XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Synchronised app control should work in HA active-active mode

    Hi make syncronised application control work in HA active-active mode, currently it is a feature that does not work unless in HA active-passive mode. Also, inform resellers of this limitation to stop them mis selling the product.

    4 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  2. Customize or override application reports for incorrect traffic

    Ability to whitelist or reclassify known good traffic the XG detects as another type of application.

    Example. Cisco Meraki WAPS talk to each other on UDP port 9358. Our XG430s think this is something called ThunderVPN and continually report on it as a level 5 threat.

    Call with Sophos support confirms at present no way to exclude this from report or whitelist. Sam with VMWare replication. Classed as ideafarm-door (only a level 1 threat) but still shows up in reports as sending large amounts of traffic (expected).

    1 vote
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  3. web interface user portal

    Add option in User Portal to be able to use the XG web interface. Also be able to access other XG web interfaces from the User Portal bookmarks.

    5 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support for multicast to allow use of network scanners

    As per feedback received from your support engineer , XG215 UTM does not support MultiCast which my scan application is using. Kindly provide a patch in my XG215 UTM to support MultiCast at the earliest so that we can put End Points , Servers , Printers and Scanners in different VLANs.

    4 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  5. Ability to change SIP URI address on the fly

    I have recently purchased Sophos XG210 & XG330 two firewall but none of them having the facility to change the SIP URI address in incoming & Outgoing traffic on gateway level.
    Sophos must include this feature in the next version because of this now I am moving to another firewall which has this feature.

    My Case ID is #8563807 your support team tried thier level best to support me but due to lack of sophos feature they coulnd manage to support me.

    4 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  6. QOS reduces bandwidth on Surfing Quota expiry

    After using Surfing Quota for Users. Speed should be decrees rather than stooped internet.

    35 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  7. Firewall alert through SMS text message

    need to add my mobile number into to the firewall i want received up time and downtime logs status via msg

    2 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  8. User level application policy in Sophos XG like internet scheme on XG

    I would request to Sophos team to have feature to control/apply user level policy for application filter as well , when we migrate from cyberoam to Sophos there was feature called internet scheme where we can select the users separate policy even they have another group. Please bring this option or advice us is there any other option made in Sophos

    14 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  9. SCADA/ICS Application Awareness

    Please bring the ICS/SCADA protocol awareness that the Cyberoam devices have over to the XG.

    8 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  10. OpenAppID integration

    OpenAppID is an open, application-focused detection language and processing module for Snort that enables users to create, share and implement application detection. OpenAppID puts control in the hands of users, allowing them to control application usage in their network environements and eliminating the risk that comes with waiting for vendors (Sophos, for example) to issue updates.

    OpenAppID harnesses the power of open source and the larger security community to provide application visibility and address the application attack vector by accelerating development of application detectors and controls. Application-layer context augments security events that tie to attack protection and allows for granular…

    6 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  11. Clone application filter policies

    Allow cloning of policy in Application Filter. It would be great if i can clone a policy and tweak it for other staff to use, saves a lot of time.

    6 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  12. 19 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  13. Identify internet services/apps by IP/port for use in firewall rules

    Add Internet services (applications) to firewall policies. Maybe very useful to switch to a real application firewall. Now also fortinet introduced the "internet service database" to reach this goal

    10 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  14. Identify application activity in detail

    Identify application activity in detail eg. Webmail > message sent > via GMail/Office 355

    1 vote
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  15. RPC Connection Tracking Helper

    Open up dynamicly the ports that are negociated and used by MS-RPC. Intead of opening up a full range

    5 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  16. Custom Application Category

    We could like to be able to create a custom Application Category for applications discovered as part of the Synchronised Application Control process.

    We would like to be able to block newly discovered/uncategorised applications (SyncAppCtl), until they have been verified by an admin. Once verified we would like to add them to a custom category which we can allow/deny access to the Internet as part of an application filter policy.

    26 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow modification of app filter default action

    It does not seem possible to change the default action for an application filter once it has been created. While there may be little need for this in most use-cases, it would be tremendously helpful for one-off testing.

    6 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  18. Application-Traffic Shaping based on percentage of WAN bandwidth available

    Allowing to set application bandwidth based on the percentage of the WAN bandwidth available will make enable copying configs from firewalls with different total WAN bandwidth. Moreover will make it a less hassle to upgrade or downgrade WAN bandwidth in the future. This feature would greatly enhance the settings for MSPs or vendors who send out pre-configured firewalls.

    33 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  19. Exempt Specific Applications from Traffic Quota

    Allow us to 'exclude' certain applications which may not be able to be configured on an IP/port basis, from the Quota functionality.
    E.g Skype, Viber, Skype4Business, Office365

    Also, Windows Update and other software update that may consume quota quickly.

    21 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
1 3 Next →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.