XG Firewall
Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.
-
Hotspot "terms of service" customization
I serve a customer who uses XG firewalls in their chain of restaurants. They want to keep the customer hotspot sign-on process as clean and simple as possible. Vouchers etc. are a mission to manage - they just want to provide free Internet to their customers, limited by data or time.
My customer would like to their hotspot setup in such a way that when a user joins, they are presented with a branded captive portal with a splash page, with terms of service for the user to accept.
When the user accepts, they are granted Internet Access. The user…
100 votes -
VLAN bridge support in MESH network
Currently in XG v18 VLAN bridge in MESH newtwork using APX appliances is not supported.
This feature does exist in current Central Wireless.Please support it also in XG.
7 votes -
mimo
enable mimo/mu-mimo feature on XG wifi similar to central managed
5 votes -
Requirements Hotspot Password (POTD)
Change the requirements of the Hotspot Password (POTD). Password is now generated with 10 characters (a-z, 0-9). Make it possible to change it, example 12 char (a-z, A-Z, 0-9, !@#$)
2 votes -
Implement "remember username/password" feature on Captive portal
Captive Portal needs a feature to allow remembering of username/password as the users are having to re-type in their username every time they want to access internet.
2 votes -
Implement RADIUS failover support for APX Access Points
It has come to my attention that while the XG firewall allows you to enter two RADIUS servers for wireless authentication failover. The APX series access points do not support the secondary server.
This creates a high risk for wireless service disruption in the event the primary server goes offline. The lack of support for this functionality requires an engineer to manually promote the secondary server as the primary in the event of a failure.
4 votes -
BLE
Will we get BLE support on XG wireless?? I also posted same for Central wireless but would also like to see it for XG too.
1 vote -
Support for 802.11ax
Support for 802.11ax on AP
7 votes -
Improved AP management
I'd like to see a few improvements to management and monitoring of APs being controlled by an XG appliance:
- Display other competing networks and channels strength for channel selection
- Show access point utilization and establish thresholds for utilization trends
- Integrate floor plans to position APs visually.
- Couple the former with perhaps a mobile app to identify potential deadzones/heat mapping
Use case currently is that I've been getting reports from one of my sites that wifi has been having intermittent issues, and the data needed to remedy it effectively is much more difficult to obtain than it needs to be
8 votes -
Option to restart AP under XG Web Admin
We have request here from customer, asking to have option to restart AP under XG Web Admin interface. For your assistance please. Thank You.
8 votes -
Rolling firmware updates for WAPs
Would be extremely beneficial to be able to roll out firmware updates for wireless APs in a staged manner - i.e. update one at a time instead of all together, so that there's no (or minimal) interruption to service.
At the moment, I can't update access points during the day, because it will disconnect WiFi for all users. If we could do them one at a time, it would become possible.
UniFi has this feature (they call it a "rolling update") and it's really nice. Updates each AP in turn, and doesn't start the next one until the last is…
7 votes -
internet voucher
in wifi voucher i suggest to add voucher with long period of validity but with a limited daily quota
as example voucher valid for one year with limited daily quota 500mb3 votes -
Implementation for mac host groups .
Missing feature since long time Implementation for mac host groups .
Now It's possible to create group for ip, fqdn but not for mac-hosts.
For example: the authorization for the connection to wifi using mac filtering with whitelist or blacklist ..the mac host cant be picked from the existent list...and inserting the mac address only miss the possibility to tag and associate the mac to user or pc3 votes -
password of the day
Possibility to use encrypted(WPA2 Personal) Hotspot with Password of the day, with only enter the Password in WLAN Connection. Actually you have to enter the Password to connect to the WLAN, and then you have to enter it again at the Login homepage.
6 votes -
WLAN Automatic Blacklisting after x attempts
Aruba’s Wireless APs have the possibility to block macs after a x attempts with wrong creds (psk or enterprise un/pw)
This is a good security feature and better than simple whitelisting.
4 votes -
anon@ctc-g.co.th
WeChat social login for Chinese tourists; Line app social login for Thai guest.
1 vote -
More options in "Terms of use acceptance" session expires
I want us to be allowed to get more options in session expires or a full customizable options like voucher definition, in which you can insert a custom value for validity period among other options.
1 vote -
Hotspot password of the day censoring
We just had a hotspot password of the day of "rapexace02" be generated for a customer that works with people experiencing domestic violence. It didn't go down well. Could these passwords be automatically generated if they contain any sensitive keywords?
1 vote -
Hotspot Portal listen on RED Interface.
Problem is that it is not possible to choose a RED Interface within a Hotspot Definition.
So you cannot route a client from a branch office to a Hotspot Portal to authenticate. We have a guest Network in a branch office in an own vlan behind a RED50. I thought that the utm and xg Firewall have feature parity on RED and Wireless Feature... NO they dont have!13 votes -
"Blacklist" of MAC addresses of wireless devices that are not allowed by an AP for a connection
For each connected AP you should be able to specify a "blacklist" of MAC addresses in the XG that are not allowed by the AP for a connection. This is to ensure that stationary devices such as printers, WiFi cameras, streaming devices can only connect to the AP that is intended for them and that is located nearby.
1 vote
- Don't see your idea?