XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. PPTP - Set timeout for users that are inactive

    We have users who are connecting via PPTP to the VPN that are not terminating their PPTP VPN session on their PCs. They are using Windows Built-In VPN application to connect.

    This results in a single user having several sessions taking up IP address from our set VPN IP range.

    Unless I'm not seeing it, can the option to terminate PPTP VPN sessions based on activity be added?

    We're using SG330 (SFOS 18.0.4 MR-4)

    2 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  2. RED as Software-Device-Image (for vmWare / HyperV)

    Is it possible to publish the RED devices as a software image (for example for vmWare and HyperV)?
    We have use cases in PaaS- / IaaS areas in which such a scenario would be very practical.

    3 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  3. mimo

    enable mimo/mu-mimo feature on XG wifi similar to central managed

    5 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Adding IP host and FQDN host using CLI

    Please add a feature to add ip host and fqdn host using cli

    10 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Web filtering Adblock list support

    For home use it would be really nice to block ads before even entering the network.

    A very popular format for these link lists is the format used by the popular addon adblock. There are many lists out there which are very nicely maintained (for example easylist). It would save a lot of work if we could just use these lists.

    3 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. email quarantain

    Edit the Release Link in Quarantine digest email for XG 17.5.13, not to x.x.x.x:4444
    rather to the UserPortal, instead to message: "You can release quarantined emails only from user portal. To release them, sign in to user portal."
    Or remove the link.

    7 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Firmware - 3 slots

    This morning I just updated the firmware. I only had the option to update to the non-active firmware slot. However, that is my FALLBACK firmware. It is (reasonably) stable and most importantly, known and known to work. I wanted to replace the current version of the firmware, but that was not possible.

    Solution: 3 slots required for firmware.

    The first, is the "long term stable" version the user can revert to if needed.
    The second, the current (or active) service release.
    The third, to slot for downloading and running the lastest version that is offered on the website.

    I really…

    11 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. remove releaselink in Quarantine Digest

    please remove releaselink in Quarantine Digest.
    The standard user is not able to distinguish between harmless SPAM mails and dangerous SPAM mails.

    11 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Quarantine report - Phishing/Spoofing

    Sender field, in quarantine report email, currently presents only the forged/fake address of a Phishing/Spoofing email.

    A good idea would be to add the real Sender Address, and maybe color it with RED to be eye-catchy and alert the user to pay attention to it.
    Alternatively, display only the original email address.

    2 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Change request for SFOS 18: Diagnose, Tools, Ping through VTI tunnel

    I was wondering if in one of the next MRs in SFOS 18 it was possible to include one or both of the following changes:

    Including the VTI interfaces in the pull-down menu options for PING diagnose
    When pinging with an internal interface, letting the ping go through the routing tables including routing through VTI interfaces


    • In policy-based IPsec it is possible to configure system-traffic to go through the IPsec. When these settings are correct, then a ping from the LAN to an address configured in the system-traffic rules is routed through the IPsec.
      With VTI IPsec, this doesn't work.…
    5 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Static Routes Should Be Top Precedence By Default

    Static route should always be the top precedence by default. I have several tunnels that have stopped working after updating to v18 and having newly migrated policy routes take precedence.

    Additionally, it would be nice to have a GUI-based option to change the precedence order, rather than needing to go and and make a CLI change for each device we upgrade.

    13 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Multicast Forwarding For Entire Netywork

    It would be helpful if there was an option to select an entire network or a range of IP addresses for multicast forwarding. Currently, only individual IP addresses can be entered.

    2 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Hardware  ·  Flag idea as inappropriate…  ·  Admin →
  13. IPoE IPv4 in IPv6 Static Global IP Address Service [Japan JPNE V6 Plus Service ]

    I would like Japan's JPNE to support IPoE IPv6 Plus (IPv4 in IPv6 fixed global IPv4 service) provided by NTT's NGN network.

    FortiGate is supported, so please use Sophos XG Firewall.

    https://www.jpne.co.jp/service/v6plus-static/

    2 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. V18: option to disable SSH session idle timeout

    As per this thread V18 has 15 min. idle timeout for SSH sessions set for non specific security reasons.

    As likely most, if not all, IT professionals I always have my workstation locked, unless being right in front of it.

    Therefore there is no such security feature needed, instead is is very disrupting as it may disconnect a session half way through a configuration or troubleshooting.

    Yes, we all get interrupted at times or may need to prioritize sth. else, before returning to to our (hopefully still open) SSH session, at a later point in time.

    Idle disconnect on SSH…

    6 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Email notification when WAN link is up

    When our ISP is down, we receive an email notification that the particular WAN connection is down. However, we never get a notification when it is back up. Instead we have to go into the web GUI to confirm. I would really like to be notified when our connection is up after it being down. I have talked to support about this and they have said that Sophos does not support this feature please reference [ref:00D301GN6a.5003Z1BCbKS:ref ] for more details.

    2 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Bugs in Authentication Agent for macOS

    When OTP (one-time password) is enabled for User Portal it causes the Client Authentication Agent for macOS to not work UNLESS the user enters their username and password PLUS their OTP token.

    I have tested and confirmed this with Sophos support.
    Enabling OTP for the User Portal should have NOTHING to do with the Authentication Agent for macOS. Furthermore the Authenticator agent should never require a OTP. Otherwise the poor user will need to re-enter his or her credentials every time their Mac is rebooted.

    Second bug: There is an on-going display issue with the Authentication Agent for macOS. The…

    2 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  17. XG Client to Third-Party Private VPN Service

    We need the ability to connect the Sophos XG to a third party private VPN service (NordVPN, PIA, Proton VPN). The XG would function as a client connecting to the service.

    4 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  18. Generate report about how long time a user stay connected at VPN

    today, companies have no way of knowing how long a user was connected to the VPN and today due to use in the home office, the company has no control over usage and how long the user was connected

    4 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  19. Requirements Hotspot Password (POTD)

    Change the requirements of the Hotspot Password (POTD). Password is now generated with 10 characters (a-z, 0-9). Make it possible to change it, example 12 char (a-z, A-Z, 0-9, !@#$)

    2 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Sophos Connect - AD Group

    Allow users to be granted Sophos Connect access via AD Group rather than just by individual user access.

    9 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.