XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Option to assign each user for SSL VPN remote for specific WAN interface

    Hello Team,

    We have customer here requesting to have on XG firewall an option to assign each user for SSL VPN remote for specific WAN interface if XG has multiple ISP

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  2. VPN Client: Check endpoint device health before connecting

    Ability to filter VPN client by checking that they are fully patched and running AV/anti-malware software, i.e. if the client is insecure then they cannot connect to the VPN.

    16 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  3. The SSLVPN connection using Sophos SSLVPN Client with ARM based Windows PC

    To whom it may concern,

    Regarding the SSLVPN connection using Sophos SSLVPN Client,
    we would like to request that you let it work with ARM based Windows PC like Surface.
    If Sophos SSLVPN Client comes to be compatible with TLS1.3,
    will the Sophos SSLVPN Client work with ARM based Windows PC?

    Sincerely,
    Takashi

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  4. Prioritize the primary or seconday public gateway option on sophos XG 230

    Dear Support,

    We need the following option on sophos XG Firewall.

    Suggetion: while connecting to sophos remote ssl VPN, we need the option of prioritizing the primary or secondary ISP on Firewall.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  5. Update SSL VPN Client for Parity with Latest OpenVPN Features

    Sophos XG pushes a number of options in SSL VPN which are undesirable in some deployments. I have already voted on an idea to expose more server side customisation.

    Likewise, the latest OpenVPN client has a number of new features and improvements not reflected in the version source version Sophos is using.

    Specifically, the pull-filter option available in OpenVPN 2.4 is a feature we really need for several customer deployments, it offers significantly more ease of use and flexibility than the route-nopull / route-noexec currently supported by Sophos SSL VPN client.

    https://community.openvpn.net/openvpn/wiki/IgnoreRedirectGateway

    Support advised to try using the OpenVPN client…

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  6. Disconnect SSL VPN User after a set length of time

    Disconnect an SSL VPN user session after a set amount of time. E.G. if connection has been live for 10 hours disconnect it. The idle timeout doesn't work as there is still Anti-Virus updates and such running over the connection to the computer when the user is not there.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. Force Microsoft NCSI probe as SSL VPN Connects

    (For Sophos Tech Support, this is from the back of #9887121)

    I was asked by Sophos Support Rep to post a feature request.

    We have seen with a large amount of our customers an issue arise whereby Sophos SSL VPN (OpenVPN) connects to the Sophos XG fine. With Sophos XG having "Default Gateway" checked for the SSL VPN users a default route is established as we expect.

    However, it cant take a while for Microsoft NCSI to complete it's probe to check if there is internet access. While the VPN interface is in "NoTraffic" or "No network access" mode, before…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  8. IPSEC interface tunnel is hided on LAG port

    When I established IP Sec tunnel Interaface with LAG on WAN, they can't show Virtual Interface of IPSEC tunnel. Please update to show ít on LAG port.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  9. Vpn failover hostname

    I want to add second override hostname for vpn settings.

    15 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  10. CN Network Monitoring (LAN) - If the interface fails, start IPSEC over WAN

    Many Customers have a CN Network to connect different company location. The CN network is a LAN interface.

    What do we want?
    If the Sophos XG detects a problem with a LAN interface, automatically starts a ipsec tunnel over the wan interface.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  11. Sophos Connect Client IPv6 Support on XG

    Connect Client should support IPv6 on WAN Interface

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  12. q in q

    Hello All,

    I'm writing from in Turkey and I'm a technical guy.

    In our country, we need Q-in-Q or using same Vlan in two braches.

    For Example , The customer is using Vlan 100 ( 10.1.100.0 / 24 ) and They wants to use same Vlan their other branches.

    Is there any roadmap about this solutions on the SD-RED ?

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  13. Selectable VPN configuration files on Sophos XG for Split Tunnel or Full Tunnel

    I am currently replacing a Cisco ASA/AnyConnect VPN environment with a Sophos XG 210. There is a requirement that some users have the ability to select either Split Tunnel or Full Tunnel client access vpn connectivity. They can currently do this in the Cisco environment.
    I can create the separate SSL VPN profiles in the Sophos XG but there is no way to download the configuration file for both profiles. User account is tied to a specific profile so they only have access to one or the other. The only workaround I have is for the user to have 2…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  14. Virtual VPN Interfaces

    I suggest that adding a Site-2-Site VPN is assignable to a virtual interface (i.e. tunnel0) that is can be assigned to a zone.
    This would make multiple VPNs much more manageable (especially if you cannot control the other end of the tunnel).
    To make it even better, the tunnel endpoint could be assigned to a physical bridge or VLAN interface.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  15. ip sla for high latency failover

    we need ip sla feature for high latency fail over while we using two links if one link goes to high latency we need to switch over to secondary link automatically.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  16. Show WAN IP for RED devices

    Show the public IP address of REDs in the network interfaces page in addition to the interface address of the WAN port on the RED. Currently, the only way to check the public IP is to grep for the RED device ID in /log/red.log in the advanced shell.

    13 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  17. RED Tunnel Sorting improvements

    Please improve numbering and allow sorting and filtering of RED tunnels so that they are no longer listed in the order of 1, 10, 11,100,101, 102,..., 198, 199, 2, 20, 200, ...
    When I list my REDs on 17 it is by tunnel ID sorted similar to above.

    When I look at the sorting in version 18.0.1, it shows the Branch Name, the tunnel ID is now invisible, but, the hidden tunnel ID is still the information that RED's are sorted by.

    You could add leading 0(s) to the 1 and 2 numbers numbers and show the Tunnel ID in…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  18. Sophos Connect VPN DHCP Relay Option

    The Sophos Connect VPN client/server does not currently support the DHCP relay option/feature. Now that most of the population is working from home these days, it is essential that DNS name resolution work seamlessly with DHCP. Right now, when a remote user initiates a Sophos Connect VPN session, the XG firewall manages the DHCP IP lease to the client. This is problematic because after the IP lease is created, it does not update the DNS records running on the internal Microsoft DNS server to reflect the new IP address given to the client. We really need the option to relay…

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  19. users using ssl vpn have to use IP address when modem\phone resolves to ipv6 ip address

    users using ssl vpn have to use IP address when modem\phone resolves to ipv6 ip address

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  20. IPSec VPN Client Connections Need to generate a SIEM-compatible event

    Sophos Connect client IPSec connections generate separate log events for EVERY SUBNET mapped. There is no single event that any SIEM recognizes as a VPN login event. Every other firewall vendor we've tried doesn't have this issue.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.