XG Firewall
Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.
-
include XG revision # in "model" column of Sophos Central
Include the hardware revision number in the XG "model" column of the Sophos Central >> Firewall Management >> Firewalls page. It's helpful to have this info all on one screen.
2 votes -
I need configure Sophos as transparent allow DHCP from WAN to Lan My DHCP Server Is My Cisco Router Not Sophos
I need configure Sophos as transparent allow DHCP from WAN to Lan My DHCP Server Is My Cisco Router Not Sophos
MY Scenario Is
Port1 Connected to Cisco Router 172.16.5.1 /24 As WAN1
Port2 Connected to Cisco Router 192.168.0.1/16 As Wan2
i need
allow DHCP Range 172.16.5.0/24 From Port1 to Users Which Connected Throw Port5
allow DHCP Range 192.168.0.0/16 From Port2 to Users Which Connected Throw Port6
.
I need
Users On Port5 Out From Port1
Users On Port6 Out From Port21 vote -
pppoe light touch configuration
Currently there is no option in the light touch configuration for an interface type of pppoe. As a result I cannot deploy XG firewalls remotely to locations with DSL connections. Please add this feature.
1 vote -
Device/Employee Monitoring
We need to now in central SOPHOS device wise or users wise what are the application is suing & which are websites are accessing date & duration if it captures it will be easy to monitor employee usability
2 votes -
force uninstall of antivirus on machine from central management
the ability to force an uninstall on a machine from the central management console...
Right now I can force a scan a reinstall or delete it from the management console but I can't force a delete..
One of my clients recently let a manager go but his personal laptop has the company's Intercept-x installed.. there is no way we can get this machine to uninstall the product...
the only suggestion was to create a "block all" group and disable tamper protection so the user will not be able to go anywhere on the net and will be forced to uninstall…4 votes -
sfm
Add SFM WAN access ACL and/or otp authentication
2 votes -
Hi,could you add a remote reboot for nodes on network as a troubleshooting tool under diagnostics
Diagnostics/Troubleshooting
1 vote -
rchive and download logs
Archive and download logs in tgz format like in iview. As you know that iview doesn't work, if this feature will be available we can download the logs from Sophos and save for future use. In case box fail we will not have the reports and we will not able to share the reports to Cybercrime team. I would request you to enable this features on urgent basis and I don’t want to go Jail.
1 vote -
GUI Control for 'NATting' system initiated traffic
currently there is no easy way to control NATting of System initiated traffic, this would be incredibly useful when using a 4G SIMs
Which uses a Private IP address range not a public. there are also ISPs which use Private IP addresses and route Public IPs to the private IP.
which means you cannot register or control using Central.1 vote -
Propagate Hosts and Services definitions to all firewalls managed by same central
Option to propagate Hosts and Services definitions to all firewalls managed by same central account.
4 votes -
SFM allow login security as you do for XG
[On behalf of customer] XG allows you to block, Admin logins after X number of unsuccessful attempts from a same IP, SFM doesn't allow you to do this at the moment.
5 votes -
Match Rules Lookup / Search Option
I would suggest that there is a Match Rules Option like Fortigate's Policy Lookup.
If say the XG have 1000 firewall rules, it is hard to match which rules will a particular packet will use to pass through. From this, it will help in troubleshooting and also help to check unused or misconfigured firewall rules.3 votes -
Central Mgmt: Don't delete backups from returned devices
Previous firewall that was synchronized to the central admin (RMA'ed unit's backup from the sophos central) shouldn't be deleted once the new device will be overwritten. There should be a way to download it all and be imported to the newly synchronized unit.
2 votes -
SFM Change Firmware update "Apply" button to "Schedule"
In Sophos Firewall Manager, when updating the Firmware of an XG Firewall, there is an "Apply" button, which brings up a scheduler when clicked.
This is confusing, as it seems like this button will apply the firmware immediately without warning. Please change the name of this button to "Schedule" instead of "Apply" so that it's more obvious that the firmware will be scheduled for install and not apply immediately.
8 votes -
Allow monitor-only connection to Central Firewall Manager
At the moment when when registering an XG firewall to Sophos central the only option is to enable central management or not.
If central management is not enabled then we get a limited selection of alerts in central for the firewall, i.e. lost comms between XG and central.
Typically in our deployments we do not want the firewall to be manageable via cloud service through central, particularly in higher security networks we permit local management only over our internal WAN or VPN links.
Some level of granularity in between nothing or everything would be fantastic.
For example a completely read-only…
3 votes -
Specify amount of back up per XG on Sophos Firewall Manager
Hello Team,
We have customer here requesting feature to have specify amount of back up per XG on Sophos Firewall Manager. For your assistance please. Thank You.
2 votes -
SFM: Add CCL Notifications
In SFM, a notification for when a CCL entry is created would be ideal for Change Management. Upon receiving this notification from SFM, other administrators can look back over the CCL entry and bring up potential problems for reversion as necessary when they get an alert from SFM that a firewall's configuration was changed.
2 votes -
Reorder rules in SCFM Template
In a template in Sophos Central Firewall Manager, it's currently impossible to reorder rules (neither create a new rule between two existing rules).
It's supposed that this is a basic functionality of a firewall managing system.1 vote -
SFM - Overwrite whole configuration with template
I'd like to have the possibility to overwrite the whole configuration of a firewall with the content of an SFM template. Currently when applying a template from SFM the firewall rules merge with the ones configured locally.
I´d like to have the possibility of replacing, instead of merging and have full control of the firewall from SFM, like others vendors have from their management server.
This is to avoid human errors by a local administrators. For example someone can log locally on the firewall and configure an any any permit, then you apply your template and that any any remains.…19 votes -
FTP file path should be included in the FW Manager Maintenance Config Backup
In the Firewall Manager (17.x.x) there is no file path option in the FTP configuration download when backing up the Firewall Manager configurations. This option is however present for the Firewall Config backups. It should be available for both.
1 vote
- Don't see your idea?