XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow VLANs to be added to a bridge

    This function was available in UTM 9, but it's missing in the new XG Firewalls. I should be able to create a new vlan and add it to a bridge so that it spans multiple physical interfaces. As it is right now, a new vlan can only be added to a single physical port.

    177 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    16 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow interface port to be configured with just vlans

    As it is right now you must assign an ip address to an interface and then add vlans. doesn't allow you to just assign vlans.

    281 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    25 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. Service definition in inbound rule

    Currently with Non-Http based business policy no option to define service/application that a particular port is allowed to communicate to hosted server.For instance if we have 1 to 1 nat defined to host a mail server from wan &I want only SMTP &PING inbound-Xg firewall don't have option.Feature requested is for application parameter definition over present port mapping in a non-http based business rule similar to what we seen in competitions like fortigate which offers flexibilty to define port in virtual ip as well option to specify application in firewall rule

    47 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Webfilter & Application on User

    A great feature in cyberoam was the ability to change webfilter/App filter for a user or group in the identity section.

    With XG that good option was left off, allowing only firewall rule based webfilter/App filter application as competitors do.

    Please bring back that feature which made Cyberoam so popular.

    186 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    16 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →

    In v16, we added user and group constraints to web policies. This allows admins to control all web behaviors for all users, from a single screen, while adding more powerful and simple to maintain web polices than in any other firewall. This allows you to define behavirs for users or groups in a single policy, while also defining exceptions and overrides in that same policy, and not needing to create policy clutter, with multiple, similar web policies.

  5. Add FreeDNS.afraid.org DynDNS Provider

    FreeDNS was on UTM 9, is there any reason why it has not been carried over to XG Firewall.... I for one would like to have FreeDNS enabled in XG firewall as I see no technical reason why it should not be there.

    or at least have a custom setting for Dynamic DNS that enables a feature to set Dynamic DNS via a url that can be called by curl.

    159 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    77 comments  ·  Dynamic DNS Providers  ·  Flag idea as inappropriate…  ·  Admin →
  6. default source port when adding new services to "1:65535"

    Would be nice if the source port was already pre-populated like it was in UTM9

    227 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  5 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add support to choose both protocols (TCP/UDP) in Service object

    Currently we have to create a separated rule to each protocoal TCP/UDP.

    Best regards,

    Carlos

    229 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  5 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. 193 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    36 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Duo Authentication

    We used to use Duo with RADIUS in UTM 9 by adjusting the timeout in the configuration files. Would love to see native Duo support in XG, but if that isn't feasible than a supported way to use RADIUS with a longer timeout would work as well.

    34 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. NVMe support - Kernel Upgrade

    It would be nice to be able to utilize NVMe drives. NVMe native support was added in Linux kernel 3.3. It appears the v16.05 version is utilizing 3.14 currently. Is there a current roadmap for upgrading the kernel 3.3+?

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow Websocket connections

    All Website if use Websoket that time Sophos XG 16.01.2 not working site

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Provide a quick list of all assigned DHCP leases

    There seems to be nowhere in XG, unlike UTM, to get a quick listing of the currently-assigned dynamic DHCP address leases. This can make diagnosis of problems more long-winded.

    Can we please have a simple listing, as in UTM, of the active DHCP leases?

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. XG Web Protection: Policy Helpdesk/Policy Test

    Policy Helpdesk is one of the most convenient and powerful troubleshooting tool present on UTM v9 OS. It is missing on the SFOS Platform.

    The Policy helpdesk allows the Network Administrator to evaluate the web filtering rules and policies applied to various machines on the basis of IP Address or User Identity without physically going on to the machine and testing.

    Also identifying the policy which blocks the site is directly shown on the UTM itself just by entering either the source IP or the User Identity along with the destination URL or IP.

    This really makes life easy.

    50 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. NTP - no need for rebooting the Firewall

    When making changes to the NTP Configuration, it should not be necessary to reboot the Firewall afterwards.

    104 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Automatic Firewall Rule and Group

    At the moment, automatic firewall rule is not available in any option as it was with UTM9. For example when you setup a new site-to-site or vpn. This is very useful and time saving. Also add inside Policy Section "Automatic Firewall Rules view".
    Last, add the chance to create Groups so we are able to group rules together.

    138 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow me to copy long URLs from the logs.

    Allow me to copy long URLs from the logs. They are truncated and cut off with a bunch of dots. Let me copy them!

    15 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  17. IKE v2 and dynamic routing

    IKEv2 and dynamic routing

    117 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    13 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Sophos XG Unified firewall Business application should accept a host/services object

    Under: Policies
    Security Policies

    Adding a Business application non-HTTP rule you should have the option to use "Objects > Hosts and Services > Services" objects as the Port Forwarding target.

    This reduces the rules required and keeps it more unified..

    At the moment you need to add multiple rules I.E. A hosted service uses a mixture of single ports, port ranges and both tcp/udp will require multiple rules to achieve something very simple.

    97 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  7 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add DNS-O-Matic DynDNS Provider

    Add DNS-O-Matic to DDNS in Sophos XG Firewall. While there are many suggestions to add DDNS service providers, DNS-O-Matic supports many of the ones listed here, so all providers can be udpated from Sophos XG with only one call.

    32 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Dynamic DNS Providers  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add Google's DynDNS Provider

    Please provide ability to use Google's Dynamic DNS service.

    42 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Dynamic DNS Providers  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.