XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. country ipv6 lists

    Need to have Ip2country for IPv6 based hosts and IPv6 addresses per country. Also be able to list of networks in IP object like IPlist.

    13 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Utilize the weight value for WAN failover order of priority to become active

    Hello Team,

    We have customer here requesting to Utilize the weight value for WAN failover order of priority to become active. For your assistance please. Thank You

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Utilize  the weight value for WAN failover order of priority

    Hello Team,

    We have customer here requesting to Utilize  the weight value for WAN failover order of priority. For your assistance please. Thank You

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. change vlan base

    Please make it possible to move existing VLANs to another base interface without the need of deleting/reconfiguring. Almost every other manufacturer allows that and it really helps when we have to temporarily build a network on ports other than the ones that will be used in the end.

    21 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Firewall rule locks

    Using Sophos XG 18.01 , had a recent issue where a LAN>>LAN rule was deleted automatically when a RED device interface was removed from the XG.

    It would be great, if "Tags" or "Locks" could be applied to Firewall rules, that either stops these rules from being deleted, or alternatively prompts for login credentials or a warning before the rule is deleted.

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. AUTOMATIC VISIBLE DEFAULT DENY FIREWALL RULES FROM ZONE TO ZONE

    When a Network zone is added, firewall rules shoud be created with a specific "view" of zone to zone rules to help administrators to maintain firewall rules and add specific accept rules in the correct "view" of zone to zone scope by copying the default deny zone to zone rule and position with the good sequence number after verification to avoid traffic dismissing

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. flowspec alert DDOS to routing subsystems from IDS

    When DDOS attack is detected, a web page should authorize the admin to send after validation
    a BGP FLOWSPEC message with preformated tupples acl to upstream routers with network traffic limitation or drop
    just to load balance the security defense between routers and the target or intermediary firewall

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. L7, APPLICATION, AAA, self sourced firewall traffic

    self sourced traffic of the firewall services should be defined on a specific "micro service" address type loopback to simplify acl special security in the menu "system" "administration""device access" even if this special menu is greatfull

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. route map for route redistribution control between protocols

    route maps with acl defined subnets, interfaces, next hop should be usefull to mitigate routing table hijacking propagation inside severals IGPs and BGP

    "Should be used in conjonction with network namespace and vrf lite"

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. network namespaces or vrf lite

    network namespaces or vrf lite are a way to mitigate the internal private routing tables exposition to external public routing table when there is no way to build a multi level firewall architecture

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Filter Option not available in under Intrusion prevention-Spoof protection trusted MAC and its very difficult to change MAC or IP

    Please provide this option urgently in XG430 because its very difficult to find MAC or IP. I was used Cyberoam before and this option available and its very easy to use. After upgrading Cyberoam CR750ing to sophos its very difficult. Thanks for Understanding.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. sophos xg firewall dashboard icon for vpn color should not br red once one tunnel is working

    sophos xg firewall dashboard icon for vpn color should not be red once one tunnel is working
    it should be yellow with triangle icon and down you can mark 1out of 2 is down

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. manage TLD / ccTLD DNS lookup results in XG DNS

    Currently, blocking or redirecting TLD / ccTLD (https://icannwiki.org/Countrycodetop-level_domain) dns lookups for clients using XG dns requires configuring dns request routes for each one to send those lookups to an external Microsoft or other dns server populated with fake TLD / ccTLD zones and wildcard records. It would be simpler to be able to control lookup results within XG without having to route to an external server.
    This request was similar but applied only to web http traffic rather than the dns level to address all protocols: https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/31267192-block-tld

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. XG firewall HTTP/HTTPS health checks for server load balancing rules

    If you have multiple IIS servers behind an XG firewall and you want to load balance them and each IIS server has multiple web sites configured(each with specific IP bindings) then the XG firewall with the TCP check on port 80 or 443 cannot tell that a site is down if the web site is stopped or its associated app pool is stopped to be able to remove that site from the load balancing pool.
    This is because IIS still responds to requests (with a 400/404 when the site is stopped or with a 503 when an app pool is…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Discover dropped files from Intrusion Attacks

    In MONITOR & ANALYZE | Reports | Network & Treats, we'd like to have ability to see the name of the file that is attacking the network internally.

    i.e. The Intrusion Attack is: 'FILE-PDF Adobe Acrobat ImageConversion PCX Parsing Out-of-Bounds Write'. File name of source attack: 'malware.pdf'.

    We can use that info to search out the attacking file and delete it if not picked up by AV.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. IPv6 Stateful Firewall Bypass like you can for IPv4 using set advanced-firewall bypass-stateful-firewall-config

    Using set advanced-firewall bypass-stateful-firewall-config del sourcenetwork x.x.x.x sourcenetmask 255.255.255.0 destnetwork y.y.y.y destnetmask 255.255.255.0 works for Ipv4 but not Ipv6. Or if you can disable invalid packet blocking on Ipv6. This is especially needed when using asymmetric routing scenarios.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. security advisor with recommendations

    there should be an option that would check all security settings with a nice overview as well as recommendations with shortcuts to right place as well as a shortcut to a easy explanation.
    this will tighten security for experts and first time users.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Adding IP host and FQDN host using CLI

    Please add a feature to add ip host and fqdn host using cli

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Network List

    Under IP Host, it would be great to have a Network List feature where we can add multiple networks, similar to IP List (which only allows for IP address' and not Networks).

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. SD-WAN Support Forward Error Correction (FEC)

    Forward Error Correction (FEC) is a mechanism to recover lost packets on a link by sending extra “parity” packets for every group (N) of packets.

    Forward Error Correction (FEC) is a technology that is well known for its ability to correct bit errors at the
    physical layer. However, this technology can also be adapted to operate on packets at the network layer to improve
    application performance across WANs that have high-loss characteristics. With packet-level FEC, network equipment
    can reconstitute lost packets at the far end of a WAN link, avoiding delays that come with multiple round-trips
    retransmissions. This enables WANs…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 11 12
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.