ip detection

    We are using DHCP server from our XG firewall. IP leasing setting is 12 hrs. I am looking for some tools from which i can find the ghost IP ( IP which is not active) and clear it up from the DHCP pool in order to assign to new connection.

    Secondly I want to know that how can i make a rule that if a device is not authorized to access internet should not get the IP from the DHCP server.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Block IPv6 UDP fragmentation

    Currently, on XG firewalls one can disallow fragmented traffic via the CLI (fragmented-traffic deny). But this cannot be reduced to IPv6 UDP traffic only.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. set group of wan links to perform load balancing

    we need in the future to be able to set a group of WAN Links to performing load balancing
    Example
    I have 6 Wan links from different ISP's ( Vodafone, WE, TE-DATA, Nour, Orange, and Etisalat)
    we need to be able to make ( Vodafone, We, and TE-DATA ) perform load balancing to serv specific Subnet and create another load balancing with the rest of ISP's ( Nour, Orang, and Etisalat ) to serv another subnet

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Dhcp lease Export in one Excel File

    It is submitted that in the firewall the DHCP Lease can not be download properly due to this admin user has facing the problem. So your are requested to please provide the function to import excel file of all DHCP Lease IPv4 so that all lease can be downloaded easily and maintain the DHCP logs by the admin user properly. Firewall>Network> DHCP>IPv4

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. OP Manager Compatibility with XG

    Customer wanted to have the OP manager compatibility with XG Firewall

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Ability to Traffic Shape & QoS Specific Interface

    Hello!

    It has become apparent for us to try and implement Traffic Shaping rules for specific interfaces - in our example, we have a site which has many RED Branch Offices. These branch offices appear to be causing high utilization on our available WAN usage.

    Currently, to create a Traffic Shaper or QoS rule we'd need to define it within "System services > Traffic shaping" and then apply this to a firewall rule under "Rules and policies > Firewall rules > [[Edit Rule]] > Other security features > Shape traffic".

    This works great for when you have a specific service…

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Services need to be modify without removing from rule

    In the current firmware , if want to modify a service means i have to remove from all rules which is related this service. So this should be update the upcoming firmware. Services need to be modify without removing from rule

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Network Map

    I suggest the implementation of network map visualization to watch os type, hostname, IP, open ports and manage their network access.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 13 14
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.