XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Reorder rules in SCFM Template

    In a template in Sophos Central Firewall Manager, it's currently impossible to reorder rules (neither create a new rule between two existing rules).
    It's supposed that this is a basic functionality of a firewall managing system.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. Override administrator login timeout on a per user basis

    We want to create an account just for monitoring the status of the XG and have the control centre on display in the office. As this user is an administrator it's session times out after 10 minutes because that is the global setting we have for our other admin accounts. We don't want to change the global setting so it would be really useful if we could override it on a per user basis, similar to the concurrent login setting.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. Unique identifier in browser title bar

    Identifying which browser tab corresponds to which XG when tabs all say "Sophos" isn't possible without memorizing or clicking through each one. Prefixing the page title that populates in the browser tab with either ip address, hostname, or some other custom variable would be helpful when working with many XG's. The icon alone tells us it's a Sophos product, the "Sophos" text adds nothing useful.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. polices for individual user

    Every individual user must have the possibles to change the web and application filter policy as like in cyberoam,

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. MAC Binding

    User Mac is not Binded automatically as like in cyberoam,
    Policy could not be applied for individual users pls try to sort these two as like in cyberoam

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. Ability to Identify Connected Computers

    On the main firewall console, there is a section at the top labeled "User & device insights", then Security Heartbeat. It shows the number of Connected devices with Heartbeat. I regularly check to ensure the correct number of devices are displayed, but I can't ever tell which devices are connected because you can't drill down into that information. It would be enormously helpful to display additional information if I click on the number of Connected devices.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. SNMP for XG Firewall Upgrade

    Hi ,

    I request you that SNMP OID should be added for the the SOPHOS XG Firewall - MIB for Monitoring purpose as present MIB does not able to capture below points.

    1.Interface Utilization
    2.Bandwidth Monitoring
    3.Interface IP details
    4.WAN Link monitoring etc...

    Please have these all OID added in the Sophos XG MIB

    16 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. SNMP

    Hi ,

    I request you that SNMP OID should be added for the the SOPHOS XG Firewall - MIB for Monitoring purpose as present MIB does not able to capture below points.

    1.Interface Utilization
    2.Bandwidth Monitoring
    3.Interface IP details
    4.WAN Link monitoring etc...

    Please have these all OID added in the Sophos XG MIB .

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. search in port settings firewall

    When working in a firewall rule the options settings search should search the whole field and not just if it starts the string. Example: Destination networks- search for Filewave, internal_Filewave will not show up. Anything with the search string in it should show up.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Terminate all live connections when user reached traffic quota limit

    Sophos XG unable to terminate live sessions when user network traffic quota ends.
    For example; When we download the file via HTTP protocol, the connection cannot be terminated until it pauses the download process or the download is finished, so user can transfer as much as he wants from the open session. Depending on when the session is closed.
    Its very important for paid internet service providers. (If provider provides via satellite connection, costs calculating as per MB)

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Create STIG for XG Firewall

    Reference: https://iase.disa.mil/stigs/Pages/a-z.aspx?#
    Sophos' major competition have certified their products and provide STIG files for secure configuration in accordance with DISA standard for the DOD. A DISA IASE STIG file is needed regularly for each major XG firewall version. This is now required for far more than USG agencies - this is now being used by USG contracting suppliers in order to prove compliance with NIST SP 800-171 and it's now being used as a security standard for other country and industries for commerce security. This needs to be considered sooner rather than later - Sophos is losing sales over…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Notification App for Android and iOS

    It would be great if we could have a notification app for Android and iOS which is fully independent from Sophos Central, especially for home users or SMB companys which do not need central.
    The app should provide the Administrator alerts and informations about security events (IPS, Web- and Appfiltering, Emailprotection...) and advanced informations about the device (Memory, CPU,...).
    It would be great if this app is also available for users of XG Home without Sophos Central account.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Implementation LLDP/CDP

    The implementation of LLDP/CDP would help to recognize and present the product in automated network documentation.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. wireless

    I would like a way to force the disconnection of wireless clients.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Snmpget/snmpwalk requests should get the usage of each disk partition

    We would like to monitor actively the usage of each disk partition of the XG firewall via snmpget. The current MIB allows only to request the usage of the whole disk what doesn't make much sense. We need a new MIB containing OIDs for each partition.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Export guest users data

    I need to export guest users data user name and password to excel with non encrypted password to.print the accounts one by one

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Local ACL exceptions rule ID

    The traffic matching local ACL exception is showned in the logs as going through the last firewall rule. So it means when verifying the logs, you have extra entries in this rule logs which are totally not related to it.

    Would it be possible to display this traffic another way in the logs that is not linked with the last firewall rule? Because it's not related to it.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. SFM - Overwrite whole configuration with template

    I'd like to have the possibility to overwrite the whole configuration of a firewall with the content of an SFM template. Currently when applying a template from SFM the firewall rules merge with the ones configured locally.
    I´d like to have the possibility of replacing, instead of merging and have full control of the firewall from SFM, like others vendors have from their management server.
    This is to avoid human errors by a local administrators. For example someone can log locally on the firewall and configure an any any permit, then you apply your template and that any any remains. …

    19 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. SNMPwalk should get back interface details and routes

    So that documentation software automatically can map complete Networks, it would be desirable if details about interfaces and routes were returned during a snmpwalk.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. missing DigiCert root in Certificate Authorities

    Missing DigiCert root in Certificate Authorities
    Uploaded PFX certificates from DigiCert are signed with red cross because root certificate "C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA " is missing in Certificate Authorities.
    So this certificate cannot be added as appliance cert.
    Please add it.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.