XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Hotspot "terms of service" customization

    I serve a customer who uses XG firewalls in their chain of restaurants. They want to keep the customer hotspot sign-on process as clean and simple as possible. Vouchers etc. are a mission to manage - they just want to provide free Internet to their customers, limited by data or time.

    My customer would like to their hotspot setup in such a way that when a user joins, they are presented with a branded captive portal with a splash page, with terms of service for the user to accept.

    When the user accepts, they are granted Internet Access. 
The user…

    101 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    17 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Enable Release Link in Quarantine digest email

    Enable Release Link in Quarantine digest email for XG 18, like UTM, instead to message: "You can release quarantined emails only from user portal. To release them, sign in to user portal."
    Or remove the link.

    26 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Let's Encrypt integration like the SG already has.

    Please integrate Let's Encrypt. I remember an anouncement at one of the first XG Roadshows that new features will be provided for xg and later maybe for sg. But SG gets Let's Encrypt first and un XG we waiting for it since years....

    58 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Bandwidth Graph for IPSEC VPN Tunnel

    Bandwidth graph for IPSEC VPN tunnel gives us the overview of the traffic consume by the VPN tunnel currently which is not possible in Sophos XG, only the interface graphs can be view.

    5 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Clear/Sort Messages in Control Center

    The messages on the Control Center page have become completely useless after firewalls have been in operation for some time. The messages are not sorted according to any logic I can ascertain, and I'm unable to clear messages that have been there since literally the day the device was installed.

    19 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. Ability to Preview Email in quarantine from the user portal prior to releasing

    Ability to preview email that is in quarantine prior to releasing it from the user portal, similar to the O365 email quarantine ability to preview an email that is in quarantine prior to releasing

    9 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Enable/Disable SSL/TLS inspection per firewall rule

    In v18 of SFOS of my XG firewall, SSL/TLS inspection is a global on/off setting. I would like to be able to control the use of SSL/TLS inspection per rule instead of globally.

    I have an old copier trying to send secure emails and the inspection engine is erroring out with a timeout error. There is no way to make an exception for this. If could just create a new firewall rule so this copier could send out emails would be great while leaving SSL/TLS inspection enabled for all the other rules. v17 everything worked fine.

    3 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Sophos Connect with OTP – eliminate 4 hours reauthentication

    Today when using Sophos Connect with OTP, the firewall asks for a new OTP token every 4 hours. According Sophos support, this value is hardcoded. If employees working the whole day remotely, an interruption very 4 hours is a pain.
    Please make these 4 hours configurable. Or at least extend it to 10 hours, so a full working day can be achieved without any interruption.

    31 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  9. Seperate Sophos Connect Alerts from IPsec Alerts

    Please differentiate the site to site tunnel alerts from Sophos Connect tunnel alerts. The way it works now is that the same alerts (17801 Established and 17802 Terminated) are generated for site to site IPsec tunnels and Sophos Connect tunnels. I don't need to be notified when a Sophos Connect tunnel goes up/down, but I do need an alert for site to site up/down. The frequency of the Sophos Connect alerts makes it impossible to notice when a more important site to site tunnel goes up or down.

    16 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  10. See where objects or users or whatever are in use!

    This isn't really a suggestion, it is a basic necesity just like in SG.

    The time it takes to find out where for example a port or a user is in use is just annoying and exhausting (except if you have like up to5 firewall rules and 1 user).

    6 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Responsive HTML5 Client

    I suggest a responsive HTML5 Web Admin UI and User Portal UI. This allows having a more lightweight UI in general and reduces effort for the XG dev team in scripting. For the users / customers a HTML5 UI would result in a more flexible and faster user experience, especially when they use different sizes of screens the Web Admin UI can adapt through a responsive design to the different resolutions.

    5 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Responsive Admin Dashboard Design

    Could you please improve Sophos XG admin dashboard responsive fit for wide screens and scale properly on mobile devices. At the moment layout is narrow and doesn't utilise modern website scale availabilities. Also is it possible to improve Control Center, main page, start time as takes too long time to load?

    12 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. API user last login other details

    Want to get the following details for VPN users.


    1. User create date

    2. User last modified date

    3. User last connection date

    4. User last date of password change

    This information via API would assist with internal compliance audit and auto disable of accounts not in use as well as automated emails to change passwords.

    4 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  14. Remote reboot of a RED device

    Provide an option to reboot a RED device from the XG web GUI. Currently, the only way to reboot the device is to go to the site and power cycle the unit.

    18 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  15. Granularity on Networking Configuration

    Hello!

    Sophos SFOS v18+ brought with it the ability to set the MTU size of the Sophos RED, internal interface.
    This now allows you to fix the inability to load websites through a separate zone wireless over a RED tunnel. However, there are is still some addition performance I can get out of it when override other values using the "Advanced Shell".

    I'd like to see the ability of overriding the MTU size of all interfaces - inclusive of Separate Zone WLAN interfaces, which you could override on Sophos SG.

    4 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Request for WAF TLS1.3 Support

    Request for WAF TLS1.3 support feature.

    10 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Sophos Connect Client Scaling

    Sophos Connect is TINY on 4k screens, making it next to impossible for users to see or read anything on laptop-screens.

    It would be great if Sophos Connect scales in accordance with the windows DPI-scaling settings.

    5 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  18. Please add back the Drop Silently feature

    Port 80 and Port 443 can’t be silently dropped by the firewall & logs incorrectly report traffic as “Accepted.” Even traffic that is "Dropped" gets a response form the firewall.

    Firstly this is nonsensical. After weeks of back and forth Sophos support told us this is the intended behavior. Sadly this behavior makes the log files misrepresent the action taken, all traffic that get a "Drop" action shows as "Accept" in the logs.

    Secondly it removes the first layer of protection. Normally we use "Drop" to silently hide from unwanted traffic and potential attackers, this "new feature" Sophos added eliminates…

    3 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Multi factor authentication to be integrated on active directory

    Hello Team,

    We have customer requesting here to implement Multi factor authentication to be integrated on active directory as they will be needing different level of security between their SSL VPN users. For your assistance please.

    Thank You

    7 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  20. time of click protection

    Due to the risk of users visiting unsecure sites that is being listed as HTTP:// bowsers are updating these security protecting by forcing the sites to go to HTTPS://. This being said the Sophos Email Appliance that is still being used by some companies out there is currently protecting the users with time of click protection but the link that the user gets is http://email appliance name : port. Will it be possible to get the link that the email appliance changed to be sent as HTTPS://email appliance name:.

    If possible or not please may I have feedback on this…

    5 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.