XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Quota Time in actions (Policy Web Protection)

    add the option Surfing Quota in actions in the policies of the web protection as already exists in the UTM

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Category based surfing quota

    We have a request about surfing quota based on a specific category or categories. Right now, this is fuction is available for the general internet but not for a specific category. For instance, we need to restrict the users for accessing to social network websites about an hour a day. After they fill one hour allowance to social networking sites, they will not be able to reach to social networking but they will be able to use their usual internet usage.
    This function is available for other firewall brands and it is really necessary for some customers. I hope you…

    31 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Port 80 and Port 443 is not blocked by the firewall

    In default configuration without any workaround Port 80 and Port 443 is not block;
    That behaviour is also there when you enable an explicit drop rule;

    Instead of blocking the traffic the XG Firewall says on both web Ports "Hello I´m a Sophos XG Firewall". The behaviour is the Proxy function and It is there by design.
    (The behaviour is also from outside)

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Filter firewall rules by IP or Host or Group name

    When a user clicks on the "Enable Filter" link on the Firewall page, the user should have an option to filter rules by IP address or Host object or Group object. It shouldn't be this difficult to find the rule I'm looking for in the UI.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. custom SPX template HTML

    Pls add a possibility to upload custom SPX templates as html files (like in UTM)

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. 1 to 1 Subneted NAT

    for any firewall that´s is used in a corporation, it must implement 1 to 1 subnet to a subnet NAT.
    in fact allowing traffic in both sides.
    for security is uses a firewall Policy.

    As it was in UTM, NAT is a must in any circumstance. Administrators must have more flexibility to implement any type of NAT, they must not be tamed by the type that firewall forces them to use.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add NO-IP as Dynamic DNS Provider

    Please add noip.com (formerly ddns.net) to your list of supported dynamic dns providers. I have used them for years with a Sonicwall and now find out I can not use them on my new Sophos fw. Just renewed a three-year contract with noip.com, so I hate to throw that money away on a alternative provider.

    21 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Dynamic DNS Providers  ·  Flag idea as inappropriate…  ·  Admin →
  8. surfing quota

    Sophos XG's time based quota works on logon time and session. When a user logs on to a machine the session will start and the quota will be triggered.

    If a user has granted web surfing Quota of Daily 1 hour Cyclic and he logons his PC at 9:00 hrs then his quota will expired at 10:00 hrs whether he has used Internet or not.

    As per the support team this is not possible right now and suggested a feature request.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. make firewall rule interface user friendly (Cyberoam like)

    Please take a look at the development of the firewall rules interface.
    This is far from being great and user friendly.

    Do like the cyberoam interface, automatically group rules by source zone & destination zone. I know you've created "groups" to do this but this is not sufficient at all.. (Already moving rules over an hour to different groups, firewall with 100 rules and 8 zones)

    Despite above, also make your groups user friendly.
    Bulk actions to move rules to group, the "add to group list" is not ordered A-Z

    But I'm really hoping you take a look at the…

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. web realtime scanning notification

    When I switch the Webprotection Malware scanning mode to Realtime scanning, I dont see any Notification when a Virus is found.
    So maybe you can make it possible to recieve a notification when a Virus is found in Realtime scanning mode.

    61 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    16 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add "Microsoft Team Foundation" to Application Control

    Please add Microsoft Team Foundation application to Application Control.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  12. ECC certificates

    XG Firewall should accept ECC certificates

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. DHCP

    Goto Admin-GUI, Network -> DHCP -> Edit DHCP -> List "Edit static IP / MAC-Assignment".

    The Input-Fields in the Columns for Hostname and IP-Adress are to small. If I enter the value 192.168.178.100 in the IP-Input-Box, an you see only the first 1 from 100, because the Text-Box truncates the value. IP-Adresses have a standard length, so please expand the input fields.
    Right from the table is enought white space to make the table wider.

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Remove support for TLS v1.0 and Insecure Cyphers or Allow them to be disabled

    The XG still supports protocols that are insecure and fail PCI compliance scans. These protocols such as TLS v1.0, 64-bit block ciphers, etc should be able to be disabled through at a minimum the CLI and preferably the UI.

    71 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  7 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Support SNMPv3 on the XG

    Submitting on behalf of client:
    Currently the XG only supports v1 and v2 for SNMP client hoping we can support v3 as well as it is a requirement needed for his environment.

    63 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add option for hostname in quarantine digest report

    Option to use a hostname for quarantine digest report instead of ip address like it has now.

    43 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow me to change the MTU/MSS of RED Devices

    This was previously possible in UTM. Disappointing that I can't tweak this for performance since it uses predominantly UDP...and UDP fragmentation is a big problem in our world of oversold connections.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Disable HTTPs Interception based on client software that starts the request

    At first i think Sophos does a great job, but i have one realy missing feature.
    Actual the most traffic in the Internet is HTTPS based, because of that scanning is mandatory.
    But the XG Certificate that we import on the Client is oonly valid for request that are opend from a browser like Firefox; IE or Chrome.
    On the client itself i see more and more Software that does her own requests and do not use the browser engine. This software does her on Checks if the Certificate from the HTTPs site is what they expact, and they have…

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  19. User Portal link in quarantine digest need to use hostname

    The email sent to users for Quarantine Digest contains a hyperlink to the User Portal. The link uses the IPAddress and needs to use a hostname.

    79 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    20 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. SMTP Smarthost

    Get back the possibility to relay outgoing email from the Sophos XG to a SMTP smarthost like we had in UTM 9

    71 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.