XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. XG web proxy CRL checking

    Please implement certificate revocation list (CRL) checking for the XG web proxy.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow web filtering exceptions to use the referrer field as well as the URL field

    Found this idea suggestion in the UTM but this would be very useful in the XG as well.

    https://ideas.sophos.com/forums/17359-sg-utm/suggestions/18539521-allow-web-filtering-exceptions-to-use-the-referrer

    This would allow you to create an exception for lets say a page that is not working due to ads on the site but with the referrer it would allow the site to be used.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Enhancements to Web Policy Overrides

    The "Web Policy override" is a welcome addition to Sophos XG, however I believe that there needs to be more options to enable admins to effectively control when these overrides are active and how they are implemented.

    I think Admins should be able to remove the "Allowed website categories" option so staff can only enable specific domains.

    Instead of the "Restricted to time periods" option i would prefer it if we could allow staff to select a start date and time, and pick from an admin controlled list of durations for the override (e.g. staff could set an override to…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Better integration of eDirectory

    At present, eDirectory integration is very weak to the point of being unusable. Why?


    • Group membership cannot be imported from eDirectory but has to be manually assigned for EACH and EVERY user who is not supposed to be a member of the default group. The fact that this is not implemented is so surprising that it took even Sophos support a long time of treating this as an incident until they finally told me "It's not a bug,feature is simply not implemented." (case #7928200; case opened on 19.02.2018;case closed on 15.05.2018).


    • The manually assigned group membership does not even survive…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Safeguarding

    Safeguarding reports to meet prevent duties and keywords monitoring preconfigured.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Automatic FQDN and Web exceptions for Office365 based on Microsoft published lists

    We've found that XG v17 and even some v16.5+ firmware breaks office365 activations, updates and downloads by Sophos' IPS/content filtering. The only way to get it to work is to go through the VERY long list to whitelist all the URL's to make it work. Office365 is a fairly widely used product for installations. Wouldn't it make sense to put in the exception's list (even if not enabled by default) in order to not have to do this for every firewall out there? Either that or fix the IPS/content filtering so that it stops tripping up on O365 updates and…

    17 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Request to Increase the Inactive time to UNLIMITED for Android and IOS web clients

    Dear Team,

    Present in XG210 (SFOS 17.1.2 MR-2) Firewall, for Android and IOS web clients maximum inactive time is limited to 1440 minutes. If any user is not connected to Network with in 1440 minutes,he automatically logged out from Network.

    Kindly Update this, Android and IOS web clients maximum inactive time to UMLIMITED As soon as possible.

    Thanking you,

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Device-type policies for Web filtering

    Allow web filtering policy based on device types - Chromebooks, IOS, MAC OS, among other device types including Windows and Linux. This was really very useful in SG firewall

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Localization for end-user notifications/block pages

    I would like to be able to customize the page when the site is unavailable.
    Today we can only customize page blocking and alert, but when the site is off the air does not.
    As the message is in the English language, Brazilian users are confused thinking that the site is blocked, and open calls denning IT.
    I wish I could change this message to the Portuguese language.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. URL Rewrite on outbound web requests

    I'd like the ability to rewrite a URL for outbound proxy connections.

    For example, this could be used to remove or inject a specific setting into the query string for specific websites.

    I believe this is similar to how search engine "Safe Search" is set/enforced, but this could be set for other websites as well.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Additional substitution variables in block page templates - User Group

    When users see a blocked page it would be beneficial to see what group they belong to so that adjustments could be made quickly.

    Currently the only supported tags are: {user}{url}{category}

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. DNS Web filter

    DNS Web filter would be a good add to Sophos XG.

    Reference:
    https://cookbook.fortinet.com/dns-web-filtering/

    25 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. "Skip Logging" for Web Filter Exceptions

    It would be nice if there was the option to "Skip" Logging of specific web requests in the Web filter. For example, I see my logs spammed with certain domains, even if it's blocked, such as ( trouter.io ) and it's quite annoying to sort through.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Automatically fetch certificates when website provide incomplete chain

    SOPHOS could deploy in XG a way to locate the missing certificates on a trusted certificate site, otherwise we will have to manually add the CAs to firewall. This feature is possible in browsers thanks to the AIA fetching extension.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Policy change notifications to end-users on login

    I want to intimate my employees whenever the web or Application or traffic shaping policies changes. It has to come as pop-up for the first time login after policy changes.from the second time it should not to come.once they accepts the terms and conditions.

    Is it possible,where i can configure this?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add support for RTMP/RTMPT/RTMPS over Web proxy

    RTMP/RTMPT/RTMPS failed to connect or not working with Allow all and Scanning.

    It is not supported with XG proxy as of now and need to add URLs or server IP under exception to connect with streaming server.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Import URLs in Exception

    In Web Protection Exception, we can not add more than 128 URLs and also there is not option to import. It is tedious job to enter so many URLs for exception.

    One may ask what is the need to make exception for such a large number of URLs, I got stuck in getting the Windows 10 Upgrade and the Support team gave me the list of URLs to add in exception, that is where I faced this issue.

    It'll be helpful in such scenarios where there is a large number of URLs to bypass.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Block tracking pixel and other beacons

    Enable the firewall to block the (currently 1x1) pixels used for tracking. Expand with other web beacons.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Custom HTTP header injection

    Option to inject custom header on specific ip or fdqn

    Please will be a great option for restriction in today's world of SAAS.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. 28 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.