XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. whitelist exception for office 365 by default

    We've found that XG v17 and even some v16.5+ firmware breaks office365 activations, updates and downloads by Sophos' IPS/content filtering. The only way to get it to work is to go through the VERY long list to whitelist all the URL's to make it work. Office365 is a fairly widely used product for installations. Wouldn't it make sense to put in the exception's list (even if not enabled by default) in order to not have to do this for every firewall out there? Either that or fix the IPS/content filtering so that it stops tripping up on O365 updates and…

    17 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Request to Increase the Inactive time to UNLIMITED for Android and IOS web clients

    Dear Team,

    Present in XG210 (SFOS 17.1.2 MR-2) Firewall, for Android and IOS web clients maximum inactive time is limited to 1440 minutes. If any user is not connected to Network with in 1440 minutes,he automatically logged out from Network.

    Kindly Update this, Android and IOS web clients maximum inactive time to UMLIMITED As soon as possible.

    Thanking you,

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Device specific web filtering for XG as in SG firewall

    Allow web filtering policy based on device types - Chromebooks, IOS, MAC OS, among other device types including Windows and Linux. This was really very useful in SG firewall

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Lifestyle Says

    Lifestyle says brings you a plethora of fashion, health, travel, etc. for the ever young and vivacious you. Keep yourself updated on the recent trends and innovation in the Lifestyle sector. We let you live your life to the fullest, enjoying every moment.

    http://www.lifestylesays.com/

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. URL Rewrite

    I'd like the ability to rewrite a URL for outbound proxy connections.

    For example, this could be used to remove or inject a specific setting into the query string for specific websites.

    I believe this is similar to how search engine "Safe Search" is set/enforced, but this could be set for other websites as well.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Map IP Address to a user

    I'd like to ability to map an unauthenticated IP Address to a particular user.

    This could require the user to 'sign-in' the first time, and have the firewall 'remember' their device/static IP address, or it could be set manually in the firewall for an IP address/range/list.

    This would need to work transparently with other authentication methods, such as Active Directory

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. allow exclusions for certificate validation

    for Web Protection it would be good to have the option to download / exclude certificates for certificate Validation (Block invalid certificates in General Settings).
    the setting like we have in SWA is missing in XG: http://wsa.sophos.com/docs/wsa/webhelp/swa/tasks/ConfigGlobalPolCertValidAddFromWeb.html

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Web Block Tags

    When users see a blocked page it would be beneficial to see what group they belong to so that adjustments could be made quickly.

    Currently the only supported tags are: {user}{url}{category}

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. need require interface internet date, timing with speed wise report monthly

    need require interface internet date, timing with speed wise report

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. OCSP stapling

    OCSP stapling for the XG Webproxy.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Quota Time in actions (Policy Web Protection)

    add the option Surfing Quota in actions in the policies of the web protection as already exists in the UTM

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. DNS Web filter

    DNS Web filter would be a good add to Sophos XG.

    Reference:
    https://cookbook.fortinet.com/dns-web-filtering/

    19 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. logoff user

    We would like the ability to Log a user off by redirecting them to a web page / site.

    At present we are using http://sophos:8090/ to log a user on, but the ability to have a log out button and or feature of the same would be great.

    We are a school, so it helps from time to time.

    Thanks

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Privoxy functionality

    Privoxy is able to supress redirects that google is placing on their search results. OR redirects to analytcs sites.
    Blocking categories makes the search sites not usable.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Web Filtering Category with coinminer type website

    In asia so many bitcoin miner case.
    Taiwan was test target with many countrys.
    so many business customer want to detect inside or outside problem with miner attcked.
    but some miner website is normal and legal.
    Just hacking category can't include all miner webside, just only inlegal webside is not enough.
    Endpoint protection this product has application contral with miner type category.
    so why in XG can't do this?

    17 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. "Skip Logging" for Web Filter Exceptions

    It would be nice if there was the option to "Skip" Logging of specific web requests in the Web filter. For example, I see my logs spammed with certain domains, even if it's blocked, such as ( trouter.io ) and it's quite annoying to sort through.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Find missing certificate in reliable source, such as AIA fetching.

    SOPHOS could deploy in XG a way to locate the missing certificates on a trusted certificate site, otherwise we will have to manually add the CAs to firewall. This feature is possible in browsers thanks to the AIA fetching extension.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Policy change intimations

    I want to intimate my employees whenever the web or Application or traffic shaping policies changes. It has to come as pop-up for the first time login after policy changes.from the second time it should not to come.once they accepts the terms and conditions.

    Is it possible,where i can configure this?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. surfing quota

    Sophos XG's time based quota works on logon time and session. When a user logs on to a machine the session will start and the quota will be triggered.

    If a user has granted web surfing Quota of Daily 1 hour Cyclic and he logons his PC at 9:00 hrs then his quota will expired at 10:00 hrs whether he has used Internet or not.

    As per the support team this is not possible right now and suggested a feature request.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. A URL for people to sign out of captive portal

    Right now if keepalive is not used, if a user closes their preserved browser window there is no way for users to log out. There should be a URL that users can call to log out. This is also a problem when people use iPads or iPhones, which has a network detection utility, and a popup login window. there is no browser logout window that opens when using an apple device.. thus no way for people to logout.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.