XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Improve high availability logging

    At the moment it is not possible to see if the the initial syncing proces is finished and the auxiliary device is ready the become the master. Please give us a log where this is visible.

    Most needed when testing the HA function on-site. We restart node 1 und see if node 2 takes over. After that, node 1 comes back on and we need to see when we can restart node 2.

    27 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. SFM - Overwrite whole configuration with template

    I'd like to have the possibility to overwrite the whole configuration of a firewall with the content of an SFM template. Currently when applying a template from SFM the firewall rules merge with the ones configured locally.
    I´d like to have the possibility of replacing, instead of merging and have full control of the firewall from SFM, like others vendors have from their management server.
    This is to avoid human errors by a local administrators. For example someone can log locally on the firewall and configure an any any permit, then you apply your template and that any any remains. …

    19 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. speedtest

    Other manufacturers like meraki offer a speed test on the WAN bandwidth and available throughput.

    27 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Consistent and "advanced" table rendering throughout the product/UI

    This is for ALL Tables in the XG Gui and Portal.

    The Idea is having a consistent and advanced table rendering framework throughout the product/UI

    This is really annoying ... and almost any other web GUI based system has this "function" or framework.

    But the Voucher Table being the worst!

    So let's take the Voucher Table: (but applies/must apply to ALL UI places where tables are shown)

    - You can only sort by "Code" ?? ... no other Fields (>>ALL<< Fields should be sortable, searchable and filterable)! Always and in every table.
    - have an option to export to CSV …

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. WAN Failover Options and Ranges

    WAN Failover needs at least to have ranges
    Example: Ping between 0 and 100 consider WAN up

    Packet Loss would even be better
    Example: Packet loss higher than 10% consider WAN down

    The other vendors have these options, WAN Failover is pretty useless when a line can have a 2000 ping and 75% packet loss and still be considered up... These are the most common problems with the biggest carriers in the US such as comcast...

    22 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. Deploy in the Sophos firewall to show in which rules an object is linked

    Deploy in the Sophos firewall to show in which rules an object is linked (host and services). This is very useful when I want to delete the object.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. SNMP for XG Firewall Upgrade

    Hi ,

    I request you that SNMP OID should be added for the the SOPHOS XG Firewall - MIB for Monitoring purpose as present MIB does not able to capture below points.

    1.Interface Utilization
    2.Bandwidth Monitoring
    3.Interface IP details
    4.WAN Link monitoring etc...

    Please have these all OID added in the Sophos XG MIB

    15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. User-List

    It will better, if Web-UI is included withe options like, list of total number of users, Number of users in each group, list of users who never logged in since a given time (which will help in deactivating the un-used users ids.)
    -Using XG 750 firewall (with HA)

    92 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    21 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. XG devices absolutely need auto power ON

    The XG devices lack auto power on in the event of a power outage. This is a must have for remote sites. Especially for a device that controls internet access

    54 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. More 2FA Choices

    Come on Sophos, it is 2019, give us more choices for 2FA already. You have your own 2FA service, why has that not been integrated into the XG?

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Terminate all live connections when user reached traffic quota limit

    Sophos XG unable to terminate live sessions when user network traffic quota ends.
    For example; When we download the file via HTTP protocol, the connection cannot be terminated until it pauses the download process or the download is finished, so user can transfer as much as he wants from the open session. Depending on when the session is closed.
    Its very important for paid internet service providers. (If provider provides via satellite connection, costs calculating as per MB)

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add notifications

    Hello,
    Please add more notifications to sophos xg firewall like RED fails, system restart, and other options that was available in SG
    Thank You

    15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. firmware update without service interruption

    firmware update in High Availability (HA) mode should be possible without service interruption

    15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Standardkonfigurationssprache

    Deutlicherer, farbliche Unterstreichung/Hervorhebung bezüglich dem Hinweis beim wechseln der Sprache, dass hier die Konfiguration der Firewalll gelöscht wird und somit die Firewall in den Auslieferungszustand gesetzt wird . Das vor dem Neustart ein Update der aktuellen Konfiguration der Firewall gespeichert werden muss (Aufforderung kann nicht weggeklickt werden). Das Speichern der aktuellen Konfiguration wird dann im im aktiven Browser heruntergeladen.

    System/Sicherung&Firmware/Firmware -> wechseln der Standardkonfigurationssprache

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Improvement on Authentication-agent/Captive-portal/VPN-Agent window

    > Authentication-agent/Captive-portal/VPN-Agent window must inform user through Authentication-agent/Captive-portal/VPN-Agent about uploaded/downloaded data during authenticated session.

    > Authentication-agent/Captive-portal/VPN-Agent window must show info like Username, IP, MAC-ID, Email ID(optional), Uploaded data, Downloaded data, route table of local machine, Status of DNS server IP addresses used, local machine OS info, local machine hostname info, ping tool, trace route tool. This will simply troubleshooting for support agents and also reduce load on Firewall as remote agent is gathering info. If these info is forwarded to FW through secure channel then it would be great help for any network engineer.

    27 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Encrypted Backups - Option to use or not use

    Allow to not encrypt backups on XG Firewall 17.5. RIght now we are forced to do encrypted backups. It would be nice to have an option to skip it.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Periodically sync with Active Directory

    Please allow us to sync periodically with Windows AD to pull new users, remove old ones, etc... and same with groups.

    It’s very difficult to manage 30+ firewalls with users being able to login to any of them depending which site they visit.

    Also need to allow nested groups support.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Search firewall rule for an ip that never get connected to the firewall

    As I asked here

    https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/110382/search-firewall-rule-for-an-ip/395411#395411

    i would like to have this feature .
    i would like to be able to find which rule contain a specific IP .

    let’s say I have 200 rules and I don’t remember which rule contain a specific IP and that IP never connect to the firewall , so I can’t use the log viewer and also i don’t want to use the policy test .

    I would like to be able to search inside the rules for a specific IP using the GUI

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Importing groups: disable MAC binding option

    Get the option to disable MAC binding while importing groups from an authentication server (Example: Active Directory), this because it can be easily forgotten afterwords and this can break SSL VPN for users in the new groups because MAC binding is not supported on SSL VPN.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. create firewall rule from logviewer

    When traffic in Logviewer is displayed, it would be nice to open a new firewall dialog prefilled with the information from the logentry.
    With a dropdown Box for already created objects for the selected ip or the possibility to create a new ip object.

    19 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 39 40
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.