XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. MAC authentication for SSL VPN

    Need MAC based authentication for SSL VPN connecting devices to enhance the security level and to protect the office network

    27 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Increased default IGMP group memberships Limit

    Currently Sophos has a limitation of igmp memberships limited by 20.
    In many projects with many BO, we need to manually increase this parameterization. In each update, I need to redo the process.
    Would it be possible to raise this limit by default?

    25 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. SMB bookmark should not require stored login credentials

    The Bookmarks for SMB should pass through the STAS credentials OR prompt the user for credentials to authenticate to the SMB share.

    Having to provide credentials in the bookmark is a security risk.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. SSL VPN server listening on both TCP and UDP

    SSL VPN server listening on both TCP and UDP and using a configurable port.
    Per User configuration if they connect using TCP or UDP.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. DHCP on XG updates DNS on Active Directory

    configuration of a DHCP on SOPHOS XG allowing to have the same possibility as the Microsoft DHCP that is to say
    to be able to dynamically update the DNS records located on my Domain Controller.
    The goal is to eliminate the DHCP relay.

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow Surfing Quota to be scheduled

    I have realized that Network Traffic Quota cannot be scheduled to be in effect only during work hours and weekdays.Wouldn't it be nice if we had such flexibility?

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Firewall rule UI: Only show networks/devices relevant to the selected zone

    In Firewall Rules, when selecting an unique ZONE in "Source Zones", display only objects of this Zone in "Source Networks and Devices" and not all objects

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Change the value how long a spammer is being blocked

    The default value is 30 seconds. After that amount of time, a detected spammer source/dest is able to send packets again.
    How about a long/variable time and a blacklist, to manually add/delete spamming IPs?

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Use ASN in Firewall Rules

    I´d like to create objects for ASN Numbers and use that with Firewall Rules.
    I could Allow or Deny acess rules based in ASN.
    It´s not necessary to create a database like GeoIP. This information could be queried online.
    And this information could be used at Report to.

    Regards,

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Auto-enable packet capture for intrusion events

    Add the ability to turn on automatic packet captures for intrusion prevention and ATP events. This is something Palo Alto firewalls can do and it's very helpful to be able to drill right into an event in the log viewer and pull down the pcap.

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Dear Sophos team Regd SD WAN Feature to be encorporated in Cyberoam and Sophos Firewall

    Dear Sohos Team,

    We system integrators deal in cyberoam and Sophos UTm.

    Request you to please Incorporate SD Wan feature in Cyberoam and Sophos UTM.As our clients are asking for same.

    This feature is already got incorporated in Fortigate starting level UTM. Pl do the needful as clients are asking for these feature.

    Pl call/mail me for same.

    Thanks,

    Yogesh N
    Technical Director
    Asian Infotel Pvt Ltd
    Mob:-09869031333
    India Mumbai.
    Email:-yogeshn@asian-associates.com.

    As our cust

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. OVPN

    Would like to see OpenVPN configuration file support eg. import a .OVPN file as a client connection

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. SYN/UDP DOS attacks should appear in reports

    If any user get internal / external attack on SYN or UDP protocol then it should be saved on the firewall reports, for reference to which user or external user is generated the attack, like IP address, country /graphical GUI location

    13 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Asymmetric routing for directly connected network.

    Customer A:

    WAN-A1: 1.1.1.1 /24
    WAN-A2: 2.2.2.2 /24

    Customer B:

    WAN-B1: 1.1.1.5 / 24

    Issue: WAN-B1 : 1.1.1.5 connects to WAN-A2 2.2.2.2 , and this is not working.

    If Customer B connects from WAN-B1 to a virtual host on WAN-A2 (for instance a TCP connection to a webmail) ,
    the reply TCP packet came IN-bound on port WAN-A2 and goes out on port WAN-A1 with the IP of
    WAN-A2!! This is creating asymmetric routing. Which is not supported in CROS/SFOS.

    It seems flaw in L2 routing design for multi homed customer causing DDOS attack on the second WAN uplink gateway." …

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Private VLAN

    Currently the Sophos UTM / XG do not support Private VLAN's. This is a major security feature that is being used more and more often especially in virtualised environments with VDI's, DMZ's or even sensitive / untrusted local equipment at an office campus.

    With the addition of private vlan you can prevent these devices from communication with eachother. However Sophos does need to support this feature. Currently the virtual variants do support it thanks to VMware but the hardware variants do not.

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Show full DUID in IPv6 Lease Table

    I would find it useful if under Configure -> Network -> DHCP -> IPv6 Lease, the table showed the complete DUID for the clients. The easiest method that I can find to create a static IPv6 address for a server or other client is to find it in this list then create the static IPv6. At the moment, only part of the DUID is shown making it impossible to copy and paste into the static lease table. To insert it into the static lease table I need to copy it out manually.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. WAN inbound Failover / block inbound traffic on Backup WAN

    Currently, inbound traffic is allowed on all WAN lines, the Active and even on the Backup WAN lines! This is unacceptable.
    Inbound traffic should only be allowed on the ACTIVE line, and be allowed on the Backup line ONLY when a failover occurs.
    The XG is advertising a Failover function that is in effet allowing Load Balancing. This is a problem for more costly backup lines that are as their name clearly says "Backup" lines, not to be used unless a Failover occurs. Unless a WAN link is Active, it should not be allowing traffic thru it!!
    This to me…

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Sandstorm - FTP Scanning

    [Allow Sandstorm to scan FTP access]

    Allow sandstorm to scan FTP access; also allow FTPS interception for Sandstorm.

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Use IP range for ssl vpn user remote access

    can not give the ip range for ssl vpn user access, only access by all network or particular host.
    Please check this features,

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. VPN Web portal

    In the industrial controls field we use devices such as the Phoenix Controls mGuard VPN router to allow remote access to internal networks via VPN. It works in a similar fashion to a RED device in that the router automatically creates a VPN to the cloud based system that the user then also creates a vpn connection to from their PC. The web based interface then allows the user to create a secure tunnel between their PC and the remote site. It would be great to see this kind of functionality on Central. If the XG could automatically create a…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.