XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. XG: move rule to position X by entering new position number

    Changing the order (priority) of firewall rules is currently only possible by dragging and dropping.

    Not only is it exceedingly cumbersome to move a rule this way if there are a lot of rules, is it not always clear where the rule will "land" after dragging it. This unpredictable behavior is unacceptable in many Change Management policies.

    Please add an option to move the rule by entering a specific location.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. Firmware - 3 slots

    This morning I just updated the firmware. I only had the option to update to the non-active firmware slot. However, that is my FALLBACK firmware. It is (reasonably) stable and most importantly, known and known to work. I wanted to replace the current version of the firmware, but that was not possible.

    Solution: 3 slots required for firmware.

    The first, is the "long term stable" version the user can revert to if needed.
    The second, the current (or active) service release.
    The third, to slot for downloading and running the lastest version that is offered on the website.

    I really…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. General Customized services extend to icmp

    You can define customized services, for example tcp/udp port from 1:65535 to 4444. Also you can define custom icmp services, but it's not possible choice options out of RFCs. If you want define a ICMP service of type 1 (in RFC type 1 and 2 are unassigned), simply, you can not do it. It's not sense you can define your own service, but a custom icmp service does not be. By definition it is a "custom" not "standard" service.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support for RFC-5309

    We need "IP Unnumberd" for Internet connection.

    Because
    1.it is very major function on Japan market.
    2.Many competitors have already supported.
    3.It is also useful function for managing network connection on IPv6 environment.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. SFTP for log files

    Add SFTP support under the connection options, so that files (particularly log files) can be downloaded from the XG on the LAN interface, so that they can be analysed off-system. It is a real inconvenience to try and do detailed searches of the log files while on the console. Not everyone has a syslog server.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. MD5 checksum for SFOS  

    MD5 checksum is not listed on the download site in the Hardware Installers and Virtual Installers of Firewall OS for XG Series.

    MD5 should be written like SG from the viewpoint of security and installation failure.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow multiple DNS records per ip

    it would be great to be able to manage multiple host on the same IP while creating a DNS record on the Sophos XG.

    Right now we se the gateway as a DNS server and creating more than 100 records is no cool.

    Allowing the use of wildcard would be even better.
    *.domain.com A 192.168.0.1

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. WAN DHCP Option 60

    Most ISPs in Europe require you to use a DHCP Option on the WAN Interface in order to use your own Router or Firewall.

    If this can't be done on the Sophos XG it is useless to me and a lot of other people, which would be a shame.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. SNMPv3: Support SHA1

    You missed to implement sha1 in snmpv3 config. Many monitoring solutions only support md5 and sha1, but not sha256 and sha512, so we must use md5 for hash.

    Security cannot be an argument, since "DES" is still offered for the encryption.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Firewall Hostname in backend

    It would be nice when changing the hostname in the Sophos XG WebGUI it will be also changed in the OS-System. Actually only the application changes it for certificates, but the Operating System is still localhost. This looks confusing in the ESXi virtual machine overview

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Static Routing IP List improvment


    1. Request to add "Description (Optional)" box when adding static routing, Useful for remember when check later or other working person can understand without asking again.


    2. Request ability to temporary disable some static routing IP instead of remove them and add it again.


    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Request to change NIC order for XG on KVM

    Hello Team,

    We have customer here requesting to have option to change NIC order for XG on KVM.
    Customer advise that in the hosting environment, it is not possible to attach a network
    to a specific interface, he can only add networks, then it is completely up to the virtual machine to set the order.

    During the configuration, customer can define that KVM has 2 interfaces, but not the order.
    As a result, it is completely random if the cards are in the correct or the reverse order.

    In the UTM, he can do this by editing the udev/70-.rules file…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. full text search

    Possibility of full text search in firewall rules

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Export Firewall/NAT Rules to CSV or PDF

    Add ability to export active (in case filtering is applied) firewall/NAT rules with their stats to CSV or PDF for external reporting requirements.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Policy Tester - Allow testing DNAT (published services)

    Hi all,

    It would be great if you could test published services in the "Policy Tester" section.

    Specially since you're trying to push v18, why not add that possiblity? The policy tester already can tell you rule and NAT of outgoing traffic to the internet.

    And since decoupling NAT and firewalls rules will cause a lot of NAT rules (specially mid to large companies), checking those in the little screen that SFOS provides its not great.

    Thanks!

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Full width dashboard, not limited to max-width

    Hi,

    I've using firmware 18
    Up until now, there are no benefit using resolution higher than 1366x768 px
    Lets say you have FHD resolution, the dashboard capped at 1280px

    The CSS says

    wrapper.cp-wrapper {

    max-width: 1280px;
    

    }

    If I rule out that CSS, most of UI will have benefit with higher resolution

    Also with menu

    element.style {

    display: table;
    
    box-sizing: border-box;
    padding: 0px 10px;
    width: 1100px;
    height: 62px;

    }

    Change the width to

    element.style {

    display: table;
    
    box-sizing: border-box;
    padding: 0px 10px;
    width: calc(100% - 180px);
    height: 62px;

    }

    And you have full width header.

    I know you guys can…

    12 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. 45 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Implement "Keep Nodes Reserved" in HA-Function

    So as we have seen with Update to SFOS 17.5 MR10 it could be possible that access to the Web-Interface is blocked and loading an previous Firmware with SF Loading is also not possible. In our Case SF Loading was not possible because the console did not accept the password (probably in case of german keyboard layout or spacial characters in password).

    So in a production environment, where time is very important, a feature as"keeps node reserved" like it is implemented in UTM-9 is gold.

    For me SF Loading like it is acctually implemented is nice but not helpfull for…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Implement "Keep Nodes Reserved" in HA-Function

    So as we have seen with Update to SFOS 17.5 MR10 it could be possible that access to the Web-Interface is blocked and loading an previous Firmware with SF Loading is also not possible. In our Case SF Loading was not possible because the console did not accept the password (probably in case of german keyboard layout or spacial characters in password).

    So in a production environment, where time is very important, a feature as"keeps node reserved" like it is implemented in UTM-9 is gold.

    For me SF Loading like it is acctually implemented is nice but not helpfull for…

    0 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow ACLs when using a "Deny All" Firewall Rule

    We have created a "Deny All" rule to ensure that any blocked traffic is logged, when we enable this, we lose access to the XG via the WAN Interface when using ACLs.

    Can it be implemented that ACLs take precedence over the Firewall rules?

    There are numerous other ideas relating to similar issues that may also overcome this problem:

    Display 'hidden' firewall rules on the firewall page:
    https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/32511967-display-hidden-firewall-rules-on-the-firewall-pa

    Relocate Local Service ACL Exception Rules to just be firewall rules:
    https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/31652716-relocate-local-service-acl-exception-rules-to-just

    Local ACL exceptions should not be logged to the last firewall rule ID:
    https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/37296451-local-acl-exceptions-should-not-be-logged-to-the-l

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 27 28
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.