XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Feature to export the user details in a csv file

    Please provide us feature to export the user details in a csv file

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  2. chrome sso

    At present the Windows AD domain HAS to use the same domain name as your Google Apps. We have the correct information in our AD Attributes to match against Google but its not held in the "mail" attribute but instead in the "wwwHomepage" attribute.

    My suggestion is to allow us to CHOOSE which AD attribute to use rather than forcing the domain to be the same name on Google and our Local AD.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  3. STAS support LDAPs on eDirectory mode

    This feature request is in response to the realization that the STAS Agent cannot establish encrypted LDAP communication to a backend eDirectory server.

    Problem: It is not possible to set up the STAS Agent in eDirectory mode with an encrypted (port 636/tcp) LDAP connection. Only a plain text LDAP over port 389/tcp is supported at this time. (We wrote the year 2021 for all readers).

    Function: Establish the configuration option and support encrypted LDAP communication to eDirectory server over port 636/tcp for the STAS agent of Sophos XG Firewall.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  4. font

    Salve, questa è la seconda volta che indichiamo che abbiamo molti problemi nell'utilizzare il servizio standard del Captive portal offerto per la connessione WIFI. In pratica ogni qualvolta viene inserità una password egnerata che contiene caratteri come ELLE oppure I in maiuscolo e minuscolo non si comprende bene cosa inserire. Questa cosa dà molto fastidio! Per favore correggete prima possibile il font o la metodologia soltanto numeri?

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow use of self signed certificate for LDAP

    The firewall does not currently allow for connecting to LDAP servers with self-signed certificates.
    When connecting to Gsuite LDAP the XG firewall tries to validate the certificate before calling the LDAP server. This validation fails since the certificates are self-signed by Google.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  6. secure radius

    Secure RADIUS using EAP (Extensible Authentication Protocol) between RADIUS servers and the XG firewall (like PEAP-MSCHAPv2)

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  7. User Disconnect Facility Provide the User Access Portal

    It is submitted that the user provide the facility of disconnect the live user himself by their User Access Portal that. Right now their are 2 facility is available in the firewall to disconnect the user (1 is by the Firewall Admin> Current Activities> Live Users> Disconnect & 2 is user login the same pc and logout himself. User needs to extra facility to disconnect himself from any PC by the User Access Portal.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  8. User Disconnect Facility Provide the User Access Portal

    It is submitted that the user provide the facility of disconnect the live user himself by their User Access Portal that. Right now their are 2 facility is available in the firewall to disconnect the user (1 is by the Firewall Admin> Current Activities> Live Users> Disconnect & 2 is user login the same pc and logout himself. User needs to extra facility to disconnect himself from any PC by the User Access Portal.

    0 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  9. Surfing quota should not apply to SSL VPN login when SSL VPN is not used as a default gateway

    Based on case 03497881, Sophos doesn't think that having the surfing quota tied to the SSL VPN function is a bug even when SSL VPN is not used as the default Internet gateway. This should be changed so customers do not need to create separate user IDs for LAN usage and for SSL VPN login.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  10. Radius on Sophos XG Firewall should forward the IPv4 Attribute to MFA solution.

    Radius connection from Sophos XG Firewall dosn't forward the IPv4 Attribute to our MFA system (test with other firewalls vendos do that)

    We are using the RADIUS Attribute CALLING-STATION-ID (31) in our ENTRUST MFA solution.

    In our setup users authendicate through RADIUS when connecting with remote VPN (Sophos Connect) - we can see the remote IP of the user in the firewall so the XG know it - but the IP not forwarded to the MFA solution

    The IP is uses e.g. for risk management settings.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  11. Authentication: UUID instead of MAC address for binding

    Sophos XG supports MAC binding for user authentication.
    This is a feature used e.g. SSL VPN connections to identify devices.
    Mobile devices with Android or iOS as operating system do not support sending the MAC, but instead the UUID.
    Therefore I request adding this feature so we can identify corporate devices by UUID.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  12. User Portal MFA

    If you try to log in to the user portal with MFA enabled, the login form needs to display either another text box to insert the MFA code or a message stating that a MFA code needs to be appended to the password.

    The current login form causes a lot of helpdesk calls because they don't realize ( or keep forgetting) that their MFA code needs to be inserted after their password.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  13. SSL VPN MFA

    With a SSL VPN client with MFA enabled, the login form needs to display either another text box to insert the MFA code or a message stating that a MFA code needs to be appended to the password.
    The current login form is rather crude and causes a lot of helpdesk calls because they don't realize ( or keep forgetting) that their MFA code needs to be inserted after their password.
    An upgraded form with logo that looks more professional would be my preference please.

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  14. Bugs in Authentication Agent for macOS

    When OTP (one-time password) is enabled for User Portal it causes the Client Authentication Agent for macOS to not work UNLESS the user enters their username and password PLUS their OTP token.

    I have tested and confirmed this with Sophos support.
    Enabling OTP for the User Portal should have NOTHING to do with the Authentication Agent for macOS. Furthermore the Authenticator agent should never require a OTP. Otherwise the poor user will need to re-enter his or her credentials every time their Mac is rebooted.

    Second bug: There is an on-going display issue with the Authentication Agent for macOS. The…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  15. Need " Force change default password at first logon and expiry policy " in XG Firewall

    We need to change default user password at first login and expiry policy or other easy way to change user password by themsalves.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  16. connect user portal

    Even if LDAP server authentication is configured, Sophos Connect users have to login to User Portal one time before connect thru VPN.
    Connect's Users must be can connect without doing login to user portal before.

    Regards

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  17. Prevent Authentication Requests from Computer Accounts

    We are seeing issues with NTLM/Kerberos authentication where the device name is authenticating with Sophos XG vs the user. It seems to be that some Microsoft services are causing this and it is causing blocked web access.

    Ideally, it would be nice to see an option made available where you can filter out or prevent Sophos from Authenticating computer objects/devices in AD, and only to authenticate user objects.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  18. SSL VPN Public Key Authenication.

    Allow Public Key authenication method for XG SSL VPN clients. It would also be a bonus if keypairs could be generated within the GUI rahter than CLI.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  19. Request to have much more user friendly two factor authentication for Sophos Connect 2.0

    Hello Team,

    We have a customer here requesting to have much more user friendly two factor authentication for Sophos Connect 2.0. The current 2FA on XG like appending a 6-digit code to a password to gain access is not user friendly. Requesting if possible for sophos XG to support a third party 2FA that is much more easy to use and no need to enter the token or one time password.

    For your assistance please.

    Thank You

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  20. Require local user password criteria to be defined

    Administrators should be able to require users passwords to meet certain password criteria/complexity, Character length, Case, numeric, special characters.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.