XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Sync DNS with DHCP Leases

    The DNS shall resolve the hosts which was provided an addressed by DHCP.

    132 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    27 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. No NAT-T when configuring Site-to-Site IPSec VPN

    By default NAT-T is disabled for Site-to-Site IPSec VPN Connections. Unfortunately it is not possible to activate NAT-T when configuring a Site-to-Site IPSec tunnel, since this option is greyed out.

    In my case it is essential to use NAT-T, because the Remote Endpoint is located behind a NAT device.

    28 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. Additional BGP features

    Within UTM you supported additional BGP configuration options than what is present in XG. I would specifically see AS prepend and filter lists implemented in XG.

    Thanks,
    Bob

    14 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. User Management - make paging configurable and easier to navigate

    On systems with a large number of users (we have over 1100) the user management page is difficult to navigate. Clicking through pages of 20 users one page at a time is time consuming. I would like the ability to modify the number of users listed on each page. Choice of 20, 50, 100, 250 per page, for example, would be great.

    Also, the ability to jump to a specific page would be a nice feature.

    Thanks,
    Bob

    19 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. User Portal / SSL VPN Portal

    Unlike Cyberoam, SSL VPN and User Portal are now combined here in Sophos XG. There are issues on our clients regarding on this for security purposes. We, Netplay Inc. is requesting to at least and administrator of the GUI could be able to modify or edit what users can see to the current user portal we have.

    Example: After user log on their account. SSL VPN is the only visible.

    49 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow IP Host Groups to be added to IP Host Groups

    Allow IP Host Groups to be added to IP Host Groups.

    I am migrating a SonicWALL configuration to a Sophos Firewall and am running into the issue that the SonicWALL supports nested groups and the Sophos Firewall not. Since I am using the API to script the configuration conversion and push the configuration its quite a big slow down to have to do it manually afterwards.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Wildcard search within Network Rules

    If I go to IP Host and filter by "Port", I see everything containing that keyword. However, if I go to edit a Network Rule in Policies and type in "Port" in the Networks search box, I get no results. In the Networks search box I seem to be unable to find anything unless I know the beginning name of the network I wish to search for. In this case, I have to enter "#Port." IMHO it would be better if the search term was treated as an "include" type match versus a "begins with" search.

    41 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Services: search for defined services by port

    In the Services, i cant see if i have a Port/Service Defined.
    So either searchable port numbers (now its only the Name)
    or Display all Services on one page, so i can search

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Hardware health: Thermal sensors and fan speed reporting

    Hi

    Some sort of hardware status feedback would be very nice. Most importatn would be CPU and mainboard temperature, however fan speed would also be nice.

    156 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Compare / Diff Policies

    It would be handy to be able to compare / diff policies. You can currently do this manually by opening two pages side-by-side, but that is cumbersome and error prone.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Routing Table - Show

    Available in the GUI or CLI able to visualize the active routing table.

    This feature exists in other manufacturers, such as Fortinet for example

    50 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. SSH Access - User can access the SSH with its own credential

    Currently it is possible to access the SSH only with the ADMIN user.

    For companies that need to be compliance with the PCI this is not acceptable.

    It is very important each User can access the SSH with its own credential for audit purposes

    114 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow changing threshold for the Performance system monitor on the XG homepage.

    Allow changing threshold for the Performance system monitor on the XG homepage.

    My system always sits in Orange even when network use is really low.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. GUI Search

    I often find myself hunting around the interface for various settings. It would be quite handy to have a search box where I can search for a particular setting, select it from a dropdown of results, and then be taken directly to the page.

    111 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Create a Migration Assistant (web)application for the Firewall-OS

    Cyberoam has a Migration Assistant which converts for example a SonicWALL UTM configuration to a configuration for the Cyberoam UTM appliances.

    The Sophos Firewall-OS already supports an API which uses, just like the IMPORT/EXPORT feature, an XML structure for setting configuration. Now I have to if possible create a script to find configuration components and convert the structure to match the XML structure for the Sophos Firewall-OS. Other vendors support configuration exports in XML format or other kind of readable format.

    Such a tool would make it easier to migrate a customer to the Sophos Firewall-OS, making the choice for…

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow IP List to be added to IP Host Group

    You can add an IP range or IP subnet to an IP host group but not an IP list.

    18 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. UI should show pop-up info for network object everywhere

    Please correct the UI so that the Port designations include the subnet or IP address associated with them EVERYWHERE. Right now sometimes when you select a port from a list it will include that information and at other times it is missing. I have a hard time remembering which port number is which interface, it is reminiscent of the frustration of working with SonicWall devices and their annoying X0, X1,X2, etc. designations.

    18 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add an UNDO Button

    Would be helpful if you could reverse changes to say a firewall rule or security policy just by clicking on an Undo button.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add Visualization of Networks and VPN Connections

    Would be awesome if you could look at a chart of how your network is configured from within the XG. Might make diagnosing issues easier if you could see precisely where things are breaking with this kind of visual feedback.

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Scheduled Installation of the AV Updates and Firmware Installation.

    Scheduled Installation of the AV Updates and Firmware Installation is required. The firmware updates and AV Updates should get automatically downloaded over the WAN interfaces, however installation of this updates should be done only when the Date and time is scheduled by the Network Administrator.

    In addition to the available scheduling options, the custom category should be added, where in the administrators can select a custom date and custom time, after selecting the custom date and custom time the system should prompt if these settings are just to be executed once, daily, weekly, every 15 days or monthly.

    785 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    97 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.