XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow Domain authentication for L2TP VPN

    Required Domain authantication for L2TP VPN.

    only local users are able to connect through L2TP but not domain users

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  2. Ability to add or update SSL VPN profile without dropping all tunnels

    Whenever you make a change to a SSL VPN Server connection in XG(Even the description!) it drops all connected sessions temporarily when you save the changes. I should be able to change the name or description on a server connection profile without dropping a session!

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  3. Auto-discovery IPSec VPN (ADVPN)

    Please add ADVPN feature. It is very useful and requested option by the client.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  4. esp dump

    offer the same ESP DUMP Feature like in UTM 9.X on shell to have a deep view in VPN traffic and tunnel enviroment

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  5. IPSEC connection: allow multiple remote endpoint IP

    When configuring an IPSEC connection to a remote site that has two ISP access it would be useful to have the option to add multiple remote IP address in the connection settings .
    Otherwise we are forced to create two IPSEC connections and one will always be down , until the remote site would failover to the second IP , and reported in the dashboard

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  6. Wake on Lan with RED

    Please implement the possibility to send a Wake On LAN (WOL) to computers behind RED devices.

    We have networked our branch offices with RED devices. In order to be able to service these computers during a maintenance window (e.g. for the installation of updates) they must be able to be started via Wake On LAN. Unfortunately this is not possible at the moment!

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. Lease specific IP to remote system connected via SSL VPN

    Lease specific IP to remote system connected via SSL VPN

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  8. RED client software for Windows

    Need provide VPN RED solution for Windows OS? like as SSL VPN Client.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  9. Do not auto-reboot RED in Standard/Split configuration

    When using the devices "RED " in the Stardard/Split configuration type, the device at the time of not detecting the XG Firewall attempts to complete the connection 5 times and then reboots the device.

    In this mode, the computers go to the Internet through the WAN in the "network " not by the VPN so that being restarting the device stops offering Internet service.

    This is not optimal for computers under the RED device, as some services that do not use the VPN as a charge with credit/debit card cannot be carried out because you do not have access to…

    29 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  10. Update SSL VPN to newest OpenVPN version.

    MacOS users with the newest version of Tunnelblick are starting to experience compatibility issues with the current OpenVPN version used by SSL VPN.
    Specifically comp-lzo is deprecated. See the same idea for UTM

    26 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  11. Share port 443 with VPN and Webserver

    I have a webserver with SSL enabled, but I want also the SSL-VPN server at the same port (TCP,443) since this port is not blocking at the most firewalls.

    I know it is technical possible, with "port share" in the VPN-Server-Config.

    Regards,
    Marc

    58 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  12. Prevent SSL VPN DNS leaks on Windows 10 with simple OpenVPN option "block-outside-dns"

    Windows 10 has issue with DNS leaks, that DNS requests are made to all accessible DNS servers and the quickest one to respond is selected. This causes problems if the same DNS name has different IP on external DNS and DNS internal to VPN.

    Right now, this has to be solved on case-by-case basis with change of metric/interface priority on each client system - as suggested by Sophos support.

    As the Sophos SSL VPN is based on OpenVPN, by adding the ability in GUI to configure push of "block-outside-dns" option to clients, this could be resolved system-wide and is tested…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  13. Keep alive feature for GRE tunnel

    Hello Team,

    We have customer here requesting to add keep alive feature for GRE tunnel as a requirement on their network set up. For your assistance please. Thank You

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  14. remote desktop

    Provide setting for Clientless Access RDP to allow multiple monitors.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  15. Make SSL VPN user configurations available to the Admin

    Add ability for an Administrator to view and download SSL VPN configurations of users. Additionally make windows configurations available as .ovpn files as well as the 'executable'

    32 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  16. Create Inline OVPN File for Site to Site SSLVPN

    As it is now the Site to Site SSLVPN server still exports the now ancient Astaro .epc/.apc format. Give us the option or switch over to creating a more "universal" inline .OVPN file that can be used with clients other than Sophos gateways. We can easily convert the .epc to .ovpn with a script like we have been doing for the past, oh I don't know, 8 years, but don't you think it is time to leave the past behind? I mean I can login to the user portal and download an ZIP file that contains an ovpn configuration, whay…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  17. Support VPN Configuration from Microsoft Intune and Windows 10

    Microsoft have been working on their Intune Solution which includes a way to configure a VPN policy that is deployed. There are a number of "Connections" available from other vendors but Sophos are not present. It would be great if Sophos would create a "UWP VPN plug-in" which will allow us to be able to configure VPN's via this. If using Autopilot in the future too a VPN maybe required if not in the office and this same configuration is used.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  18. VPN Architecture

    Sophos should develop a new User friendly policy for shifting from One network to another through VPN. As in Cyberoam we used to install a client and whenever we need to shift from One VPN to other just we just import specific Configuration file and start with the network login using credentials but in case of Sophos its different every time i have to download a entire setup file. When using many networks it becomes a problem. We need to think re structure the design

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  19. Improve problems of RED devices.

    Please make sure that existing "RED" does not reconnect when new "RED" is added.

    Each time we add or change the setting VPN is disconnected, so customer complaints are coming.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  20. Support Wireguard VPN

    I would like to see WireGuard added as VPN option since it is mote secure, lightweight and modern compared to the current available options.

    26 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.