This function was available in UTM 9, but it's missing in the new XG Firewalls. I should be able to create a new vlan and add it to a bridge so that it spans multiple physical interfaces. As it is right now, a new vlan can only be added to a single physical port.177 votesCompleted · AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
In SFOS version 18 it is possible to set a VLAN virtual interface on a pre-existing bridge group.
Find out about the early access program for V18 here: https://events.sophos.com/v18eap
As it is right now you must assign an ip address to an interface and then add vlans. doesn't allow you to just assign vlans.281 votesCompleted · AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
This functionality will be available in version 18 of SFOS.
To get early access to v18 right now, click here: https://events.sophos.com/v18eap
Currently with Non-Http based business policy no option to define service/application that a particular port is allowed to communicate to hosted server.For instance if we have 1 to 1 nat defined to host a mail server from wan &I want only SMTP &PING inbound-Xg firewall don't have option.Feature requested is for application parameter definition over present port mapping in a non-http based business rule similar to what we seen in competitions like fortigate which offers flexibilty to define port in virtual ip as well option to specify application in firewall rule47 votes
A great feature in cyberoam was the ability to change webfilter/App filter for a user or group in the identity section.
With XG that good option was left off, allowing only firewall rule based webfilter/App filter application as competitors do.
Please bring back that feature which made Cyberoam so popular.186 votes
In v16, we added user and group constraints to web policies. This allows admins to control all web behaviors for all users, from a single screen, while adding more powerful and simple to maintain web polices than in any other firewall. This allows you to define behavirs for users or groups in a single policy, while also defining exceptions and overrides in that same policy, and not needing to create policy clutter, with multiple, similar web policies.
FreeDNS was on UTM 9, is there any reason why it has not been carried over to XG Firewall.... I for one would like to have FreeDNS enabled in XG firewall as I see no technical reason why it should not be there.
or at least have a custom setting for Dynamic DNS that enables a feature to set Dynamic DNS via a url that can be called by curl.159 votesCompleted · AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
This will be available in version 18 of SFOS.
To get early access, go here: https://events.sophos.com/v18eap
Would be nice if the source port was already pre-populated like it was in UTM9227 votes
Currently we have to create a separated rule to each protocoal TCP/UDP.
You can now boot the software installer on a Sophos appliance hardware model.
We used to use Duo with RADIUS in UTM 9 by adjusting the timeout in the configuration files. Would love to see native Duo support in XG, but if that isn't feasible than a supported way to use RADIUS with a longer timeout would work as well.34 votes
Version 18 of SFOS provides an adjustable timeout configuration for RADIUS authentication.
For information on getting early access to v18, follow this link: https://events.sophos.com/v18eap
It would be nice to be able to utilize NVMe drives. NVMe native support was added in Linux kernel 3.3. It appears the v16.05 version is utilizing 3.14 currently. Is there a current roadmap for upgrading the kernel 3.3+?5 votes
We are now using newer kernel versions.
All Website if use Websoket that time Sophos XG 16.01.2 not working site6 votes
Websockets are now supported for web filtering in most situations. DPI Web filtering in version 18 will improve things considerably.
There seems to be nowhere in XG, unlike UTM, to get a quick listing of the currently-assigned dynamic DHCP address leases. This can make diagnosis of problems more long-winded.
Can we please have a simple listing, as in UTM, of the active DHCP leases?6 votes
Policy Helpdesk is one of the most convenient and powerful troubleshooting tool present on UTM v9 OS. It is missing on the SFOS Platform.
The Policy helpdesk allows the Network Administrator to evaluate the web filtering rules and policies applied to various machines on the basis of IP Address or User Identity without physically going on to the machine and testing.
Also identifying the policy which blocks the site is directly shown on the UTM itself just by entering either the source IP or the User Identity along with the destination URL or IP.
This really makes life easy.50 votes
Version 17 included a new policy test tool for Web Policy and Firewall Policy. We hope you like it.
When making changes to the NTP Configuration, it should not be necessary to reboot the Firewall afterwards.104 votes
At the moment, automatic firewall rule is not available in any option as it was with UTM9. For example when you setup a new site-to-site or vpn. This is very useful and time saving. Also add inside Policy Section "Automatic Firewall Rules view".
Last, add the chance to create Groups so we are able to group rules together.138 votes
Firewall rule groups were implemented in version 17.
Some features now offer automatic firewall rule creation and more will come.
We are closing this item as ‘Complete’, as the remaining issues are better addressed as more specific, detailed suggestions. Please feel free to create new ideas for specific use-cases.
Allow me to copy long URLs from the logs. They are truncated and cut off with a bunch of dots. Let me copy them!15 votes
IKEv2 and dynamic routing117 votes
IKEv2 has been delivered.
To support/follow route-based VPN, check out this item: https://ideas.sophos.com/admin/v3/ideas/11118984/
Adding a Business application non-HTTP rule you should have the option to use "Objects > Hosts and Services > Services" objects as the Port Forwarding target.
This reduces the rules required and keeps it more unified..
At the moment you need to add multiple rules I.E. A hosted service uses a mixture of single ports, port ranges and both tcp/udp will require multiple rules to achieve something very simple.97 votes
Add DNS-O-Matic to DDNS in Sophos XG Firewall. While there are many suggestions to add DDNS service providers, DNS-O-Matic supports many of the ones listed here, so all providers can be udpated from Sophos XG with only one call.32 votes
DNS-o-Matic is supported in version 18 of SFOS.
Please provide ability to use Google's Dynamic DNS service.42 votes
Native support for Google DynDNS will be in version 18 of SFOS.
- Don't see your idea?