XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. WAF Virtual Patching and Brute Force Attack

    Other UTM/WAF vendors integrate virtual patching features on their product. A really brute force protection in missing on WAF too.
    Please add it.

    35 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Send modsecurity rule hits over syslog

    For XG syslog, Web Server Protection Events only sends request information. If a request is matched against a Modsecurity rule from the common threats filter, this entry is not sent over via syslog, but it is logged locally in /log/reverseproxy.log. It's common industry practice to implement Modsecurity in monitor mode first in order to root out any false positives that could negatively effect the application. Not sending these rule hits makes it much more difficult to gather statistics. This is especially difficult if there are multiple deployments that need to be monitored. Having the entire reverseproxy.log streamed via syslog would…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. WAF: URL-based traffic shaping rules per subdirectory

    apply traffic shaping based on folder wise in web server hosted in LAN

    Traffic shaping based on each sub-folder/URL in IIS web server by using DNAT for Inbound Traffic

    Not based on IP

    0 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Dynamic (Automatic) Certificates on Web Server Protection

    Currently under WebServer Protection, you are required to setup an SSL Certificate for each Web Server that you are trying to protect. In a web hosting environment this is not plausible or even practical.

    Use Case Scenario:


    • CPanel Web Hosting server could potentially be hosting 100's or 1000's of Web Sites.

    • It is best practice to SSLize Websites. Using standard http is no longer desirable, and it's easier than ever now to automate SSL certificates on websites hosted with CPanel (See next point)

    • CPanel provides automatic SSL certificate deployment from Comodo Secure to any website you want using their AutoSSL…
    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. RSA SecurID authentication support for published Web Servers

    Alot of customers use RSA SecuID tokens to authenticate published web apps. This feature is important wrt Web Server Protection as other products like Barracuda WAF takes the advantage.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Session Handling for Web Server Traffic

    XG should provide the functionality to monitor sessions created by a certain Web server and should also be able to drop traffic if number of sessions increase a threshold set by user

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
1 3 Next →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.