XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 45 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. captcha optionable

    Can you please make captcha an option to be enabled or disabled, not to be forced?
    We have Local ACL rules on each firewall so it can only be access from our office, we remotely take control of different firewalls about 10 times a day...

    35 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. DHCP: Allow static lease of addresses within the dynamic pool

    Currently it is not possible in the Sophos XG to store static DHCP leases in the internal DHCP server where the IP addresses are located within the configured DHCP pool. This is with other manufacturers such. B. AVM (Fritz! Box) without problems possible. Thus here is the DHCP for large customers currently partly to use. When will this be a solution.

    Aktuell ist es in der Sophos XG nicht möglich Statische DHCP Leases im internen DHCP Server zu hinterlegen, bei denen die IP Adressen sich innerhalb des konfigurierten DHCP Pool befinden. Dies ist bei anderen Herstellern wie z. B. AVM…

    148 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Let's Encrypt integration like the SG already has.

    Please integrate Let's Encrypt. I remember an anouncement at one of the first XG Roadshows that new features will be provided for xg and later maybe for sg. But SG gets Let's Encrypt first and un XG we waiting for it since years....

    37 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Full width dashboard, not limited to max-width

    Hi,

    I've using firmware 18
    Up until now, there are no benefit using resolution higher than 1366x768 px
    Lets say you have FHD resolution, the dashboard capped at 1280px

    The CSS says

    wrapper.cp-wrapper {

    max-width: 1280px;
    

    }

    If I rule out that CSS, most of UI will have benefit with higher resolution

    Also with menu

    element.style {

    display: table;
    
    box-sizing: border-box;
    padding: 0px 10px;
    width: 1100px;
    height: 62px;

    }

    Change the width to

    element.style {

    display: table;
    
    box-sizing: border-box;
    padding: 0px 10px;
    width: calc(100% - 180px);
    height: 62px;

    }

    And you have full width header.

    I know you guys can…

    12 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. DNAT XG18 missing basic features

    With a new server access assistant (DNAT) in SFOS 18.0.0 GA-Build339:
    1) You cannot select different original and translated port in a wizard
    2) You cannot create service inside the wizard
    3) You cannot create external source inside the wizard}
    4) The firewall rule shows allowed access to WAN interface instead of a local IP, which is misleading
    5) Wizard is automatically created reflexive rule effective destroying original, desired SNAT for the server.

    Instead of the 1 original rule in 17.5 you have 3-4 different rules on 2 screens (1 fw and 2-3 NAT rules)... not cool at all!

    Obviously…

    20 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Redirect User Portal from HTTP to HTTPS

    At the moment there is no way to redirect HTTP to HTTPS automatically for User Portal. Since the configuration is inside a APACHE httpd.conf file, it should not be difficult to implement it. Thanks

    15 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Toggle button for enable / disable the SIP module


    • Can i suggest a button to enable / disable the SIP module instead of having to disable it through the CLI console.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Firmware - 3 slots

    This morning I just updated the firmware. I only had the option to update to the non-active firmware slot. However, that is my FALLBACK firmware. It is (reasonably) stable and most importantly, known and known to work. I wanted to replace the current version of the firmware, but that was not possible.

    Solution: 3 slots required for firmware.

    The first, is the "long term stable" version the user can revert to if needed.
    The second, the current (or active) service release.
    The third, to slot for downloading and running the lastest version that is offered on the website.

    I really…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow ACLs when using a "Deny All" Firewall Rule

    We have created a "Deny All" rule to ensure that any blocked traffic is logged, when we enable this, we lose access to the XG via the WAN Interface when using ACLs.

    Can it be implemented that ACLs take precedence over the Firewall rules?

    There are numerous other ideas relating to similar issues that may also overcome this problem:

    Display 'hidden' firewall rules on the firewall page:
    https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/32511967-display-hidden-firewall-rules-on-the-firewall-pa

    Relocate Local Service ACL Exception Rules to just be firewall rules:
    https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/31652716-relocate-local-service-acl-exception-rules-to-just

    Local ACL exceptions should not be logged to the last firewall rule ID:
    https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/37296451-local-acl-exceptions-should-not-be-logged-to-the-l

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. make captcha optionable

    Can you please make captcha an option to be enabled or disabled, not to be forced?
    We have Local ACL rules on each firewall so it can only be access from our office, we remotely take control of different firewalls about 10 times a day...

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. full text search

    Possibility of full text search in firewall rules

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. make captcha optionable

    Can you please make captcha an option to be enabled or disabled, not to be forced?
    We have Local ACL rules on each firewall so it can only be access from our office, we remotely take control of different firewalls about 10 times a day...

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. XG: move rule to position X by entering new position number

    Changing the order (priority) of firewall rules is currently only possible by dragging and dropping.

    Not only is it exceedingly cumbersome to move a rule this way if there are a lot of rules, is it not always clear where the rule will "land" after dragging it. This unpredictable behavior is unacceptable in many Change Management policies.

    Please add an option to move the rule by entering a specific location.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Sophos XG v18 Rule & Policies display size

    Can we please increase the size of the box used to show the Firewall rules to something larger that 5 rules?

    Making it expandable either manually or automatically as you expand or collapse rules..

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. WAF and DNAT Wizard

    v16 had a nice and simple wizard to use. With v18, the DNAT wizard is poor in terms of graphics and options you can select. WAF has became a action and customers are not able to find without asking or google it. Please bring the "old" wizard and the old different icons, as the idea of having different icons and wizard was nice. I also suggest to have a wizard for SD-WAN inside firewall policy. You can change Firewall tab to Policy Tab.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. System Traffic via Upstream Proxy

    we need the feauture that we can tunnel the System-traffic like Pattern Updates , U2Date etc. through the upstream proxy.

    Unfortunately, this is currently not possible

    22 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Export Firewall/NAT Rules to CSV or PDF

    Add ability to export active (in case filtering is applied) firewall/NAT rules with their stats to CSV or PDF for external reporting requirements.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. MD5 checksum for SFOS  

    MD5 checksum is not listed on the download site in the Hardware Installers and Virtual Installers of Firewall OS for XG Series.

    MD5 should be written like SG from the viewpoint of security and installation failure.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. WAN DHCP Option 60

    Most ISPs in Europe require you to use a DHCP Option on the WAN Interface in order to use your own Router or Firewall.

    If this can't be done on the Sophos XG it is useless to me and a lot of other people, which would be a shame.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 27 28
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.