XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Firewall rule locks

    Using Sophos XG 18.01 , had a recent issue where a LAN>>LAN rule was deleted automatically when a RED device interface was removed from the XG.

    It would be great, if "Tags" or "Locks" could be applied to Firewall rules, that either stops these rules from being deleted, or alternatively prompts for login credentials or a warning before the rule is deleted.

    8 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow to define at what time the user can connect via SSL VPN

    Today too many companies need to define at what time the user can connect via SSL VPN, for example, users can only connect during business hours from Monday to Friday

    6 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  3. Make Secure Storage Master Key OPTIONAL

    I don't want to use a secure storage master key. This is something we don't need and will just make life more difficult for our staff who manage more than 150 different Sophos XG devices having to store keys all over the place. I'm sick and tired of the screen popping up every time I log in and the fact I can't take a manual backup.

    Will Sophos please stop forcing this and make it optional. I'm the Administrator, not Sophos.

    5 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Customizable Quarantine Email

    How do you change the default content within the Quarantine Digest.

    We want to add a company logo and change the default text within this email to something more user friendly.

    We also want to add instructions to this email for our users.

    How can this be completed.

    15 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. VLAN bridge support in MESH network

    Currently in XG v18 VLAN bridge in MESH newtwork using APX appliances is not supported.
    This feature does exist in current Central Wireless.

    Please support it also in XG.

    7 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Report Dropped Traffic by Internal Default Drop rule

    There is no possibilty to report traffic caught by default drop rule.
    Workaround with "ANY ANY DROP" rule does not work because 80/443 traffic is sent to proxy which reply "blocked" web site (incorrect). Other protocols are dropped correct w/o any reply.
    Default drop rule does not replay anything (correct, but does not log them)

    5 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add NordVPN to application control

    Our client is asking to block NordVPN, unfortunately there's no NordVPN to application control.

    3 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  8. user with more than one email account quarantine

    We have users with more than one e-mail account. But with login based on AD, we can only associate one account at time.

    Make possible to associate more than one e-mail accont per user, at least on Quarantine .

    10 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. master key is forcefully feature. keep it an optional

    i am strongly recommended that keep this master key feature optional. as i am facing lots of problem regarding Master key. i am administrator & managing 5 Sophos device of each different location. we are already using encryption password method for backup.
    so why this feature needed and mandatory ?

    this is forceful feature not usable for my current scenario & have double headache to remember key and store it on safe place.

    also i read in your website , if we lost this key all backup will loss. if you have don't have recovery option this feature is useless…

    4 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  10. Please enable the option for importing the new user credentials through .csv file, which was there but now you have removed

    Please enable the option for importing the new user credentials through .csv file, which was there but now you have removed after firmware upgradation.

    3 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. admin log

    it is amazing, if any Firewall Rule deleted then sophos do not make logs. it is a basic report which every admin wants.

    5 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  12. Redirect User Portal from HTTP to HTTPS

    At the moment there is no way to redirect HTTP to HTTPS automatically for User Portal. Since the configuration is inside a APACHE httpd.conf file, it should not be difficult to implement it. Thanks

    26 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Search for IP Host Groups

    It's already possible to search for IP Hosts but not for IP Host Groups.

    When you have 50 IP Host Groups pages you have to click quite often to find the right group.

    7 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Apply QoS / routing rules to XG generated traffic

    It would be really useful if you could apply QoS and routing policy to data generated by the XG, such as signature updates. So these updates do not impact the WAN bandwidth low speed links.

    2 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Select which pattern module updates are downloaded automatically

    We have a number of XG firewalls connected to very low bandwidth / high latency WAN connections.

    On the old Cyberoam OS it was possible to select which pattern modules are updated automatically. This saved unnecessary data being downloaded as we only need IPS and Application signatures to stay up to date.

    2 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. multiple WAN interface option in Ipsec client vpn settings

    Need the Option to add multiple WAN interfaces in Sophos Connect client settings.
    if there is 2 WAN connection and 1 connection is down then the remote client don't have any option to connect to VPN through 2nd available ISP. if this option is available then the user will have 2 profiles in their Sophos connect client.

    45 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  17. Granular VPN Report

    I would like to see the XG VPN report yield a detailed view of each successful connection and the duration of said connection (similar to the UTM's remote access logs). We currently get a detailed view of failed attempts, but an aggregate of the successes per user.

    This is required for compliance purposes.

    3 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  18. DNAT XG18 missing basic features

    With a new server access assistant (DNAT) in SFOS 18.0.0 GA-Build339:
    1) You cannot select different original and translated port in a wizard
    2) You cannot create service inside the wizard
    3) You cannot create external source inside the wizard}
    4) The firewall rule shows allowed access to WAN interface instead of a local IP, which is misleading
    5) Wizard is automatically created reflexive rule effective destroying original, desired SNAT for the server.

    Instead of the 1 original rule in 17.5 you have 3-4 different rules on 2 screens (1 fw and 2-3 NAT rules)... not cool at all!

    Obviously…

    26 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Qos Queue monitor

    Hi,

    I am in the process of trying to convince the manager that the Sophos XG is not causing any delay in Video Voice communication. To do this I would need to bit of information. The size of the QoS queue so I can show the voice queue remains low. The time it takes to process traffic through the Sophos XG, or time to process traffic through each QoS Queue.

    So it would be great to have a feature that monitor, reports on processing time of packets through the Sophos XG and Size of QoS queues.

    Thanks

    3 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  20. Night Mode

    It would be nice to have a "Night Mode" version of the UI.

    Would make everything visually better on the eyes, instead of blinding.

    7 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.