XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. DHCP Server Increase Subnet Size

    In Current version 18.0 Sophos XG doesn't allow to create DHCP server with more than /24 subnet size. it should be there otherwise there is no point of having DHCP server feature in bigger firewalls.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Support MLPPP

    Please allow XG Firewall to support MLPPP (Multi-LInk PPPoe) so we can bond two DSL connections together! I see Sophos UTM already supports this.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. country blocking

    Country Blocking should have an option for blocking the uncategorized Public IPs,
    These are noted as not belonging to a country, these do not get blocked by default, I would like an inclusion of a group called "Uncategorised", and this would block all the Public IPs that have no categorisation, and exception can always be made later if they are required, this also happens on the SG UTM boxes as well.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. How to Allow ICMP request from WAN on Public Alias IP Address in Sophos XG?

    We want to allow ICMP request from WAN on Public Alias IP address to check whether the internal host is up or down. Internet should not be able to ping the NAT public IP address if the host is down. Any ideas how to do it?

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. scanning

    Xg Firewall doesn't support "Scan FTP for malware" scanning of FTP traffic for explicit over TLS

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Synchronized Security Heartbeat from WAN as source

    Synchronized Security is great to ensure healthy endpoints are allowed to communicate with network resources but we need this to be available on WAN - LAN rules as well. With the movement around the globe to more companies becoming remote and hosting their services at a central point behind a Firewall we need to ensure the same set of rules or security features apply to known users that are apart of the same Sophos Central instance. Services protected by the XG Firewall need to be able to be restricted to inbound WAN users with an unhealthy endpoint status or no…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Source code Scanning feature

    Hi Team,

    we are looking for source code scanning feature to implement in our enviorment.

    How sophos team will help me to implement this feature.

    Regards
    Sambhaji

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. IP Host Group is incomplete & Console> Show country-host ip2country ipaddress <IP address> displaying no result

    On the XG device the Host Group for South-Africa is incomplete. I have had occasions where i have to manually add IP ranges from ISP networks to the firewall manually as they are not in this group. I have spoken to Sophos Support and was informed that the device queries the Max-mind database for the IP geo location. Yet every time i go and check Max-mind the IP displays the correct Geo Location but when i enter the command in Sophos "Show country-host......" it says the IP does not belong to any country.

    I would like to suggest a feature…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. XG Firewall Custom WAN link Grouping

    We need to be able to create custom WAN groups used for WAN link balancing with the ability to choose what interfaces are members of those groups. We do not want all the WAN links to fall within the same group called "WAN link load balance" by default. If I want to load balance traffic between two sites using site to site VPNs or MPLS networks created on external routers I cannot currently do this as all the gateways belong to the same WAN group and traffic will pass to Internet gateways as well as MPLS gateways setup within the…

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Migration Assistant VM to support UTM 9.7+ Configurations

    Migration Assistant VM to support UTM 9.7+ configurations. Tested this recently at a customer's site, and the MA only accepts up to 9.605. This set me back by a few months of firewall changes.

    Also, I'm sure it's been suggested, but why is the MA not a web-based tool in the partner portal? A local running VM is a bit of overkill just to convert a file. Could even just boot your existing VM in Azure or AWS and have it refresh it's image every 60 minutes or so and give web login access to partners. Partner's log in, upload…

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Pass traffic button

    It would be nice if we have a button next to firewall log 'Denied' entry, that can create a Firewall rule based on that log entry.
    Quite often it would be much more effective and efficient if I could allow traffic with one button, instead of doing all rule creation step-by-step procedure.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Send Wake On Lan Magic packet to host.

    Create a Button, that will send Magic Packet to defined host or host from DHCP leases list. It would be much more pleasant to use Firewall to wake hosts instead of other machines, cause sometimes in one site there are only workstations, without any 24/7 working server any kind.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Super Admin & Admin

    Super Admin Can Access from Public Network WAN Interface and Admin Can access from Local Network LAN interface only and from WAN interface only accessible by Super Administrator which is should be owner can able to change his own Super Admin.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. IPS Not Working ! on Sophos XG Home

    IPS not Working on SOPHOS XG Home

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Make a way to add to Sophos Connect "Allowed user" list without booting all currently connected Sophos Connect users.

    The title pretty much spells it out here. It's very disappointing that you can't add a VPN user without disrupting all your current VPN users...

    12 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Geo Blocking

    Geo Blocking is a great addition, but doesn't list all the countries.

    For instance, I have a customer getting hit by Kenya and Kyrgyzstan. Any ETA on when Geo Blocking will be fully rolled out?

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. NAT Rules - Grouping

    Grouping NAT rules - same as grouping Firewall Rules.

    12 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. loopback interface and ip sla features in v18

    kindly add loopback interface and ip sla features in v18. loopback interface is need to use in bgp and "ip sla" is needed for link high lentency failover.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Revoke DHCP lease from client

    The ability to revoke the DHCP leased out to certain client.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. office 365 SMTP Host set up

    Have a pre-configured O365 smtp host option, which includes all Exchange Online Protection IP address ranges. So we dont have to manually add in all of the reccomended ones from Microsoft

    https://docs.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.