XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. captcha optionable

    Can you please make captcha an option to be enabled or disabled, not to be forced?
    We have Local ACL rules on each firewall so it can only be access from our office, we remotely take control of different firewalls about 10 times a day...

    35 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. make captcha optionable

    Can you please make captcha an option to be enabled or disabled, not to be forced?
    We have Local ACL rules on each firewall so it can only be access from our office, we remotely take control of different firewalls about 10 times a day...

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. make captcha optionable

    Can you please make captcha an option to be enabled or disabled, not to be forced?
    We have Local ACL rules on each firewall so it can only be access from our office, we remotely take control of different firewalls about 10 times a day...

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. filter on local vs synced accounts in XG user interface

    please provide a way to filter on local vs non local accounts in the XG interface. Sure you can open each account to see if it is local or not but that isnt scalable when you have over 20 accounts. in light of the recent security incident it would be great if the interface had a way to just show any locally created account so we can a. change the password or b remove them all together. Support and consultants have been known to create accounts without full disclosure on what the account name is and it isnt feasible for…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. encrypted backup

    A way to test the encryption of the backup files, just to make sure that we have the correct encryption password in our documentation. Ideally just documentation on what programs can decrypt the backup (ie what format they are in).

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. Toggle button for enable / disable the SIP module


    • Can i suggest a button to enable / disable the SIP module instead of having to disable it through the CLI console.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. wan

    More WAN Load balancing methods such as;

    Interface overflow (spill over): you select the order you want the device to send traffic through external interfaces and configure each interface with a bandwidth threshold value

    Round robin: uses the average of sent (TX) and received (RX) traffic to balance the traffic load across all external interfaces you specify in your round-robin configuration.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. nat

    It would be convenient to be able to clone NAT rules as for firewall rules

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. X-Forwarded-For support for XG 650 firewall

    Dear Sophos Team,

    Please find the below feature request from the customer for the Sophos XG 650 firewall.

    Feature requested: X-Forwarded-For support

    Kindly refer the below case details which we opened for the issue.

    Service request number 9714241.
    Situation:

    Problematic behavior from the customer's perspective.
    issue with X-forwarded traffic.
    Assessment:

    Technical Severity: P3
    Relevant information about the customer's environment
    SFOS
    Troubleshooting done:
    As per the reported issue, you have configured Forcepoint device as the child proxy for your LAN users and sophos firewall as the parent proxy.
    You were facing the issue that whenever the user was trying to access…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Policy Tester

    Need the ability to have Policy Tester use MAC address or host name as well as IP address. Currently it only returns true results if an IP address is explicitly part of a rule, i.e. the host name being affected is defined by its IP address and not its MAC address.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Delete gateway but don't delete SD-WAN policy automatically

    once delete the gateway, all SD-WAN policies that using this gateway as the primary gateway will be removed at the same time without any prompt.
    if you delte the gateway as a backup gateway, In sd-wan policy will become None, thay very friendly.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Show the primary and backup gateway in SD-WAN policy summary page

    The "Primary gateway" and "Backup gateway" in the SD-WAN function are important attributes, but they cannot be displayed intuitively in the SD-WAN policy summary page. You need to click in to see them. The user feels very inconvenient.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Unified Logging View

    It would be very helpful if the logging from all modules would be available in one pane, one line per connection with all info from all modules.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Redirect User Portal from HTTP to HTTPS

    At the moment there is no way to redirect HTTP to HTTPS automatically for User Portal. Since the configuration is inside a APACHE httpd.conf file, it should not be difficult to implement it. Thanks

    15 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. DNAT XG18 missing basic features

    With a new server access assistant (DNAT) in SFOS 18.0.0 GA-Build339:
    1) You cannot select different original and translated port in a wizard
    2) You cannot create service inside the wizard
    3) You cannot create external source inside the wizard}
    4) The firewall rule shows allowed access to WAN interface instead of a local IP, which is misleading
    5) Wizard is automatically created reflexive rule effective destroying original, desired SNAT for the server.

    Instead of the 1 original rule in 17.5 you have 3-4 different rules on 2 screens (1 fw and 2-3 NAT rules)... not cool at all!

    Obviously…

    20 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. DNAT linked nat rule

    DNAT linked nat rule.

    The DNAT itself was best in 17.5 and will not require any additional changes. With current XG18 scenario please enable at least DNAT linked nat rule.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. WAF and DNAT Wizard

    v16 had a nice and simple wizard to use. With v18, the DNAT wizard is poor in terms of graphics and options you can select. WAF has became a action and customers are not able to find without asking or google it. Please bring the "old" wizard and the old different icons, as the idea of having different icons and wizard was nice. I also suggest to have a wizard for SD-WAN inside firewall policy. You can change Firewall tab to Policy Tab.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow to create Rule based on the Application.

    Please, Allow the creation of Application based Rules just like with any NGFW competitor.

    Currently on XG v18 you need to setup the service, then the web filter, and for last setup a Application filter just to block/allow something.

    Allowing to create the Rule directly based on the application instead of the service would allow for much better management of Sophos XG.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add local service ACL exception rule

    Add local service ACL exception rule to allow for a custom service to be added and selected. i.e.: Ubiquiti discovery service UDP 10001 ACL exception for device access.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. DHCP enhancements: Convert dynamic to static mapping and sticky DHCP

    Working with the XG DHCP-Services is quit exhausting. It could be much easier if there were a possibility at the IPv4- and IPv6-Lease-List to change an existing dynamic Lease to a static IP/MAC-Mapping.
    Additionally a kind of "sticky" DHCP Mapping - were devices get always the same IP-address as long as the range is not exhausted - would make troubleshooting much easier!

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.