XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add Stunnel Functionality

    It would be really cool if you could add something like what the application STUNNEL can do to the XG. Think of it like reverse port forwarding, you have a service on the firewall listening on a particular port, machines on the network talk directly to the firewall on that port, and the firewall forwards the traffic on to the destination.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. Dump AUFS file system

    AUFS is an old technology, and slow, switch to a more modern overlay system. Docker dropped this filesystem long ago, time to catch up?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. Ability to run Linux commands directly in the GUI

    While the console is a great it would be cool if we could just send a Linux command directly to the device from the GUI, perhaps from the Diagnostics page, and get the output immediately the same way the current Ping and Traceroute work. Some useful commands might be netstat, ifconfig, etc.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. More 2FA Choices

    Come on Sophos, it is 2019, give us more choices for 2FA already. You have your own 2FA service, why has that not been integrated into the XG?

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Network Port Scanner

    Under the diagnostics page add the ability to scan either a single IP address or a range of IP addresses for open ports. There is a great Linux utility called Fing that can do this very well and report on what it found, if you could integrate that into the XG it would be a very powerful tool. The ability to generate a report of all devices with open ports on every network accessible to the firewall would be likely the first in the industry.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. Need more information on SSL VPN and RED connections

    As it is now it is very difficult to find out what networks are available through which tunnels. It would be great if we could get detailed information about what tunnels are up and what networks are available through those tunnels. Either a report or a separate tab on the Current Activities page would be awesome.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Custom Themes API

    Publish an API to allow customer to develop their own custom themes for the XG.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Use G Suite as Authentication "Server"

    It would be great if there is a possibility to add a G Suite Domain as a Authentication "Server".
    So a login with google would be great.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Sophos XG: Allow Firmware-update in HA without rebooting both devices at the same time

    Allow Firmware-update in HA - mode on XG without rebooting both devices at the same time like in UTM/SG - OS possible.
    Why is there the need boot both devices at the same time during FW - updates in HA-mode, since the connection schould be online 24x7? That´s why HA is implemeted!!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. XG-Firewall: Allow Changing HA-monitored Interfaces without breaking HA

    Allow Changing HA-monitored Interfaces without breaking HA like in UTM/SG - OS possible.
    Why is there the need to break HA if only a change or modification on a productive plant ist planned, that schould be online 24x7? That´s why HA is implemeted!!

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow One-time Password creation when Logging into Admin portal

    When using One-time password for Administrator accounts, at this moment in time you need to turn on OTP for the administrator, head over to the User Portal and log in as the user. This will present the user with the QR code to scan and add to their authentication application.

    However, in our instance we only want Administrators to use OTP - so when logging into the Admin Portal this creates a OTP token however does not present a QR code to the Administrator, it will create a OTP Token for the user though and then just fail the login.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. MAC list in single window to Spoof protection option

    Currently customer is using Cyberoam CR-50iNG. He is using Spoof Protection feature and added 310+ Trusted MAC, all MAC address showing in single window and customer manage it very easily.

    But in SFOS, when customer is adding 310+ MAC then in single window it is showing only 10 numbers of MAC in one page. So customer wants same feature of Cyberoam in XG also as it is 31 pages in SFOS and there is also no option of filter
    or search is coming. So it is very tedious job for customer to manage spoof protection.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. VLAN priority on WAN with tagged in the XG

    Hi Sophos team, Huawei ISP for example ask to tagging Vlan on Wan in DHCP mode to provide full bandwith, Could you implement this option?
    Few competitive Firewall as Draytek do it.

    Thanks you.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Option to select which page to load after logon

    The control center page which appears upon logon with the graphs, stats, and sfos update popups can take a very long time to load on lower end hardware such as xg105's. Working with 50 of these becomes time consuming. A configurable setting to select which page is the default after logon such as Administration, Firewall, Network would be helpful for those of us who don't need the control center every time.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Persistent DHCP Leases on unexpected power off / power loss

    On unexpected power loss or shutdown, when the XG Firewall powers back on, it is unaware of any previously leased DHCP IP addresses. Because of this, the XG Firewall leases out already in use IP addresses, causing conflicts, until either the original lease on the device expires or unless the device is smart enough to recognize this and ask for a new IP address. This can cause significant connectivity issues on large network segments with DHCP enabled.

    Other *nix distributions handle this by writing a temp file containing active leases each time an address is handed out so that the…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Local Admin UI shows different config than Sophos Central

    When the XG is configured via Sophos Central the local admin UI:

    1) No longer shows the actual configuration of the unit - only the old config from the time administration was switched to SC.

    2) The local admin UI still allows configuration changes to be made. However, these changes are not applied to the unit. There is no warning about this either.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add notifications

    Hello,
    Please add more notifications to sophos xg firewall like RED fails, system restart, and other options that was available in SG
    Thank You

    15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Cycle Surfing quota: Per session

    Now the minimum cycle is a day. If you can enhanced this to per login session, this would be great.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. firmware update without service interruption

    firmware update in High Availability (HA) mode should be possible without service interruption

    15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. office 365 mail Notification

    Why does not 17.5 is not supporting the office 365 mail notification. Need to allow the feature in the XG firewall,.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.