XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. RBL type group can be used in Blocked client networks of Firewall rule.

    RBL type group can be used in Blocked client networks of Firewall rule.
    If the user's email password is leaked, the hacker will use the managed host to connect to the mail server. Most of these hosts come from low-reputation IP addresses, so we can deny connection requests from these low-reputation IPs in the business policy.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Wi-Fi URL Redirection and MAC address based managing

    I need to make a URL redirection for all Wi-Fi guest access once they are filling its details and submit the form they are enjoying internet access. Where I can make the following:-
    1. VLAN configuration: Wi-Fi port to be configured as a VLAN based URL redirection.
    2. Condition: Access to the internet based on the submit button inside the form.
    3. Use mac address criteria in case the same customer need to access the Wi-Fi in the next day he will don’t need to fill the form again.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Balance bandwidth option for QoS

    Currently there are two options - limit and guarantee. It'd be very interesting if there was an option to divide the available bandwidth between all users (so if you have 5 users and a 100mbit connection, each user would get 20mbit for himself). This would allow the network to be fast most of the time, while being able to cope with a high number of devices.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Request to have option to delete bridge interface

    Hello Team,

    We have customer here requesting to have option to delete bridge interface under Sophos XG, For your assistance please. Thank You

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Create an XG Firewall for home users

    Create an XG Firewall appliance for home users that competes with Bitdenders Box2, Cujo, RATrap, and so on.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. IPS Real time alerts

    The firewalls must: Notify the administrator in real time of any items requiring immediate attention. -[Requirement of PCI CP)

    31 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. QOS per interface or Gateway

    Can we please get some QOS functionality on a per interface or per Gateway option,

    We have a lot of customers that have multiple links with different speeds, it is currently difficult to manage this with the current QOS functionality.

    I see a lot of other feature requests for QOS but none that cover this topic.

    Thank you

    20 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. i need to enable load balancing between 2 isp where having 3 isp

    i need to enable load balancing between 2 isp where having 3 isp

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Ability to not have local data transmission count as data used on voucher quotas.

    Right now it would appear that data used by voucher users even for local traffic, affects their qouta balance, so if a voucher is for 1 Gig, if the voucher user consumes only local traffic, not WAN data, it still affects the user's data usage. Personally don't think it should be that way, or at least have the option to not have it affect the voucher balance.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Include zabbix agent in XG Firewall

    I would like to suggest the deployment of zabbix agent on Sophos XG equipment, the suggestion is due to the need we currently have to monitor some XG, which are working as brigde and do not have access when the origin is the internet, with the possibility of zabbix agent. we could configure it to send the information to our server in SOC, regardless of the outgoing IP.

    Briefly have the option of active and passive work.

    https://www.zabbix.com/documentation/3.0/en/manual/distributed_monitoring/proxies

    Gostaria de sugerir a implementação do agente do zabbix nos equipamentos Sophos XG, a sugestão é devido a necessidade que temos atualmente…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Sandstorm progress page

    Would be awesome to be able to see the progress of a scan from the users perspective instead of a dead screen and then have to guess when the scan is done.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. IPS Signature details

    It is good to provide more details to an IPS signatures directly from the IPS policies/signature. This was found in Cyberoam last time but not available in Sophos.

    This is useful for the security admin to find a resolution to the "attack" rather than only bypassing it, without knowing what is going on.

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. IP-based access controls for l2tp and pptp to limit unwanted login attempts

    Today, it is quite possible to brute-force attack L2TP and PPTP as there is no way to drop incoming requests based on IP, geo or any other variable.

    I would like the ability to assign a network rule (or equivalent) that drops requests for such features before entering the firewall, before reaching authentication. Much like ACL exceptions for device access does.

    This is not possible today, and we have to contend with miles of logs with login requests and tries from far away, just probing for passwords.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Bypass IPS

    Give us a way to bypass the IPS based on source and/or destination. We have clients who pay for vulnerability scanning, pen-testing, web app auditing, etc. and currently there is no way to bypass the IPS if the rules are numerous without duplicating each rule where the first rule has the IPS turned off.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Static ARP Bulk upload feature is highly recommended

    Static ARP Bulk upload feature is highly recommended

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Block the internet sharing in client devices

    Need to block the internet sharing in client devices, users are sharing the internet from the laptop and bypass it on the mobile phones with applications.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Temporary firewall rules with expiry time

    Its very usefull if i can create a new User/Network rule temporally for certain Host. For example, some user in the network is being blocked with some Web categories, and they need to download some file (to work) from a blocked web page, for troubleshooting or helpdesk. So I create a user/network rule to this users without web filter or any app filter, but i have to delete this rule 1 hour later for example, or 5 minutes later, to avoid user has Internet without any restrictions.

    I think this feature of create a user/network rule for specific time and…

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow UDP port 500 forward on the bridge to use on device behind the firewall with public ip

    With other firewalls (fortigate) it is possibile to forward the upd port 500 to a device behind the firewall configured to use a public ip.
    With xg this port is not usable.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. DHCP: Ability to allow/block leases by MAC

    It would be good to be able to create lists of authorized or blocked MACs and apply them to DHCP server definitions.

    The problem with MAC-based access controls right now is that an unauthorized device still gets a DHCP lease and is only blocked by the firewall when it tries to connect. This uses up leased addresses unnecessarily.

    19 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Online website to Upload Backup to check configuration

    It would be great if we had a online portal where we can upload any XG backup and check the configuration as it appears on a physical XG device. This will save us lots of time instead of searching for a physical compatible device.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.