XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. More predefined Web Protection Exceptions

    Especially when using HTTPS decryption, but also the AV Scanning itself causes at lot of web services / sites and apps to break. It would be nice if Sophos provided more predefined exceptions that can be enabled as needed. Even if this is not directly implemented to the XG firmware itself, it would be nice if Sophos took the initiative to provide a central collection point for known issues with this e.g. a KB Site that has lists of commonly used exceptions to fix certain issues.

    With HTTPS Decryption enabled there's plenty of stuff that breaks:
    GoToMeeting, Zoom, TeamViewer, RMM…

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. QOS application and web category profile functionality

    Hello,

    If it were possible, create QOS profiles that could be put to the user group or the firewall firewall rule. These profiles would contain the web and application categories inside, being possible to set different QOS for each application or WEB category. So we could limit the speed of a video from youtube to a user who is in a profile of qos and to another that is in another profile could get more speed. The idea would be not only to be global the configuration.

    That would be a great differential for the tool. The QOS configuration is…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Better categorisation of websites

    There needs to be better categorisation of websites. Currently we have to block the "Entertainment" category in school because a lot of illegal movie streaming sites are categorised under this category. There should either be another category made for "Illegal media download/streaming" or they should at a bare minimum be categorised as "Video Hosting"

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Web Filter should log if a transaction is decrypted or not

    Insert a column in the logviewer to indicate if a page is decrypted for https when "Decrypt & Scan HTTPS" is on.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. URL feedback enhancement

    On your support site please give us the abitlity to see how websites are categorised:
    https://secure2.sophos.com/de-de/support/contact-support.aspx

    Now it is only possible to send a url sample for a certain url. It would be better if you can make an url lookup to see how specific sites are caterorised.

    It should be possible similar to the mcafee trusted source site when you search for a specific url:
    https://www.trustedsource.org/

    This would make the admins life way easier to commit url samples.

    27 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Do not auto-expand Default Web policy

    Web filter Default policy comes auto-expanded whenever we click on protection - Web.

    This is annoying as every time we need to shrink it and go to our required.

    Also, there is no filter option to search policy while such filter option given in application policy.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Web or App categories for Office 365 and Suite

    Create New web category and application category for only Microsoft office 365 and Google business to make it easier to allow it directly without the need to create it manually

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add "Top bandwidth users" and "Top bandwidth destinations"

    Can you add Top Bandwidth Users and Top Bandwidth Destinations to the dashboard or someplace easy to access?

    39 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Web: Blocking based on keywords in URLs

    Can you please add the ability to block based on keywords. This feature is extremely useful when attempting to sell to a school or charity, or any organization.

    This feature is available in SG UTM.

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. XG Firewall allow only specific youtube channel

    As what I observe during our POC on client. They want to allow the specific channel of their own youtube account and block other sites. Other competitors of Sophos don't have any features also on to this.

    Purpose: users can access only their channel videos on youtube

    Thank you in advance Sophos Team!

    16 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Download and scanning progress in batch mode

    In Batch scanning mode under Web>protection you don't see any Progress like with UTM.
    Please add this feature!

    28 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Guest access registration option on captive portal

    Please add guest access menu on captive portal like UTM 9

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Captive Portal Session Timeout

    Bring back the captive portal session timeout like UTM 9, in XG if closing the window after login is the same as logout.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Pharming protection - Exception possibility

    it's not possible to create an exception on Pharming protection (Web --> Protection --> Advanced Settings).
    The default enabled function let you "Protect users against pharming and other domain name poisoning attacks by repeating DNS lookups before connecting."

    We were unable to get a vpn tool called "SSL network extender" working (to support a customer). The solution was to disable the Pharming protection completely.

    57 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. WEB: restrict proxy access between internal subnets

    Currently the web proxy allows you to access anything the Sophos can access. This means is you have multiple segments of trusted and untrusted traffic on the same XG that both the trusted and untrusted devices can access the content of each network using the proxy.

    Please make an option where hosts and subnets can be denied for specific filter rules.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Make Web Proxy User Notifications fully customizable

    Being able to fully customize the user notifications (displayed to the user when browsing blocked or warned pages, for example (PROTECT --> Web --> User Notifications --> Message for Warn Action )) is desirable, e.g for purposes of translating the pages. The possibility to use templates with variables would be greatly appreciated.

    35 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow regular expression matches on URLs in Web Policy

    The ability to be able to use regular expressions to match URLs in the Web Policy, not just in Web Exceptions.

    This was possible with SG UTM.

    43 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. WebSocket

    Websocket.

    IETF standard. Used by real-time comms on webpages.

    DESPERATELY needed. HTTPS Decrypt and Scan basically kills it. Please fix!

    44 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Inspection of QUIC traffic

    It appears that currently QUIC traffic (UDP port 80/443) are not categorized by the web filter. Users seem to be able to access YouTube and other Google sites without any of their traffic being inspected.

    29 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. True Network DLP

    DLP works quite well on Email but it is time to implement it even on Web. I would like to be able to know what my users are uploading to Cloud, DropBox and Webmail and decide to stop and log or log only. Also VPN client should be able to talk with XG and scan what users download from the company to their pc and block unauthorized content.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.