XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Switch to sha256 and 2048 bit key in transparent email scan mode

    Dear ladies and gentlemen,

    I would like to use the Sophos XG in transparent email scan mode, but the local anti-virus software (Kaspersky) complains that the (man in the middle) certificate issued by Sophos for the email server was issued with too weak an encryption algorithm.
    Signature algorithm is sha1, I think sha256 would be better
    and the public key is only 1024 bits long, better would be at least 2048.
    Just like Sophos does when re-encrypting SSL connections.
    All this would only be a minor problem internally, but I can't disable the re-scan on the client machines, because they…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. NDR

    I would like the ability to disable NDR's.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Key word blocking

    Our SG-210 had the ability to block/quarantine emails that had key words. It also showed the originating IP that the XG does not provide. These were great tools that I would like back.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. 6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Block inbound e-mail based on "Address Group"

    The ability to block inbound e-mail based on "Address Group" would be good as you can import addresses from a TXT or CSV, at the moment the only way to do them is manually in general settings and add them one at a time, which takes long if your blocking hundreds of e-mail addressees associated to ransomware/malware/trojans etc.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Outbound mail released from Quarantine does not use configured IP in MTA rule instead it uses WAN interface IP

    Outbound mail released from Quarantine does not use configured IP in MTA rule instead it uses WAN interface IP and as all the DNS records available only for the Configured SNAT IP in MTA rule and there is no DNS record for the WAN interface IP.

    Quarantine mail failed to release as it takes WAN interface IP instead of configured SNAT IP.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Malware scan feature

    Regarding the MALWARE scan mechanism, many times we have complains from office users that emails are moved to Quarantined because some files in them fail to be scanned.

    Can there be a discrimination on a future update, regarding the exact sub-reason of an attachment being unscannable ?

    For example, due to an error differs fromfile being locked with a password or a modified pdf failed to open or do open but with a pop up error message that user can bypass and view/edit file.

    To activate/deactivate above said parameters, based on specific Sender address / domain etc.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. SMTP Log Source and Destination IP

    Currently we have to way to find out from which source ip a rejected or accepted mail is coming.
    Also for Outgoing emails we dont know which remote server received our email.
    Please add to columns to the SMTP Log showing the SRC and DST IP.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. MTA SPAM Filter

    We need to have a better spam filter/content filtering in the XG Firewall. the SG Firewall has a better filtering/blocklist to prevent spam. the XG allows messages that were not allowed through on the SG. not sure if this was from one of the blocklist/RBL but we need that one back, the XG filter is fairly week. can you please put a better one in? also need better content filtering

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Email sending thru the corporate network should have the approval of email from the authority before it goes outside

    This is to check whether the mail going outside the network be authenticated and none of the malicious user would be able to share the confidential information thru email to the outside network

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Export Rejected mail Log Option

    We are using Sophos SXG310 and it is configured in transparent mode and for Mail, It is configured as MTA mode. So Mails which are been rejected based on RDNS or IP Address basis by Sophos, Neither recipients or Senders are aware of this failed delivery. So we want to export mail logs based on filter "rejected" for some specific time period from Sophos so that we can manually intimate the recipients regarding failure of Delivery.
    Please consider this requirement in next release.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. POP3 Prefetch

    This is the only feature that is preventing me from migrating from UTM to XG

    I use the POP3 prefetch mode heavily for mail hygeine, but it is not possible in XG, and as this is used at home, I cannot alter my MX records as my ISP's IP ranges are blacklisted

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow domain wildcards for enforced TLS

    Allow wildcard domains for enforced TLS when sending email. e.g. Force TLS to all *.gov.uk domains.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Send Quarantine Digest for all configured domains

    If you have 2 email domains defined, xyz.com and xyzllc.com, and emails to both domains go to the same users, the quarantine digest is sent for xyz.com but not for xyzllc.com.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Quarantine mail contains only reason "File-Extension" but not which extension exactly

    We have configured the system to quarantine emails with certain extensions.
    However, the recipient then only sees the quarantine reason "File Extension" in the notification. It is urgently desired that he also sees directly which file extension it is. The admin only sees this in the mail manager.

    14 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Ability to send quarantined messages to shared mailboxes

    We have quite a few shared mailboxes for the likes of HR, Finance and reception to name a few. Whilst I can send individuals a quarantine report to their mailbox there doesn't seem to be the ability to do this with shared mailboxes, or at least they do not show up in the list.

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. DLP protection sensitivity

    It has come to my attention that DLP on the XG only catches certain things like social security numbers and bank accounts if there are 10 or more listed in the email. Most my clients when sending emails are referring to a single account with one or maybe two social security numbers, so these would never get caught. Even one social security number or bank account not encrypted in an email is a big problem.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Outlook Plugin to let users access quarantined emails instead of the portal

    It would be nice if there was an outlook plugin that could communicate with the XG mail quarantine and list off what is in a users email quarantine inside of outlook without having to have a user login again. This way users would not have to access the portal using a web browser to control email. It could simply list what the emails info just as in portal and have a download to outlook option as well. It would seriously help with deploying an additional security measure, for example I currently have Office 365 security enabled, users get spam mail…

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Support the use of FQDN and IP lists objects in Email Filtering.

    The UI functionality is there but it saves without any errors although it doesn't work at all.
    This allows customers with a large number of backup MXs or those using commercial backup MXs (it won't pass the SPF checking normally unless you make an exception rule for every single one of them....) to bypass SPF or any other checking.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Quarantine Digest sent without need to log in first

    The quarantine report is only sended to users registered on the firewall (manually created or LDAP users that logged into the user portal for example)
    If there is a mail quarantined for a user that hasn't logged into the user portal yet, no quarantine digest will be sended.
    I request an option for quarantine digest to send the report based on the recepient-domain without the necessity to log in for the users (something like there was on the utm)

    14 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.