XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Sophos Connect Client 2.0 for macOS

    Currently XG Firewall only supports Sophos Connect Client version 2.0. At the moment, there is only a Windows version. I've contacted support and received the following reply:

    "Sophos XG now only support v2.0 of Sophos Connect Client which has only Window Support.
    For Mac its still in feature request. Our Sophos team is working on it.

    Sophos currently doesn't support your requested feature but values your input into improving the product to best meet our customer’s needs.

    We have requested you to raise feature request using http://ideas.sophos.com/ and subscribe the notifications.

    This would be reviewed by our Product Management Team…

    37 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  2. It is unbelievable that this is not a standard feature - Scheduling Firmware installations

    So I am new to XG, upgrading from UTM. A standard feature of a UTM firewall is to be notified when a firmware upgrade has been downloaded and ready for installation. Then you log in to the firewall and schedule it to be installed and reboot, generally during off hours when no-one is around.

    Why is this not a standard feature in an XG firewall? I guess it is possible to do it in Sophos Central, but did you ever stop to think that there are people that DON'T want to use Sophos Central? I don't allow access to my…

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. Auto-reconnect feature for Sophos Connect

    For remote access VPN, when the internet connection fluctuates, the VPN disconnects and users need to re-enter their credentials to connect again. It would be great if there was an auto-reconnect feature which would allow the VPN to reconnect automatically without user intervention when the internet is stable again.

    14 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  4. Better Bandwidth Monitor

    It would be excellent if there could be a tab under "current activities" that showed a real time bandwidth monitor that updated every few seconds. This would include all the WAN interfaces showing at the same time in a line graph format. It could carry over the "interface name" so you knew which ISP was taking up bandwidth for better diagnosis of bandwidth usage.

    My institution would use such a screen all day. We have had several products in previous years that had such real time graphs.

    17 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Separate VPN alerts from system events

    Currently, all VPN established and terminated events are reported to Sophos Central as system events. This means that the normal behaviour of users logging in and out of a dial-up VPN is given the same alert treatment as a critical CPU, memory or disk event.

    Please provide additional granularity under System Services - Log Settings and under System Services - Notification list so that VPN established and terminated events can be treated separately from other events and, in particular, that dial-in VPN events can be treated differently from fixed link VPNs. (We would want to raise an incident if a…

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  6. Sophos Connect - Hide "Save User name and Password" from SSL VPN Connections

    We are able to hide the "Save user name and password" facility for IPSEC VPN connections, but not for SSL VPN connections.

    Please can we have a way to hide/disable the "Save user name and password" facility for SSL VPN connections in the Sophos Connect VPN client.
    Some of our customers want both IPSEC and SSL VPN connections available.
    In many cases allowing users save their credentials is a security risk.

    Sophos Support have advised this is currently not possible with SSL VPN connections in the Sophos Connect VPN Client.
    Sophos support ref - ref:00D301GN6a.5003Z1GgvFd:ref

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. Create the possibility to filter in the Sophos XG Firewall Log for several entries of the same type (e.g. port 80 AND 443)

    Create the possibility to filter in the Sophos XG Firewall Log for several entries of the same type (e.g. port 80 AND 443)

    It is currently only possible to search for an entry e.g. a port, if you add another port via the filter, the first entered port is deleted and only the last entered one is there.
    Ideally, this should be done with e.g. Boolean arguments can be linked in order to be able to build extended log filters. This affects all parameters of the search. If you e.g. want to hide a port like 80 and 443, this…

    29 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. TOP missing XG (basic) features

    TOP missing XG (basic) features (all present in UTM9):
    NAT rules: cloning, grouping
    Static routing: cloning, descriptions, use objects
    Objects: create object inside group (i.e. create IP host inside IP host group)
    HA: Unliked status like in UTM9, Monitoring for VLAN interfaces (without physical interface IP set), Backup interface
    Interfaces: Allow deconfigure interface without deleting all VLAN interface on that physical port
    Registration process: automatic passive box registration via active XG during HA creation
    Sophos Connect & SSL VPN: Allow use of IP host group insite resources
    DHCP: allow Dynamic IP lease accross Statis IP MAC mapping (and exclude internally)…

    13 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Overview of all customer firewalls in Central Partner

    List of all customer firewalls and their status. Like online / offline and subscription and so on. Today you need to log into every single central account to check the status.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. Clone NAT Rules

    Add the ability to clone NAT rules

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. VPN detail report

    We have Migrated our Firewall from 18.0.3 MR3 to 18.0.4 MR4 from then Detailed report of Date wise VPN Usage is not coming from Fireawall

    We need date wise report with data like


    • Who accessed VPN (User name)

    • From Which Public IP and with VPN IP (Source)

    • Which Server it accessed (Destination)

    • Which Service Used (Protocol)

    • If data transferred , how much data transferred (data size & File Transfer details)

    • When Session Authenticated & when Started (Start time)

    • When Session Terminated (End time)

    • Success and failure incidents count its details (Audit Logs)

    Please help as early as possible

    13 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  12. 84 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Bandwith monitoring of individual Site2Site VPNs

    Please provide realtime bandwith usage information of individual Site2Site VPN connections


    • via GUI (Report, Graph/24h/7d)

    • via CLI (something like iftop for individual Site2Site VPNs)

    • via SNMP

    • ...

    My 10+ year old router is able to provide current bandwith usage on every interface AND every vpn-connection using SNMP. This should be a basic feature of every utm!

    12 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Ignore vendor-id check in site-to-site tunnel configuration

    To configure an IPSEC site-to-site tunnel, when the remote vendor ID does not match the remote IP address, this needs to be manually searched for in the strongwan.log file and inputted in the configuration for the tunnel to be established. It would be great if we had the option to ignore this check from the firewall.

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  15. mac vendor identifying

    It would be great if the DHCP table would check the MAC Vendor and Display it.

    This would make identifying certain devices in a Network so much easier.

    Small solutions like a WLAN Router or bigger solutions like certain Firewalls have this feature but Sophos XG is lacking it.

    Thank you beforehand.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. change vlan base

    Please make it possible to move existing VLANs to another base interface without the need of deleting/reconfiguring. Almost every other manufacturer allows that and it really helps when we have to temporarily build a network on ports other than the ones that will be used in the end.

    29 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. OWA Publishing on Exchange 2016 or above

    Hi Teams,

    One of our Customer wants to publish OWA with Exchange 2016 but as per Sophos, we were communicated by Sophos, OWA is not supported by XG Firewall for Exchange 2016. Customer is currently using two appliances of XG firewall 650 as a web proxy in their environment. Now we have a feature request or idea to include the OWA Publishing on Exchange 2016 through the XG Firewall. For future enhancement is there any product that supports both Web Proxy and OWA Publishing on Exchange 2016.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Application Based Split Tunneling

    Ability to exclude specific Subnets or Applications from a Full Tunnel Sophos Connect VPN Connection.

    Described at the Microsoft page here. -> https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-vpn-implement-split-tunnel?view=o365-worldwide#2-vpn-forced-tunnel-with-a-small-number-of-trusted-exceptions

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  19. Sophos Connect Client integration with Mac to allow SSL VPN config

    Sophos Connect Client 2.1 integration with Mac to allow SSL VPN config. This currently works great on Windows but is not supported on Macs yet. Why not? Please keep me posted if this changes in the next MR for the XG.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  20. Make the web interface faster

    The administration of the XG UTM is so slow. We have tried several models but the loading of the pages is always slow.

    39 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 100 101
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.