XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Apply different load balancing condition for specific firewall

    Customer would like to have different load balancing condition for specific firewall rule created. For your assistance please. Thank You.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. TOR exit nodes as a WAN Source

    Please create and update daily the TOR exit nodes as a WAN Source network. Ideally we would want to block anything attempting to access, scan or interact with our WAN IP Space from such a risky source.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Bypass voucher login for specific host (MAC)

    I have third-party WiFi APs connected to a network port on Sophos XG firewall and hotspot/voucher defined on Wireless configuration. I have specific hosts that need to be able to authenticate/access Internet without voucher login. These specific hosts do not have web browser or capability to login with a voucher (example: PoS terminals) and hence the need to bypass login based on either MAC address or IP address by creating a firewall rule. However, this is not working and it forces the host to login.
    Ticket #9121971

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. nmap in XG Firewall

    Install nmap in XG devices would be very useful as it is in SG devices. Is that possible to do it in next releases?

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. DHCP flease for more than 30 days

    DHCP lease for more than 30 days, 30 days are not enough in some cases!!!

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. High availability between physical and virtual

    Allow high availability between physical machine and virtual machine in Sophos XG.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Vunerability Check Tool

    Hello.

    Today I miss a tool that verifies possible faults in the XG firewall, for example, browser exploit, vulnerability with control communication, zero day, download of infected files, among others.

    I believe that the development of this type of tool is important for an overview of the environment, regarding possible vunerabilities.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Port Triggering feature on Sophos Firewall

    Hello Sophos Team,

    We don't have feature of Port Triggering on Sophos Firewall, Can we have a feature on Sophos XG Firewall. It can help me solution over Ransomware,

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Proxy Auth without Active Directory

    Hello Sir,

    I needed a feature to authenticate users with Proxy Server, Like CC Proxy does.

    Therefore we can configure User Authentication of Terminal Server for Web Filter userwise without Domain Controller.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Better Captive Portal options where some websites are allowed without login

    Currently Captive Portal do not get open if we need to allow certain website for all the users in the network and block access to other website.
    Captive Portal should be available to all the users by default if he is part of the network .
    If a Rule 9 is allowed rule access to website for all users and in Rule 10 is to show users the Captive Portal then user gets the page of website blocked.
    Show captive portal to unknown users should available to all users if is not a part of any Allowed Group in the…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Sophos for non-IT users

    There is a desperate need in the world for sole proprietors and small business owners to get and use these great products. Non of the documentation is at the level where a massage therapist, lawyer, etc. can make any sense of it.
    These people may be small now but if you can grow with them you have an untapped market.
    I've been doing cyber compliance and have written info sec policies and done training for decades. I'm familiar with the nomenclature and basic concepts but even I can't seem to get this firewall installed. I can help with this with…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Diameter authentication on Sophos XG

    Most companies are now switching from radius to diameter authentication.

    When is Sophos going to add diameter authentication to their authentication method. Thanks

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Option to disable inactivity time out on web admin console.

    Customer wants to be able to view sophos XG dashboard on their SOC and the web GUI keeps timing out. can be have option to disable inactivity time out or to extend it to infinity.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. DHCP only serves known MAC addresses

    Additional feature request:- DHCP should only provide the IP address for those whose mac address is registered in the firewall.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Option to make XG visible to traceroute

    On UTM9 there was an option to enable "Traceroute visibility" but on Sophos XG (SFOS 17.5.5 MR-5 latest firmware version) there is not way to enable this feature.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Sophos XG to support VLAN 1 ID

    Hello Team,

    We have customer requesting for Sophos Firewall XG to support VLAN 1 ID as on UTM this is supported. For your assistance please. Thank You.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Advanced Threat protection reolve bad urls to Sophos IP Address

    Palo Alto has a wonderful feature called DNS Sinkholing( https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/threat-prevention/dns-sinkholing#) where infected machines on the inside network that send dns requests external for malicous urls can be easily identified. This is achieved by resolving bad urls to a Sophos Public IP address and then every internal machine trying to access this IP is known to be infected with malware. Currently with Advanced Threat protection we can only see these DNS requests from the internal DNS server and not the end device which makes tracking down infected machines a much greater task.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. DHCP for IPSec, SSL-VPN static IP for user, capacity for adding more lease ranges or duplicate settigs for SSL VPN

    DHCP for IPSec,
    SSL-VPN static IP for user,
    capacity for adding more lease ranges or duplicate settigs for SSL VPN

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. FAILOVER - Time delay before reverting to ensure link stability

    In case we have automatic failover set and the primary link gets down, Sophos XG would change routes to the secundary link. So far all good. However, sometimes this main link is still facing problems and will get down again very soon. This instability will cause problems to the users.

    It would be good to have an option to set the time the primary link would become the main link again after it gets down. For example, only after 5 minutes the main link being up it would replace the secundary link.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Automatic Blacklisting and Reporting of Intruders

    Linux has a program called Fail2Ban which can monitor various system logs for events like failed login attempts and then act on those events by doing things like create black list entries in the firewall to block that IP address from accessing the firewall for a configured time period or semi-permanently. It also has the ability to notify the website https://www.abuseipdb.com/fail2ban.html of the intrusion. It would be very nice if Sophos could implement this or something similar in the XG.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.