XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. SNMP for XG Firewall Upgrade

    Hi ,

    I request you that SNMP OID should be added for the the SOPHOS XG Firewall - MIB for Monitoring purpose as present MIB does not able to capture below points.

    1.Interface Utilization
    2.Bandwidth Monitoring
    3.Interface IP details
    4.WAN Link monitoring etc...

    Please have these all OID added in the Sophos XG MIB

    15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. SNMP

    Hi ,

    I request you that SNMP OID should be added for the the SOPHOS XG Firewall - MIB for Monitoring purpose as present MIB does not able to capture below points.

    1.Interface Utilization
    2.Bandwidth Monitoring
    3.Interface IP details
    4.WAN Link monitoring etc...

    Please have these all OID added in the Sophos XG MIB .

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. search in port settings firewall

    When working in a firewall rule the options settings search should search the whole field and not just if it starts the string. Example: Destination networks- search for Filewave, internal_Filewave will not show up. Anything with the search string in it should show up.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Terminate all live connections when user reached traffic quota limit

    Sophos XG unable to terminate live sessions when user network traffic quota ends.
    For example; When we download the file via HTTP protocol, the connection cannot be terminated until it pauses the download process or the download is finished, so user can transfer as much as he wants from the open session. Depending on when the session is closed.
    Its very important for paid internet service providers. (If provider provides via satellite connection, costs calculating as per MB)

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Create STIG for XG Firewall

    Reference: https://iase.disa.mil/stigs/Pages/a-z.aspx?#
    Sophos' major competition have certified their products and provide STIG files for secure configuration in accordance with DISA standard for the DOD. A DISA IASE STIG file is needed regularly for each major XG firewall version. This is now required for far more than USG agencies - this is now being used by USG contracting suppliers in order to prove compliance with NIST SP 800-171 and it's now being used as a security standard for other country and industries for commerce security. This needs to be considered sooner rather than later - Sophos is losing sales over…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. Notification App for Android and iOS

    It would be great if we could have a notification app for Android and iOS which is fully independent from Sophos Central, especially for home users or SMB companys which do not need central.
    The app should provide the Administrator alerts and informations about security events (IPS, Web- and Appfiltering, Emailprotection...) and advanced informations about the device (Memory, CPU,...).
    It would be great if this app is also available for users of XG Home without Sophos Central account.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Implementation LLDP/CDP

    The implementation of LLDP/CDP would help to recognize and present the product in automated network documentation.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. wireless

    I would like a way to force the disconnection of wireless clients.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Snmpget/snmpwalk requests should get the usage of each disk partition

    We would like to monitor actively the usage of each disk partition of the XG firewall via snmpget. The current MIB allows only to request the usage of the whole disk what doesn't make much sense. We need a new MIB containing OIDs for each partition.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Export guest users data

    I need to export guest users data user name and password to excel with non encrypted password to.print the accounts one by one

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Local ACL exceptions rule ID

    The traffic matching local ACL exception is showned in the logs as going through the last firewall rule. So it means when verifying the logs, you have extra entries in this rule logs which are totally not related to it.

    Would it be possible to display this traffic another way in the logs that is not linked with the last firewall rule? Because it's not related to it.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. SFM - Overwrite whole configuration with template

    I'd like to have the possibility to overwrite the whole configuration of a firewall with the content of an SFM template. Currently when applying a template from SFM the firewall rules merge with the ones configured locally.
    I´d like to have the possibility of replacing, instead of merging and have full control of the firewall from SFM, like others vendors have from their management server.
    This is to avoid human errors by a local administrators. For example someone can log locally on the firewall and configure an any any permit, then you apply your template and that any any remains. …

    19 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. SNMPwalk should get back interface details and routes

    So that documentation software automatically can map complete Networks, it would be desirable if details about interfaces and routes were returned during a snmpwalk.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. missing DigiCert root in Certificate Authorities

    Missing DigiCert root in Certificate Authorities
    Uploaded PFX certificates from DigiCert are signed with red cross because root certificate "C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA " is missing in Certificate Authorities.
    So this certificate cannot be added as appliance cert.
    Please add it.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. backup to central

    With the integration started with Sophos Central, it would be great if the last x number backups could be pushing into Sophos Central. This would provide a few capabilities. One - It could be backed centrally up without the required MR4 password affix to it, so no prior knowledge would be required to restore that backup if hardware failed. Two, it would create snapshots of the configs in time for audit / discover purposes, hopefully eventually leading into a change log of all UTM config changes. Three, in DR scenarios it exists outside of all company systems and people, so…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Al

    Suggestion with regards to how XG Firewall handles backups. I would love to have the option to auto backup when the config changes. Weekly or daily often leaves me with either to many backups or the possibility of having a backup with missed changes

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Updated API documentation for Country Host Groups

    The API documentation on your site is either outdated or just wrong in regards to Country Host Groups. The actual parameter is <CountryGroup>, but isn't listed anywhere in the documentation. The sub-parameter to pass it is <CountryList>, not <CountryHost>, which in turn needs to be passed a series of sub-parameters of type <Country>. There is also no example listed.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow upload of certificates with special characters in passphrase

    Currently I can upload certificates with keys including special characters to the "Certificates" tab under "Certificates". Unfortunately, uploading the same certificate under the "Certificate authorities" tab results in the following error:

    Special characters |, `, ', ", <, >, (, ) and \ are not allowed in the passphrase

    I don't see why special characters can be used in the passphrase for "Certificates" but not "Certificate authorities". Please allow special characters to be used in passphrases under "Certificate authorities".

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. speedtest

    Other manufacturers like meraki offer a speed test on the WAN bandwidth and available throughput.

    27 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Integrate NTOPNG or similar funtionality into SFOS

    There is a Linux utility called ntopng https://www.ntop.org which is very good at identifying and classifying network traffic at high speed. If you could integrate this into SFOS it would be a very powerful tool.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.