XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Wireless Device steering when AP overloaded

    In our environment we use more AP's than needed to help with device density issues. The average employee has 5 devices on our WiFi network, with our older Aerohive devices we moved away from we could specify max clients per AP, it would then steer the user to the next closest AP with available space. This allows for better overall performance and to allow for higher density AP's.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Wireless: Log device connection events with MAC to syslog

    We did logging configuration with syslog for the model Sophos SG85W but mac addresses of Wi-Fi connected devices can not be seen in the logs.

    This feature is important for filtering specific devices. Could you please add mac addresses of the devices in the logs.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Simplify & improve wireless client list presentation

    offer a streamlined wireless client list in the gui as a single matrix of rows & columns with all info rather than requiring clicking through the 'by ssid' & 'by ap' nested menus waiting for each one to load to get basic client info. cli implementation of the same concept would also be useful.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Hotspot voucher creation with starting validity

    It would be useful to be able to create hotspot vouchers with starting and ending validity , and also to schedule the creation of them

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Guest User Management

    We have observed that we can manually create guest users in Sophos XG Firewall, under

    Objects > Identity > Guest Users
    or
    System > Authentication > Guest Users

    The Following Two Things Need To Be Taken Care Of.

    1) After creating the user, in the edit mode, the administrator is not able to edit the guests cell phone number.

    2) Once we trigger print, for the Guest User Credentials, there should have been a provision to add the Company Logo on the Print Out.

    3) Also comments and Instructions that the Administrator would manually enter, which should be printed on…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Radius SSO support in wireless enterprise authentication - forward accounting request to RADIUS Server

    Radius SSO via wireless enterprise authentication does not currently show the authenticated user in the live activities on the XG interface since Accounting requests are not forwarded from the Sophos Access Points. Can an update provide this functionality so users who connect via RADIUS authentication can be authenticated to the XG and therefore have web policies applied to their accounts.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add API for HotSpotsVoucher generation

    Provide an API to generate Hot spot voucher, it would be simpler to generate guest wifi vouchers form Local Area application.

    tag: Base System + General UI + API

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Non-Sophos WNIC Support

    Some core functionality for other wireless chipsets should be provided, even if it isn't "guaranteed perfect".

    For example, ath9k (Atheros) drivers ship with XG, but cannot be loaded because of a version conflict with a dependency. Atheros chipsets are the most compatible with other linux, and considered to be "100%". The code is all there, and being used in production by other manufacturers.

    Sophos XG Home isn't usable in my circumstance because it doesn't support common wireless chipsets, which is needed in my home. Purchasing a Sophos wireless appliance is possible for my company, but not for me at home!

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Customize Hotspot mail for "password of the day"

    The customization of the daily mail for the hotspot-password "password of the day" should be possible, so it could fit the CI of the customer like other customization options in the xg, that are already available

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Seamless activation of new Wi-Fi SSID

    If a new SSID goes online (due to a schedule), all other SSIDs goes offline for a short time. So all Wi-Fi clients on all SSIDs will be disconnected.

    This is very annoying, for example, if you have an all-time internal Wi-Fi for corporate devices and a guest Wi-Fi, which is only switched on between typical business hours.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Mesh for AP55s on 5ghz

    Currently you can only create a 2.4ghz mesh network on AP55s.Business requirement
    1/. Sophos stays competitive and in the business of WIFI security
    2/. Sophos has products that people want to add the their XG range of hardware
    3/. provides greater throughput than achievable using 2.4ghz mesh.
    Larger files take noticeably longer to load over a 2.4ghz mesh

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Wireless AP Channel planning

    Require the ability to globally set the wireless environment channel plan, especially within 2.4Ghz space. At present although set to UK settings and in auto the system is selecting channel 13 which the upper frequencies stray into channel 14 which are not allowed in Europe. Ideally need to be able to select appropriate channel plan for AP's to follow. Adjusting a single AP is not an issue but for multiple the system should be dynamically calibrating correctly this selection.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Use IP range or network object for allowable Radius accounting requests

    customer got a Meraki Wireless network and basically each WAP processes the request and then would need to forward the accounting request to the Sophos firewall. So without using IP range or cidr they need to enter 150 ips individually.

    If ip range or cidr option is available then It will let then to do radius accounting on wireless network without
    having to put in 150+ radius clients.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Remove limit of 50 hostspot vouchers

    Hotspot Voucher creation should'nt be limited to 50.
    On SG , we were able to create 500 to 1000 Voucher easily.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Mobile-based OTP for Wireless guest user login

    We need OTP for WiFi Guest users access to same same or different network. When new guest come in Office then they connected to network and when Guest users try to access internet they should for mobile number and after submitting Guest user get OTP on mobile number which he enter.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Wireless AP Unique Identifier (UID)

    It would be great if we can trigger UID LED on the wireless access point. Sometimes it is hard to determine which physical access point we're configuring especially when located in multiple levels.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Ability to configure low signal drop off

    We all know Mac's don't support 802.11r fast transition, and instead do signal strength. Can we set the minimum receive RSSI to help force a device to a closer AP?

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Configure delay to redirect to URL after Wireless login

    The time it takes after the user logs into the wireless hotspot to redirect them to a URL is too long. It would be great to have a option to enter in how many second before it should redirect to another URL. Editing the HTML to change the seconds before redirecting is very daunting and it should be just an option.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. WLAN Automatic Blacklisting after x attempts

    Aruba’s Wireless APs have the possibility to block macs after a x attempts with wrong creds (psk or enterprise un/pw)

    This is a good security feature and better than simple whitelisting.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. password of the day

    Possibility to use encrypted(WPA2 Personal) Hotspot with Password of the day, with only enter the Password in WLAN Connection. Actually you have to enter the Password to connect to the WLAN, and then you have to enter it again at the Login homepage.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.