XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. i want Sophos ssl vpn reconnect when restart pc

    i want Sophos ssl vpn auto reconnect when restart pc .that feature was availble on cyberoam but its not working on sophos .

    please kindly add this feature on next firmware.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  2. VPN icon is red even though 1 of 2 VPN connections to a site is up

    Since it's bad practice to use failover groups on both sites of a VPN tunnel, one side (without failover group) shows a red VPN icon in the dashboard. For example - one side can have 2 WAN connections and the other side has 1 WAN - so 2 tunnels are created for failover.

    It would be nice if we can still incorporate these multiple tunnels to the same site in a group, so that as long as 1 is online, the VPN icon doesn't turn red. Maybe if we can add both sides to a failover group, but toggle failover…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  3. VPN Email Alerts

    Dear Sophos Developer Team,

    Please develop a solution to customize the SSL VPN Email Notification Alerts in your next OS release. We are receiving Hundred of emails per day after enable the VPN Email Notification Alerts of up/down status. Please do the needful.

    Thanks
    Regards
    Farrukh Naveed

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  4. IPsec Tunnel PSK asks for PSK everytime I save on XG135 (SFOS 17.5.10 MR-10)

    Previous versions would retain the PSK between updates to an IPsec VPN. It gets tedious when troubleshooting to have to find and enter this over and over.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  5. ECC certificates SSL VPN

    Allow the use of ECC certificates in place of the RSA certificates for SSL VPN. I realize ECC support was added in 17.5 but it was only partially implemented. The current (version 18 as of this writing) version of your firmware uses OpenVPN version 2.3.6. which does not support ECC. OpenVPN 2.4.0+ is required to support ECC. I had opened a support ticket, they confirmed the limitation and indicated there is no current upgrade timeline.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  6. Sophos Connect for ARM architecture

    Hello,

    Could you developp an executable which can be run on ARM architecture?

    ARM is coming pretty fast on the computer side with for example the "Surface Pro X" and it would be interessant to have a compatible executable.

    Thanks you

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. Sophos Connect - Add groups to "allowed users"

    In the current implementation we are unable to select groups in the "Allowed users" field. Selecting groups would vastly improve time spent rolling Sophos Connect out for our pilot users.

    I bet a lot of other customers also use LDAP against their domain to fetch users from there. Having to maintain pilot users two places makes this a headache.

    Thanks

    89 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  8. VPN - Inform the user via Email that he has been connected or failed

    This would increase the security that not somebody else is trying to steal his identity. It would be also great that the admins are informed with too many failed logins.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  9. SSL VPN with BSNL Link

    SSL VPN tunnel should be established with SUB Interface IP of BSNL which is public-facing and the main Interface IP is Connected to BSNL as L2 LAN.
    We can establish connectivity using Sub IP to IPSEC Tunnel and to Serve Internet to users but can not able to connect using SSL VPN as the Main interface IP is L2 LAN and Sub IP is public-facing.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  10. Consolidated report for SSL VPN Last login

    Dear Team,

    We are looking for the consolidated report for SSL VPN last login from Sophos XG firewall which is currently not there in the firewall. This report will help the administrator to alter the user list which are inactive since long time. Hence kindly get this implemented in the firewall.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow custom OpenVPN parameters in SSLVPN configuration

    Being that the SSLVPN is based on OpenVPN could you please add a freeform text field to the SSLVPN page under Advanced that would allow us to enter custom server configuration parameters? Better still would be the ability to view and edit the entire config file itself but that may be asking a bit much.

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  12. lan ipsec

    Many Customers have a CN Network to connect different company location. The CN network is a LAN interface.

    What do we want?
    If the Sophos XG detects a problem with a LAN interface, automatically starts a ipsec tunnel over the wan interface.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  13. umlauts

    Support for umlauts on ssl vpn

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  14. Automatically add ipsec_route(s) when configuring a site-to-site IPSec VPN

    By default traffic destined for any remote IPSec VPN subnets will be classified as 'WAN' if you do not manually configure ipsec_route(s) using the device console.

    This process should be automated when configuring remote network(s) for a site-to-site IPSec VPN connection.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  15. Sophos Connect TAP Adapter - register at dns server

    Set the option "register at dns server" on Sophos IPSec Connect Client at Windows TAP Adapter via parameter at installation of msi or in config file. If not active, the clientname (DNS) will not be reachable from LAN to VPN cause DNS didnt know about the VPN-Client IP. Usage of windows registrie or powehsell script on each client like these are very frustrating:

    Get-NetIPConfiguration | where {$_.InterfaceDescription -eq 'Sophos TAP Adapter'} | Set-DnsClient -RegisterThisConnectionsAddress:$True

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  16. Conexão Múltiplas SSL VPN

    I noticed that when I am connected within the company, and if I try to connect the SSL Client it allows, the right thing was not to allow, as it can loop the network. A call was opened and the only solution is by MAC, but it becomes impossible to do this for everyone, I have to register one by one, it would have to be a simple solution, to identify that if it is connected to the local network, do not let the SSL Client connect VPN.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  17. VPN tunnel keep-alive function for outbound connections

    Our XG IPSec VPN Tunnel to Microsoft Azure does not stay up, because when there is no activity Microsoft shuts down the tunnel. To overcome this, we have had to implement a 5 minute ping to each of our 5 warehouses from a VM in Azure. A keep alive feature on the XG side would solve this problem. Other firewalls, such as Dell's Sonicwall, have a keep alive feature that addresses this issue.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  18. Sophos Connect Charon Logs

    I've come across an incident where the Charon logs for Sophos connect reached over 91GB in size, it would have got larger but it had consumed all of the available space on the hard drive. As such, I was unable to download the Sophos help tool in order to seek help and had to use another machine and remotely connect using RDP.

    On rebooting, the logs were completely cleared and all went back to normal.

    There really should be a process in place that prevents a log reaching that sort of size, maybe log rotation with a purge in place…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  19. Remote reboot of a RED device

    Provide an option to reboot a RED device from the XG web GUI. Currently, the only way to reboot the device is to go to the site and power cycle the unit.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  20. I want to save passwords for SSL-VPN

    OpenVPN wants to be able to store passwords, just like the Sophos Connect client.
    Please improve.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.