XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. RED: Check local network connectivity before attempting to connect VPN

    On some ISP box, DHCP server is up before network is really connected. This allow RED to obtain IP adress, but to failed into reaching network and XG (if on another wan site).
    It should be good to add an ability to check if Network is up before trying to connect.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  2. SSL VPN in IP Binding option

    SSL VPN in IP Binding option

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  3. VPN Exclude Networks

    When setting up an IPSEC Site To Site VPN there is no way to exclude source or destination hosts/networks from being included in the VPN tunnel.

    For Instance:

    Sending all traffic over the Tunnel, but excluding a local host from the tunnel and traffic to a specific network

    Remote Subnet: Any
    Exclude Source: PC 10.10.10.10 (Or Network if you like: 10.10.10.0/24)
    Exclude Destination: 123.123.123.123 (Or Network: 123.123.123.0/24)

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  4. Custom MTU/MSS For IPSec Tunnels

    Need be able to set custom MTU/MSS settings on individual IPSec tunnels. I have multiple site-to-site IPSec VPN tunnels and it would be great to be able to set custom MTU/MSS configurations for each one.

    While ipsec0 is used for IPSec VPNs, it would be nice to have custom configs for each connection.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  5. RED XG to XG client side multiple wan link fail-over options

    It is definitely necessary to have a choice of primary/secondary/tertiary for the WAN interface a RED client will use.

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  6. Rename SSL VPN profile installer file

    Every downloaded SSLVPN profile is named "usernamesslvpnconfig.exe" and there is no possibility to change this globally. So if you import different profiles with the same username (as we do this for our technicians with different customers) you can't differ which profile is for a specific customer.

    Please provide a ability to change this or change the naming convention to SG like.

    65 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. VPN allow Network Level Authenticaion for RDP bookmarks

    With the VPN, when you create a bookmark for remote desktop to a windows machine, you have to uncheck "Allow Connections from computers running Remote Desktop with Network Level Authentication". If you do not, it will throw an error. You can use "NLA" security and that will work for machines with "network access level" enabled, but you need to populate the username and password for that machine to autologin.

    This works if you are the only one using that bookmark, but doesn't help if you are creating bookmarks for your employees and you as a technician don't know their credentials,…

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  8. Collapse list of VPN connections

    Some sites have a failover group with 2 or more connections. Since only one connection is established per site, it would be nice if we could collapse the rest of the connections not used.

    When viewing the VPN connections, it would only show you one connection per site and if it’s connected or not.

    This would make it easier to see which sites are actually down.

    We have over 20 sites and growing and the list is getting harder to manage.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  9. SSL VPN settings should be per-profile

    In SSL VPN there is limitation of setting up source (DHCP range)networks, there is no option to create another VPN setting (P1 and P2) for different VPN profile.

    which is important for Multi profile VPN configuration for different department and access.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  10. DMvpn

    Dynamic Multi-point VPN (DMVPN) is required for dynamic routing in VPN for redundant route identification (LIKE ospf,eigrp,).

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  11. RED traffic in system graphs

    We can see RED traffic in report,
    but we can't see the traffic in system graphs.

    Please add the RED interface in system graphs.
    Thanks~

    24 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  12. IPSec Connections Report

    More detailed report for IPsec connections. There is a report item for VPN but it's limited and it only counts the number of times an IPsec tunnel was connected that day, requesting to have more granular reports for IPSec usage.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  13. User Portal Bookmarks - Allow RDP keyboard input language change

    Currently when accessing RDP via a bookmark from the portal the HTML5 RDP app defaults to USA input which causes issues for UK keyboards where symbols are assigned to different keys. It would be very useful if the input keyboard language could be set in the bookmark configuration. Ticket raised with Sophos support confirms that changing input language is not currently possible

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  14. Shutdown ports on RED via XG configuration

    Could it possible to shutdown LAN ports on the RED via the configuration on the XG? We have installed a number of REDs in shared comms rooms and it would be good to stop people from having the ability to just plug in a LAN port on the RED and access a customer's remote network via the L2TP tunnel.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  15. RED WAN I / F support PPPoE

    I want RED's WAN I / F to support PPPoE

    I think loading config from USB memory.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  16. RED Support IPv6

    Currently RED devices can not use IPv6,
    I want RED devices to support IPv6.

    19 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  17. SSL VPN - Disconnect User

    Actually, if I click the button to disconnect a Live SSL VPN User (from XG Admin Panel) the firewall sends Connection Soft Reset to the VPN Client, but after a few seconds the client re-connects.

    It would be nice to disconnect the user (at least until it does another login with VPN Client) maybe also sending him a popup message.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  18. 4096 bits SSL VPN Encryption

    4096 bits SSL VPN Encryption is currently very common on many appliances but not on Sophos XG. Could you please add this level of encryption to the XG?

    31 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  19. HTML5 VPN

    Add HTML5 VPN like UTM9

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  20. ipsec vti / routable ipsec / routable ssl vpn with abilities to connect to none sophos remote

    RED Tunnels is nice only if i can live in a world where every firewall/gateway is made by sophos. So at least support some standard means to create routable vpn.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.