XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Sophos Web Proxy needed to added as authentication without Active Directory

    Hello Sir,

    I needed a feature to authenticate users with Proxy Server, Like CC Proxy does.

    Therefore we can configure User Authentication of Terminal Server for Web Filter userwise without Domain Controller.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. captive portal

    Currently Captive Portal do not get open if we need to allow certain website for all the users in the network and block access to other website.
    Captive Portal should be available to all the users by default if he is part of the network .
    If a Rule 9 is allowed rule access to website for all users and in Rule 10 is to show users the Captive Portal then user gets the page of website blocked.
    Show captive portal to unknown users should available to all users if is not a part of any Allowed Group in the…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Sophos for non-IT users

    There is a desperate need in the world for sole proprietors and small business owners to get and use these great products. Non of the documentation is at the level where a massage therapist, lawyer, etc. can make any sense of it.
    These people may be small now but if you can grow with them you have an untapped market.
    I've been doing cyber compliance and have written info sec policies and done training for decades. I'm familiar with the nomenclature and basic concepts but even I can't seem to get this firewall installed. I can help with this with…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Diameter authentication on Sophos XG

    Most companies are now switching from radius to diameter authentication.

    When is Sophos going to add diameter authentication to their authentication method. Thanks

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Issue with Encrypted Backup File in XG Firewall

    Hi Sophos,
    I feel encrypted backup file feature on XG firewall which is inconvenience. Can you let this feature be optional on new firmware update?

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Can we have an option to disable inactivity time out on sophos XG firewall web admin console.

    Customer wants to be able to view sophos XG dashboard on their SOC and the web GUI keeps timing out. can be have option to disable inactivity time out or to extend it to infinity.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. AV Scanning DNAT

    We are using CR100ing device, when we create a virtual host(DNAT Rule), it create firewall rule automatically, it this automated created rule can enable av & as scanning on SMTP, SMTPS, FTP, HTTP, HTTPS, POP3, IMAP.
    But Know i just buy SOPHOS XG-210, this appliance does't have this feature. so Kindly work on that and resolve this issue asap.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. CAA User inactivity

    We would like to have the option to set the user inactivity per login method. We are trying to create a Zone that can only be accessed when the user authenticates with the Sophos Client Authentication Agent. We don't use STAS because we don't want the user to be logged in continiously. It it possible to set the Inactivity time for NTLM logins. Please enable the feature to also specifiy this time for users that are authenticated trough CAA.

    When setting the General Maximum session timeout, all users are being disconnected an the duration can not be any longer than…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. 1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. traceroute visible

    On UTM9 there was an option to enable "Traceroute visibility" but on Sophos XG (SFOS 17.5.5 MR-5 latest firmware version) there is not way to enable this feature.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Sophos XG to support VLAN 1 ID

    Hello Team,

    We have customer requesting for Sophos Firewall XG to support VLAN 1 ID as on UTM this is supported. For your assistance please. Thank You.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Hairpining

    Can automatic NAT hairpining be built into SFOS automatically like it is in UTM? Very frustrating to have to create hairpin rules in order to access published servers from behind the same XG firewall. The best solution I've found to date is to set the source zone as "any" on the business rule governing the DNAT for the published service, however, that masks the true source IP address for any device on the outside accessing that published service because the firewall translates the source to it's own IP address. That makes it impossible to filter and restrict access to some…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. DHCP for IPSec, SSL-VPN static IP for user, capacity for adding more lease ranges or duplicate settigs for SSL VPN

    DHCP for IPSec,
    SSL-VPN static IP for user,
    capacity for adding more lease ranges or duplicate settigs for SSL VPN

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. FAILOVER - Time for the primary link be the main link again after getting down

    In case we have automatic failover set and the primary link gets down, Sophos XG would change routes to the secundary link. So far all good. However, sometimes this main link is still facing problems and will get down again very soon. This instability will cause problems to the users.

    It would be good to have an option to set the time the primary link would become the main link again after it gets down. For example, only after 5 minutes the main link being up it would replace the secundary link.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Automatic Blacklisting and Reporting of Intruders

    Linux has a program called Fail2Ban which can monitor various system logs for events like failed login attempts and then act on those events by doing things like create black list entries in the firewall to block that IP address from accessing the firewall for a configured time period or semi-permanently. It also has the ability to notify the website https://www.abuseipdb.com/fail2ban.html of the intrusion. It would be very nice if Sophos could implement this or something similar in the XG.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Monitoring of Sophos XG210

    Dear Team,

    We want to monitor the all the parameters of Sophos XG 210 firewall.

    Parameter mainly include the Interface, Power supply, temperature etc.

    Could you please create the MIB / OID values for it then will help to monitor the system

    You can refer the case ID. #8792069

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Gateway failback timeout configuration in firewall

    Hi,

    When the Active gateway comes back online, traffic should fail back to the Active gateway within specific timeout option in seconds like Gateway Failover timeout.

    There should be an option for Gateway Failback timeout.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. DNS https

    DNS over HTTPS or DNS over TLS
    I know there is a feature request for DoT already but id like to add to that request by asking for the option to choose DoH or DoT?

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Stick IP functionality for NAT Pools or any NAT rule

    Coming from a Juniper background, we have the functionality of "Sticky IP" (Junipers "Address-Persistent") for any NAT rule. In Sophos you can only do this if performing a load balance NAT to a webserver (KB:132277).
    It would be great to be able to do this in any NAT rule.
    Thank you

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. 1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.