XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Harmonize log format

    Current log format has key=value pairs, which are easy to manage in certain centralized logging solutions. However, some of these values contains quotation marks " and some does not. As there are several longer values, a quotation mark is reasonable and thus every value should have quotation marks.

    1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
    • Implement partial or wildcard filters in firewall user/network rule criteria

      Currently partial matches do not yield results if the filter doesn't start the same way as the criterion.

      Example:
      "and" will show "Andorra"
      "dorra" will not show anything (i.e. "Andorra" is not shown)

      "la" will show "LAN"
      "an" will not show "LAN"

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • sso
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
      • Firewall group should not close every time a rule is moved

        Every time a rule is moved (up or down) within a group that group is automatically closed.

        This is rather cumbersome if multiple rules need to be moved, or if you simply want to make sure the rule was moved to the right position.

        1 vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • sso
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
        • Specify authentication method for RADIUS/TACACS+ users

          On the SG firewall, an admin could create a user and specify which method of remote authentication would be used. This is not possible on the XG. As a result, a new admin must first authenticate on the User Portal, then an existing admin can change that newly created user to an admin. This is an unnecessary step that could be improved by allowing admins to specify which remote authentication method should be used per user.

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • sso
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
          • Allow for longer domain names in Parent Proxy field

            Currently there is a limit of 40 characters in the Parent Proxy field:
            Routing > Upstream Proxy > Parent Proxy > Domain Name/IPv4 Address

            Support was unable/unwilling to fix, looking for XG firewall to allow for longer entries in this field. Anything more than 40 characters is truncated, which breaks the parent proxy operation.

            Character limits in the upstream proxy field (currently capped at 40 characters), impacts use of upstream proxies with long names such as webdefence-pool-01.cluster-nyca.forcepoint.net

            Support case for reference (not being fixed by sophos when case was opened 3-13-2019)
            [#8693303] Parent Proxy field truncates at 40 Characters, need…

            1 vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • sso
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
            • SFM API

              Add ability to api import objects into SFM groups. Ability to import a csv style list of hosts, networks, services, groups,etc...

              1 vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • sso
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
              • XG fw Qradar DSM

                Make Qradar SIEM able to parse XG firewall logs.

                1 vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • sso
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                • jquery

                  Please upgrade jquery in the gui from 2.1.3 to something newer which will pass pci compliance with ControlScan

                  1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • sso
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                  • IPv6

                    Add OSPF support for IPv6. It's time to go to the futur !

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • sso
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                    • Initial install when updating Firmware - Manual Control

                      should have the ability/option to upgrade the firmware manually, as currently if the internet connection is poor, then it can take an eternity to upgrade to the latest version.

                      1 vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • sso
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                      • Alert admin before GUI session expires due to inactivity (add countdown timer)

                        The GUI session currently simply stops responding after it times out due to inactivity.

                        Many sites (e.g. bank web site) alert the user before the session expires and allows the user to reactivate the session. Something like "Your session will expire in 2 minutes ".

                        For XG I would suggest a running countdown timer somewhere at the top.

                        2 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • sso
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                        • Policy Test should consider Application Control

                          The Policy Test should run through all components that may be blocking a request.

                          Currently Application Control is not included in the test. The result is that the Policy Test may report a URL as "allowed" even if Application Control blocks it.

                          2 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • sso
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                          • Use proper title for Policy Test window

                            The (popup) window for the Log Viewer / Policy Test has the URL of the log viewer instead of the function of the page (i.e. "Log Viewer / Policy Test").

                            This makes it very difficult to locate the window if the administrator has a lot of open windows.

                            1 vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • sso
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                            • Add Stunnel Functionality

                              It would be really cool if you could add something like what the application STUNNEL can do to the XG. Think of it like reverse port forwarding, you have a service on the firewall listening on a particular port, machines on the network talk directly to the firewall on that port, and the firewall forwards the traffic on to the destination.

                              1 vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • sso
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                              • Dump AUFS file system

                                AUFS is an old technology, and slow, switch to a more modern overlay system. Docker dropped this filesystem long ago, time to catch up?

                                1 vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • sso
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                                • Ability to run Linux commands directly in the GUI

                                  While the console is a great it would be cool if we could just send a Linux command directly to the device from the GUI, perhaps from the Diagnostics page, and get the output immediately the same way the current Ping and Traceroute work. Some useful commands might be netstat, ifconfig, etc.

                                  1 vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • sso
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                                  • More 2FA Choices

                                    Come on Sophos, it is 2019, give us more choices for 2FA already. You have your own 2FA service, why has that not been integrated into the XG?

                                    3 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • sso
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Network Port Scanner

                                      Under the diagnostics page add the ability to scan either a single IP address or a range of IP addresses for open ports. There is a great Linux utility called Fing that can do this very well and report on what it found, if you could integrate that into the XG it would be a very powerful tool. The ability to generate a report of all devices with open ports on every network accessible to the firewall would be likely the first in the industry.

                                      2 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • sso
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Need more information on SSL VPN and RED connections

                                        As it is now it is very difficult to find out what networks are available through which tunnels. It would be great if we could get detailed information about what tunnels are up and what networks are available through those tunnels. Either a report or a separate tab on the Current Activities page would be awesome.

                                        1 vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • sso
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Custom Themes API

                                          Publish an API to allow customer to develop their own custom themes for the XG.

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • sso
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 35 36
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.