Integrate Authy 2FA into the SSL VPN server3 votes
CyberoamOS supports IPSec VPN Failback. SFOS doesn’t. Any chance to implement it?4 votes
We need to have SSLVPN with split tunnel that can support route to FQDN based hosts (eg. nowadays some of webservices are using dynamic public IP addresses to provide their high availability)
This capability is on the SG UTM SSLVPN, where we can add multiple permitted network resources, from a single IP address, group of ip ranges (Network group), and FQDNs. But currently the Sophos XG SSLVPN split tunnel "permitted network resources" is limited only to IP Host.
It would be great to be able to adjust the timeout values on the REDs to prevent the device from disconnecting as fast when connected to an unstable ISP connection1 vote
Fail-over between GRE tunnel to IPSec VPN Tunnel or vice versa.3 votes
Ability to bind SSL VPN to a single interface.
Currently when SSLVPN is enabled it listens on all interfaces regardless of what is set in Local ACL's.
We need the ability to bind this to a single interface, if we use port 443 for SSL VPN as many want to it limits our ability to run WAF/DNAT for web servers on separate interfaces on 443.85 votes
We need more filters for the command show vpn IPSec-logs1 vote
VPN Login Script
Configure the VPN client to authenticate to the domain and allow GPO login scripts to be applied to the remote computer so that the user can connect to all network resources as they do when they are in the office.3 votes
Since the Sophos IPSec client is not compatible with the XG product, and the SSL client does not support MSGina (Logon Before Windows) how about implementing compatibility with external VPN Clients like The Green Bow.
Make an option to download a compatible config file which can be imported into the client configuring the VPN options.
The XG product IPSec configuration downloads a config file for the original EliteCore IPSec client which was always lacking this feature.
The Green Bow VPN client can be used with IPSec client VPN's, and the MSGINA support functions correctly.4 votes
While configuring / setting up IPSec VPN Tunnel, there is no option to allocate bandwidth.
Please add this feature as this'll help to manage traffic and available bandwidth.
There are instances where the users at Branch / Vendor site complain they are getting slow connections to the resources in HO. There is no way we can check how much bandwidth is being used by IPSec Tunnel and we can not change the same.8 votes
Generic SSL VPN profile so any user in the security group can login using the same VPN configuration.
Currently, if a company has a pool of laptops to be handed out by users that have the SSL VPN client installed, they cannot log into the SSL VPN client without first logging into the user portal and then downloading the configuration for their particular user. It would be nice to have one VPN client install and if the user is a member of a particular security group, be able to log in using the installed VPN client software.19 votes
Would be usefull in SSL VPN, that you can have the possibility to override hostname, with multiple records.
Now we do this by manually changing the configuration file.
remote isp1.dns.com 8443
remote isp2.dns.com 844315 votes
It's very disapointing not to be able to WoL all the computers on our LANs. We use WoL to update OS during the night but since we have XG, we can't do it anymore.36 votes
Disappointing that I can't tweak this for performance. UDP fragmentation is a big problem in our world of oversold connections.2 votes
It is possible to assign static leases in every DHCP server. The only exception is the DHCP server to a RED interface.
In some cases it is necessary to assign static leases.
Please implement this function.15 votes
Currently Sophos RED devices are not compatible with Australian NBN infrastructure. As NBN is quiet affordable and getting accessible, it is most likely to be used for branch offices. NBN has a specific requirement to TAG (trunk) external WAN interface with vlan 100.
Unfortunately NBN won't change their silly network requirements and it is the only way we comply and offer routers with such capability.11 votes
On some ISP box, DHCP server is up before network is really connected. This allow RED to obtain IP adress, but to failed into reaching network and XG (if on another wan site).
It should be good to add an ability to check if Network is up before trying to connect.1 vote
SSL VPN in IP Binding option13 votes
When setting up an IPSEC Site To Site VPN there is no way to exclude source or destination hosts/networks from being included in the VPN tunnel.
Sending all traffic over the Tunnel, but excluding a local host from the tunnel and traffic to a specific network
Remote Subnet: Any
Exclude Source: PC 10.10.10.10 (Or Network if you like: 10.10.10.0/24)
Exclude Destination: 188.8.131.52 (Or Network: 184.108.40.206/24)13 votes
Need be able to set custom MTU/MSS settings on individual IPSec tunnels. I have multiple site-to-site IPSec VPN tunnels and it would be great to be able to set custom MTU/MSS configurations for each one.
While ipsec0 is used for IPSec VPNs, it would be nice to have custom configs for each connection.7 votes
- Don't see your idea?