XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. IPSec VPN Client Connections Need to generate a SIEM-compatible event

    Sophos Connect client IPSec connections generate separate log events for EVERY SUBNET mapped. There is no single event that any SIEM recognizes as a VPN login event. Every other firewall vendor we've tried doesn't have this issue.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  2. Force Microsoft NCSI probe as SSL VPN Connects

    (For Sophos Tech Support, this is from the back of #9887121)

    I was asked by Sophos Support Rep to post a feature request.

    We have seen with a large amount of our customers an issue arise whereby Sophos SSL VPN (OpenVPN) connects to the Sophos XG fine. With Sophos XG having "Default Gateway" checked for the SSL VPN users a default route is established as we expect.

    However, it cant take a while for Microsoft NCSI to complete it's probe to check if there is internet access. While the VPN interface is in "NoTraffic" or "No network access" mode, before…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  3. Have an option on creating SD WAN policy routing for VPN zone

    Hello Team,

    Requesting to have option on SFOS V18 on creating SD WAN policy routing for VPN zone
    so that we can configure for primary and secondardy gateway for VPN to WAN Firewall rule.

    For your assistance please.

    Thank You.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  4. umlauts

    Support for umlauts on ssl vpn

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  5. Automatically add ipsec_route(s) when configuring a site-to-site IPSec VPN

    By default traffic destined for any remote IPSec VPN subnets will be classified as 'WAN' if you do not manually configure ipsec_route(s) using the device console.

    This process should be automated when configuring remote network(s) for a site-to-site IPSec VPN connection.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  6. Sophos SSL VPN Client

    Hello Sir,

    my problem with Sophos is the SSL-VPN client that doesn't support a certificate based authentication. I don't want to store my credentials on each PCs where I use SSL-VPN client neither want to enter every time the credentials. It would be nice to have a certificate based authentication with SSL-VPN client.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. Sophos Connect TAP Adapter - register at dns server

    Set the option "register at dns server" on Sophos IPSec Connect Client at Windows TAP Adapter via parameter at installation of msi or in config file. If not active, the clientname (DNS) will not be reachable from LAN to VPN cause DNS didnt know about the VPN-Client IP. Usage of windows registrie or powehsell script on each client like these are very frustrating:

    Get-NetIPConfiguration | where {$_.InterfaceDescription -eq 'Sophos TAP Adapter'} | Set-DnsClient -RegisterThisConnectionsAddress:$True

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  8. vpn policy restrication

    any option for vpn access to checking mac address or antivirus policy ,,ok i want to restrict particular user laptop not connect our network through any vpn user.. i want to add this type of policy or future in xg 106 firewall....block laptop connection via mac address

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  9. Sophos Connect Client IPv6 Support on XG

    Connect Client should support IPv6 on WAN Interface

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  10. Selectable VPN configuration files on Sophos XG for Split Tunnel or Full Tunnel

    I am currently replacing a Cisco ASA/AnyConnect VPN environment with a Sophos XG 210. There is a requirement that some users have the ability to select either Split Tunnel or Full Tunnel client access vpn connectivity. They can currently do this in the Cisco environment.
    I can create the separate SSL VPN profiles in the Sophos XG but there is no way to download the configuration file for both profiles. User account is tied to a specific profile so they only have access to one or the other. The only workaround I have is for the user to have 2…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  11. 1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  12. Sophos Connect Charon Logs

    I've come across an incident where the Charon logs for Sophos connect reached over 91GB in size, it would have got larger but it had consumed all of the available space on the hard drive. As such, I was unable to download the Sophos help tool in order to seek help and had to use another machine and remotely connect using RDP.

    On rebooting, the logs were completely cleared and all went back to normal.

    There really should be a process in place that prevents a log reaching that sort of size, maybe log rotation with a purge in place…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  13. Disconnect SSL VPN User after a set length of time

    Disconnect an SSL VPN user session after a set amount of time. E.G. if connection has been live for 10 hours disconnect it. The idle timeout doesn't work as there is still Anti-Virus updates and such running over the connection to the computer when the user is not there.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  14. Sophos Connect for ARM architecture

    Hello,

    Could you developp an executable which can be run on ARM architecture?

    ARM is coming pretty fast on the computer side with for example the "Surface Pro X" and it would be interessant to have a compatible executable.

    Thanks you

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  15. failover option for sophos connect client VPN

    Hi team, can you please introduce a failover option for Sophos connect client VPN option, as this option used to be there for any vendor but it is not available in Sophos for global VPN setup.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  16. Fix the DHCP Scope Limitation in Sophos RED Configurations

    We came upon a unique problem, had two Sophos RED appliances (RED 15 and RED 50) that were configured for two completely different companies. They both functioned just fine for a day or so, then went offline completely shutting down the site. RED services in the XG firewall crashed and wouldn't restart.

    Turns out you cannot have more than one DHCP scope in a RED configuration. We had parsed the IP ranges to 2 and 3 scopes to account for static reservations that already existed. Having more than one DHCP scope basically crashed the RED services on the XG.

    According…

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  17. console> system ipsec_route command show in the gui & route precedence

    Is it possible to show and adapt static ip sec routes through the gui? Also it would be nice that the route precedence can be showed and modified.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  18. Sophos Connect VPN DHCP Relay Option

    The Sophos Connect VPN client/server does not currently support the DHCP relay option/feature. Now that most of the population is working from home these days, it is essential that DNS name resolution work seamlessly with DHCP. Right now, when a remote user initiates a Sophos Connect VPN session, the XG firewall manages the DHCP IP lease to the client. This is problematic because after the IP lease is created, it does not update the DNS records running on the internal Microsoft DNS server to reflect the new IP address given to the client. We really need the option to relay…

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  19. Sophos Connect with OTP – eliminate 4 hours reauthentication

    Today when using Sophos Connect with OTP, the firewall asks for a new OTP token every 4 hours. According Sophos support, this value is hardcoded. If employees working the whole day remotely, an interruption very 4 hours is a pain.
    Please make these 4 hours configurable. Or at least extend it to 10 hours, so a full working day can be achieved without any interruption.

    23 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  20. SSL VPN Password reset portal.

    AD Users which has a 90 days password policy expiration. Causes a problem with the SSL VPN credentials.

    There should be a feature to reset the password and connect to the SSL VPN.

    Sort of a dial up password reset after 90 days for the SSL VPN users sync from the AD.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.