XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Inline WAF

    1) WAF is not supported when deployed inline.
    2) WAF not supported if NAT/traffic is not terminated on the firewall

    Ticket reported : [#7882861] WAF requirment

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Disable trace http in GUI.

    Currently disabling trace http is only possible using the Advance Shell using some commands. Please make this option possible in the GUI.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add X-Forwarded-For / CF-Connecting-IP support

    Many of the sites nowadays are behind CloudFlare. It would be great to have an option to inspect and see the real IP address in the WAF logs / Reports.

    It will be like 1 raw entry in the Apache configs!

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. HSTS, HTTP Strict Transport Security on sophos XG WAF

    Please add support for HSTS, HTTP Strict Transport Security on sophos XG WAF

    27 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. RSA SecuID authentication support for published Web Servers

    Alot of customers use RSA SecuID tokens to authenticate published web apps. This feature is important wrt Web Server Protection as other products like Barracuda WAF takes the advantage.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Session Handling for Web Server Traffic

    XG should provide the functionality to monitor sessions created by a certain Web server and should also be able to drop traffic if number of sessions increase a threshold set by user

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. WAF OTP

    Migrating from TMG 2010 server to XG 330. Currently, have a few websites, like OWA, remote desktop, etc...that we require 2 factor authentication. Would be great if WAF rules supported OTP authentication using the built in OTP product. Was told by support this is not possible. Thanks.

    61 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. WAF Configuration

    Hi Guise...I have some query regarding WAF.
    As per the document WAF will support only HTTP/https Application layer traffic..

    Can i able to configure for a server open with port 22 for public world...

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. "rewrite html"

    As suggested by the support I add the suggestion associated with ticket #7420116 here as well.

    Please consider supplementing manuals for your products that include HTTP/Web proxies. The "Rewrite HTML" option causes not only HTML rewriting but also HTTP headers rewriting based on the head section <meta/> tags with the http-equiv attribute. The headers rewriting functionality seems to be undocumented.

    Please note that such an unconditional rewriting causes problems for web pages that have a construct like the following:

    <head><noscript><meta http-equiv="refresh"…></noscript></head>

    Adding a HTTP header based on such a construct causes a site to malfunction because it redirects the client…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. WAF Load Balancing - Add additional features

    On HTTP/S NLB I would like to have more features, such as:

    Weighted roud-robin
    Weighted least connection
    Hash based on Source/Destination IP
    Hash based on Cookies
    Hash based on Header/URL

    Thanks

    40 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. 10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. WAF: HTTP to HTTPS redirection

    If a webserver runs HTTPS allow for the option to forward HTTP traffic on same FQDN to HTTPS. This is already possible on UTM9

    26 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. WAF: IPv6 support

    Allow IPv6 (and IPv4) for WAF

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. WAF: Allow Wildcard domain names

    Allow the use of wildcard domain names for Webservers. Also allow them to be sorted in priority so that a more specfic FQDN takes precidence over a wildcard domain.

    23 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Proxy Pathing

    Provide the facility to publish sub-directories in path selection as well as static 'web server'. This is useful for many different reasons and has traditionally been known as proxy pathing. This allows a user to enter an FQDN and to have that transparently connect to a sub-directory of the web server. Also, it allows virtual directories of a single FQDN to transparently map to different sub-directories of the same server, or even a different web server entirely.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Remove support for TLS v1.0 and Insecure Cyphers or Allow them to be disabled

    The XG still supports protocols that are insecure and fail PCI compliance scans. These protocols such as TLS v1.0, 64-bit block ciphers, etc should be able to be disabled through at a minimum the CLI and preferably the UI.

    67 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. 51 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. http/2 support

    our customers are asking for the http/2 Support for there webservers, please add the http/2 Support to the WAF - Webserverprotection

    27 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. schedule time for the Business Rules Applications

    Set the schedule for the Business Rules Applications rules would be an important thing to enter.
    Thanks
    Carlo

    39 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. IPv6 WAF Support

    Enable WAF Business rules for incoming IPv6 connections.

    All the protection is provided for IPv4 webserver, but hosting on IPv6 bypasses protections

    27 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.