XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. TR-069 Provisioning

    Auto-provisioning via TR-069/CWMP protocol to configure wan ip address, firewall rules, management server, etc.

    https://en.wikipedia.org/wiki/TR-069

    5 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. DHCP option 42 (NTP) use DNS name

    DHCP option 42 (NTP) currently can only take static IP. Need to use DNS name as well. So we can use something like pool.ntp.org

    22 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. NAT64 support

    With ipv6 wan interface its not possible to reach an ipv4 (ipv6 is not possible for this specific device) device over the internet. We need an translatoon from ipv6 -> ipv4. business application rules (dnat, waf) does not support mixed ipv4/6. only ipv6 for an ipv6 rule and vice versa.

    50 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Make home license payable but cater to some home user requests

    Perhaps not the most popular suggestion, but I would gladly pay a modest fee (e.g. 50 USD/year to be on par with Untangle) if some user requests could be fulfilled. I think of


    • using the Sophos Home cloud to create integrated reporting

    • the ability to use XG as an OpenVPN client so all traffic is protected

    • the ability to use sandstorm

    Then again : a big thank you for making the software free to use. Based on this policy, I was able to recommend at least 15 small business to move to Sophos.

    17 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. DHCP client Option 60 on WAN Interfaces (for IPTV in Singapore)

    In singapore the IPTV Services requires DHCP Option 60 to be a specific string before the DHCP Server assigns an IP Address.
    With an option to send a DHCP Option 60 together with the DHCP Discover packet would be great to have, to enable the XG Firewall to get an IP Address form the ISP's DHCP for IPTV

    32 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. A way to check the real time bandwidth usage for rules

    Is there a way to check the real time bandwidth usage for firewall rules?

    So user can distinguish which rule used the most bandwidth and set the proper QoS for it.

    Thanks~

    217 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. JSON API

    Provide a JSON API rather than XML. Since the backend config services uses JSON, I'm surprised this wasn't done from the begining.

    27 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Display current client version of Authentication Client Downloads

    The download page for authentication clients (System -> Authentication -> Authentication Clients) should display the version that is currently available on the download site to allow for easier comparison to currently deployed client versions.

    5 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. STAS: Install on Server Core

    Hi,

    We need an option to install STAS on Server Core (command line mode).

    Thanks

    49 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. CLI and WebAdmin authentication with Radius or LDAP account

    I want to file a feature request for the ability to use AD/LDAP/Radius authentication on XG Console and SSH Session.
    Support has confirmed this is currently not an option.

    The reason for this feature request is for compliancy reasons, in other words, to be able to see which Admin user has made changes to the config when using Console or SSH session.
    We have some customers who want to know exactly WHICH admin has made changes, at WHAT time and from WHICH IP-address.

    Currently the only option is to use the local admin account which of course does not give…

    32 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Create LAG withouth setting IP interface

    XG forces you to set an IP (v4|v6) interface when you create a LAG. This is OK if you plan to use just the LAG without VLANs or with an untagged VLAN.

    BUT, if you don't use untagged VLAN and only tagged ones, you just have to configure some unused IP subnets just to please the web configurator.

    XG should may be warn but allow you to configure a LAG without setting the IP interface

    63 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Restrict User Portal Access to some users (local ou AD)

    Customers sometimes don't want all users to access the User portal.
    it would be nice if there is a check button within the user profile to allow or not access to User Portal for each user or group as well.

    56 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Time-based be 1min or 5 min interval instead of 15 minutes

    XG time-based policy is in 15 mins interval. Once cannot schedule 7:40 or 9:50.
    If the scheduling was in 1min interval or 5min interval, it will be possible.

    22 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Bridge like UTM9

    XG has some limitations when it is working as bridge:
    Dynamic DNS
    Multicast Routing
    DHCP Client
    IPsec VPN
    VLAN
    Virtual Host
    PPPoE
    Bridge (a Bridged Interface cannot be a member of Bridge)
    Have a look at this Kb for more information: https://community.sophos.com/kb/en-us/123276
    This will prevent XG to be installed in such environments that cannot be modified but those features are needed.
    Competition does not have this kind of problem.

    130 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Register Guest Users via Email Authentication & Delivery Method

    With the current method of Guest User Registration you can only manually register users yourself or Users have to register their phone number and get a text message which can be complex, painful to set up and costly in the long term.

    We need more options for Guest User registration, ideally via email would be the best fall back. Although the user will be wanting to connect via the WiFi because it would be better than their data, they should generally have enough data capability to receive an email. This would be simple and low cost to set up, additionally…

    32 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Netflow timeout value

    Add a parameter in Netflow where we can specify the timeout for an active or inactive flow. Actually you send just one flow for the total flow and so we cannot graph the flow.

    26 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. MTU size detection based on neighboring device.

    MTU size auto detect based on neighboring device.
    Based on knownledge base article https://community.sophos.com/kb/en-us/124282.
    It is troublesome to have to manually change the MTU and MSS size. According to ISP.
    This problem is very commonly happen to Malaysian ISP where the MTU and MSS changes reandomly.

    7 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. ethernet ip below pppoe interface

    Allow setting an IP address to the ETH interface below the PPPoE interface for access to the modem/router configuration in that interface, this has been a huge oversight since UTM.
    Right now the only way to Access the modem is to turn the interface to a standard Ethernet and config the correct IP to access the modem, which is cumbersome, needs reconfiguration and breaks the connection(no way to monitor the modem with the PPPoE connection up)

    3 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Integrate other Sophos tools (Sophos Home and Sophos Android Security) to be controlled through XG

    I would like to see the other Sophos security tools cooperate better with XG firewall. For instance:

    I would like to see Sophos Home integrated into the Security Heartbeat feature and allow endpoints with Sophos home to report their status, like it appears on the website. Also, any configuration that can be done on the Sophos home website should be available via the XG interface. It would also be nice if the Sophos Home software on and endpoint can detect that it is internal to the XG firewall and defer security settings to the XG, while becoming fully active when…

    37 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. migration tool from UTM9 to XG on same model

    We need tool for migrate UTM9 to XG on same model

    17 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.