XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Better routing by default with site-to-site VPN tunnels

    When an XG firewall is connected to another firewall via VPN, the XG firewall cannot route traffic to the remote protected network by default. Instead, you have to set up a special route and SNAT using the console in order for it to work and you are apparently required to specify hosts rather than whole networks when setting up the route (see https://community.sophos.com/kb/en-us/123334).

    The UTM9 firewall can route traffic through the VPN tunnel by default. I can't believe this problem is a "feature" in XG. Adding extra steps to make something work less well than something that just automatically…

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add hostname in email notifications

    When receiving notifications for multiple XG appliances there is no clue in the mail about which appliance it is coming from ...
    Is it possible to just add the appliance hostname in subject, just lige UTM SG do ...
    Actually the only way is to set a per-device (not really existing) sender email address and that is not a good practice nor very convenient

    29 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. Create group with LDAP custom attribute

    UTM 9 is easier to create a group based on LDAP attribute. In XG via Configure> Authentication> Group> Add Members we did not find it

    https://community.sophos.com/products/xg-firewall/f/authentication/87458/create-group-with-ldap-custom-attribute

    21 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Auto Login Normal User By Mac Address

    When i create user for ex test i give it mac address of a computer when his computer turn on >> automatically login to fire wall by his mac to test account ... like cleintless by ip address but here by mac address and normal user

    28 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. SSH port forwarding when connecting to firewall

    like Sophos SG, is usefull that admin be able to use ssh port forwarding, but in sophos XG this feautirs is not implemented in ssh protocol

    see ssh command line options for more details:
    ssh -D
    ssh -L
    ssh -R

    16 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. Audio for RDP sessions

    Currently RDP sessions through the User Portal don't offer Audio. This feature would be handy for remote users to be able to playback voicemails, etc.

    12 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Full screen for RDP sessions

    RDP sessions from the User Portal don't allow you to adjust the screen resolution or go full screen to fit the remote desktop to your screen.

    59 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. TR-069 Provisioning

    Auto-provisioning via TR-069/CWMP protocol to configure wan ip address, firewall rules, management server, etc.

    https://en.wikipedia.org/wiki/TR-069

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. DHCP option 42 (NTP) use DNS name

    DHCP option 42 (NTP) currently can only take static IP. Need to use DNS name as well. So we can use something like pool.ntp.org

    22 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. NAT64 support

    With ipv6 wan interface its not possible to reach an ipv4 (ipv6 is not possible for this specific device) device over the internet. We need an translatoon from ipv6 -> ipv4. business application rules (dnat, waf) does not support mixed ipv4/6. only ipv6 for an ipv6 rule and vice versa.

    47 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Make home license payable but cater to some home user requests

    Perhaps not the most popular suggestion, but I would gladly pay a modest fee (e.g. 50 USD/year to be on par with Untangle) if some user requests could be fulfilled. I think of


    • using the Sophos Home cloud to create integrated reporting

    • the ability to use XG as an OpenVPN client so all traffic is protected

    • the ability to use sandstorm

    Then again : a big thank you for making the software free to use. Based on this policy, I was able to recommend at least 15 small business to move to Sophos.

    17 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. DHCP client Option 60 on WAN Interfaces (for IPTV in Singapore)

    In singapore the IPTV Services requires DHCP Option 60 to be a specific string before the DHCP Server assigns an IP Address.
    With an option to send a DHCP Option 60 together with the DHCP Discover packet would be great to have, to enable the XG Firewall to get an IP Address form the ISP's DHCP for IPTV

    31 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. A way to check the real time bandwidth usage for rules

    Is there a way to check the real time bandwidth usage for firewall rules?

    So user can distinguish which rule used the most bandwidth and set the proper QoS for it.

    Thanks~

    213 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. JSON API

    Provide a JSON API rather than XML. Since the backend config services uses JSON, I'm surprised this wasn't done from the begining.

    26 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Display current client version of Authentication Client Downloads

    The download page for authentication clients (System -> Authentication -> Authentication Clients) should display the version that is currently available on the download site to allow for easier comparison to currently deployed client versions.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. STAS: Install on Server Core

    Hi,

    We need an option to install STAS on Server Core (command line mode).

    Thanks

    49 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. CLI and WebAdmin authentication with Radius or LDAP account

    I want to file a feature request for the ability to use AD/LDAP/Radius authentication on XG Console and SSH Session.
    Support has confirmed this is currently not an option.

    The reason for this feature request is for compliancy reasons, in other words, to be able to see which Admin user has made changes to the config when using Console or SSH session.
    We have some customers who want to know exactly WHICH admin has made changes, at WHAT time and from WHICH IP-address.

    Currently the only option is to use the local admin account which of course does not give…

    31 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Create LAG withouth setting IP interface

    XG forces you to set an IP (v4|v6) interface when you create a LAG. This is OK if you plan to use just the LAG without VLANs or with an untagged VLAN.

    BUT, if you don't use untagged VLAN and only tagged ones, you just have to configure some unused IP subnets just to please the web configurator.

    XG should may be warn but allow you to configure a LAG without setting the IP interface

    54 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Restrict User Portal Access to some users (local ou AD)

    Customers sometimes don't want all users to access the User portal.
    it would be nice if there is a check button within the user profile to allow or not access to User Portal for each user or group as well.

    56 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Time-based be 1min or 5 min interval instead of 15 minutes

    XG time-based policy is in 15 mins interval. Once cannot schedule 7:40 or 9:50.
    If the scheduling was in 1min interval or 5min interval, it will be possible.

    22 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.