XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Improve Backup operation

    At the moment is possible to configure only one method of backup (Local or Email or FTP). I would like to configure 2 ways, such as Local + email, Local + FTP.
    Also no way to only upload configuration inside XG without restore (as it is possible with UTM).
    Once the configuration has been uploaded, I would like to see what has changed from last configuration to current configuration. So the chance to generate a PDF report which lists all differences and details, such as:
    -User A has been added (details)
    -Policy ID has been changed (details)
    - New Traffic…

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. Handle exceptions more easily

    Today is quite hard to create simple exceptions. For example: Lets say we have a main user policy that uses a Web filtering policy, a QoS policy, a default routing policy and an App filtering policy.

    Now, lets say we have a user inside this policy that should get a specific web site access that is currently blocked in the web filtering policy. Also, another user needs to get more/less bandwithd than everyone else. Also, a user have to get routed through a specific link and not follow the default route balance. Also, another user must have an application allowed.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. On Demand CPU Scaling

    The firewall would be scaling the CPU up/down depending on utilization. Main benefit would be less power usage, and possibly better efficiency.

    Should use CPU technologies available like AMD's Cool'n'Quiet or Intel's SpeedStep

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. DHCP - Clients via DHCP/DHCPv6 relay agent

    XG Firewall already has the option to serve either as a DHCP server, or as a DHCP relay agent for another DHCP server. However, when using the XG Firewall as the DHCP server, there is no option to serve DHCP clients via a DHCP relay agent (i.e., when another device is serving as the relay agent). As a result, DHCP pools on the XG Firewall can only be configured using address ranges that are contained within the subnet range of the selected interface. This option is available when setting up address pools in UTM9.

    29 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Route based VPN in XG Firewall

    Route based VPN is a very much required feature in XG Firewall. Lot of Cyberoam customers are using this feature, primarily for MPLS to VPN failover using Dynamic Routing. In multi-branch scenario, Sophos cloud is a great solution with Synchronized security. But customers who are using Route based feature are not able to upgrade their Cyberoam devices to SF-OS because of the feature lack.

    109 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow service object creation while creating a service group

    make creation of a service while creating a service group available. Right now I had to create all the desired services. And only after that could I create the group and add the services

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Export-Import Reports and Logging

    For customer that do not use iView, we need a way to export logs and reports before a format is needed for some reason (when no HA is used).
    Also now the license is attached to serial, so imagine a customer need to move to another appliance (bigger or smaller) he will lose all data.
    Inside Administration, there is a Menu "Import/Export). You could add the feature inside there.
    Once exported, reports/logs should be imported again as History or merging with the new data.

    18 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Common Objects used in all configurations

    Give us objects like in the UTM, Why do i have to set a static ip in the dhcp, add a dns record in the dns server and create a ip host object for firewall rules, when i could do it all with one object in the UTM.. This was for me a really really perfect feature and it makes it all a lot easier to administrate since you don't have to do the same over and over again for different parts of the configuration.

    105 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. 14 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Can we have live Bandwidth speeds for Interfaces?

    It would be great to be able to see live Bandwidth speed stats for each Interface like we had on UTM.

    541 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    26 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Editing multiple policies at once

    It will be nice to have the possibility to editing multiple Policies at the same time by having a check box on the left (as it is already available on Services Objects) and be able to perform general modification, such as:

    enable/disable logging
    
    edit MASQ
    edit users/groups member
    enable/disable heartbeat
    allow/deny/reject action
    change Application/IPS/Web filtering
    malware scanning option

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. CLI - More basic commands to manage XG

    Give us the chance to manage XG basic features from CLI, such as:

    creating/editing/deleting network objects
    creating/editing/deleting services
    creating/editing/deleting users/groups
    creating/editing/deleting ips/application control/web policies
    creating/editing/deleting and managing VPN

    and more.....

    153 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    13 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. ip tunnel - local endpoint - Possibility to choose an interface instead of fixed IP

    If you have DHCP on the WAN interface and also an IP-Tunnel which terminates there, it would be great if you can configure the local endpoint dynamically. (Take the IPv4 value of interface Port1)

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. add AICCU support (ipv6 sixxs.net)

    Add AICCU support (Like on UTM) [https://www.sixxs.net/tools/aiccu/] for Sixxs.net ipv6 tunnel handling.

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. XG as NTP Server

    NTP Server is a small package and UTM9 has it. In some small organization, having a central NTP server is a nice feature.
    Can you add it into future release?

    You can put it inside device access, denying WAN from using NTP server for security reason.

    748 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    47 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Force delete object

    At the moment, if you try to remove a object used somewhere (Policy Rule for example) a message appears saying that "the object is already in use." So give us where the object is in use and allow Admins to delete it.
    You can add an extra column with number of times the object has been used and give LINK where the object is used so we can go directly to the place and check if can delete it or not.

    183 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    25 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow Configuration of DHCP Options

    UTM 9 had great DHCP options that you could assing globally or to an individual pool. For people with VoIP deployments this is Huge.

    399 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    16 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. 475 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    64 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Improve Signature Policy GUI (IPS/AppCtrl)

    In the moment it is a mess to select IPS Signatures and Applications in the
    GUI, which additionally doesn't fit in the browser window very well.
    Did i mention the (small) scroll bar on the right?

    Please adjust the IPS and AppCtrl GUI according to best practices.

    15 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Improve the WAN Gateway monitor

    Improve the WAN Gateway monitor. Add Latency thresholds, Packet Loss thresholds.
    This can help much to prevent false positive gateway status.
    The same feature could be added on VPN Failover system

    Best regards,

    Carlos Cesario

    229 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.