XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow outgoing emails to be signed with DKIM

    Include the possibility of signing outgoing emails using DKIM for all or only selected email domains as in UTM9

    268 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    46 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Block entire email when attachment is blocked

    Currently when email file type attachment was blocked, the recipient still received the email with filtered added in the subject.
    Why can’t the XG just blocked the email and notify with a failure notice saying banned file type detected. Serve no purpose that the recipient received the email without the attachment and receiver still need to notify the sender.....

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Integration of https://haveibeenpwned.com/ into XG Firewall

    The "Have i been pwned" Service is a great thing to check for breaches in online Accounts.
    One customer had a breach because of credential stuffing. He used the same password for some online Accounts as well as his Active Directory Account.

    We checked a lot of other Mailadresses with this service.
    And found some more breaches.
    The Sophos XG, because of its insight in company Mailadresses, could potentially use this service to warn admins, that an email / password combination has been found on haveibeenpwned and immediate action is necessary.
    As a field on the Dashboard with some informations…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. SMTP Policy - File Protection - Better way to whitelist files (by type/extension)

    A better interface for selecting which file types/extensions you wish to allow/block.

    The SEA is better featured in this respect allowing you to select by extension rather than "mime type" (which is very hard to do effectively as some extensions share mime headers).

    If not then more mime types should be included by default!

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Send all SMTP logs to Syslog Server

    Currently only the AV and SPAM events are reported via syslog. For an overview and traceability of events, a complete forwarding of all SMTP log messages to an external Syslog host (or iView) is required.
    This is not possible in the current output of XG < v17.0. SMTP log data must be copied manually via SCP.

    Requested function: Send all SMTP events to syslog host.

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Role-based admin: SMTP Quarantine admin only

    I would like to give one of our users access to SMTP Quarantine screen ONLY to go thru all quarantine emails and the user can delete or release the emails

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. SMTP Recipient Verification

    XG lacks the SG feature of being able to query the backend AD or Mail Server to verify the destination recipient.

    By default when XG is acting as a MTA it will pass on a e-mail even if it's addressed to a user that does not exist. SG used to be able to poll Active Directory to ensure the address was valid (or you could disable this).

    This feature should be ported into XG as soon as possible.

    38 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Block mails with to many addresses in To: or CC:, so use of BCC can be enforced.

    To avoid fines it helps to be able to block outgoing mails with too many email addresses in To: or CC: field, with exceptions of course. And/or have a function to move all To: and CC: entries to BCC:.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. We should receive mail alerts and list of users who have registered on XG portal for SPX encryption module

    We should receive mail alerts and list of users who have registered on XG portal for SPX encryption module

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Content based email filtering

    It would be very helpful if it we could set a filtering rule to bypass/mark an email if the content of the email contain certains words or phrases. I could be similar to a DLP rule but with custom parameters.

    56 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. spam source ip column

    Currently it's not possible to view the source ip of SPAM mails being dropped by the Sophos XG. The column "source ip" is not available (while it's there in mail usage). Which makes troubleshooting impossible.

    Also for rule name "global" the subject is always "not available"

    According to the support session, both are feature requests.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Mail Logs in MTA

    I would like to have better control on Mail Logs. I have hundreds of emails flowing through the network each day. Whenever user reports issues with emails, I would like to be able to:
    - filter emails by start/end date and time, having only start/end date is not adequate;
    - filter emails by sender/receiver/subject, having Recipient Domain is not adequate;
    - more details on status, especially for Dropped and Bounced emails, to help with troubleshooting;
    - specify how many emails to display per page;
    - specify which page to display; having only previous and next page navigation is too slow; …

    19 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. smtp port

    Give the ability to specify an outgoing email port.

    Exchange 2013 and 2016 do not perform recipient verification like the XG expects. The XG needs to communicate via port 2525 to allow for recipient verification. That port could be changed with Exchange to anything else but since it is preconfigured for 2525 it wouldn't matter because the port can't be changed on the XG.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Outlook add-in for Email Protection

    Please can we have an Outlook add-in which will allow users to blacklist with a single click.

    I love the daily digest which allows users to release false positives but there seems to be no function for undetected spam which makes it through.

    Thanks

    57 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. smtp rule re ordering with multiple pages.

    When Number of SMTP scanning policy on Legacy mode reaches certain amount, new page of rules is created. The SMTP rules cannot be re-ordered between pages.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. XG MTA mode - bypass a sender/recipient address or domain from email protection

    The new MTA SMTP deployment mode in SFOS v16 lacks the ability to bypass a (or some) sender/recipient from all email protections. At the moment, we can only create a SMTP policy to bypass a destination email domain from email protections, and it is not practical in most situations.
    However, in the Legacy SMTP deployment mode, we can create a SMTP scanning policy to bypass certain sender/recipient from all email protections.
    It will be great if MTA mode can be implemented with the feature of bypass certain sender/recipient from email protections.

    134 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Users to have ability to manage emails Whitelist and Blacklist via User Portal and quarantine report .

    Users to have ability to manage emails Whitelist and Blacklist via User Portal and quarantine report .

    303 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    36 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow XG to activate SPX Encryption without Data Control on - with the use of header value of x-sophos-spx-encryption yes

    I was informed by support today that the SPX encryption module only works with data control. In the SG series, one was able to set Exchange or an email client to modify the header to insert x-sophos-spx-encryption:yes - and the SPX encryption would activate on the firewall before leaving. It appears this is not the case in the XG series and cannot be done.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Email Protection: Implement SPF and Header functionality into Sophos XG

    Hi Sophos, for Security and anti Spam enhancement please include the spf check and header modification functionality in your xg firewall.

    197 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Report on email subject lines

    Need a mail reports of mention subject

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.