XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. SSLVPN OTP SELECTABLE PER PROFILE

    Need to have the ability to choose which SSL VPN server (OpenVPN) uses OTP. As it is now OTP is applied accross the board to ALL SSL VPN connections. We use devices that logon as SSL VPN users, enabling OTP on SSL VPN breaks that ability. We don't wish to disable OTP on SSL VPN as that would make it less secure for actual users that need to login to SSL VPN. What would be ideal is the ability to have one profile for devices that needs no OTP and one for users that does. An alternative to this would…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  2. Make Cisco VPN Client Client Functional Or Replace it with Cisco Any Connect VPN Client

    As Cisco Vpn Client is now obsolete and no more supported by Cisco, it doesn't work with Sophos XG as said by one of Sophos Technical Support Team member, names " Yagnik Goswami "in my service request number "8232842".

    As there is still the "Cisco VPN Client" option is available in Sophos XG so it should also be working fine or Sophos has to give its replacement option of "Cisco Any Connect".

    As this thing is annoying the costumer so Sophos must think on this matter seriously.

    Best Regards

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  3. Authy

    Integrate Authy 2FA into the SSL VPN server

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  4. Create a

    Create the ability to monitor individual VPN IPsec tunnel status and SNMP traffic.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  5. Failback

    CyberoamOS supports IPSec VPN Failback. SFOS doesn’t. Any chance to implement it?

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  6. Split tunnel to support FQDN Host based route as the permitted network resources

    Hi,

    We need to have SSLVPN with split tunnel that can support route to FQDN based hosts (eg. nowadays some of webservices are using dynamic public IP addresses to provide their high availability)

    This capability is on the SG UTM SSLVPN, where we can add multiple permitted network resources, from a single IP address, group of ip ranges (Network group), and FQDNs. But currently the Sophos XG SSLVPN split tunnel "permitted network resources" is limited only to IP Host.

    Regards
    Yo.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. Fail-over between GRE tunnel to IPSec VPN Tunnel.

    Fail-over between GRE tunnel to IPSec VPN Tunnel or vice versa.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  8. vpn ssl interface

    Ability to bind SSL VPN to a single interface.

    Currently when SSLVPN is enabled it listens on all interfaces regardless of what is set in Local ACL's.

    We need the ability to bind this to a single interface, if we use port 443 for SSL VPN as many want to it limits our ability to run WAF/DNAT for web servers on separate interfaces on 443.

    58 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  9. active/active ipsec

    A feature to make an active/active (load balance/HA) VPN over IPsec, in this moment only failover is possible.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  10. ipseclog

    We need more filters for the command show vpn IPSec-logs

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  11. VPN - Authenticate and Run Domain GPO login scripts - Mapped Drives

    VPN Login Script

    Configure the VPN client to authenticate to the domain and allow GPO login scripts to be applied to the remote computer so that the user can connect to all network resources as they do when they are in the office.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  12. 3rd party VPN Client Support

    Since the Sophos IPSec client is not compatible with the XG product, and the SSL client does not support MSGina (Logon Before Windows) how about implementing compatibility with external VPN Clients like The Green Bow.

    Make an option to download a compatible config file which can be imported into the client configuring the VPN options.

    The XG product IPSec configuration downloads a config file for the original EliteCore IPSec client which was always lacking this feature.

    The Green Bow VPN client can be used with IPSec client VPN's, and the MSGINA support functions correctly.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  13. 1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow authentication with windows credentials (domain\username) for l2tp

    When connecting to a L2TP VPN using automatic windows credentials it sends domain\username authentication which is not allowed by the firewall. If i manually just type in the username without the domain it works. All of our users have used this feature and it worked great on the astaro. Unfortunately now it doesn't work.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  15. Bandwidth allocation to IPSec VPN Tunnel

    While configuring / setting up IPSec VPN Tunnel, there is no option to allocate bandwidth.
    Please add this feature as this'll help to manage traffic and available bandwidth.

    There are instances where the users at Branch / Vendor site complain they are getting slow connections to the resources in HO. There is no way we can check how much bandwidth is being used by IPSec Tunnel and we can not change the same.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  16. SSL VPN profile that is generic so any user that is in the security group can log in using the one downloaded VPN configuration.

    Currently, if a company has a pool of laptops to be handed out by users that have the SSL VPN client installed, they cannot log into the SSL VPN client without first logging into the user portal and then downloading the configuration for their particular user. It would be nice to have one VPN client install and if the user is a member of a particular security group, be able to log in using the installed VPN client software.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  17. XG firewall VPN client should auto-connect facility (in silent mode) when connect to client network.

    XG firewall VPN client should auto-connect facility (in silent mode) when connecting to client network.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  18. monitoring SSL VPN clinet traffic hitting to server

    SSL VPN traffic hitting to how many server's and multiple logging session report.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  19. override hostname ssl vpn - multiple hostnames

    Would be usefull in SSL VPN, that you can have the possibility to override hostname, with multiple records.
    Now we do this by manually changing the configuration file.
    FE:
    remote isp1.dns.com 8443
    remote isp2.dns.com 8443

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  20. Proxy WoL

    It's very disapointing not to be able to WoL all the computers on our LANs. We use WoL to update OS during the night but since we have XG, we can't do it anymore.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.