XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Discover dropped files from Intrusion Attacks

    In MONITOR & ANALYZE | Reports | Network & Treats, we'd like to have ability to see the name of the file that is attacking the network internally.

    i.e. The Intrusion Attack is: 'FILE-PDF Adobe Acrobat ImageConversion PCX Parsing Out-of-Bounds Write'. File name of source attack: 'malware.pdf'.

    We can use that info to search out the attacking file and delete it if not picked up by AV.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. IPv6 Stateful Firewall Bypass like you can for IPv4 using set advanced-firewall bypass-stateful-firewall-config

    Using set advanced-firewall bypass-stateful-firewall-config del sourcenetwork x.x.x.x sourcenetmask 255.255.255.0 destnetwork y.y.y.y destnetmask 255.255.255.0 works for Ipv4 but not Ipv6. Or if you can disable invalid packet blocking on Ipv6. This is especially needed when using asymmetric routing scenarios.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. security advisor with recommendations

    there should be an option that would check all security settings with a nice overview as well as recommendations with shortcuts to right place as well as a shortcut to a easy explanation.
    this will tighten security for experts and first time users.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Adding IP host and FQDN host using CLI

    Please add a feature to add ip host and fqdn host using cli

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Network List

    Under IP Host, it would be great to have a Network List feature where we can add multiple networks, similar to IP List (which only allows for IP address' and not Networks).

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. SD-WAN Support Forward Error Correction (FEC)

    Forward Error Correction (FEC) is a mechanism to recover lost packets on a link by sending extra “parity” packets for every group (N) of packets.

    Forward Error Correction (FEC) is a technology that is well known for its ability to correct bit errors at the
    physical layer. However, this technology can also be adapted to operate on packets at the network layer to improve
    application performance across WANs that have high-loss characteristics. With packet-level FEC, network equipment
    can reconstitute lost packets at the far end of a WAN link, avoiding delays that come with multiple round-trips
    retransmissions. This enables WANs…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Virtual domain

    Dears ,

    We need to have a Virtual domain in our XG firewall like in Fortigate & Palo alto . because sometime this feature kick us out from competition

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. EnterpriseGuard License

    Dears ,

    It will be awesome if you make a change in your subscriptions EnterpriseGuard by adding email protection to be anti-spam like in Fortigate in this way Sophos will be more flexible to meet customer requirements . When customer asking about subscription with anti-spam and not full email protection we can provide EnterpriseGuard by this way we will be more competitive . but if the customer look to full email and WAF then the FullGuard will be choise

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. XG hard drive

    Dears ,

    I'd like to suggest one thing regarding hard drive SSD . if it is become more flexible . i mean if we can change the SSD hard drive on the firewall according to the customer requirements

    Because sometimes the firewall throughput's being acceptable but the customer be restricted to specific size of SSD this caused lost a lot of projects against other competitors

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Static Routes Should Be Top Precedence By Default

    Static route should always be the top precedence by default. I have several tunnels that have stopped working after updating to v18 and having newly migrated policy routes take precedence.

    Additionally, it would be nice to have a GUI-based option to change the precedence order, rather than needing to go and and make a CLI change for each device we upgrade.

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. DHCP Server Increase Subnet Size

    In Current version 18.0 Sophos XG doesn't allow to create DHCP server with more than /24 subnet size. it should be there otherwise there is no point of having DHCP server feature in bigger firewalls.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Support MLPPP

    Please allow XG Firewall to support MLPPP (Multi-LInk PPPoe) so we can bond two DSL connections together! I see Sophos UTM already supports this.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. country blocking

    Country Blocking should have an option for blocking the uncategorized Public IPs,
    These are noted as not belonging to a country, these do not get blocked by default, I would like an inclusion of a group called "Uncategorised", and this would block all the Public IPs that have no categorisation, and exception can always be made later if they are required, this also happens on the SG UTM boxes as well.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. How to Allow ICMP request from WAN on Public Alias IP Address in Sophos XG?

    We want to allow ICMP request from WAN on Public Alias IP address to check whether the internal host is up or down. Internet should not be able to ping the NAT public IP address if the host is down. Any ideas how to do it?

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. scanning

    Xg Firewall doesn't support "Scan FTP for malware" scanning of FTP traffic for explicit over TLS

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Synchronized Security Heartbeat from WAN as source

    Synchronized Security is great to ensure healthy endpoints are allowed to communicate with network resources but we need this to be available on WAN - LAN rules as well. With the movement around the globe to more companies becoming remote and hosting their services at a central point behind a Firewall we need to ensure the same set of rules or security features apply to known users that are apart of the same Sophos Central instance. Services protected by the XG Firewall need to be able to be restricted to inbound WAN users with an unhealthy endpoint status or no…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Source code Scanning feature

    Hi Team,

    we are looking for source code scanning feature to implement in our enviorment.

    How sophos team will help me to implement this feature.

    Regards
    Sambhaji

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. IP Host Group is incomplete & Console> Show country-host ip2country ipaddress <IP address> displaying no result

    On the XG device the Host Group for South-Africa is incomplete. I have had occasions where i have to manually add IP ranges from ISP networks to the firewall manually as they are not in this group. I have spoken to Sophos Support and was informed that the device queries the Max-mind database for the IP geo location. Yet every time i go and check Max-mind the IP displays the correct Geo Location but when i enter the command in Sophos "Show country-host......" it says the IP does not belong to any country.

    I would like to suggest a feature…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. XG Firewall Custom WAN link Grouping

    We need to be able to create custom WAN groups used for WAN link balancing with the ability to choose what interfaces are members of those groups. We do not want all the WAN links to fall within the same group called "WAN link load balance" by default. If I want to load balance traffic between two sites using site to site VPNs or MPLS networks created on external routers I cannot currently do this as all the gateways belong to the same WAN group and traffic will pass to Internet gateways as well as MPLS gateways setup within the…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Migration Assistant VM to support UTM 9.7+ Configurations

    Migration Assistant VM to support UTM 9.7+ configurations. Tested this recently at a customer's site, and the MA only accepts up to 9.605. This set me back by a few months of firewall changes.

    Also, I'm sure it's been suggested, but why is the MA not a web-based tool in the partner portal? A local running VM is a bit of overkill just to convert a file. Could even just boot your existing VM in Azure or AWS and have it refresh it's image every 60 minutes or so and give web login access to partners. Partner's log in, upload…

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 11 12
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.