XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Client certificate based authentication for SSL VPN remote access

    Clients should be authenticated based on the client certificate instead of username/password for SSL VPN remote access. The Sophos XG should validate the certificate via a CRL or via OCSP.
    This functionality is supported by most other vendors and solutions (e.g. Cisco Anyconnect or OpenVPN).

    15 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  2. 2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  3. Sophos Connect client connect pre login Windows for domain connection

    Please make it possible to connect Sophos Connect client VPN befor a Windows user is logged in like NCP client Pre-Logon feature, to get all AD domain features like GPO and networkshares.

    20 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  4. Sophos Connect Client Config import for all Clientusers on Windows like Mac

    VPN Config for Sophos Connect Client on Mac is applyable for all user on this Mac.
    Why is it not possible on Windows too?
    Every user on Windows client need the import the config himself.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  5. Override Hostname for Sophos Connect client

    If downloading "Configuration for IPsec VPN client for Apple iOS" from User Portal, in this config the RemoteAddress is set to selected WAN Interface IP address. It would be better if the address will be overrideable to get the correct IP or FQDN for the connection directly in UserPortal so User can download and activate the config on iOS devices.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  6. Update SSL VPN Client for Parity with Latest OpenVPN Features

    Sophos XG pushes a number of options in SSL VPN which are undesirable in some deployments. I have already voted on an idea to expose more server side customisation.

    Likewise, the latest OpenVPN client has a number of new features and improvements not reflected in the version source version Sophos is using.

    Specifically, the pull-filter option available in OpenVPN 2.4 is a feature we really need for several customer deployments, it offers significantly more ease of use and flexibility than the route-nopull / route-noexec currently supported by Sophos SSL VPN client.

    https://community.openvpn.net/openvpn/wiki/IgnoreRedirectGateway

    Support advised to try using the OpenVPN client…

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. enable button on vpn ssl (remote access)

    Add an 'enable button' on vpn ssl (remote access) entry

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  8. Downloading the Sophos Connect Client from User Portal

    There should be the posibility to download the Connect Client from the User Portal and not only from Webadmin

    19 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  9. alert threshold

    Please add a threshold setting to Central alerts. We have several clients with Internet and/or power issues that trigger down/up alerts, all in less than one minute. These arent email alerts, just the alerts that show in Central monitoring.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  10. Different SSL vpn for different location so we need to have 2 vpn simultaneously

    Different SSL vpn for different location so we need to have 2 vpn simultaneously for user's PC. Could you please let us know the option to use since currently we are not able to use it.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  11. VPN Client: Check endpoint device health before connecting

    Ability to filter VPN client by checking that they are fully patched and running AV/anti-malware software, i.e. if the client is insecure then they cannot connect to the VPN.

    16 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  12. Show WAN IP for RED devices

    Show the public IP address of REDs in the network interfaces page in addition to the interface address of the WAN port on the RED. Currently, the only way to check the public IP is to grep for the RED device ID in /log/red.log in the advanced shell.

    13 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  13. multiple WAN interface option in Ipsec client vpn settings

    Need the Option to add multiple WAN interfaces in Sophos Connect client settings.
    if there is 2 WAN connection and 1 connection is down then the remote client don't have any option to connect to VPN through 2nd available ISP. if this option is available then the user will have 2 profiles in their Sophos connect client.

    36 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  14. Vpn failover hostname

    I want to add second override hostname for vpn settings.

    15 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  15. VPN Email Alerts

    Dear Sophos Developer Team,

    Please develop a solution to customize the SSL VPN Email Notification Alerts in your next OS release. We are receiving Hundred of emails per day after enable the VPN Email Notification Alerts of up/down status. Please do the needful.

    Thanks
    Regards
    Farrukh Naveed

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  16. SSL client configuration profile name

    All profiles installed in a computer are installed in vpn client as [user]sslvpn_config. If you install a new profile when another one is already installed it overwrite the installed one.
    I know it is possible to edit the configuration file name for that but it would be great if the profile were installed with a name like [user]@device or something like that.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  17. Sophos connect client allowed users

    The Sophos connect client permit list should be able to add users by active directory security group. We are a firm spread across 9 offices and the STAS works great on 17.5 MR9 to load the users to all firewalls but the process of adding all users into the connect client is really laborious especially when there is high turnover.

    50 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  18. VPN tunnel keep-alive function for outbound connections

    Our XG IPSec VPN Tunnel to Microsoft Azure does not stay up, because when there is no activity Microsoft shuts down the tunnel. To overcome this, we have had to implement a 5 minute ping to each of our 5 warehouses from a VM in Azure. A keep alive feature on the XG side would solve this problem. Other firewalls, such as Dell's Sonicwall, have a keep alive feature that addresses this issue.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  19. Sophos Connect Client - Implement Policies like UTM

    UTM had the option to create multiple Sophos Connect policies for managing configuration files from the GUI. Each policy could have customised settings relevant to that connection.

    Now you're required to download the Connect Admin tool to configure basic things like 'Allowed Local Network(s)', Client DNS Suffix, Auto-Connect Tunnel etc. etc.

    This should be added to the WebAdmin GUI like it was in UTM.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow custom OpenVPN parameters in SSLVPN configuration

    Being that the SSLVPN is based on OpenVPN could you please add a freeform text field to the SSLVPN page under Advanced that would allow us to enter custom server configuration parameters? Better still would be the ability to view and edit the entire config file itself but that may be asking a bit much.

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.