XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. DHCP on XG updates DNS on Active Directory

    configuration of a DHCP on SOPHOS XG allowing to have the same possibility as the Microsoft DHCP that is to say
    to be able to dynamically update the DNS records located on my Domain Controller.
    The goal is to eliminate the DHCP relay.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow Surfing Quota to be scheduled

    I have realized that Network Traffic Quota cannot be scheduled to be in effect only during work hours and weekdays.Wouldn't it be nice if we had such flexibility?

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Firewall rule UI: Only show networks/devices relevant to the selected zone

    In Firewall Rules, when selecting an unique ZONE in "Source Zones", display only objects of this Zone in "Source Networks and Devices" and not all objects

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Change the value how long a spammer is being blocked

    The default value is 30 seconds. After that amount of time, a detected spammer source/dest is able to send packets again.
    How about a long/variable time and a blacklist, to manually add/delete spamming IPs?

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Use ASN in Firewall Rules

    I´d like to create objects for ASN Numbers and use that with Firewall Rules.
    I could Allow or Deny acess rules based in ASN.
    It´s not necessary to create a database like GeoIP. This information could be queried online.
    And this information could be used at Report to.

    Regards,

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Auto-enable packet capture for intrusion events

    Add the ability to turn on automatic packet captures for intrusion prevention and ATP events. This is something Palo Alto firewalls can do and it's very helpful to be able to drill right into an event in the log viewer and pull down the pcap.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Dear Sophos team Regd SD WAN Feature to be encorporated in Cyberoam and Sophos Firewall

    Dear Sohos Team,

    We system integrators deal in cyberoam and Sophos UTm.

    Request you to please Incorporate SD Wan feature in Cyberoam and Sophos UTM.As our clients are asking for same.

    This feature is already got incorporated in Fortigate starting level UTM. Pl do the needful as clients are asking for these feature.

    Pl call/mail me for same.

    Thanks,

    Yogesh N
    Technical Director
    Asian Infotel Pvt Ltd
    Mob:-09869031333
    India Mumbai.
    Email:-yogeshn@asian-associates.com.

    As our cust

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. OVPN

    Would like to see OpenVPN configuration file support eg. import a .OVPN file as a client connection

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. SYN/UDP DOS attacks should appear in reports

    If any user get internal / external attack on SYN or UDP protocol then it should be saved on the firewall reports, for reference to which user or external user is generated the attack, like IP address, country /graphical GUI location

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Asymmetric routing for directly connected network.

    Customer A:

    WAN-A1: 1.1.1.1 /24
    WAN-A2: 2.2.2.2 /24

    Customer B:

    WAN-B1: 1.1.1.5 / 24

    Issue: WAN-B1 : 1.1.1.5 connects to WAN-A2 2.2.2.2 , and this is not working.

    If Customer B connects from WAN-B1 to a virtual host on WAN-A2 (for instance a TCP connection to a webmail) ,
    the reply TCP packet came IN-bound on port WAN-A2 and goes out on port WAN-A1 with the IP of
    WAN-A2!! This is creating asymmetric routing. Which is not supported in CROS/SFOS.

    It seems flaw in L2 routing design for multi homed customer causing DDOS attack on the second WAN uplink gateway." …

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Private VLAN

    Currently the Sophos UTM / XG do not support Private VLAN's. This is a major security feature that is being used more and more often especially in virtualised environments with VDI's, DMZ's or even sensitive / untrusted local equipment at an office campus.

    With the addition of private vlan you can prevent these devices from communication with eachother. However Sophos does need to support this feature. Currently the virtual variants do support it thanks to VMware but the hardware variants do not.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Show full DUID in IPv6 Lease Table

    I would find it useful if under Configure -> Network -> DHCP -> IPv6 Lease, the table showed the complete DUID for the clients. The easiest method that I can find to create a static IPv6 address for a server or other client is to find it in this list then create the static IPv6. At the moment, only part of the DUID is shown making it impossible to copy and paste into the static lease table. To insert it into the static lease table I need to copy it out manually.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. WAN inbound Failover / block inbound traffic on Backup WAN

    Currently, inbound traffic is allowed on all WAN lines, the Active and even on the Backup WAN lines! This is unacceptable.
    Inbound traffic should only be allowed on the ACTIVE line, and be allowed on the Backup line ONLY when a failover occurs.
    The XG is advertising a Failover function that is in effet allowing Load Balancing. This is a problem for more costly backup lines that are as their name clearly says "Backup" lines, not to be used unless a Failover occurs. Unless a WAN link is Active, it should not be allowing traffic thru it!!
    This to me…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Sandstorm - FTP Scanning

    [Allow Sandstorm to scan FTP access]

    Allow sandstorm to scan FTP access; also allow FTPS interception for Sandstorm.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Use IP range for ssl vpn user remote access

    can not give the ip range for ssl vpn user access, only access by all network or particular host.
    Please check this features,

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. VPN Web portal

    In the industrial controls field we use devices such as the Phoenix Controls mGuard VPN router to allow remote access to internal networks via VPN. It works in a similar fashion to a RED device in that the router automatically creates a VPN to the cloud based system that the user then also creates a vpn connection to from their PC. The web based interface then allows the user to create a secure tunnel between their PC and the remote site. It would be great to see this kind of functionality on Central. If the XG could automatically create a…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Static route monitoring/tracking for failover

    Sophos XG has the function to configure static route, but when two routes are configured for the same subnet with different metrics, it does not understand when to do the failover and to go to the larger metric.
    What draws attention is that it is possible to configure, but it does not work.
    Our suggestion is that we can configure static routes with probe so that XG can understand when to disable a static route and forward the packets to another static route with a larger metric

    15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Show preshared key in IPSec

    In previous firmware we used to be able to show the existing preshared key in the IPSec configuration but this option appears to have been removed. Can it please be reinstated?

    16 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Show PPPoE password

    Can we please have an option to show the current PPPoE password in the Network configuration section?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Pagination Options for Clientless Users Dashboard

    It would be great to be able to display more Clientless Users within the Clientless Users screen. When dealing with large ranges it becomes tedious to alter the status of say an entire /24 worth of users.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.