XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enable/Disable Firewall rule

    It would good if you could enable/disable the firewall rule from the main list display, rather than having to click the "..." menu and then select disable/enable. Cyberoam could be enablde/disabled on the firewall rules list.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Static ARP Bulk upload feature is highly recommended

    Static ARP Bulk upload feature is highly recommended

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Nat on different Tab not on firewall rules

    Nat on a different TAB, like SG version,
    It will be great to use and categorize rules by selecting NAT SNAT,DNAT,1:1 NAT.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Please add the IPS Signature for CVE-2018-5924、CVE-2018-5925.

    This is a vulnerability in the HP printer. There are no Signature in XG Firewall, please add.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow IP Ranges larger than 255, Network larger than /24

    Allow IP Ranges larger than 255 and Network larger than /24 for Protected Servers in Business Application rules.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Data speed reduce after QOS limit

    Currently, Sophos has not limited data access on the firewall.
    No any rule on cyberoam for this.
    we need to set limit 1 GB data then after reduce the speed of bandwidth like jio.
    you can understand my problem and update your Cyberoam as per my requirement.
    we want set rule Data speed to reduce after QOS limit.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Block the internet sharing in client devices

    Need to block the internet sharing in client devices, users are sharing the internet from the laptop and bypass it on the mobile phones with applications.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. temporally firewall rule and then FW delete it

    Its very usefull if i can create a new User/Network rule temporally for certain Host. For example, some user in the network is being blocked with some Web categories, and they need to download some file (to work) from a blocked web page, for troubleshooting or helpdesk. So I create a user/network rule to this users without web filter or any app filter, but i have to delete this rule 1 hour later for example, or 5 minutes later, to avoid user has Internet without any restrictions.

    I think this feature of create a user/network rule for specific time and…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow upd port 500 forward on the bridge to use on device behind the firewall with public ip

    With other firewalls (fortigate) it is possibile to forward the upd port 500 to a device behind the firewall configured to use a public ip.
    With xg this port is not usable.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. MAC base DHCP

    Is it possible to implement the MAC base DHCP through. I am not talking about static DHCP. For example I have 300 MAC address these are only get IP in /24 subnet network range.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Online website to Upload Backup to check configuration

    It would be great if we had a online portal where we can upload any XG backup and check the configuration as it appears on a physical XG device. This will save us lots of time instead of searching for a physical compatible device.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. endpoint

    Better integration between XG and Endpoint beyond just heartbeat. e.g, logged on user can be passed to firewall for use in user-based rules.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Mouse over more details for firewall rules

    It would be great if less information was displayed in the list of firewall rules. However, a mouse over would show all the details of the firewall rule instead.

    For example, limit Source and Destination to just show Zones and not subnets, user groups, etc..

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Firewall Rules - Save filters

    Would be great if we can create filters for firewall rules and then save them as tabs on top of the firewall list view. For example, we can create a filter for source WAN zones called 'WAN'. Then a tab called WAN will appear next to the firewall tab.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. XG as a RADIUS server for External 2FA

    I'd like to use XG as a RADIUS server for 2 Factor authentication. Now we can use the XG for VPN, Portal access ect.ect all XG internally

    I'd like to have "external RADIUS" added for example use 2FA on Citrix of VMware Horizon or other networking equipment that can use radius authentication together with the XG's users and software tokens.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. IS-IS routing protocol support for XG Firewall

    It would be nice to get the IS-IS routing protocol for the XG Firewall.

    RFC1195

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Sophos Firewall Manager - Template Pushing

    When pushing a template, all types of configuration should not already be selected - you should have to select which items you want to push, rather than deselect those you do not want to push.
    Having all items pre-selected is more likely to cause issues from human error, overwriting config with portions of templates you don't wish to utilize/push to a device.
    It's a minor change that could make a big difference for our customers.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. browser based mac binding not available in xg 115. so should to upgrade with this features. it's only in client based authentication.

    browser based mac binding not available in xg 115. so should to upgrade with this features. it's only in client based authentication.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Zero Firewall Rule Traffic Counter

    Very simple, have an option to zero the traffic counter on a firewall rule.

    68 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. DNS RPZ Support: DNS Spam protection by Response Policy Zones

    Please extend Sophos XG FW by DNS RPZ FW option to filter spam and malicious domains similar to mail reputation system (e.g. via SpamHaus).
    See: https://dnsrpz.info/ "Domain Name Service Response Policy Zones (DNS RPZ) is a method that allows a nameserver administrator to overlay custom information on top of the global DNS to provide alternate responses to queries. It is currently implemented in the ISC BIND nameserver (9.8 or later). Another generic name for the DNS RPZ functionality is "DNS firewall"."

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.