XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. add gateway in a different subnet

    Multiple VPS and online server providers these days provide you with a gateway IP that is on a different subnet than the WAN IP. On pfSense, Forefront TMG and Untangle firewalls, I can add the gateway IP even when it's on a different Subnet, but on Sophos XG it's not possible which means you cannot use XG on any of those providers and you'll be forced to go for another solution.

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Modify behavior to suppress IPSEC Up Down notifications

    Hello Team,

    I'm requesting in behalf of the customer if we could be able to add feature under System>Administration>Notification Settings>IPsec Tunnel Up/Down to modify and select behavior to trigger alert notification

    Thank You

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Automate Active Directory synchronization

    Sophos should create a button with function to automatically synchronize the AD groups and users to Sophos devices, let all the manual tasks be easy for administrators or at least you should have a schedule task function for this action. With the SFOS 16.05.8 MR-8, we must manually do the importing after creating some new groups and users in Active Directory.

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. IGMP proxy

    Instead of just static multicast routes. Allow to proxy all to another interface.

    Many other vendors have a function for IGMP Proxy

    35 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. AWS MarketPlace XG Firewall

    Hi,

    Right now, UTM 9.5 is available at AWS Marketplace.

    When will be available XG?

    Regards

    63 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Remove a DHCP lease

    Need to be option for remove DHCP lease IP address

    77 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Bind multiple IPs on single MAC

    Allow bind multiple IPs on single MAC between different DHCP networks. We have some scenarios that need this feature and it would be very important to Sophos allow that.

    35 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow MAC binding feature on Individual User

    Allow MAC binding feature on Individual User. Cyberoam had the MAC binding features , where i can bind the single user to its MAC id for authentication.

    17 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow firewall rule Summary to be copied to the Clipboard

    In XG firewalls, allow firewall rule Summary to be copied to clipboard. We would like to use the rule summary in our documentation.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. GRE tunnel support for Policy base routing feature.

    The Sophos XG firewall GRE/IPsec VPN could not supported Policy Base Routing. It will get some GRE tunnel lost traffic for the specific routing on the links from the Peer GRE tunnel of the Firewall.

    12 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Local Service ACL Exception Rule default action

    Please change the default action in the Local Service ACL Exception Rules from drop to allow.
    I already locked out myself twice. Makes now sense to me that this is drop from default.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Better configuration for many to many masquerading NAT

    XG allows to masquerade an internal network with an IP range. To works fine it need a valid Alias address configured on the out interface (valid ip = ip in the masquearding range). So if we create a range of 200 IP we MUST define all 200 ip on the out interface. This is a feature needed in different scenarios such as a primary gateway with authentication or a network overlap ...

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Load Balancing Ratio - Usage of % instead of numbers

    Gateway Load Balancing accepts number and if you have more than 2 gateways, finding the ratio number can be challenging. Using percentage is less confusing and more simple to use.
    Thanks

    47 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Custom Name on SSLVPN Profile

    On the XG Firewall is not possible to change the Profilename for the Remote SSL-VPN. Profilename is always "usernamesslvpnconfig". Please add the possibility to change that like on the UTM with override hostname.
    I think, a field to customize the String "
    sslvpnconfig" would be better.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. VPN Connection Details list should work for large numbers of connections

    In IPSEC VPN connections with too many remote and local subnets you loose ability to see up/down status, when you click on "Connection Details" the list is blank rather than showing which networks are connected.

    I spoke with support and they confirmed the bug and asked me to submit a feature request. Can you please look into and repair this?

    Thank you!
    James

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. TLS 1.2 support for SSL VPN

    Currently TLS 1.2 is not supported for SSL VPN for SF-OS.

    Reference FR ID is NPM-264.

    We have a partner's firm that deals in Financial services and they are allowed to use only TLS.
    1.2 for SSL VPN due to compliance.

    43 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Support GRE even when XG is not the source of the tunnel

    GRE is not supported if XG is not the source of the tunnel. Very limiting feature in some big installation where other Appliances support GRE and need to be kept. XG should support GRE in any condition.
    Thanks

    19 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. IPS: Custom Categories based on keyword filters

    Currently IPS rules can only be selected via Category, OS, Risk or Target/Client. We need the ability to create custom categories, such as 'SMB' which would be triggered off keywords. This would allow us to get newly added signatures automatically to our custom categories, rather than creating an entirely new IPS rule with a brand new search for 'SMB' every update.

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. MAC binding with captive portal

    Need Mac bounding with captiportal and auto mac find option. if you implement the option bound with First mac use of user its so convenient for all user

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Disable virtual mac address in HA mode

    Running the Sophos XG firewall in high availability mode in a virtualized environment (where virtual MAC addresses are not supported) is currently not possible. Please implement a feature to disable the usage of virtual MAC addresses (similar to what the UTM does when using the command 'cc set ha advanced virtual_mac 0'.

    Thanks.

    14 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.