XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Out of Band Management

    I would request to add Out of Band Management feature in XG Firewall which other make and models have it. With help of this feature if accidently firewall gets shutdown or somehow cannot be accessed, one can remotely start or troubleshoot the issues.

    In times of COVID, if this feature would have been present it would have helped me a lot!

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  2. Populate admin user info from Central in XG logs

    In XG SFOS up to the current 18.0.5 only generic admincentralsa is logged as the username and 127.0.0.1 (localhost) as the ip in the XG Admin log for management authentication and actions performed by Central admins. Given that multiple Central admin users exist, logging the specific account username and/or the public ip of the client logged into Central would be an improvement rather than the generic placeholder that can't be directly traced back to a user.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  3. speedtest

    speedtest app in dashboard

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  4. Multiple public ip and proper way to DNAT/SNAT with XG high availability FW on azure

    Please provide a proper guide of how to DNAT or SNAT for your HA XG on Azure, also how to implement it with multiple public IP

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. Overview of all customer firewalls in Central Partner

    List of all customer firewalls and their status. Like online / offline and subscription and so on. Today you need to log into every single central account to check the status.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  6. VPN TO WAN - IPSEC & SSL

    This is regarding your service request number #03923876

    We have configured 2 types of VPN in XG-210 i.e. SSL & IPSEC. For SSL we assigning the subnet 10.81.234.0/24 and for IPSEC we assigned subnet 10.87.143.0/24.

    Now we are having the requirement to route the VPN USERS WAN IP traffic through XG UTM through particular ILL.

    For Example
    10.81.234.0/24 subnet traffic route through WAN 1 for end users.

    10.87.143.0/24 subnet traffic route through WAN 2 for end users.

    If you have any solution please suggest

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  7. include XG revision # in "model" column of Sophos Central

    Include the hardware revision number in the XG "model" column of the Sophos Central >> Firewall Management >> Firewalls page. It's helpful to have this info all on one screen.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  8. I need configure Sophos as transparent allow DHCP from WAN to Lan My DHCP Server Is My Cisco Router Not Sophos

    I need configure Sophos as transparent allow DHCP from WAN to Lan My DHCP Server Is My Cisco Router Not Sophos
    MY Scenario Is
    Port1 Connected to Cisco Router 172.16.5.1 /24 As WAN1
    Port2 Connected to Cisco Router 192.168.0.1/16 As Wan2
    i need
    allow DHCP Range 172.16.5.0/24 From Port1 to Users Which Connected Throw Port5
    allow DHCP Range 192.168.0.0/16 From Port2 to Users Which Connected Throw Port6
    .
    I need
    Users On Port5 Out From Port1
    Users On Port6 Out From Port2

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  9. pppoe light touch configuration

    Currently there is no option in the light touch configuration for an interface type of pppoe. As a result I cannot deploy XG firewalls remotely to locations with DSL connections. Please add this feature.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. Device/Employee Monitoring

    We need to now in central SOPHOS device wise or users wise what are the application is suing & which are websites are accessing date & duration if it captures it will be easy to monitor employee usability

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  11. force uninstall of antivirus on machine from central management

    the ability to force an uninstall on a machine from the central management console...
    Right now I can force a scan a reinstall or delete it from the management console but I can't force a delete..
    One of my clients recently let a manager go but his personal laptop has the company's Intercept-x installed.. there is no way we can get this machine to uninstall the product...
    the only suggestion was to create a "block all" group and disable tamper protection so the user will not be able to go anywhere on the net and will be forced to uninstall…

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  12. sfm

    Add SFM WAN access ACL and/or otp authentication

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  13. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  14. rchive and download logs

    Archive and download logs in tgz format like in iview. As you know that iview doesn't work, if this feature will be available we can download the logs from Sophos and save for future use. In case box fail we will not have the reports and we will not able to share the reports to Cybercrime team. I would request you to enable this features on urgent basis and I don’t want to go Jail.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  15. GUI Control for 'NATting' system initiated traffic

    currently there is no easy way to control NATting of System initiated traffic, this would be incredibly useful when using a 4G SIMs

    Which uses a Private IP address range not a public. there are also ISPs which use Private IP addresses and route Public IPs to the private IP.
    which means you cannot register or control using Central.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  16. Propagate Hosts and Services definitions to all firewalls managed by same central

    Option to propagate Hosts and Services definitions to all firewalls managed by same central account.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  17. SFM allow login security as you do for XG

    [On behalf of customer] XG allows you to block, Admin logins after X number of unsuccessful attempts from a same IP, SFM doesn't allow you to do this at the moment.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  18. Match Rules Lookup / Search Option

    I would suggest that there is a Match Rules Option like Fortigate's Policy Lookup.

    If say the XG have 1000 firewall rules, it is hard to match which rules will a particular packet will use to pass through. From this, it will help in troubleshooting and also help to check unused or misconfigured firewall rules.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  19. Central Mgmt: Don't delete backups from returned devices

    Previous firewall that was synchronized to the central admin (RMA'ed unit's backup from the sophos central) shouldn't be deleted once the new device will be overwritten. There should be a way to download it all and be imported to the newly synchronized unit.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  20. SFM Change Firmware update "Apply" button to "Schedule"

    In Sophos Firewall Manager, when updating the Firmware of an XG Firewall, there is an "Apply" button, which brings up a scheduler when clicked.

    This is confusing, as it seems like this button will apply the firmware immediately without warning. Please change the name of this button to "Schedule" instead of "Apply" so that it's more obvious that the firmware will be scheduled for install and not apply immediately.

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.