XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Better filtering for ipsec logs

    We need more filters for the command show vpn IPSec-logs

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  2. VPN - Authenticate and Run Domain GPO login scripts - Mapped Drives

    VPN Login Script

    Configure the VPN client to authenticate to the domain and allow GPO login scripts to be applied to the remote computer so that the user can connect to all network resources as they do when they are in the office.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  3. 3rd party VPN Client Support

    Since the Sophos IPSec client is not compatible with the XG product, and the SSL client does not support MSGina (Logon Before Windows) how about implementing compatibility with external VPN Clients like The Green Bow.

    Make an option to download a compatible config file which can be imported into the client configuring the VPN options.

    The XG product IPSec configuration downloads a config file for the original EliteCore IPSec client which was always lacking this feature.

    The Green Bow VPN client can be used with IPSec client VPN's, and the MSGINA support functions correctly.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  4. Bandwidth allocation to IPSec VPN Tunnel

    While configuring / setting up IPSec VPN Tunnel, there is no option to allocate bandwidth.
    Please add this feature as this'll help to manage traffic and available bandwidth.

    There are instances where the users at Branch / Vendor site complain they are getting slow connections to the resources in HO. There is no way we can check how much bandwidth is being used by IPSec Tunnel and we can not change the same.

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  5. Generic SSL VPN profile so any user in the security group can login using the same VPN configuration.

    Currently, if a company has a pool of laptops to be handed out by users that have the SSL VPN client installed, they cannot log into the SSL VPN client without first logging into the user portal and then downloading the configuration for their particular user. It would be nice to have one VPN client install and if the user is a member of a particular security group, be able to log in using the installed VPN client software.

    22 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  6. override hostname ssl vpn - multiple hostnames

    Would be usefull in SSL VPN, that you can have the possibility to override hostname, with multiple records.
    Now we do this by manually changing the configuration file.
    FE:
    remote isp1.dns.com 8443
    remote isp2.dns.com 8443

    21 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. Support for Wake on LAN

    It's very disapointing not to be able to WoL all the computers on our LANs. We use WoL to update OS during the night but since we have XG, we can't do it anymore.

    57 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow me to change the MTU/MSS of SSL VPN Clients

    Disappointing that I can't tweak this for performance. UDP fragmentation is a big problem in our world of oversold connections.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  9. RED: Assign static DHCP leases on a RED interface

    It is possible to assign static leases in every DHCP server. The only exception is the DHCP server to a RED interface.
    In some cases it is necessary to assign static leases.
    Please implement this function.

    21 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  10. VLAN tagging on RED WAN port

    Currently Sophos RED devices are not compatible with Australian NBN infrastructure. As NBN is quiet affordable and getting accessible, it is most likely to be used for branch offices. NBN has a specific requirement to TAG (trunk) external WAN interface with vlan 100.

    Unfortunately NBN won't change their silly network requirements and it is the only way we comply and offer routers with such capability.

    15 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  11. RED: Check local network connectivity before attempting to connect VPN

    On some ISP box, DHCP server is up before network is really connected. This allow RED to obtain IP adress, but to failed into reaching network and XG (if on another wan site).
    It should be good to add an ability to check if Network is up before trying to connect.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  12. SSL VPN in IP Binding option

    SSL VPN in IP Binding option

    16 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  13. VPN Exclude Networks

    When setting up an IPSEC Site To Site VPN there is no way to exclude source or destination hosts/networks from being included in the VPN tunnel.

    For Instance:

    Sending all traffic over the Tunnel, but excluding a local host from the tunnel and traffic to a specific network

    Remote Subnet: Any
    Exclude Source: PC 10.10.10.10 (Or Network if you like: 10.10.10.0/24)
    Exclude Destination: 123.123.123.123 (Or Network: 123.123.123.0/24)

    13 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  14. Custom MTU/MSS For IPSec Tunnels

    Need be able to set custom MTU/MSS settings on individual IPSec tunnels. I have multiple site-to-site IPSec VPN tunnels and it would be great to be able to set custom MTU/MSS configurations for each one.

    While ipsec0 is used for IPSec VPNs, it would be nice to have custom configs for each connection.

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  15. RED XG to XG client side multiple wan link fail-over options

    It is definitely necessary to have a choice of primary/secondary/tertiary for the WAN interface a RED client will use.

    23 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  16. Rename SSL VPN profile installer file

    Every downloaded SSLVPN profile is named "usernamesslvpnconfig.exe" and there is no possibility to change this globally. So if you import different profiles with the same username (as we do this for our technicians with different customers) you can't differ which profile is for a specific customer.

    Please provide a ability to change this or change the naming convention to SG like.

    85 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  17. VPN allow Network Level Authenticaion for RDP bookmarks

    With the VPN, when you create a bookmark for remote desktop to a windows machine, you have to uncheck "Allow Connections from computers running Remote Desktop with Network Level Authentication". If you do not, it will throw an error. You can use "NLA" security and that will work for machines with "network access level" enabled, but you need to populate the username and password for that machine to autologin.

    This works if you are the only one using that bookmark, but doesn't help if you are creating bookmarks for your employees and you as a technician don't know their credentials,…

    12 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  18. Collapse list of VPN connections

    Some sites have a failover group with 2 or more connections. Since only one connection is established per site, it would be nice if we could collapse the rest of the connections not used.

    When viewing the VPN connections, it would only show you one connection per site and if it’s connected or not.

    This would make it easier to see which sites are actually down.

    We have over 20 sites and growing and the list is getting harder to manage.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  19. SSL VPN settings should be per-profile

    In SSL VPN there is limitation of setting up source (DHCP range)networks, there is no option to create another VPN setting (P1 and P2) for different VPN profile.

    which is important for Multi profile VPN configuration for different department and access.

    24 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  20. DMvpn

    Dynamic Multi-point VPN (DMVPN) is required for dynamic routing in VPN for redundant route identification (LIKE ospf,eigrp,).

    12 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.