XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Monitoring of Sophos XG210

    Dear Team,

    We want to monitor the all the parameters of Sophos XG 210 firewall.

    Parameter mainly include the Interface, Power supply, temperature etc.

    Could you please create the MIB / OID values for it then will help to monitor the system

    You can refer the case ID. #8792069

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. IPS Real time alerts

    The firewalls must: Notify the administrator in real time of any items requiring immediate attention. -[Requirement of PCI CP)

    26 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. DNS https

    DNS over HTTPS or DNS over TLS
    I know there is a feature request for DoT already but id like to add to that request by asking for the option to choose DoH or DoT?

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow port forward of TCP and UDP in same rule

    So there's a limitation currently where if you're making a DNAT rule, and you want to change the destination port number, you can't forward ports from both TCP and UDP to the same server using the same rule.

    For example, I have an environment where RDP traffic from specific external public IP addresses is forwarded from one of my public IPs to an internal server (via DNAT). RDP uses both TCP 3389 and UDP 3389, but my users connect on a different port number (52389), which I need to forward an internal server on 3389.

    I can create services to…

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. 123 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    17 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Zero Firewall Rule Traffic Counter

    Very simple, have an option to zero the traffic counter on a firewall rule.

    61 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Create and maintain a host group for all O365 services this can be updated with firmware updates?

    Create and maintain a host group for all O365 service IP's this can be updated with firmware updates?

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Sophos Firewall Manager download back up for all devices

    Hello Team,

    We have customer here requesting to have option for Sophos Firewall Manager to download back up for all manage device

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Vunerability Check Tool

    Hello.

    Today I miss a tool that verifies possible faults in the XG firewall, for example, browser exploit, vulnerability with control communication, zero day, download of infected files, among others.

    I believe that the development of this type of tool is important for an overview of the environment, regarding possible vunerabilities.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Issue with Encrypted Backup File in XG Firewall

    Hi Sophos,
    I feel encrypted backup file feature on XG firewall which is inconvenience. Can you let this feature be optional on new firmware update?

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. DHCP for IPSec, SSL-VPN static IP for user, capacity for adding more lease ranges or duplicate settigs for SSL VPN

    DHCP for IPSec,
    SSL-VPN static IP for user,
    capacity for adding more lease ranges or duplicate settigs for SSL VPN

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. XG is not working to perform hair pinning. now a days so many device to access internaly by global ip without fqdn so enable this feture

    XG is not working to perform hair pinning. now a days so many device to access internaly by global ip without fqdn so enable this feture

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. STAS allow un autherised users to access the internet

    STAS to allow unauthenticated users internet access. We use STAS to map ~IP against users for web use monitoring, we don't want to restrict non authenticated users or annoy them with having to login to the XG.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Sophos Web Proxy needed to added as authentication without Active Directory

    Hello Sir,

    I needed a feature to authenticate users with Proxy Server, Like CC Proxy does.

    Therefore we can configure User Authentication of Terminal Server for Web Filter userwise without Domain Controller.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Multiple IPS in Business Application Rules

    When creating a Business Application Rule as a NAT, to have the option to choose more than just one IP Address to receive the connection.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Integrate a Yara Engine rules on IPS

    Integrate a Yara Engine rules on IPS

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Automatic Blacklisting and Reporting of Intruders

    Linux has a program called Fail2Ban which can monitor various system logs for events like failed login attempts and then act on those events by doing things like create black list entries in the firewall to block that IP address from accessing the firewall for a configured time period or semi-permanently. It also has the ability to notify the website https://www.abuseipdb.com/fail2ban.html of the intrusion. It would be very nice if Sophos could implement this or something similar in the XG.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. AV Scanning DNAT

    We are using CR100ing device, when we create a virtual host(DNAT Rule), it create firewall rule automatically, it this automated created rule can enable av & as scanning on SMTP, SMTPS, FTP, HTTP, HTTPS, POP3, IMAP.
    But Know i just buy SOPHOS XG-210, this appliance does't have this feature. so Kindly work on that and resolve this issue asap.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. CAA User inactivity

    We would like to have the option to set the user inactivity per login method. We are trying to create a Zone that can only be accessed when the user authenticates with the Sophos Client Authentication Agent. We don't use STAS because we don't want the user to be logged in continiously. It it possible to set the Inactivity time for NTLM logins. Please enable the feature to also specifiy this time for users that are authenticated trough CAA.

    When setting the General Maximum session timeout, all users are being disconnected an the duration can not be any longer than…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. reset firewall hit counter

    reset the firewall hit counter, not only after reboot

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 16 17
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.