XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Importing groups: disable MAC binding option

    Get the option to disable MAC binding while importing groups from an authentication server (Example: Active Directory), this because it can be easily forgotten afterwords and this can break SSL VPN for users in the new groups because MAC binding is not supported on SSL VPN.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. Split OTP from password entry field

    When OTP is enabled, provide a separate text box for the OTP on the WebAdmin, Captive Portal and VPN credential screens.

    It is not explicit that users are required to enter the OTP at the moment as it is just appended to their password, which can cause issues for staff trying to connect or login to resources as this is fundamentally different to how they enter OTP's in other applications.

    In order to resolve this issue it should be made clear to users that they have to enter the OTP in the form of an additional text box that only…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. Custom Admin User Profiles

    Would like to have the ability to create a user profile that is somewhere between full admin and general user something like a power user and be able to define what they can and cannot access when logged into the admin console.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Better Handling of Cell Modems

    The Cellular Modem page under networks leaves a lot to be desired. There should be many more options to configure connections and a signal strength meter. Look to the Modem Manager application on Linux for inspiration, something like that in the XG would be fantastic. Also need more support for modern cell modems, the compatability list is starting to become quite dated. With 3G ending this year I think it is soon time to prune all 3G only devices and start supporting LTE/4G/5G models.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add the Use of Network Groups (objects) to Routing and firewall rules

    The issue seems pretty simple. On the SG, I was able to define Network groups, e.g. MOE_Group, MPLS_Group. From that, I was able to define my sites and put them into those groups which would provide firewall rules and routing. We never made it to the rules but the routing is what is killing me. Again, in the SG, I am able to define Static Gateway Routes using my Network Groups:

    Route Type: Gateway route
    Network: MOE_Group
    Gateway: MOE Router ( a router on the trusted internal network )

    Route Type: Gateway route
    Network: MPLS_Group
    Gateway: MPLS Router ( a…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. 7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. IP Host List Can not be download in .CVS format

    IP Host List Can not be download in .CVS format. It is downloaded in html format.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Harmonize log format

    Current log format has key=value pairs, which are easy to manage in certain centralized logging solutions. However, some of these values contains quotation marks " and some does not. As there are several longer values, a quotation mark is reasonable and thus every value should have quotation marks.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Implement partial or wildcard filters in firewall user/network rule criteria

    Currently partial matches do not yield results if the filter doesn't start the same way as the criterion.

    Example:
    "and" will show "Andorra"
    "dorra" will not show anything (i.e. "Andorra" is not shown)

    "la" will show "LAN"
    "an" will not show "LAN"

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Firewall group should not close every time a rule is moved

    Every time a rule is moved (up or down) within a group that group is automatically closed.

    This is rather cumbersome if multiple rules need to be moved, or if you simply want to make sure the rule was moved to the right position.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Specify authentication method for RADIUS/TACACS+ users

    On the SG firewall, an admin could create a user and specify which method of remote authentication would be used. This is not possible on the XG. As a result, a new admin must first authenticate on the User Portal, then an existing admin can change that newly created user to an admin. This is an unnecessary step that could be improved by allowing admins to specify which remote authentication method should be used per user.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow for longer domain names in Parent Proxy field

    Currently there is a limit of 40 characters in the Parent Proxy field:
    Routing > Upstream Proxy > Parent Proxy > Domain Name/IPv4 Address

    Support was unable/unwilling to fix, looking for XG firewall to allow for longer entries in this field. Anything more than 40 characters is truncated, which breaks the parent proxy operation.

    Character limits in the upstream proxy field (currently capped at 40 characters), impacts use of upstream proxies with long names such as webdefence-pool-01.cluster-nyca.forcepoint.net

    Support case for reference (not being fixed by sophos when case was opened 3-13-2019)
    [#8693303] Parent Proxy field truncates at 40 Characters, need…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. SFM API

    Add ability to api import objects into SFM groups. Ability to import a csv style list of hosts, networks, services, groups,etc...

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. XG fw Qradar DSM

    Make Qradar SIEM able to parse XG firewall logs.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. jquery

    Please upgrade jquery in the gui from 2.1.3 to something newer which will pass pci compliance with ControlScan

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. IPv6

    Add OSPF support for IPv6. It's time to go to the futur !

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Initial install when updating Firmware - Manual Control

    should have the ability/option to upgrade the firmware manually, as currently if the internet connection is poor, then it can take an eternity to upgrade to the latest version.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Alert admin before GUI session expires due to inactivity (add countdown timer)

    The GUI session currently simply stops responding after it times out due to inactivity.

    Many sites (e.g. bank web site) alert the user before the session expires and allows the user to reactivate the session. Something like "Your session will expire in 2 minutes ".

    For XG I would suggest a running countdown timer somewhere at the top.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Policy Test should consider Application Control

    The Policy Test should run through all components that may be blocking a request.

    Currently Application Control is not included in the test. The result is that the Policy Test may report a URL as "allowed" even if Application Control blocks it.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Use proper title for Policy Test window

    The (popup) window for the Log Viewer / Policy Test has the URL of the log viewer instead of the function of the page (i.e. "Log Viewer / Policy Test").

    This makes it very difficult to locate the window if the administrator has a lot of open windows.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.