XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enable/Disable in DHCP server

    Ability to Enable or Disable DHCP by GUI

    120 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. DHCP - Clients via DHCP/DHCPv6 relay agent

    XG Firewall already has the option to serve either as a DHCP server, or as a DHCP relay agent for another DHCP server. However, when using the XG Firewall as the DHCP server, there is no option to serve DHCP clients via a DHCP relay agent (i.e., when another device is serving as the relay agent). As a result, DHCP pools on the XG Firewall can only be configured using address ranges that are contained within the subnet range of the selected interface. This option is available when setting up address pools in UTM9.

    26 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. Route based VPN in XG Firewall

    Route based VPN is a very much required feature in XG Firewall. Lot of Cyberoam customers are using this feature, primarily for MPLS to VPN failover using Dynamic Routing. In multi-branch scenario, Sophos cloud is a great solution with Synchronized security. But customers who are using Route based feature are not able to upgrade their Cyberoam devices to SF-OS because of the feature lack.

    100 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Policy custom View

    Would be better if an admin can view the active flags in a security policy. This will be usefull for example to know when a policy is using a NAT policy or have Web Filter policy active. The best option would be a customizable view where the admin can choose what flags want to view.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. service groups

    make creation of a service while creating a service group available. Right now I had to create all the desired services. And only after that could I create the group and add the services

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. Display addresses when hovering over a host name or host group

    when creating a new policy rule and choosing an IP host or a host group, it would be nice if you could hover of the name of the group and pop up the address(es) of that host or group.

    I can't be the only one who sometimes names things poorly and would like to verify the correct address before creating the rule

    31 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Configure Hotspot users for backend authentication on XG Firewall

    Configure Hotspot users for backend authentication on XG Firewall.
    there is no such option in the new version of XG Firewall

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Select individual wan interface for vpn

    1. I have noticed that the Cisco VPN client has the option of choosing which WAN interface on the firewall is to be bound to for SSLVPN
    This feature is NOT available on the sophos vpn client
    Please put this a default because if Cisco client is not available then we have t use the sophos vpn client and this feature is necessary

    2. There is no dedicated filter option for SSLVPN in the log viewer instead it is going under system view which is wrong

    26 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Installation: Allow to configure PPPoE for WAN before license activation

    Allow to configure PPPoE for the WAN interface before license activation.

    20 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Installation: Manually set IP address for LAN

    The XG Firewall installer should allow me to configure the IP address that I want to use on my LAN, so I can easily integrate it into my existing network.

    32 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Initial Install

    During the initial install, Sophos XG chooses the interfaces on its own. User should be able to decide which interface to use.

    Also basic setup is the only option someone can do to configure WAN port in order to register device. This would also be nice to choose the interface to use.

    Add Registration log to console menu to permit user to see the logs regarding registration errors. At the moment I am unable to register the device, it was difficult to track down log messages.

    38 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →

    The initial product setup process is being updated in an upcoming release, before v17. This will improve the registration process, and interface configuration options available during the registration process.It will also update the setup wizard offered on first login, providing an improved initial install experience, end-to-end.

  12. Export-Import Reports and Logging

    For customer that do not use iView, we need a way to export logs and reports before a format is needed for some reason (when no HA is used).
    Also now the license is attached to serial, so imagine a customer need to move to another appliance (bigger or smaller) he will lose all data.
    Inside Administration, there is a Menu "Import/Export). You could add the feature inside there.
    Once exported, reports/logs should be imported again as History or merging with the new data.

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Objects

    Give us objects like in the UTM, Why do i have to set a static ip in the dhcp, add a dns record in the dns server and create a ip host object for firewall rules, when i could do it all with one object in the UTM.. This was for me a really really perfect feature and it makes it all a lot easier to administrate since you don't have to do the same over and over again for different parts of the configuration.

    87 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. 7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Can we have live Bandwidth speeds for Interfaces?

    It would be great to be able to see live Bandwidth speed stats for each Interface like we had on UTM.

    456 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    24 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Editing Policies at one

    It will be nice to have the possibility to editing multiple Policies at the same time by having a check box on the left (as it is already available on Services Objects) and be able to perform general modification, such as:

    enable/disable logging
    edit MASQ
    edit users/groups member
    enable/disable heartbeat
    allow/deny/reject action
    change Application/IPS/Web filtering
    malware scanning option

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. CLI - More basic commands to manage XG

    Give us the chance to manage XG basic features from CLI, such as:

    creating/editing/deleting network objects
    creating/editing/deleting services
    creating/editing/deleting users/groups
    creating/editing/deleting ips/application control/web policies
    creating/editing/deleting and managing VPN

    and more.....

    131 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. ip tunnel - local endpoint - Possibility to choose an interface instead of fixed IP

    If you have DHCP on the WAN interface and also an IP-Tunnel which terminates there, it would be great if you can configure the local endpoint dynamically. (Take the IPv4 value of interface Port1)

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. add AICCU support (ipv6 sixxs.net)

    Add AICCU support (Like on UTM) [https://www.sixxs.net/tools/aiccu/] for Sixxs.net ipv6 tunnel handling.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. View logs for "any"

    In the log viewer, you have to choose the log View what you want to view for System, Web Filter, .. etc.
    Because of you can add filter options like an IP address, would be better if you can see all logs related with that filter at the same time.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.