XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Create the possibility to filter in the Sophos XG Firewall Log for several entries of the same type (e.g. port 80 AND 443)

    Create the possibility to filter in the Sophos XG Firewall Log for several entries of the same type (e.g. port 80 AND 443)

    It is currently only possible to search for an entry e.g. a port, if you add another port via the filter, the first entered port is deleted and only the last entered one is there.
    Ideally, this should be done with e.g. Boolean arguments can be linked in order to be able to build extended log filters. This affects all parameters of the search. If you e.g. want to hide a port like 80 and 443, this…

    24 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. Sophos Connect Client 2.0 for macOS

    Currently XG Firewall only supports Sophos Connect Client version 2.0. At the moment, there is only a Windows version. I've contacted support and received the following reply:

    "Sophos XG now only support v2.0 of Sophos Connect Client which has only Window Support.
    For Mac its still in feature request. Our Sophos team is working on it.

    Sophos currently doesn't support your requested feature but values your input into improving the product to best meet our customer’s needs.

    We have requested you to raise feature request using http://ideas.sophos.com/ and subscribe the notifications.

    This would be reviewed by our Product Management Team…

    13 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  3. 75 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. change vlan base

    Please make it possible to move existing VLANs to another base interface without the need of deleting/reconfiguring. Almost every other manufacturer allows that and it really helps when we have to temporarily build a network on ports other than the ones that will be used in the end.

    25 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. RA VPN enhancements

    VPN agent must have functionality:
    > Scan/read OS patch status, version.
    > AV agent name, version.
    > Windows FW & Defender status.
    > Logon history tab, so that user will know who and when was previous logon done from their system, agent must also fetch from NGFW, is there any other user logged in from same account from a different machine. This also helps in identifying unauthorized logon attepts.
    > Diagnostic tab on VPN agent similar to XG for TShoot.
    > Dark Theme UI.
    > If multiple ADs are configured and those ADs have diferent domains then VPN agent must…

    23 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  6. country ipv6 lists

    Need to have Ip2country for IPv6 based hosts and IPv6 addresses per country. Also be able to list of networks in IP object like IPlist.

    18 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Make the web interface faster

    The administration of the XG UTM is so slow. We have tried several models but the loading of the pages is always slow.

    32 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow more than 60 HTTP-based/WAF policies - URGENT

    I reached the limit of 60 HTTP-based / WAF policies. I am migrating the rules from an ASG to an XG. We still have to create more than 18 policies. Please urgently need this limitation to be removed or extended.

    24 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. SSL VPN MFA

    With a SSL VPN client with MFA enabled, the login form needs to display either another text box to insert the MFA code or a message stating that a MFA code needs to be appended to the password.
    The current login form is rather crude and causes a lot of helpdesk calls because they don't realize ( or keep forgetting) that their MFA code needs to be inserted after their password.
    An upgraded form with logo that looks more professional would be my preference please.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  10. Temperature Monitoring

    I have seen two request for the ability to monitor temperature. One from 2016 and the other form 2018 both with a combined vote total over 200. What gives?

    16 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Bandwith monitoring of individual Site2Site VPNs

    Please provide realtime bandwith usage information of individual Site2Site VPN connections


    • via GUI (Report, Graph/24h/7d)

    • via CLI (something like iftop for individual Site2Site VPNs)

    • via SNMP

    • ...

    My 10+ year old router is able to provide current bandwith usage on every interface AND every vpn-connection using SNMP. This should be a basic feature of every utm!

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. WAN Interface DNS

    Any interface configured as WAN cannot have their's ISP's internal DNS server configured right on the interface, just have to use those 3 DNS servers on the DNS page. Adding this function will allow many ISP DNS Servers to respond faster for any resolution, increasing the response time for the request for that ISP that runs better than with public DNS Servers, and making the end-users more unsatisfied with the WAN performance.

    Just adding the option to set DNS Servers on the interface configuration for each WAN will resolve this issue.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Ability to Traffic Shape & QoS Specific Interface

    Hello!

    It has become apparent for us to try and implement Traffic Shaping rules for specific interfaces - in our example, we have a site which has many RED Branch Offices. These branch offices appear to be causing high utilization on our available WAN usage.

    Currently, to create a Traffic Shaper or QoS rule we'd need to define it within "System services > Traffic shaping" and then apply this to a firewall rule under "Rules and policies > Firewall rules > [[Edit Rule]] > Other security features > Shape traffic".

    This works great for when you have a specific service…

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Better Bandwidth Monitor

    It would be excellent if there could be a tab under "current activities" that showed a real time bandwidth monitor that updated every few seconds. This would include all the WAN interfaces showing at the same time in a line graph format. It could carry over the "interface name" so you knew which ISP was taking up bandwidth for better diagnosis of bandwidth usage.

    My institution would use such a screen all day. We have had several products in previous years that had such real time graphs.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Restrict VPN access only to devices that are in a specific domain, or that have Sophos Antivirus installed

    Today, if the user downloads the VPN application, he can install it on a personal computer, which should not have this access and in this way, it would be another point of security for companies that only the company's computers have. access, or just the equipment that has Sophos antivirus, which could be validated through heartbit security

    13 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  16. Bandwidth Graph for IPSEC VPN Tunnel

    Bandwidth graph for IPSEC VPN tunnel gives us the overview of the traffic consume by the VPN tunnel currently which is not possible in Sophos XG, only the interface graphs can be view.

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. IPSEC Site to Site with IKEv2 and RSA Keys should rekey instead of reauthenticating when phase 1 expires

    Actually, when phase 1 expires with IKEv2 and RSA-Keys, reauthenticating happens, which is leading to a short VPN interruption ans the corresponding log entries showing the connection as down and up again.
    I'd like to propose to implement "reauth=no" in the VPN Configuration. This will lead to rekeying instead of reauthentication when phase 1 expires. Rekeying happens on the fly without interrupting the tunnel and also without the log entries.
    This feature request was created based on the Sophos support ticket number [ ref:00D301GN6a.5003Z1728jB:ref ].

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  18. captcha optionable

    Can you please make captcha an option to be enabled or disabled, not to be forced?
    We have Local ACL rules on each firewall so it can only be access from our office, we remotely take control of different firewalls about 10 times a day...

    42 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Enable Release Link in Quarantine digest email

    Enable Release Link in Quarantine digest email for XG 18, like UTM, instead to message: "You can release quarantined emails only from user portal. To release them, sign in to user portal."
    Or remove the link.

    38 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Geo IP Database

    GEO IP database should be updated with pattern updates and not just when a firmware update happens. I have experienced too many issues with IP's being blocked due to the wrong country.

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 94 95
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.