XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 51 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. WAF: HTTP to HTTPS redirection

    If a webserver runs HTTPS allow for the option to forward HTTP traffic on same FQDN to HTTPS. This is already possible on UTM9

    27 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. schedule time for the Business Rules Applications

    Set the schedule for the Business Rules Applications rules would be an important thing to enter.
    Thanks
    Carlo

    39 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Let's Encrypt Integration

    It would be very nice if Let's Encrypt certificates (letsencrypt.org) can be generated directly from the XG Gui. So that the "Let's Encrypt Client" is integrated in the XG. Would it be possible?
    Best Regards

    530 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    44 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. WAF: Allow Wildcard domain names

    Allow the use of wildcard domain names for Webservers. Also allow them to be sorted in priority so that a more specfic FQDN takes precidence over a wildcard domain.

    23 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. http/2 support

    our customers are asking for the http/2 Support for there webservers, please add the http/2 Support to the WAF - Webserverprotection

    28 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. WAF: IPv6 support

    Allow IPv6 (and IPv4) for WAF

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. IPv6 WAF Support

    Enable WAF Business rules for incoming IPv6 connections.

    All the protection is provided for IPv4 webserver, but hosting on IPv6 bypasses protections

    27 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. websocket with WAF rule

    I neead to pass websocket protocol with WAF rule. It is one of very important protocol needed wit WEB servers.

    29 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Share IP between User Portal and WAF

    Many small installation could benefit from ability to publish User Portal using Business Rule instead of enabling it directly in Device Access section. The difference is that a single IP can be used to host both User Portal and custom Web applications such as Web mail, Web storage, Web cameras, etc.

    Now, the only solution is to change User Portal listening port to something non-standard but this limits the ability to use it from some network environments where only standard WWW ports (80,443) are allowed.

    91 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Reverse proxy add encodedslashes option

    Please provide the option in the Reverse proxy to enable encodedslashes for a specific virtual webserver.

    Because some web applications use for example %2F for a slash and the reverse proxy cannot translate this back to / because of allowencodedslashes is not enabled by default. So this results in a 404 error.

    http://httpd.apache.org/docs/current/mod/core.html#allowencodedslashes

    This is essential for Web Applications like SAP Fiori! I think we not the only company who have this issue.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. WAF: more authentication type

    At the moment there are different type of authentication missing even on UTM9 against ISA server 2006, such as:

    1. Two-factor authentication using forms-based authentication and a client certificate.
    2. Delegation of credentials by using NTLM or Kerberos authentication.
    3. Kerberos constrained delegation.
    4. Secure Sockets Layer (SSL) client certificate constraints

    In this way, XG and UTM9 are the very alternative to ISA Server.

    130 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. WAF Virtual Patching and Brute Force Attack

    Other UTM/WAF vendors integrate virtual patching features on their product. A really brute force protection in missing on WAF too.
    Please add it.

    33 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Sophos XG Unified firewall Business application should accept a host/services object

    Under: Policies
    Security Policies

    Adding a Business application non-HTTP rule you should have the option to use "Objects > Hosts and Services > Services" objects as the Port Forwarding target.

    This reduces the rules required and keeps it more unified..

    At the moment you need to add multiple rules I.E. A hosted service uses a mixture of single ports, port ranges and both tcp/udp will require multiple rules to achieve something very simple.

    95 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. DSCP on Business Application Rule

    DSCP is a new feature but can be only used on User/Network rule. I would like to see the DSCP even on BAR in order to better manage multiple ISP.
    Cyberoam has this feature.
    Thanks.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow customizable block pages for WAF

    Allow customizable block pages for WAF

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. redirect

    Hello,

    We need to be able to redirect from https://mydomain.com to https://www.mydomain.com. Right now this is not possible. See support ticket #8223918

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. web application firewall

    WAF redirect custom port http automatically to https.

    it can not forward automatically when uses custom port. Example: listening port : 8080 with url: www.example.com and redirect HTTP and HTTPS (tick). User from internet request type url: http://www.example.com:8080. It will not automatic redirect https://www.example.com:8080. It shown " Your browser sent a request that this server could not understand Reason: You're speaking plain HTTP to an SSL-enabled server port.
    Instead use the HTTPS scheme to access this URL, please." It is only work for port 80 redirect to https instead of custom port (based on Sophos Support Team). User…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. DNAT

    apply traffic shaping based on folder wise in web server hosted in LAN

    Traffic shaping based on each sub-folder/URL in IIS web server by using DNAT for Inbound Traffic

    Not based on IP

    0 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. WAF Service Reboots when we make change to any WAF rule of web server

    Hi,
    Currently when we make a change to any web server or any one waf firewall rule, the impact is that the whole service reboots and causes a drop in connection for all the WAF services running.
    This should not be the case. only the rule that is being edited should be affected and not all the services.
    This is also how its done in MS TMD

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.