XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  2. To generate VPN Logs based on Source IP with Time Stamp

    Need Report to Get Details about which VPN User Logged in With TimeStamp, Source IP Address, and Resources accessed during the remote Session.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  3. IPSEC tunnel configuration should alert when Remote Gateway (ANY) are the same

    Okay ran into an issue where we added 4 IPSEC tunnels and did not realize that you needed to have the same Preshared Key. As I get every tunnel up and operational it was changing the key tied to the Remote Gateway of (ANY).... So thinking the Firewall was buggy I would have to go into the tunnel that accidentally went down and set the key to that users config, not knowing I was resetting the key for all of the tunnels related to that key. I finally called support and it took the tech 5 minutes to figure out…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  4. SSL VPN client should remember username & password

    I would like to have the SSL VPN client have the ability to save the username and password as well as an option to start at login or system start up. I have been able to do this manually with services and text file for auth with shortcut, etc but would be much easier built into the software. Most other clients have this and it has not been officially supported nor developed into the app at all. I have been using SG and XG appliances for about 6 years now with no sign of having this added. Thanks in advance

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  5. L2TP VPN to support multiple users

    The L2TP VPN currently does not allow multiple users connecting from behind the same NAT address. This adversely affects people attending a meeting or conference away from the business as only one attendee can use the VPN at a time. It also means that the first user is disconnected without warning when a second user attempts to connect.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  6. On IPSec config "Create Firewall Rule" create two rules, not one

    Actual, when you choose "Create firewall rule" in IPSec Config, one rule from zone any to zone any is created.

    it would be much better, when a rule for each direction is created, in the first rule: souce zone vpn, in the second rule: dst zone vpn.

    when you build an ipsec tunnel from 10/8 to 10/8, your internal traffic would now be allowed too, when you use multiple 10/8 networks.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. Printer, clipboard, and file redirection for clientless rdp along with fullscreen and multimonitor support.

    The clientless VPN for RDP is extremely limited in its abilities.
    The standard RDP client can allow the server on the inside of the network to redirect the printers of the client PC so print jobs can be sent to the client PC. It also allows for drives on the client PC to be made available to the server and seamless use of the clipboard. The Cisco variant (using internet explorer) allows for these with no issues and supports a full screen mode. While neither supports Multi monitor, a lot of power users want to use both screens. While we…

    21 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  8. Azure Virtual WAN

    Become Virtual Wan Partner Azure.
    It is a business opportunity for the manufacturer and for Sophos Partners!
    https://docs.microsoft.com/es-es/azure/virtual-wan/virtual-wan-locations-partners

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  9. SSLVPN authentication by RADIUS Authentication via Active Directory

    Implementation of SSL VPN users on Sophos using RADIUS authentication. The RADIUS server to use the Active Directory to authenticate the SSL VPN request.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  10. SSL client configuration profile name

    All profiles installed in a computer are installed in vpn client as [user]sslvpn_config. If you install a new profile when another one is already installed it overwrite the installed one.
    I know it is possible to edit the configuration file name for that but it would be great if the profile were installed with a name like [user]@device or something like that.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  11. Okta integration for SSO

    We use Okta as SSO portal for all our web applications. Would be great to be able to add a link to our Sophos XG User Portal and pass users straight in from Okta.

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add the Option to Download Windows 10 Always ON VPN Profiles

    Microsoft supports adding always on VPN profiles to Windows 10, would be great to be able to have an Always ON VPN profile that can be generated and downloaded from the VPN page in WebAdmin on the XG Firewall.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  13. IPSEC failover vpn condition - Add an option to ping a local device on remote site

    It would be very handy if there can be an option to ping a remote device via local ip address. as some time vpn failover doesn't work as it can still ping the external ip address even if for some reason tunnel goes down.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  14. Share port 443 with VPN and Webserver

    I have a webserver with SSL enabled, but I want also the SSL-VPN server at the same port (TCP,443) since this port is not blocking at the most firewalls.

    I know it is technical possible, with "port share" in the VPN-Server-Config.

    Regards,
    Marc

    84 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  15. Sophos Connect Client Config import for all Clientusers on Windows like Mac

    VPN Config for Sophos Connect Client on Mac is applyable for all user on this Mac.
    Why is it not possible on Windows too?
    Every user on Windows client need the import the config himself.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  16. macOS Sophos connect client paste password

    macOS Sophos connect client paste password :
    It would be cool if we can paster our password in Sophos Client Connect in macOS rather than write manually especially when the password is very strong.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  17. SSL VPN: configure listening interface(s)

    Ability to bind SSL VPN to a single interface.

    Currently when SSLVPN is enabled it listens on all interfaces regardless of what is set in Local ACL's.

    We need the ability to bind this to a single interface, if we use port 443 for SSL VPN as many want to it limits our ability to run WAF/DNAT for web servers on separate interfaces on 443.

    145 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    17 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  18. SSL Site to Site VPN option "use as default gateway"

    When I create the SSL VPN Site to Site Server, possibility to configure "Use as Default Gateway"

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  19. SSL VPN profiles per-AD Group

    Would like to see an option to create additional SSL VPN profiles based on AD Group membership. Having a single DHCP scope for all SSL VPN significantly hinders the potential of this feature. Being able to place different users into different subnets would allow administrators to tailor firewall rules for each group that better fit a given groups role within the organization. The current system requires I either grant excessive network permissions to standard end users, or otherwise make the SSL VPN completely useless for administrators attempting to address emergency issues remotely.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  20. IPSec over LAN zone interface

    With SG you can configure IPSec site to site using LAN interfaces but with XG you only can configure IPSec site to site over a WAN zone interface. Please allow to do it also over LAN zone interfaces. Thanks

    28 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.