XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 386 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    57 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. Bring RED Tunnels to UTM's and also to Sophos XG

    I would love to be able to create RED tunnels to other Sophos Firewall XG devices aswell as Sophos UTM's.

    This was a big disappointment to myself who used RED tunnels between UTM's

    28 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. Improve Signature Policy GUI (IPS/AppCtrl)

    In the moment it is a mess to select IPS Signatures and Applications in the
    GUI, which additionally doesn't fit in the browser window very well.
    Did i mention the (small) scroll bar on the right?

    Please adjust the IPS and AppCtrl GUI according to best practices.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Firmware notification

    XG looks like Sophos Standard. On Email Virtual Appliance, when I have a new pending firmware to install, I recieve an email saying that a new firmware is available to install and it will be installed at .... (I have automatic upgrade during the night). Inside the email, I have the link to release notes.
    Please implement this feature to XG too.

    207 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. IKE v2 and dynamic routing

    IKEv2 and dynamic routing

    114 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. default source port when adding new services to "1:65535"

    Would be nice if the source port was already pre-populated like it was in UTM9

    222 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Improve the WAN Gateway monitor

    Improve the WAN Gateway monitor. Add Latency thresholds, Packet Loss thresholds.
    This can help much to prevent false positive gateway status.
    The same feature could be added on VPN Failover system

    Best regards,

    Carlos Cesario

    156 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Mail notification to multiple recipients

    Add support to notification component send email to multiple recipients.

    Currently it is supported only 1 recipient.

    Best regards,

    Carlos

    190 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add support SNMP service to multiple WAN interfaces

    Currently this makes impossible an efficient monitoring of appliances (Copernicus) with multiplpe WAN interfaces.

    The SNMP server only works through a unique WAN interface.

    Best regards,

    Carlos

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add support SNMP Community answer to any (0.0.0.0) IP Address

    Currently it is needed create one Community to each specific IP address.
    It is impossible create two 'Public' communities by example to two different IP address or create a single Community String for any (0.0.0.0) Ip address.

    Best regards,

    Carlos

    30 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow interface port to be configured with just vlans

    As it is right now you must assign an ip address to an interface and then add vlans. doesn't allow you to just assign vlans.

    266 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    21 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Rename objects

    Add support to rename Policy rules name, IPSEC and SSL VPN tunnels name, Webfilter Policy and Category objects, Application Policy and Category objects, QOS rules and all other items.
    This will Improve the management, it must be default to all objects. Currently to fix a simple typo error, we must to create a new policy or category and populate all items again. A simple task can turn into a hard task.

    Best regards,

    Carlos

    248 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add option to change Appliance SSH port access

    Add support to change SSH port access.

    Best regards,

    Carlos

    134 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. SSL VPN policy with AD

    Add support to create SSL VPN connection to users from the specific Windows AD Group without needed to this user need login (By Captive Portal or Sophos Client) and after that associate the VPN policy.

    Today, If I have a specific group from Windows AD dedicated only to VPN users, I do not get associate VPN policy to these user if they do not login first by captive portal, Sophos client or SSO, after that I can associate it into a VPN policy. But if these users do not have HTTP access, I cannot set VPN policy.

    Best regards,

    Carlos

    67 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add support SNMP via VPN without add static

    Add support SNMP via VPN without add static routes. This could be as SSH via VPN, only choose a checkbox allowing or deny the service.
    Today it is needed add static route pointing to tunnel name.

    Best regards,

    Carlos

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. 187 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    31 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →

    What we will do:
    Allow XG software installer to run on XG hardware appliances, after removing current partitions (same option as UTM9)

    What we are not planning:
    We will not allow software install to run trivially on a system currently installed with XG.
    We will not make any effort to support on-system wireless, on software installs.
    The system will not report itself in any way as an XG appliance, inside the OS.

  17. Adjustable column width and ordering.

    As a firewall administrator, I want the ability to adjust column width and column ordering in any log display in order to have better visibility of data I am monitoring for.

    As it stands, the log display grid is not intuitive, and requires scrolling down to get to the horizontal scroll before you scroll back up to see data.

    (Can be applied anywhere there is a grid display too.)

    45 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow it to work on i686 hardware instead of requiring x86_64

    I have a very good SMB sized hardware that I use with dual core 2 gig ram ATOM processor. work well for sites with less than 100mb internet. now I cant use SFOS because it says its x86_64 only... Please allow a i686 build

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. 285 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    60 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Improve Logging

    At the moment understand what's going on is very HARD. Live logs are missing and notepad on every section is missing.
    Add live log and allow admins to configure itself coloured live logs (globally or on single windows?). In this way logs have different level of importance and Admins can better understand if they need to worry about or not. For example allows Admins to set red for high-risk/denied traffic/system error, yellow for warning/natted/or whatever and so on.
    I really love the live log on Firewall section of UTM9 where reading what's happen is very very easy.

    412 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    27 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.