XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. SMTP Log Source and Destination IP

    Currently we have to way to find out from which source ip a rejected or accepted mail is coming.
    Also for Outgoing emails we dont know which remote server received our email.
    Please add to columns to the SMTP Log showing the SRC and DST IP.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Determine Outgoing Mails not only through sender domain (Problem with Spoofing Mails)

    Currently the Sophos XG and UTM Mailfilter seem to make a difference on Outgoing and Incoming Mails.

    An incoming Mail seems to be determined by checking the protected Domains. All Domains that are not protected Domains are incoming Mails.

    An outgoing Mail seems to be dtermined by checking the protected Domains. All Protected domains are incoming Mails.

    That could lead to several problems, because only the Domains are taken into account in this decision.


    1. In my opinion when "Scan outgoing mails" is not checked there is no check on "outgoing" mails. That could lead to problems with spoofing mails not…

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. SMTP Policy - File Protection - Better way to whitelist files (by type/extension)

    A better interface for selecting which file types/extensions you wish to allow/block.

    The SEA is better featured in this respect allowing you to select by extension rather than "mime type" (which is very hard to do effectively as some extensions share mime headers).

    If not then more mime types should be included by default!

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Include original message body of infected mails in clear text

    When Sophos XG Email Protection detects a virus in an attached file, it succesfully identifies this, and removes the infected attachment.

    But the user now receives only an "empty" email with the original text removed, and replaced with information about sender, receiver, and virus found and removed. (XG setting is remove and deliver)

    It would be desireable to have the option to also include original email body text, in clear text format.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. SMTP Quarantine/Reject/Drop based on keyword/ip address

    Currently in MTA Mode you only have the ability to block inbound spam based on email address of FQDN. Having the ability to block by keyword and or ip address would be a significant gian. We curerntly get 20 od emails a day from "Famous Parts" all different email domains. If we could block "Famous Parts" or IP these would be siginificantly reduced.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Send additional Quarantine Report

    In UTM it is possible to send a second quarantine report on a different date.

    When the Quarantine Setting is on daily there should be an option to enable a second time.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Email Exception Source IP

    Can you please implement a way that a Network Range of IP Addresses i.e MailChimp Mail Send IP Addresses can be added into the into Exception Source Hosts / Hosts? As it stands currently as of version 17.5.9 MR-9 is that you can add individually but not a range. Considering these ranges are a /16 /20 this could take some time to enter.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Key word blocking

    Our SG-210 had the ability to block/quarantine emails that had key words. It also showed the originating IP that the XG does not provide. These were great tools that I would like back.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. POP3 Prefetch

    This is the only feature that is preventing me from migrating from UTM to XG

    I use the POP3 prefetch mode heavily for mail hygeine, but it is not possible in XG, and as this is used at home, I cannot alter my MX records as my ISP's IP ranges are blacklisted

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow domain wildcards for enforced TLS

    Allow wildcard domains for enforced TLS when sending email. e.g. Force TLS to all *.gov.uk domains.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Support the use of FQDN and IP lists objects in Email Filtering.

    The UI functionality is there but it saves without any errors although it doesn't work at all.
    This allows customers with a large number of backup MXs or those using commercial backup MXs (it won't pass the SPF checking normally unless you make an exception rule for every single one of them....) to bypass SPF or any other checking.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Filtering mails based on their language

    We can block connections from country based rules, thanks for theSophos.
    But we can not filter mails if there is chinese , arabic or russian characters in its body.
    It would be very nice if we can filter mails with predefined character sets.
    For example if the subject has chinese charset or if the body has russian charset.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Localization of quarantine messages

    My customer wishes to receive his quarantine Messages in his native speaking language.
    Unfortunately such a common function is not available.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Do not send multiple copies of quarantine digest in A-P HA mode

    Only send 1 copy of quarantine digest when XG is configured in Active-Passive HA.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow XG to activate SPX Encryption without Data Control on - with the use of header value of x-sophos-spx-encryption yes

    I was informed by support today that the SPX encryption module only works with data control. In the SG series, one was able to set Exchange or an email client to modify the header to insert x-sophos-spx-encryption:yes - and the SPX encryption would activate on the firewall before leaving. It appears this is not the case in the XG series and cannot be done.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Support SASL in the MTA upstream relay or smarthost function

    It's been confirmed that the MTA Smarthost relay function does not support SASL with wraps the PLAIN LOGIN with TLS using STARTTLS. This request is for the support of SASL similar to the implementation of it on the administration notification settings form which does support SASL.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. SPX PDF should render image Attachments inline

    When a recipient receives an SPX encrypted e-mail with inline photos the photos do not appear in the PDF file and are instead attachments inside the PDF. Why not render the e-mail with the photos exactly as it would look if it were received in an e-mail client. We have a customer who has a great deal of difficulty explaining to the recipients how to retrieve the pictures that are attached inside the PDF especially those who use smartphones or tablets to receive the SPX PDF. If they could just open the PDF and see what they need to see…

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Enable Quarantaine Digest for Public Folders

    At the moment there is no easy way to enable Quarantaine Digest for Public Folders as it was at the UTM 9
    Please sync public folders with the Exchange server

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Export Rejected mail Log Option

    We are using Sophos SXG310 and it is configured in transparent mode and for Mail, It is configured as MTA mode. So Mails which are been rejected based on RDNS or IP Address basis by Sophos, Neither recipients or Senders are aware of this failed delivery. So we want to export mail logs based on filter "rejected" for some specific time period from Sophos so that we can manually intimate the recipients regarding failure of Delivery.
    Please consider this requirement in next release.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.