XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. WAF: more authentication type

    At the moment there are different type of authentication missing even on UTM9 against ISA server 2006, such as:

    1. Two-factor authentication using forms-based authentication and a client certificate.
    2. Delegation of credentials by using NTLM or Kerberos authentication.
    3. Kerberos constrained delegation.
    4. Secure Sockets Layer (SSL) client certificate constraints

    In this way, XG and UTM9 are the very alternative to ISA Server.

    131 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. WAF Virtual Patching and Brute Force Attack

    Other UTM/WAF vendors integrate virtual patching features on their product. A really brute force protection in missing on WAF too.
    Please add it.

    34 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Sophos XG Unified firewall Business application should accept a host/services object

    Under: Policies
    Security Policies

    Adding a Business application non-HTTP rule you should have the option to use "Objects > Hosts and Services > Services" objects as the Port Forwarding target.

    This reduces the rules required and keeps it more unified..

    At the moment you need to add multiple rules I.E. A hosted service uses a mixture of single ports, port ranges and both tcp/udp will require multiple rules to achieve something very simple.

    98 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. DSCP on Business Application Rule

    DSCP is a new feature but can be only used on User/Network rule. I would like to see the DSCP even on BAR in order to better manage multiple ISP.
    Cyberoam has this feature.
    Thanks.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. WAF: URL-based traffic shaping rules per subdirectory

    apply traffic shaping based on folder wise in web server hosted in LAN

    Traffic shaping based on each sub-folder/URL in IIS web server by using DNAT for Inbound Traffic

    Not based on IP

    0 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. WAF Service Reboots when we make change to any WAF rule of web server

    Hi,
    Currently when we make a change to any web server or any one waf firewall rule, the impact is that the whole service reboots and causes a drop in connection for all the WAF services running.
    This should not be the case. only the rule that is being edited should be affected and not all the services.
    This is also how its done in MS TMD

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Dynamic (Automatic) Certificates on Web Server Protection

    Currently under WebServer Protection, you are required to setup an SSL Certificate for each Web Server that you are trying to protect. In a web hosting environment this is not plausible or even practical.

    Use Case Scenario:

    - CPanel Web Hosting server could potentially be hosting 100's or 1000's of Web Sites.
    - It is best practice to SSLize Websites. Using standard http is no longer desirable, and it's easier than ever now to automate SSL certificates on websites hosted with CPanel (See next point)
    - CPanel provides automatic SSL certificate deployment from Comodo Secure to any website you want…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Inline WAF

    1) WAF is not supported when deployed inline.
    2) WAF not supported if NAT/traffic is not terminated on the firewall

    Ticket reported : [#7882861] WAF requirment

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. RSA SecuID authentication support for published Web Servers

    Alot of customers use RSA SecuID tokens to authenticate published web apps. This feature is important wrt Web Server Protection as other products like Barracuda WAF takes the advantage.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Session Handling for Web Server Traffic

    XG should provide the functionality to monitor sessions created by a certain Web server and should also be able to drop traffic if number of sessions increase a threshold set by user

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. WAF Configuration

    Hi Guise...I have some query regarding WAF.
    As per the document WAF will support only HTTP/https Application layer traffic..

    Can i able to configure for a server open with port 22 for public world...

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. "rewrite html"

    As suggested by the support I add the suggestion associated with ticket #7420116 here as well.

    Please consider supplementing manuals for your products that include HTTP/Web proxies. The "Rewrite HTML" option causes not only HTML rewriting but also HTTP headers rewriting based on the head section <meta/> tags with the http-equiv attribute. The headers rewriting functionality seems to be undocumented.

    Please note that such an unconditional rewriting causes problems for web pages that have a construct like the following:

    <head><noscript><meta http-equiv="refresh"…></noscript></head>

    Adding a HTTP header based on such a construct causes a site to malfunction because it redirects the client…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
1 3 Next →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.