XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Static route monitoring/tracking for failover

    Sophos XG has the function to configure static route, but when two routes are configured for the same subnet with different metrics, it does not understand when to do the failover and to go to the larger metric.
    What draws attention is that it is possible to configure, but it does not work.
    Our suggestion is that we can configure static routes with probe so that XG can understand when to disable a static route and forward the packets to another static route with a larger metric

    19 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Show preshared key in IPSec

    In previous firmware we used to be able to show the existing preshared key in the IPSec configuration but this option appears to have been removed. Can it please be reinstated?

    18 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Show PPPoE password

    Can we please have an option to show the current PPPoE password in the Network configuration section?

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Pagination Options for Clientless Users Dashboard

    It would be great to be able to display more Clientless Users within the Clientless Users screen. When dealing with large ranges it becomes tedious to alter the status of say an entire /24 worth of users.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Clientless User - Distinguish Between "Enabled" and "Active"

    When using the Clientless User feature "Active" really just means "Enabled" and it shows up within the Active Users section in the dashboard. What would be really helpful is to know the actual "Active" users and not just the "Enabled" users. We use Clientless Users to define several DHCP ranges, and in the dashboard it looks as if every IP is active, which isn't true. There is just an "Enabled" use associated with it.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Enabled Clientless User Upon Creation When Adding Range

    We have a small college campus and several /24 networks full of IoT devices that aren't managed by our organization.

    Currently if you use the "Add Range" feature you have to go back through and "Activate" all created users which becomes tedious very quickly. It would be nice to add an option to enabled all users upon creation when using the "Add Range" feature.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Modify Recommended Action on IPS signatures

    Allow the user the ability to modify the Recommend Action setting for system-defined IPS signatures.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow the ability to download\manage Snort rulesets

    There is a plethora of Snort rulesets that should be of great value to XG users but implementing these at present seems horribly difficult.

    Snort users have a lot of flexibility in terms of managing the rulesets within the application - it would be great to have more of that here as well.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. 17 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. IKE v2 remote access support

    Now in firmware v17 there is support for IKE v2. But it is still not possible to use it for remote access.

    25 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Data Loss Prevention for web & apps

    Request for adding a "Data Loss Prevention " feature in XG Firewall

    Dear Developer Team,
    We should permit users to login a public Webmail, Public Cloud Storage or Social Media, but i don't want to permit to attach/upload data OR i can permit to upload a specific file size, In this way i can block a possible disclosure of corporate DATA.

    I hope you will consider this & will get soon this feature in upcoming firmware.

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. User DNAT Rules

    We have a requirement to force all outbound DNS requests to particular IP's. But we cannot create a DNAT rule to do this on the XG, even under SFOS 17.0.0 GA. The DNAT has to be an IP and cannot be a network, can this be changed to allow networks, ideally ANY?

    Thanks,
    Nick

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Show IPsec Connection Detail for ReadOnly-user

    With a RO-user this user can only see if the tunnel is up or down, not the "Connection Detail" with all connected networks. The Connection Detail page loads, but the user is not able to see any network.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add SNMP Service to Local Service ACL Exception Rule

    I am requesting this feature after talking to support about trying to replicate functionality from Cyberoam OS to Sophos OS.

    In Cyberoam I had restricted SNMP access to a group of IP addresses on the WAN interface to allow the ISP to graph network traffic.

    I was able to achieve this in Cyberoam OS by using a WAN > LOCAL firewall rule. The LOCAL zone is not available in Sophos OS.

    One technician told me I could achieve this by making a WAN > WAN firewall rule? But I was later told that would not work.

    I noticed there is…

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. add gateway in a different subnet

    Multiple VPS and online server providers these days provide you with a gateway IP that is on a different subnet than the WAN IP. On pfSense, Forefront TMG and Untangle firewalls, I can add the gateway IP even when it's on a different Subnet, but on Sophos XG it's not possible which means you cannot use XG on any of those providers and you'll be forced to go for another solution.

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Modify behavior to suppress IPSEC Up Down notifications

    Hello Team,

    I'm requesting in behalf of the customer if we could be able to add feature under System>Administration>Notification Settings>IPsec Tunnel Up/Down to modify and select behavior to trigger alert notification

    Thank You

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Automate Active Directory synchronization

    Sophos should create a button with function to automatically synchronize the AD groups and users to Sophos devices, let all the manual tasks be easy for administrators or at least you should have a schedule task function for this action. With the SFOS 16.05.8 MR-8, we must manually do the importing after creating some new groups and users in Active Directory.

    12 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. IGMP proxy

    Instead of just static multicast routes. Allow to proxy all to another interface.

    Many other vendors have a function for IGMP Proxy

    36 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. AWS MarketPlace XG Firewall

    Hi,

    Right now, UTM 9.5 is available at AWS Marketplace.

    When will be available XG?

    Regards

    63 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Remove a DHCP lease

    Need to be option for remove DHCP lease IP address

    81 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.