XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Mouse over more details for firewall rules

    It would be great if less information was displayed in the list of firewall rules. However, a mouse over would show all the details of the firewall rule instead.

    For example, limit Source and Destination to just show Zones and not subnets, user groups, etc..

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Firewall Rules - Save filters

    Would be great if we can create filters for firewall rules and then save them as tabs on top of the firewall list view. For example, we can create a filter for source WAN zones called 'WAN'. Then a tab called WAN will appear next to the firewall tab.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. XG as a RADIUS server for External 2FA

    I'd like to use XG as a RADIUS server for 2 Factor authentication. Now we can use the XG for VPN, Portal access ect.ect all XG internally

    I'd like to have "external RADIUS" added for example use 2FA on Citrix of VMware Horizon or other networking equipment that can use radius authentication together with the XG's users and software tokens.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. IS-IS routing protocol support for XG Firewall

    It would be nice to get the IS-IS routing protocol for the XG Firewall.

    RFC1195

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Sophos Firewall Manager - Template Pushing

    When pushing a template, all types of configuration should not already be selected - you should have to select which items you want to push, rather than deselect those you do not want to push.
    Having all items pre-selected is more likely to cause issues from human error, overwriting config with portions of templates you don't wish to utilize/push to a device.
    It's a minor change that could make a big difference for our customers.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. browser based mac binding not available in xg 115. so should to upgrade with this features. it's only in client based authentication.

    browser based mac binding not available in xg 115. so should to upgrade with this features. it's only in client based authentication.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Zero Firewall Rule Traffic Counter

    Very simple, have an option to zero the traffic counter on a firewall rule.

    74 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. DNS RPZ Support: DNS Spam protection by Response Policy Zones

    Please extend Sophos XG FW by DNS RPZ FW option to filter spam and malicious domains similar to mail reputation system (e.g. via SpamHaus).
    See: https://dnsrpz.info/ "Domain Name Service Response Policy Zones (DNS RPZ) is a method that allows a nameserver administrator to overlay custom information on top of the global DNS to provide alternate responses to queries. It is currently implemented in the ISC BIND nameserver (9.8 or later). Another generic name for the DNS RPZ functionality is "DNS firewall"."

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Request to support Verizon network for USB dongle under XG

    Hello Team,

    We have customer here requesting to support Verizon network for USB dongle under XG.
    As Verizon, unable to see Sophos XG on their end when they connect dongle with verizon network

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. IPsec NAT

    IPsec NAT: we need the possibility to NAT several local subnets to only one NAT-address and not 1 local subnet to 1 NAT-address. So that the remote peer has to configure only one ip-address as remote subnet.

    This is still working with an unsupported workaround. One snat firewall rule translates all our subnets to one ip-address which is part of "Local Subnets" in the affected ipsec connection. To get routes and snat working correctly, we've added an ipsec_route on xg CLI.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Public Access Need To Be Secure

    Hello Team,
    I have install XG 135 firewall to secure my network but my firewall is not secure yet, after enabling wan access my firewall then any budy can hack my firewall so take it seriously heir should be any advance login procedure like throw OTP or any other way.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Deep SSH inspection

    Much like SSL inspection, Sophos should integrate SSH inspection for additional protection layers.
    For instance, inspecting and scanning the following SSH protocol features: Exec, Port-Forward, SSH-Shell, X11-Filter. This should scan for all SSH-like activity, not exclusive to the standard SSH port.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Advanced Malware protection on the gateway

    A lot of other Network Security Appliances out there have advanced malware protection on the gateway itself, not needing endpoint software.

    Specifically, integration for this in:
    - Web Filtering (HTTP/HTTPS/FTP)
    - DPI scanning for malware (for ALL packets entering and exiting)
    - DNS protection (quite similar to how OpenDNS advertises "safe DNS")

    As such: Detection, blocking, tracking, analysis and remediation to protect against targeted and persistent malware attacks. On a full-scale, not simply just a Gateway AntiVirus, but a "Gateway AntiVirus and AntiMalware solution".

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. External Resources import

    We are waiting for an option where we can import external web category, IP address etc from the local text or URL.
    Some of the opensource platforms are giving realtime IP backlist as Spamhaus DROP.

    https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/103314/how-to-import-spamhaus-drop-live-ip-list-and-block-on-firewall

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. regarding security issue..i need a sms notification for following issue; 1.if my map ip or public is down i need a sms notification.

    regarding security issue..i need a sms notification for following issue;

    1.If my map ip or public is down i need a sms notification.
    2.Need sms notification for remote desktop connections [RTP]taken by guest or outsiders

    alert sms or otp which is possible to initiate can be given asap
    3.mapping two ip if any one ip get fails to connect

    MY APPLIANCE KEY;C48615236547-VCA7EQ

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. WAN Optimization

    We are waiting for a feature called "WAN Optimization" or "WAAS".

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. UTM like search in firewall policys

    UTM like search in firewall policys:

    Searching for used objects in the policys is an nightmare on the XG firewall. Please bring an UTM like serch, where you can type in, what you want to search and then all the policys with the serched object will be displayed.

    At the moment it is an nightmare, when you have several hundreds of rules and you want to find all rules for an specific object. And yes, in bigger companys you will have several hundred of policys.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Virtual Domain

    We are highly waiting for the Virtual Domain support on the XG firewall series as same as VDOM in other vendors.

    We lost four to five order due to lack of this feature.

    Regards,
    Deepak Kumar

    41 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Suggestion - Do a write up on Setting up a printer behind the firewall on the Lan side

    Suggestion - Do a write up on Setting up a printer behind the firewall on the Lan side

    I would like to see a simple write up on how to set up a printer

    to be safely accessible by other machines on the network. It is a really common that most offices need to do. I don't think it should be this difficult.

    The printer should allow prints and still be safe from intrusion.

    My specific instance is a brother lazer printer with a scan option. Which would need two way traffic.

    I might also suggest simple setups for or…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Port 80 and Port 443 is not blocked by the firewall

    In default configuration without any workaround Port 80 and Port 443 is not block;
    That behaviour is also there when you enable an explicit drop rule;

    Instead of blocking the traffic the XG Firewall says on both web Ports "Hello I´m a Sophos XG Firewall". The behaviour is the Proxy function and It is there by design.
    (The behaviour is also from outside)

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.