XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. OSPF Routing Summarization

    OSPF dynamic routing should allow advertising of summarized routes. For reference Cisco's documentation refers to this behavior as "a key feature of OSPF".

    As an example, 10.0.1.0/24 and 10.0.2.0/24 in area 0.0.3.1 should be able to be advertised as only a part of the larger supernet 10.0.0.0/12 to 0.0.0.0; in this way only 10.0.0.0/12 is advertised with remote routers having no concept of the smaller subnets.

    What currently happens is if you add 10.0.0.0/12 to 0.0.3.1, it advertises only 10.0.1.0/24 and 10.0.2.0/24. This gets messy as internal routes get more complex and none of them need to be individually advertised.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. V18: option to disable SSH session idle timeout

    As per this thread V18 has 15 min. idle timeout for SSH sessions set for non specific security reasons.

    As likely most, if not all, IT professionals I always have my workstation locked, unless being right in front of it.

    Therefore there is no such security feature needed, instead is is very disrupting as it may disconnect a session half way through a configuration or troubleshooting.

    Yes, we all get interrupted at times or may need to prioritize sth. else, before returning to to our (hopefully still open) SSH session, at a later point in time.

    Idle disconnect on SSH…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. Logfile retention of detailed logs

    There are possibilities to view what happens in XG with Log Viewer. But if you really want to know what happens, then you need to investigate the service log files as described here: https://support.sophos.com/support/s/article/KB-000038142?language=en_US

    These files seems to be more equivalent to the log files which we got with UTM Firewall. Especially SMTP logs with “Log Viewer” are really bad. So you need to consult the smtpd_main.log.

    These logs are rotating in two files: .log and .log.0

    We process daily 8000 email over XG MTA. With the log file of smtpd_main I am able two investigate just the last two…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Responsive Admin Dashboard Design

    Could you please improve Sophos XG admin dashboard responsive fit for wide screens and scale properly on mobile devices. At the moment layout is narrow and doesn't utilise modern website scale availabilities. Also is it possible to improve Control Center, main page, start time as takes too long time to load?

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Policy Test improvements

    Policy tester should be able to test/display results for the following:


    • Direct proxy mode (currently you need to search matching rules via proxy debug log)


    • Firewall services (having https://firewallip:4443 as URL will give the result "blocked", even in scenarios where an explicit firewall rule for like the direct proxy is present)


    • SD-WAN rule that would match the specified traffic (must not display the gateway decision itself)


    • NAT rule that would match the specified traffic


    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. ftp.sophos.com fileupload

    Please provide a ftp client that supports ssl-auth TLS, so you can upload files directly to ftp.sophos.com server.

    ftpput doesnt support it. Maybe use lftp, which is included in many distros
    http://lftp.yar.ru/

    best regards,
    Max

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Search for IP Host Groups

    It's already possible to search for IP Hosts but not for IP Host Groups.

    When you have 50 IP Host Groups pages you have to click quite often to find the right group.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Night Mode

    It would be nice to have a "Night Mode" version of the UI.

    Would make everything visually better on the eyes, instead of blinding.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Bulk define FQDN hosts

    Currently there is no way to bulk add FQDN hosts in the UI. We receive many IOCs from our Threat Intel provider and have to manually create each FQDN host in our UI before adding them to a FQDN host group. There isn't any way to do this via CLI as well afaik. Please look into this feature request to make our lives easier.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Disable high resolution wallpaper on firewall admin login page

    We as a remote administrator for XG firewalls face high delay in loading home screen for admin login page due to its high resolution image on that page. Admin page should be kept normal & minimal of graphics to have efficient response time & fast loading.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Make the web interface faster

    The administration of the XG UTM is so slow. We have tried several models but the loading of the pages is always slow.

    13 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. SSH CLI Aditional Users

    Hello everyone
    We need that sophos implement an option to configure or allow user accounts with administrator role to access by SSH. This would facilitate the tracking of changes that firewall administrators can make.

    Currently the only "admin" account can access to SSH but we need an option to provide SSH access for another account with the administrator role.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Historical Logs Stored in local Disk

    Historic Logs stored on the local disk in the antique format that Sophos UTM has in the directory /var/log. like fwlog00-00-0000 where the first is the day, next month and year. stored by day and the capacity to export those logs to an external disk.

    The actual format of the XG is not confortable because all the logs is purged by day.

    This feature is important to store all historic conntrack information and the others module logs, like IPS, WAF, EMAIL, WIRELESS, etc.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Expand DNS on XG to allow ISP load balancing with authortiative DNS

    To provide a full ISP inbound load balancing experience, it would be helpful if the XG supported the whole range of DNS host entries and allowed you to specify what they are. This would allow the XG to be an authoritative DNS server for a domain a company owned.

    The list of DNS entries that aren't supported now that would need to be added are: NS, MX, CNAME, TXT, SRV, SPF, DNAME, CAA

    The benefit of this would be that an institution could have a single XG firewall set up as an ISP load balancer, but instead of using an…

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow 3rd party access to create backups

    Allow systems such as Auvik access to create backups

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Clear/Sort Messages in Control Center

    The messages on the Control Center page have become completely useless after firewalls have been in operation for some time. The messages are not sorted according to any logic I can ascertain, and I'm unable to clear messages that have been there since literally the day the device was installed.

    15 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Enable scripting to XG over SSH

    In our environment, we subscribe to lists of dynamically blocked IPs based on reputation and other factors. This dynamic list is on my system to which every day I must manually go and add or remove these IPs from our blacklist. Conversely, we also subscribe to MSFT O365 dynamic IPs and FQDN that needs to be whitelisted for our services to work. We would like to be able to script these dynamic updates to the appropriate hosts/host groups to make better use of our rules.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Sophos Connect - AD Group

    Allow users to be granted Sophos Connect access via AD Group rather than just by individual user access.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. XG: move rule to position X by entering new position number

    Changing the order (priority) of firewall rules is currently only possible by dragging and dropping.

    Not only is it exceedingly cumbersome to move a rule this way if there are a lot of rules, is it not always clear where the rule will "land" after dragging it. This unpredictable behavior is unacceptable in many Change Management policies.

    Please add an option to move the rule by entering a specific location.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Firmware - 3 slots

    This morning I just updated the firmware. I only had the option to update to the non-active firmware slot. However, that is my FALLBACK firmware. It is (reasonably) stable and most importantly, known and known to work. I wanted to replace the current version of the firmware, but that was not possible.

    Solution: 3 slots required for firmware.

    The first, is the "long term stable" version the user can revert to if needed.
    The second, the current (or active) service release.
    The third, to slot for downloading and running the lastest version that is offered on the website.

    I really…

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 28 29
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.