XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. WAF OTP

    Migrating from TMG 2010 server to XG 330. Currently, have a few websites, like OWA, remote desktop, etc...that we require 2 factor authentication. Would be great if WAF rules supported OTP authentication using the built in OTP product. Was told by support this is not possible. Thanks.

    94 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. "rewrite html"

    As suggested by the support I add the suggestion associated with ticket #7420116 here as well.

    Please consider supplementing manuals for your products that include HTTP/Web proxies. The "Rewrite HTML" option causes not only HTML rewriting but also HTTP headers rewriting based on the head section <meta/> tags with the http-equiv attribute. The headers rewriting functionality seems to be undocumented.

    Please note that such an unconditional rewriting causes problems for web pages that have a construct like the following:

    &lt;head&gt;&lt;noscript&gt;&lt;meta http-equiv=&quot;refresh&quot;…&gt;&lt;/noscript&gt;&lt;/head&gt;
    

    Adding a HTTP header based on such a construct causes a site to malfunction because it redirects the client…

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. WAF Load Balancing - Add additional features

    On HTTP/S NLB I would like to have more features, such as:

    Weighted roud-robin
    
    Weighted least connection
    Hash based on Source/Destination IP
    Hash based on Cookies
    Hash based on Header/URL

    Thanks

    50 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. WAF: IPv6 support

    Allow IPv6 (and IPv4) for WAF

    42 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. WAF: Allow Wildcard domain names

    Allow the use of wildcard domain names for Webservers. Also allow them to be sorted in priority so that a more specfic FQDN takes precidence over a wildcard domain.

    29 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Proxy Pathing

    Provide the facility to publish sub-directories in path selection as well as static 'web server'. This is useful for many different reasons and has traditionally been known as proxy pathing. This allows a user to enter an FQDN and to have that transparently connect to a sub-directory of the web server. Also, it allows virtual directories of a single FQDN to transparently map to different sub-directories of the same server, or even a different web server entirely.

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. 63 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. http/2 support

    our customers are asking for the http/2 Support for there webservers, please add the http/2 Support to the WAF - Webserverprotection

    42 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Reverse proxy add encodedslashes option

    Please provide the option in the Reverse proxy to enable encodedslashes for a specific virtual webserver.

    Because some web applications use for example %2F for a slash and the reverse proxy cannot translate this back to / because of allowencodedslashes is not enabled by default. So this results in a 404 error.

    http://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes

    This is essential for Web Applications like SAP Fiori! I think we not the only company who have this issue.

    21 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Share IP between User Portal and WAF

    Many small installation could benefit from ability to publish User Portal using Business Rule instead of enabling it directly in Device Access section. The difference is that a single IP can be used to host both User Portal and custom Web applications such as Web mail, Web storage, Web cameras, etc.

    Now, the only solution is to change User Portal listening port to something non-standard but this limits the ability to use it from some network environments where only standard WWW ports (80,443) are allowed.

    138 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. WAF Virtual Patching and Brute Force Attack

    Other UTM/WAF vendors integrate virtual patching features on their product. A really brute force protection in missing on WAF too.
    Please add it.

    36 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Let's Encrypt Integration

    It would be very nice if Let's Encrypt certificates (letsencrypt.org) can be generated directly from the XG Gui. So that the "Let's Encrypt Client" is integrated in the XG. Would it be possible?
    Best Regards

    810 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    81 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. WAF: more authentication type

    At the moment there are different type of authentication missing even on UTM9 against ISA server 2006, such as:


    1. Two-factor authentication using forms-based authentication and a client certificate.

    2. Delegation of credentials by using NTLM or Kerberos authentication.

    3. Kerberos constrained delegation.

    4. Secure Sockets Layer (SSL) client certificate constraints

    In this way, XG and UTM9 are the very alternative to ISA Server.

    143 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
1 3 Next →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.