XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. HA: Gateway failback timeout configuration in firewall

    Hi,

    When the Active gateway comes back online, traffic should fail back to the Active gateway within specific timeout option in seconds like Gateway Failover timeout.

    There should be an option for Gateway Failback timeout.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Make outbound queries using DNS-over-https (DoH)

    DNS over HTTPS or DNS over TLS
    I know there is a feature request for DoT already but id like to add to that request by asking for the option to choose DoH or DoT?

    17 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Stick IP functionality for NAT Pools or any NAT rule

    Coming from a Juniper background, we have the functionality of "Sticky IP" (Junipers "Address-Persistent") for any NAT rule. In Sophos you can only do this if performing a load balance NAT to a webserver (KB:132277).
    It would be great to be able to do this in any NAT rule.
    Thank you

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Create and maintain a host group for all O365 services this can be updated with firmware updates?

    Create and maintain a host group for all O365 service IP's this can be updated with firmware updates?

    13 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Show firewall rule details in Intrusion Attacks report

    Information about the firewall rule should be displayed under Intrusion Attacks report.

    It will help to filter out allowed attacks in case if the IPS logs are not available.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. 1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow port forward of TCP and UDP in same rule

    So there's a limitation currently where if you're making a DNAT rule, and you want to change the destination port number, you can't forward ports from both TCP and UDP to the same server using the same rule.

    For example, I have an environment where RDP traffic from specific external public IP addresses is forwarded from one of my public IPs to an internal server (via DNAT). RDP uses both TCP 3389 and UDP 3389, but my users connect on a different port number (52389), which I need to forward an internal server on 3389.

    I can create services to…

    18 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Ability to apply UTM filters on traffic from Discover Interface so to create a report for POC

    Discovered traffic from Discover interface could be made more meaningful by applying web and application filters so to get some meaningful UTM reports not just application visibility for the new customer who wants to check the UTM capability of device before buying OR before device goes to inline production environment.
    Fortigate has some nice way with one-arm sniffer interface and sniffer firewall policy.
    It would definitely help sophos gaining more customers while doing POC

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Zone Groups

    It would be good to be able to build zone groups in a similar fashion to IP host groups, FQDN groups, service groups, etc. This would allow rules to include multiple zone sets quickly.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Two factor authentication for Active Directory synched under XG

    Hello Team,

    We have customer here requesting to have Two factor authentication for Active Directory synched under XG. For your assistance please. Thank You.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Auto-Quarantine devices that use proxy/bypass software

    For the people who using proxy tool to bypass the firewall , i hope that there an option to quarantine the ip who is using the proxy tool automaticlly .
    Like psiphone .

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Sophos Home Guard Hardware for (Home Users)

    i have idea for new hardware Called Sophos Home Guard It can connected to router to protect all connected devices (IOT) for (Home Users) it contain Firewall,web protection traffic watcher and more

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Overide Hostname - Multiple Hostnames/IP's

    To have the possibility of put multiple IP's on the "Override Hostname" configuration.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Firewall rules: Group of groups

    To have the possibility of create a group of groups. If I want to separate Business Rules in groups ordered by services, it would be helpful to put the groups of Business Rules in a group, in order to do not confuse Business Rules with Network/User Rules.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Choose interface IPs for built in services

    The XG does not allow the ability to choose which IP interface a built in service like VPN/IPsec and the SPX portal bind to. For example, I have a /24 public IP range, and in order for a NAT to function for outgoing traffic, I'm required to create an aliased IP address on the WAN link. Each and every aliased IP responds to requests on UDP 500 as the following (via namp or the nessus vulnerability scanner): 500/udp open isakmp StrongSwan ISAKMP.

    The fact that there may be rules in place in the VPN configuration to limit who can actually…

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Use host objects in route definitions

    Ability to use IP Host names (Console --> System --> Hosts and Services) in creating routes and gateways (Console --> Configure --> Routing).

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. RBL type group can be used in Blocked client networks of Firewall rule.

    RBL type group can be used in Blocked client networks of Firewall rule.
    If the user's email password is leaked, the hacker will use the managed host to connect to the mail server. Most of these hosts come from low-reputation IP addresses, so we can deny connection requests from these low-reputation IPs in the business policy.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Wi-Fi URL Redirection and MAC address based managing

    I need to make a URL redirection for all Wi-Fi guest access once they are filling its details and submit the form they are enjoying internet access. Where I can make the following:-
    1. VLAN configuration: Wi-Fi port to be configured as a VLAN based URL redirection.
    2. Condition: Access to the internet based on the submit button inside the form.
    3. Use mac address criteria in case the same customer need to access the Wi-Fi in the next day he will don’t need to fill the form again.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Balance bandwidth option for QoS

    Currently there are two options - limit and guarantee. It'd be very interesting if there was an option to divide the available bandwidth between all users (so if you have 5 users and a 100mbit connection, each user would get 20mbit for himself). This would allow the network to be fast most of the time, while being able to cope with a high number of devices.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Request to have option to delete bridge interface

    Hello Team,

    We have customer here requesting to have option to delete bridge interface under Sophos XG, For your assistance please. Thank You

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.