Ability to Enable or Disable DHCP by GUI120 votes
XG Firewall already has the option to serve either as a DHCP server, or as a DHCP relay agent for another DHCP server. However, when using the XG Firewall as the DHCP server, there is no option to serve DHCP clients via a DHCP relay agent (i.e., when another device is serving as the relay agent). As a result, DHCP pools on the XG Firewall can only be configured using address ranges that are contained within the subnet range of the selected interface. This option is available when setting up address pools in UTM9.26 votes
Route based VPN is a very much required feature in XG Firewall. Lot of Cyberoam customers are using this feature, primarily for MPLS to VPN failover using Dynamic Routing. In multi-branch scenario, Sophos cloud is a great solution with Synchronized security. But customers who are using Route based feature are not able to upgrade their Cyberoam devices to SF-OS because of the feature lack.100 votes
Would be better if an admin can view the active flags in a security policy. This will be usefull for example to know when a policy is using a NAT policy or have Web Filter policy active. The best option would be a customizable view where the admin can choose what flags want to view.7 votes
make creation of a service while creating a service group available. Right now I had to create all the desired services. And only after that could I create the group and add the services8 votes
when creating a new policy rule and choosing an IP host or a host group, it would be nice if you could hover of the name of the group and pop up the address(es) of that host or group.
I can't be the only one who sometimes names things poorly and would like to verify the correct address before creating the rule31 votes
This is currently being developed for inclusion in v16.5
Configure Hotspot users for backend authentication on XG Firewall.
there is no such option in the new version of XG Firewall14 votes
1. I have noticed that the Cisco VPN client has the option of choosing which WAN interface on the firewall is to be bound to for SSLVPN
This feature is NOT available on the sophos vpn client
Please put this a default because if Cisco client is not available then we have t use the sophos vpn client and this feature is necessary
2. There is no dedicated filter option for SSLVPN in the log viewer instead it is going under system view which is wrong26 votes
Allow to configure PPPoE for the WAN interface before license activation.20 votes
The XG Firewall installer should allow me to configure the IP address that I want to use on my LAN, so I can easily integrate it into my existing network.32 votes
During the initial install, Sophos XG chooses the interfaces on its own. User should be able to decide which interface to use.
Also basic setup is the only option someone can do to configure WAN port in order to register device. This would also be nice to choose the interface to use.
Add Registration log to console menu to permit user to see the logs regarding registration errors. At the moment I am unable to register the device, it was difficult to track down log messages.38 votes
The initial product setup process is being updated in an upcoming release, before v17. This will improve the registration process, and interface configuration options available during the registration process.It will also update the setup wizard offered on first login, providing an improved initial install experience, end-to-end.
For customer that do not use iView, we need a way to export logs and reports before a format is needed for some reason (when no HA is used).
Also now the license is attached to serial, so imagine a customer need to move to another appliance (bigger or smaller) he will lose all data.
Inside Administration, there is a Menu "Import/Export). You could add the feature inside there.
Once exported, reports/logs should be imported again as History or merging with the new data.18 votes
Give us objects like in the UTM, Why do i have to set a static ip in the dhcp, add a dns record in the dns server and create a ip host object for firewall rules, when i could do it all with one object in the UTM.. This was for me a really really perfect feature and it makes it all a lot easier to administrate since you don't have to do the same over and over again for different parts of the configuration.87 votes
This is currently being planned for inclusion in an upcoming version
It would be great to be able to see live Bandwidth speed stats for each Interface like we had on UTM.456 votes
This feature is under consideration for a future release in 2018, though a target version is not yet set.
It will be nice to have the possibility to editing multiple Policies at the same time by having a check box on the left (as it is already available on Services Objects) and be able to perform general modification, such as:
edit users/groups member
change Application/IPS/Web filtering
malware scanning option6 votes
Give us the chance to manage XG basic features from CLI, such as:
creating/editing/deleting network objects
creating/editing/deleting ips/application control/web policies
creating/editing/deleting and managing VPN
and more.....131 votes
If you have DHCP on the WAN interface and also an IP-Tunnel which terminates there, it would be great if you can configure the local endpoint dynamically. (Take the IPv4 value of interface Port1)7 votes
Add AICCU support (Like on UTM) [https://www.sixxs.net/tools/aiccu/] for Sixxs.net ipv6 tunnel handling.9 votes
In the log viewer, you have to choose the log View what you want to view for System, Web Filter, .. etc.
Because of you can add filter options like an IP address, would be better if you can see all logs related with that filter at the same time.12 votes
This is currently being developed for inclusion in v17
- Don't see your idea?