XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Sophos Connect Client 2.0 for macOS

    Currently XG Firewall only supports Sophos Connect Client version 2.0. At the moment, there is only a Windows version. I've contacted support and received the following reply:

    "Sophos XG now only support v2.0 of Sophos Connect Client which has only Window Support.
    For Mac its still in feature request. Our Sophos team is working on it.

    Sophos currently doesn't support your requested feature but values your input into improving the product to best meet our customer’s needs.

    We have requested you to raise feature request using http://ideas.sophos.com/ and subscribe the notifications.

    This would be reviewed by our Product Management Team…

    42 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  2. Auto-reconnect feature for Sophos Connect

    For remote access VPN, when the internet connection fluctuates, the VPN disconnects and users need to re-enter their credentials to connect again. It would be great if there was an auto-reconnect feature which would allow the VPN to reconnect automatically without user intervention when the internet is stable again.

    17 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  3. Increase IPsec remote access VPN bandwidth

    We come across multiple end-customers complaining about the bandwidth they are stuck at with the connect client, based on IPsec for their reasons.
    It's between 5 and 7 MB/s.

    The only thing we could do is try to switch to SSL, which gives 2 times the speeds of IPsec, and create a feature request.

    Please work on this and increase the performance for IPsec VPN.

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  4. Sophos Connect - Hide "Save User name and Password" from SSL VPN Connections

    We are able to hide the "Save user name and password" facility for IPSEC VPN connections, but not for SSL VPN connections.

    Please can we have a way to hide/disable the "Save user name and password" facility for SSL VPN connections in the Sophos Connect VPN client.
    Some of our customers want both IPSEC and SSL VPN connections available.
    In many cases allowing users save their credentials is a security risk.

    Sophos Support have advised this is currently not possible with SSL VPN connections in the Sophos Connect VPN Client.
    Sophos support ref - ref:00D301GN6a.5003Z1GgvFd:ref

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  5. Separate VPN alerts from system events

    Currently, all VPN established and terminated events are reported to Sophos Central as system events. This means that the normal behaviour of users logging in and out of a dial-up VPN is given the same alert treatment as a critical CPU, memory or disk event.

    Please provide additional granularity under System Services - Log Settings and under System Services - Notification list so that VPN established and terminated events can be treated separately from other events and, in particular, that dial-in VPN events can be treated differently from fixed link VPNs. (We would want to raise an incident if a…

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  6. Sophos Connect Client integration with Mac to allow SSL VPN config

    Sophos Connect Client 2.1 integration with Mac to allow SSL VPN config. This currently works great on Windows but is not supported on Macs yet. Why not? Please keep me posted if this changes in the next MR for the XG.

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. Ignore vendor-id check in site-to-site tunnel configuration

    To configure an IPSEC site-to-site tunnel, when the remote vendor ID does not match the remote IP address, this needs to be manually searched for in the strongwan.log file and inputted in the configuration for the tunnel to be established. It would be great if we had the option to ignore this check from the firewall.

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  8. Application Based Split Tunneling

    Ability to exclude specific Subnets or Applications from a Full Tunnel Sophos Connect VPN Connection.

    Described at the Microsoft page here. -> https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-vpn-implement-split-tunnel?view=o365-worldwide#2-vpn-forced-tunnel-with-a-small-number-of-trusted-exceptions

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  9. SSLVPN on ARM processor

    New notebooks are now based on ARM processors and they are not able to support SSLVPN

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  10. RA VPN enhancements

    VPN agent must have functionality:

    Scan/read OS patch status, version.
    AV agent name, version.
    Windows FW & Defender status.
    Logon history tab, so that user will know who and when was previous logon done from their system, agent must also fetch from NGFW, is there any other user logged in from same account from a different machine. This also helps in identifying unauthorized logon attepts.
    Diagnostic tab on VPN agent similar to XG for TShoot.
    Dark Theme UI.
    If multiple ADs are configured and those ADs have diferent domains then VPN agent must get drop down like Cisco VPN to…

    24 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  11. ssl dhcp

    Should be possibile to set a Static ip for SSL VPN Users

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  12. SSL VPN able to reach computer devices by computer hostname

    Once connected to SSL VPN, user will still be able to reach internal computer or server by hostname

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  13. Multiple SSL VPN server instances with separate certificate an encryption setting

    A firewall config lives for many years. So, after a few years, the certificate and encryption settings of the ssl vpn server aren't up-to-date anymore.
    At the current state, if you change certificate or encryption settings, you'll have to redeploy the ovpn-files immediately. The old client settings and certificates become invalid.
    But with multiple server instances you could migrate the users with legacy settings to the new instance next to one another.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  14. IPSEC Site to Site with IKEv2 and RSA Keys should rekey instead of reauthenticating when phase 1 expires

    Actually, when phase 1 expires with IKEv2 and RSA-Keys, reauthenticating happens, which is leading to a short VPN interruption ans the corresponding log entries showing the connection as down and up again.
    I'd like to propose to implement "reauth=no" in the VPN Configuration. This will lead to rekeying instead of reauthentication when phase 1 expires. Rekeying happens on the fly without interrupting the tunnel and also without the log entries.
    This feature request was created based on the Sophos support ticket number [ ref:00D301GN6a.5003Z1728jB:ref ].

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  15. Restrict VPN access only to devices that are in a specific domain, or that have Sophos Antivirus installed

    Today, if the user downloads the VPN application, he can install it on a personal computer, which should not have this access and in this way, it would be another point of security for companies that only the company's computers have. access, or just the equipment that has Sophos antivirus, which could be validated through heartbit security

    14 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  16. usable VPN App for Android

    We need a VPN app for Android that can be distributed and configured via Sophos Central and can connect to an XG. This must be able to handle "VPN on demand" (Android Enterprise).
    Central can already distribute certificates via SCEP, but neither the XG nor Central can create a useful, secure, easy-to-use VPN configuration for Android.
    This is ridiculous

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  17. sophos connect

    I just found an interesting "feature" in Sophos Connect.

    I have a connection added

    I rename it to OldIPsecVPN_remote

    Then I try to import a new set of settings for the same remote firewall

    Wrong!

    When I click ok to import the other settings it just overwrites my "OldIPsecVPN_remote" with the other set of settings and renames it...

    So what's the use of having a possibility to rename if you can only change the display name...

    Kind regards, Peter

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  18. SSL VPN Port 8443

    I created a port forwarding rule from external port 8443 to internal 443, without thinking that SSL VPN is using 8443 already. XG is not complaining about this and creates the rule. So VPN is not working any more. It could be helpful if XG firewall would show a warning or an error before saving this to running config.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  19. RED Notification

    We can configure a notification to alert when the connection to our remote site RED goes down but there's no way receive notification when it's back up! This would be very helpful.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  20. Multiple VPN gateway for Sophos connect

    In instances where thousands of users need to connect to the company network especially now that a lot of users are WFH . It would be great to utilize multiple ISP links available when connecting to the company network. This will enable for creation of different profiles for different company sections while at the same time eliminating the single point of failure

    15 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 13 14
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.