XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add packet tracer feature

    A feature like Cisco's ASA Packet Trace utility will be very nice. I like the XG firewalls but I really miss the Packet Tracer. Here's a little bit about it:

    https://supportforums.cisco.com/document/29601/troubleshooting-access-problems-using-packet-tracer

    I like it because you don't need to setup test hosts - the test packet virtually injected from the appliance itself.

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Implement avahi to make life with Apple devices a lot easier

    When you have a network will apple products you will soon relise that unless they are on the same subnet they will refuse to see each other, this is because bonjour just refuses to work over subnets.

    avahi can solve this but don't really see the point in setting up a server running linux to do such a small task which should be added into Sophos itself.

    I saw a feature request just like this for UTM 9 and the was no response from an admin, seeing as XG is a new platform I am hoping this feature might actually…

    23 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Firewall rule with content/application matching for custom QoS/Gateway configurations

    Allow firewall rules to "match" by application, and thus permit custom routing/qos. E.g (Streaming out lower cost WAN1, VoIP out faster/more expensive WAN2)

    This would be (layer7) application based (Not Subnet/Port based)

    15 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add OpenConnect AnyConnect Pulse SSL VPN server

    This is an idea to add the actively developed and open source OpenConnect server package to the XG Firewall. https://gitlab.com/ocserv/ocserv

    The OpenConnect server is compatible with CISCO's AnyConnect and Juniper PULSE (Secure) SSL clients. Thanks.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. WAN without gateway

    Earlier on SG, we used to have options to check if gateway is available on any interface but on XG it is compulsory to keep gateway on WAN which is quite annoying while having L2 links connecting its numbers of offices where I need IPsec VPN.

    32 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Decryption Port Mirroring

    The Decryption Port mirror feature provides the capability to create a copy of decrypted traffic from a firewall and send it to a traffic collection tool that is capable of receiving raw packet captures–such as NetWitness or Solera–for archiving and analysis. This feature is necessary for organizations that require comprehensive datacapture for forensic and historical purposes or data leak prevention (DLP) functionality.

    38 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Edit/Delete default IPS rules

    XG comes with IPS built-in rules and cannot be customized or deleted. At least allow us to customize them in order to add/remove Signature.
    I always like to keep the Appliance as clean and light possible and I would like to delete default IPS rules too.

    15 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. custom vpn config file

    I think that VPN SSL Remote connection needs to have a custom imput filed where we can inser the Firewall FQDN or Pubblic IP that we want to have on the vpn config file that users can daownload from Web User portal.
    If you have firewall behind a NAT or multiple WAN you colud choose the VPN SSL Wan interface o bypass NAT problems.

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Network Threat Reports - Links to Tools

    It would be awesome if you could make the link for an Attacker's IP address take us to a place like CentralOps.net or even the built-in tools so we can reverse DNS the IP address to figure out if the threat is credible or not. Also awesome would be the ability to then block that attacker permanently by creating a firewall rule to reject traffic from that specific address with a simple button click.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. WIFI - HOTSPOT - Email authentification with report

    It's was a good idea to create just email authentification in Hotspot and to have report with all mail. Free Wifi is good but a lot of Customer want to have a revenu with free wifi.

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Two IPSec Peer on VPN Configuration

    We have more customer with many branches and two or more Internet connection. We want to enable a Singla VPN SA that could be terminated on two differents Peer IPSec Gateway, so we can create a reliable VPN Connection that can use two different Internet connection, depend on what we can specify as first and second Remote Peer VPN.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow custom Application Filters as well as IPS Custom Signatures

    IPS provides the ability to define custom signatures
    Objects > Content > Custom IPS Patterns
    (http://docs.sophos.com/nsg/sophos-firewall/v15010/Help/en-us/webhelp/onlinehelp/index.html#page/onlinehelp%2FAppendixB.html)
    Please add this feature also to the Application List.

    Regards
    Sebastian

    17 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add more pre-defined service objects

    Can the developers add the same service ports that is included on the UTM9 Firewall to the Sophos XG Firewall devices in the future please?

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Sophos XG to support fq_codel QOS

    Can we please get fq_codel enabled for QOS by default, looks like the kernel will need upgrading too

    14 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Drop Zones

    Drop the whole concept of Zones in the access policies. They are redundant when the polices already state the networks and the interfaces.

    That is to say, a Zone means nothing when you already have to define the source network an the interface it arrives on.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Mobile network agent: Only attempt auth to known SSIDs

    Tried network agent to authenticate users and it is a very nice feature.

    Once installed, you connect with mobile to user portal, download certificate and import inside the APP.
    However I would suggest to add an option inside the APP that allow the APP to work only when the mobile is connected using a specific SSID Wi-Fi connection. At the moment, the only integrated option are:

    Save Password

    Auto Login

    This ensure that user do not need to open the APP when they are back to work and save battery.

    29 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add support to choose multiple Hosted Address when create a Business Application Policy

    Add support to choose multiple Hosted Address when create a Business Application Policy.
    Imagine a customer with 3 WAN links and 50 Business Application Policies rules.It is needed create 150 Rules for this.

    This is a real case today.

    Best regards,

    Carlos

    38 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Feature request - Custom security risks level

    I am using SFOS at home (at moment) and I have seen from reports that some custom ports (in my case TCP:49275) does not have a risk level. All other know application are already classified. My questions are:


    1. why do not add the chance for custom port to become an application?


    2. why do not add custom risk level to custom application?


    3. Why users cannot change the risk level on know application?


    I work with Health care industry and banks too and every customer has different needs so I am sure that for some Skype (for example) is extremely risky while…

    53 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Sophos VPN app for mobile platforms

    Sophos should develop an own VPN app for mobile operating systems (iOS / Android / Windows Phone) which can connect via the UTM using the configuration pushed from the UTM to the SMC server.
    It should also support the Per-App-VPN feature which was introduced in iOS 7.

    355 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    19 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Native Microsoft Azure Site-to-Site VPN

    Sophos UTM already natively supports automatic site-to-site VPN tunnels with BGP routing to AWS. I look forward to Sophos UTM supporting the same sort of site-to-site VPN tunnels with BGP to Microsoft Azure in public and private cloud deployments.

    I think the easiest way for this to work would be for Sophos UTM to look at the requirements of getting the VPN itself setup (which has been documented in the forums and works), then to make BGP work on top of that, then ensure that BGP and the VPN can work between multiple private cloud and public cloud sites, then…

    208 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    26 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
1 2 8 9 10 12 Next →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.