XG Firewall
Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.
-
Synchronised app control should work in HA active-active mode
Hi make syncronised application control work in HA active-active mode, currently it is a feature that does not work unless in HA active-passive mode. Also, inform resellers of this limitation to stop them mis selling the product.
4 votes -
Customize or override application reports for incorrect traffic
Ability to whitelist or reclassify known good traffic the XG detects as another type of application.
Example. Cisco Meraki WAPS talk to each other on UDP port 9358. Our XG430s think this is something called ThunderVPN and continually report on it as a level 5 threat.
Call with Sophos support confirms at present no way to exclude this from report or whitelist. Sam with VMWare replication. Classed as ideafarm-door (only a level 1 threat) but still shows up in reports as sending large amounts of traffic (expected).
1 vote -
web interface user portal
Add option in User Portal to be able to use the XG web interface. Also be able to access other XG web interfaces from the User Portal bookmarks.
5 votes -
Support for multicast to allow use of network scanners
As per feedback received from your support engineer , XG215 UTM does not support MultiCast which my scan application is using. Kindly provide a patch in my XG215 UTM to support MultiCast at the earliest so that we can put End Points , Servers , Printers and Scanners in different VLANs.
4 votes -
Ability to change SIP URI address on the fly
I have recently purchased Sophos XG210 & XG330 two firewall but none of them having the facility to change the SIP URI address in incoming & Outgoing traffic on gateway level.
Sophos must include this feature in the next version because of this now I am moving to another firewall which has this feature.My Case ID is #8563807 your support team tried thier level best to support me but due to lack of sophos feature they coulnd manage to support me.
4 votes -
QOS reduces bandwidth on Surfing Quota expiry
After using Surfing Quota for Users. Speed should be decrees rather than stooped internet.
35 votes -
Firewall alert through SMS text message
need to add my mobile number into to the firewall i want received up time and downtime logs status via msg
2 votes -
User level application policy in Sophos XG like internet scheme on XG
I would request to Sophos team to have feature to control/apply user level policy for application filter as well , when we migrate from cyberoam to Sophos there was feature called internet scheme where we can select the users separate policy even they have another group. Please bring this option or advice us is there any other option made in Sophos
14 votes -
SCADA/ICS Application Awareness
Please bring the ICS/SCADA protocol awareness that the Cyberoam devices have over to the XG.
8 votes -
OpenAppID integration
OpenAppID is an open, application-focused detection language and processing module for Snort that enables users to create, share and implement application detection. OpenAppID puts control in the hands of users, allowing them to control application usage in their network environements and eliminating the risk that comes with waiting for vendors (Sophos, for example) to issue updates.
OpenAppID harnesses the power of open source and the larger security community to provide application visibility and address the application attack vector by accelerating development of application detectors and controls. Application-layer context augments security events that tie to attack protection and allows for granular…
6 votes -
Clone application filter policies
Allow cloning of policy in Application Filter. It would be great if i can clone a policy and tweak it for other staff to use, saves a lot of time.
6 votes -
19 votes
-
Identify internet services/apps by IP/port for use in firewall rules
Add Internet services (applications) to firewall policies. Maybe very useful to switch to a real application firewall. Now also fortinet introduced the "internet service database" to reach this goal
10 votes -
Identify application activity in detail
Identify application activity in detail eg. Webmail > message sent > via GMail/Office 355
1 vote -
RPC Connection Tracking Helper
Open up dynamicly the ports that are negociated and used by MS-RPC. Intead of opening up a full range
5 votes -
Custom Application Category
We could like to be able to create a custom Application Category for applications discovered as part of the Synchronised Application Control process.
We would like to be able to block newly discovered/uncategorised applications (SyncAppCtl), until they have been verified by an admin. Once verified we would like to add them to a custom category which we can allow/deny access to the Internet as part of an application filter policy.
26 votes -
Allow modification of app filter default action
It does not seem possible to change the default action for an application filter once it has been created. While there may be little need for this in most use-cases, it would be tremendously helpful for one-off testing.
6 votes -
Application-Traffic Shaping based on percentage of WAN bandwidth available
Allowing to set application bandwidth based on the percentage of the WAN bandwidth available will make enable copying configs from firewalls with different total WAN bandwidth. Moreover will make it a less hassle to upgrade or downgrade WAN bandwidth in the future. This feature would greatly enhance the settings for MSPs or vendors who send out pre-configured firewalls.
33 votes -
Exempt Specific Applications from Traffic Quota
Allow us to 'exclude' certain applications which may not be able to be configured on an IP/port basis, from the Quota functionality.
E.g Skype, Viber, Skype4Business, Office365Also, Windows Update and other software update that may consume quota quickly.
21 votes
- Don't see your idea?