XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Implement "remember username/password" feature on Captive portal

    Captive Portal needs a feature to allow remembering of username/password as the users are having to re-type in their username every time they want to access internet.

    2 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Sophos connect client allowed users

    The Sophos connect client permit list should be able to add users by active directory security group. We are a firm spread across 9 offices and the STAS works great on 17.5 MR9 to load the users to all firewalls but the process of adding all users into the connect client is really laborious especially when there is high turnover.

    50 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  3. full text search

    Possibility of full text search in firewall rules

    13 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. It will be great if we are able to Upgrade the XG firmware from 17.5.14 to 18.0.2

    Would like to take a minute to address my request to the development team to have the feature in upgrading from firmware 17.5.14 to firmware 18.0.XX since we might lose some data if we did downgrade the firmware to an older module. Even though we have the backup for the old version but we might lose some data and sites which are currently connected to our XG firewall.

    4 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  5. Need Bulk Users Upload Features (Hight Important )

    I don't know what is logic of behind that they have removed the Bulk Users upload Feature.
    really Bizarre, in this new MR -4 firmware they not provided this feature as well.
    Sophos is not fulfill the customer satisfaction, also not provide alternative solution.
    They force customers to use whichever they provided.

    could you add 100 users every week manually ?

    2 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  6. XG: move rule to position X by entering new position number

    Changing the order (priority) of firewall rules is currently only possible by dragging and dropping.

    Not only is it exceedingly cumbersome to move a rule this way if there are a lot of rules, is it not always clear where the rule will "land" after dragging it. This unpredictable behavior is unacceptable in many Change Management policies.

    Please add an option to move the rule by entering a specific location.

    8 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. IP list suppor feature in SSL VPN

    Dear Team,

    Recently we have changed the devices from cyberoam cr100ing to sophos xg210 and In Cyberoam we are able to add the IP list supported hosts for the SSL VPN but in Sophos XG 210 we are unable to add that. Can you please add that feature in Sophos XG210? because to add the one by one host is the time consuming process as ws have the 200+ SSL VPN uers.

    2 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Sophos Connect client connect pre login Windows for domain connection

    Please make it possible to connect Sophos Connect client VPN befor a Windows user is logged in like NCP client Pre-Logon feature, to get all AD domain features like GPO and networkshares.

    26 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  9. Gateway failover notification

    Gateway failover notification required by mentioning ISP name in subject line as in ver18 getting in mail body only

    2 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  10. Resizing vnc-HTML5 screen resolution

    Hope that sophos improve the auto-resizing screen resolution when you connect through html5 to a vnc pc

    2 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  11. office 365

    Integrate Microsoft AzureAD for user identification for user based XG firewall web policies and reporting. I saw the request for Azure Directory Services which is not free. AzureAD is free with every Office365 tenant. Sophos Central has AzureAD sync, expand this to XG Firewalls as another Server or Directory as a Service model. Seams like this bridge is already half built.

    22 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  12. bypass snort application recognigtion per rule

    Please add the ability to bypass ips/application regognigtion per rule, when performance is needed. even without applied ips rule, snort is analysing the traffic for application control, which result in a performance impact.

    3 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  13. Can you add Tiktok to application control

    I'd like the ability to restrict access to the site/app tiktok.com in the application control list.

    15 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Application Detection Requests  ·  Flag idea as inappropriate…  ·  Admin →
  14. Log Viewer Raw Data Export

    When we customize the Log viewer & export it, we get only the last 15 min data. Which is not sufficient. There should be a date range option there so we can download full day log records. Raw data attributes are really useful for the IT Admin point. Also in the Report section, we are not getting all the raw tab features which is in log viewer. It should be there. & there should option for download all data..currently only 5,10,25,50,100,200..but if we want to download all data at single click, we can not. Report tool must need to improve..

    4 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  15. firewall rules audit

    We are using XG115 firewall. Cybersecurity Auditor raised following queries.
    1) operator can see all the firewalls rules. there is no option to assign selected firewall rules to the operators. Alot of profile limitation.
    2) 4 eyes is not available whenever changes are done in the firewall.
    3) Mac address fails to work because of router and switches of layer 2/3 in between the network inspite of putting static mac address on the switch it still failed to work.

    2 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. MIME-Type recognition is sometimes wrong!

    I analysed MIME-Type recognition and found that MIME-Type recognition is not working proper. As example, DOCX-files are recognized as "application/msword". The right MIME-Type of DOCX-files is "application/vnd.openxmlformats-officedocument.wordprocessingml.document".

    I already opened a support case with request number 03058060 and got this answer:
    "Yes, the MIME recognization from XG for .docx is under applications/msword"

    So please change MIME-Type recognition, that it serves the MIME-Types, which are listed here:
    https://docs.microsoft.com/de-de/microsoft-365/compliance/supported-filetypes-datainvestigations?view=o365-worldwide

    or here:
    https://developer.mozilla.org/en-US/docs/Web/HTTP/BasicsofHTTP/MIMEtypes/Commontypes

    3 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Adjustable timeout for Active Directory Authentication?

    Original question by user JasP.

    Is there any way to change the timeout for Active Directory authentication? It appears to be set at 5s.

    I realise that for most implementations this is not an issue but after posting an article on how to setup DUO 2FA with AD authentication, I have noticed that if I don't authenticate within 5s then the authentication fails. I hadn't noticed this before because I usually confirm the DUO prompt pretty quickly. DUO itself is set for a 30s timeout but this is meaningless if XG only waits 5s.

    This doesn't happen with LDAP authentication…

    2 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Implement RADIUS failover support for APX Access Points

    It has come to my attention that while the XG firewall allows you to enter two RADIUS servers for wireless authentication failover. The APX series access points do not support the secondary server.

    This creates a high risk for wireless service disruption in the event the primary server goes offline. The lack of support for this functionality requires an engineer to manually promote the secondary server as the primary in the event of a failure.

    4 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. PPPoE VDSL setting

    On the Network/Interface/configure PPPoE - VDSL setting area please change/add the text to indicate that this VLAN applies to a FTTH (fibre to the home) PPPoE configuration as well.
    In NZ we have UFB (ultra fibre broadband) to most premises that requires a PPPoE with VLAN 10 configuration.

    2 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Option to load Balance with IPsec VPN

    Option require on load Balance with IPsec VPN

    9 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.