XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. v18 - firewall rules - nat rules - visibility of linked rules

    v18
    In firewall rules interface, you cannot see which NAT rule or MASQ is being applied to the firewall, you need to switch between two interfaces tabs, this is a nightmare for datacenters with BGP where a customer has a separate BGP ip... and troubleshooting. Ergh!

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. 1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. 1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Configure Hotspot users for backend/radius authentication on XG Firewall

    We use this feature on our SG System for internal and external User.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. 3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. Why is there on the different pages no reference to the name off the firewall. If you manage different firewalls and you have differe

    Why is there even on the control center page no reference to the firewall name.
    I don't memorize all serial numbers.
    If you manage different firewalls or have multiple firewall windows open, it is easy to make a mistake because you cannot easy see the name off the device you are working on.
    At least the control center window should have the firewall name, but also on other pages this would be very helpful.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Support for HSM to Protect XG Appliance Private Keys

    Sophos is heavily promoting TLS inspection, especially with the engine improvements in v18.

    Given that those features require creation and enterprise wide trust of an issuing CA certificate for the XG, there are obvious concerns about the security of this key.

    Can Sophos include support for cryptographic Hardware Security Modules (HSM) via network and/or USB to protect the confidentiality of these crucial keys and provide a higher level of confidence in defending against unauthorised extraction of the private key from the XG appliance.

    The client authentication feature also requires enterprise wide trust of a private key for the XG appliance(s).

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. WAN Authentication for Firewall Rule

    I miss a Pre-Authentification Option for WAN 2 LAN Rules. Example for TS Access. ALL Sonicwall Boxes have/can this!

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. firewall rule with last access date and time

    It would be great for audit unused firewall rules, if all rules had information with the last access date and time.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. A group setting for multiple MAC host.

    In SYSTEM > Hosts and services , there are group setting for IP host and FQDN host.
    Please also add the group setting for MAC host.

    Customer is using the Sophos wireless; when they configure "MAC filtering", they hope can select a MAC group rather than MAC list.

    One specific name mapping to a MAC address , then grouping multiple MAC addresses to a group, for easy to maintain the MAC filter table.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Planed Firmware Update Sopohs XG

    In Sophos XG in there is no option to plan a Firmware Update. You just can update it manualy. I woul'd like to have the option to plan a installation of the Firmware Update.
    It would be very helpful.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Load IP list from url and autoupdate, to use in in a firewall rule

    Load IP list from url.
    It would be almost mandatory in any coporate firewall the ability to load an IP list from a URL to create an IP list in "host and services" to use it in a firewall rule

    For example I want to load this IP list to use it in a rule to allow only this IP
    https://s3-eu-west-1.amazonaws.com/plex-sidekiq-servers-list/sidekiqIPs.txt
    This IP list gets updated frequently so it should include as well an option to autoupdate

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. iperf

    Having iPerf available on the system. Would make it very easy to test bandwith speeds.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. stix/taxii integration

    Add support for STIX/TAXII threat intelligence feeds

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. CTR files must have file extension name.

    CTR file must have file extension name

    CTR files don't have any file extension name. It caused
    1. Customer can't upload file through Support Web Form
    2. FTP server or client sometimes misunderstand file type as Text and make it corrupted,

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Assign physical interfaces to networks manually

    Right now the physical interfaces are assigned automatically to WAN, LAN... and can't be changed, if after an installation you add more virtual or phisical interfaces you can't configure them in Sophos.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. GUI, interface shutdown (off/on switch), without losing config of the interface

    Im missing a feature in XG GUI that will allow me to shutdown/(and power on) interface without loosing it configured static IP settings. At this point this can be only achieved by switching interface zone to NONE, but all config is lost.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Change port without editing firewall rules or other objects

    At the moment, if you want to change the port of a zone form PortX to PortY, the process is not straightforward without pain. Since XG is using zone concept, port and zone should be decoupled but it is not like this at the moment.
    Thanks

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. HA unlinked status like in UTM9

    Please introduce unliked status in XG HA like it is in UTM9.

    After we upgrade customer's XG firewall in HA, often the box without important ethernet cables end up as master (active) and then important networks are not available.

    At least in XG18 EAP3 is should be possible to change monitored ports? We hope so.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. NTP server authentication

    NTP authentication is to verify the time source is legit.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.