XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Azure Native Backup for recovery

    Ability to use Azure Recovery Services to run backups of the appliance so that recovery time can be reduced.

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. OTP: SMS

    Please allow a SMS provider & custom SMS url to provide as a way to retrieve the OTP code for users.

    17 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. Change "From" name and add subject prefix for notifications

    Right now email alerts can be set with a from email address but says "Sophos" as the from name. Would be nice to change this to another name like the device hostname instead.

    Also, would be nice to add a subject prefix like [Sophos] or [Hostname] to add some detail.

    We have over 10 units and we have no way of knowing which device is affected until we open the email.

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. System: Disable unused services

    Please allow for an option to disable certain services the XG offers such as;
    - Disable HA when (if not configured)
    - Disable Wireless Protection
    - etc.

    Would be neat if these options wouldnt show in the GUI anymore & do not count toward health status.

    39 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow RIP to be disabled

    Please allow for an option to disable RIP.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. Objects: Add default objects like in UTM9

    Add objects such as Any-IPv4, Internet IPv4, Internet IPv6 etc.

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Broadcom NIC driver support in XG

    From experience and from forum post Broadcom NIC driver support is lacking or not working.
    Many Dell and HP servers use NICs from Broadcom.

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Keep the upn added to the userid for multiple domain authentication

    In case of a multiple domain environment, it would be nice to route the users authentication requests to the right authentication server based on their UPN (@domain.local).
    Unfortunately, the Sophos XG will removef the UPN, and will only send the userid to the authentication server.
    So for example, using radius proxy for sending the authentication requests to the right AD server will not work, as we can not make a routing desicion based on the UPN.
    This is for many customers a big issue.
    In Cyberoam OS 10.6.2, the UPN is untouched, but from releases higher than that or Sophos…

    126 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. SCEP to renew certificates

    When you need to manage multiple XG devices, you can use SFM to simplify your life.
    If you need to use a certificate (on IPsec VPN, WAF, etc...) it's possible to upload or create a CSR under System > Certificates.

    But, you need t manually renew all certificates when it's close to expire! If you manage 300 XG devices, you will need to manually renew all certificates, and access each device, to update and remember where you used a certificate that needs to be renewed.

    There is the SCEP (https://www.ietf.org/proceedings/69/slides/pkix-3.pdf), supported by a wide range of CA (Cisco,…

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Have a preferred master option for HA pairs active/passive

    Submitting on behalf of client:
    Like the UTM 9 HA engine it allowed us to select a "preferred master" which in the event of a failover the node will attempt to switch back once it comes back up.

    Due to the way the XG licensing works in HA this would be an important feature as only ONE firewall has the "master" subscription license and the other is just a base (passive).

    19 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Azure and AWS automatic host groups

    Hello.
    Azure (and I think AWS does the same) releases weekly an updated xml file containing all the subnets related to Azure services and region.

    It would be great if Sophos XG could maintain an updated "Host Group" with all the Azure (or AWS) subnets to use them in firewall rules, routing etc...

    Everyone is moving to the cloud, Sophos XG should consider it!

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Monitor UPS health and orderly shutdown

    Most home/business firewalls are on a UPS (or should be, IMHO).

    It would be nice to have a software that monitored UPS health and could do a orderly shutdown if power loss was imminent.

    12 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. PPPoE and IPv6

    Please support IPv6 over PPPoE. That was working more or less in Version 9.X and older and it would be great if we could get and IPv6 connection over PPPoE again.

    55 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Transparent mode for layer 3 routing

    Say you have a Datacenter with a VPN router that you plug it into a interface, give it the private ip adress because the router is configured to forward all traffic to the xg, you set interface to be transparent to your gateway and select option layer 3 subnet so you don't have to do any policy routing. The xg will know to do it automatically...

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Admin login notification in email

    when some one login with admin account then only log is created. it should be some email alert mechanism. if someone try to guess admin password from LAN or WAN then real administration should get an alert that someone is trying to access applciance with IP address. Bcoz this is a firewall so all alerts should be there

    39 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. SNMP monitoring of auxiliary appliance in HA Active/Active

    it is strange that we can't monitor auxiliary appliance via SNMP , when we are in HA mode Actif/actif , we can't monitor auxiliary appliance !!!

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow access to webadmin by an AD group

    It's not possible to choose single AD Group imported by authentication server to access to webadmin

    21 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. DNS support for SRV Records

    Add support for SRV records in XG's DNS service according RFC 2782. This would enhance XG's ability to operate in Windows environments; i.e., support Active Directory.

    32 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Google Apps based User Authentication via SAML

    Hello, we currently use Google Apps for user management. For many apps, we use SAML to talk to Google Apps for user authentication.

    In small environments where Active Directory is not in place, it would be great to have SAML/SSO via Google.

    39 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Consolidate Setup Wizards in single menu

    As it stands there are two Setup Wizards in XG that I've used. One is the initial setup under Admin (top right corner) > Wizard and the other is for VPN under VPN > IPSec > Wizard.

    If possible it would be good to have these consolidated into a single Setup Wizard menu located under the Admin dropdown in the right corner. This way as more setup wizards are added like for Firewall rules, SSLVPN, or other task they can all be accessed via one central location.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.