XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Client Authentication Agent Update Push

    This is an idea for having future CAA agents detect newer versions available typically after a SFOS upgrade and prompt the user to update (or allow auto update). In the past I've had to manually update client authentication agents in the field after each release. The other sticking point is while the client_auth_agent.exe is digitally signed it does not include the product version number which makes identifying the version a bit tricky. However having the CAA auto-update (maybe from an admin checkbox on the UI) would save the time of the CAAs in the field on getting the absolute latest…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. add support for DNSCrypt protocol using dnscrypt-proxy

    This is an idea to add support for the DNSCrypt protocol using dnscrypt-proxy which protects against man-in-the-middle attacks.

    The github source is here:
    https://github.com/jedisct1/dnscrypt-proxy

    Thanks.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add OpenConnect AnyConnect Pulse SSL VPN server

    This is an idea to add the actively developed and open source OpenConnect server package to the XG Firewall. https://gitlab.com/ocserv/ocserv

    The OpenConnect server is compatible with CISCO's AnyConnect and Juniper PULSE (Secure) SSL clients. Thanks.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. True Network DLP

    DLP works quite well on Email but it is time to implement it even on Web. I would like to be able to know what my users are uploading to Cloud, DropBox and Webmail and decide to stop and log or log only. Also VPN client should be able to talk with XG and scan what users download from the company to their pc and block unauthorized content.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. WAN without gateway

    Earlier on SG, we used to have options to check if gateway is available on any interface but on XG it is compulsory to keep gateway on WAN which is quite annoying while having L2 links connecting its numbers of offices where I need IPsec VPN.

    28 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Decryption Port Mirroring

    The Decryption Port mirror feature provides the capability to create a copy of decrypted traffic from a firewall and send it to a traffic collection tool that is capable of receiving raw packet captures–such as NetWitness or Solera–for archiving and analysis. This feature is necessary for organizations that require comprehensive datacapture for forensic and historical purposes or data leak prevention (DLP) functionality.

    28 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Predefined Objects for (IP Range + Standard Services, Ports)

    I could improve my overall network security, by limiting Services/Ports to specific IP Ranges. A predefined set of IP Ranges altogether with standard ports, would be very helpful and ease up the whole XG configuration. For instance, My users have access to specific ports only for the IP Ranges of Apple, Microsoft, Google and Akamai. Given this, only Port 80 and 443 remains open from LAN to WAN for all other IP's. I think for 80% of all Small Businesses with some adjustments, this configuration should work out of the box.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow access to google hangouts

    Allow access to google hangouts

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Edit/Delete default IPS rules

    XG comes with IPS built-in rules and cannot be customized or deleted. At least allow us to customize them in order to add/remove Signature.
    I always like to keep the Appliance as clean and light possible and I would like to delete default IPS rules too.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Filter firewall rules for zones

    Filter firewall rules for zones. We can filter it, but the filter is gone if you change the menu. The best solution for me was the Cyberoam layout, with the rules separated by zone. If not possible, please make possible to make the filter stay there even if we log out of firewal..

    20 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. LDAP Support

    ability to authenticate user to LDAP Server without previously import the user.
    Ability to the user belong to more than one group on LDAP Server, and sums Policies assigns to Groups.
    I'm migrating from SonicWall to XG Sophos and this feature is missing and impacting on my migration.

    Thanks,

    38 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. PPTP/L2TP no members by default

    By default, as soon as you enable PPTP or L2TP all the users are added as members (local and AD too). This is not safe. Instead the "show members" list should be empty and Admin adds the needed users. Even if you can manage PPTP and L2TP on single users or group, Admin should decide who put in the list. Please adjust this feature. Also change the name to PPTP (Remote access) and L2TP (Remote Access). Last but not least, instead of having show members and add members tab, create the same Identity area as you did for SSL VPN…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Support for Microsoft DirectAccess in XG

    Accessing server resources using Microsoft DirectAccess feature so that remote users don't need to use traditional VPN. So there should be a way to port forward necessary ports/services in Sophos XG firewall for allowing access

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. custom vpn config file

    I think that VPN SSL Remote connection needs to have a custom imput filed where we can inser the Firewall FQDN or Pubblic IP that we want to have on the vpn config file that users can daownload from Web User portal.
    If you have firewall behind a NAT or multiple WAN you colud choose the VPN SSL Wan interface o bypass NAT problems.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Network Threat Reports - Links to Tools

    It would be awesome if you could make the link for an Attacker's IP address take us to a place like CentralOps.net or even the built-in tools so we can reverse DNS the IP address to figure out if the threat is credible or not. Also awesome would be the ability to then block that attacker permanently by creating a firewall rule to reject traffic from that specific address with a simple button click.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. WIFI - HOTSPOT - Email authentification with report

    It's was a good idea to create just email authentification in Hotspot and to have report with all mail. Free Wifi is good but a lot of Customer want to have a revenu with free wifi.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Two IPSec Peer on VPN Configuration

    We have more customer with many branches and two or more Internet connection. We want to enable a Singla VPN SA that could be terminated on two differents Peer IPSec Gateway, so we can create a reliable VPN Connection that can use two different Internet connection, depend on what we can specify as first and second Remote Peer VPN.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow Ping using Business Application Rule

    When creating an Alias (System > Network > Interfaces > Add Alias) and then creating a Business Application Policy for the external address

    - Business Application Policy does not have an option to forward pings through to the Internal Server

    Currently it is only possible if Forward All Ports is selected from the Business Application rule
    -

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Connection/Session/timeout limitin on Policy Rule

    We need to specify differenti timeout or different concurrent session per Security Policy

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Please add Custom Application Filters according to IPS Custom Signatures

    IPS provides the ability to define custom signatures
    Objects > Content > Custom IPS Patterns
    (http://docs.sophos.com/nsg/sophos-firewall/v15010/Help/en-us/webhelp/onlinehelp/index.html#page/onlinehelp%2FAppendixB.html)
    Please add this feature also to the Application List.

    Regards
    Sebastian

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.