XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. user agent

    Hello,

    I would like to have our proxy log all User Agent strings and possibly the referrer. This is a great way to see what is making network connections out and helps with root cause analysis. This is also import information when performing incident response.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Pption to clear (In:10GB & Out:20GB) of firewall rules, to check newly generated traffic is choosing the right policy or not. OR Rules sho

    Option to clear (In:10GB & Out:20GB) of firewall rules, to check newly generated traffic is choosing the right policy or not. OR Rules should give live session information like how many sessions are going through per rule.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. increase the limiation of maximum thinclient

    Please increase the limitation of 64 maximum thinclients, as some customer has more than 64 Citrix servers.
    256 would be a good number.

    12 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Initial Installation Pattern update

    When installing a brand new XG series unit, the subscription license services may not yet be available. (In Australia it can take 48 hours to receive the licence information from Sophos).
    After the initial registration you can manually download and install upgraded firmware, but there is no way of upgrading patterns for AP or RED devices.
    This means that while you can configure a base unit for internet access, it is impossible to deploy and configure additional hardware until the subscription licence is valid.

    There should be a way of obtaining pattern updates for external / add-on hardware devices either…

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Application Specific Signature for Ring Central

    There is no Application Specific Signature for Ring Central, which means we can't apply Application-based Traffic Shaping Policy for it.

    Please add Ring Central as a defined Application.

    See below:
    https://community.ringcentral.com/ringcentral/topics/how-do-i-troubleshooting-call-quality-issues-qos
    https://www.ringcentral.com/support/qos-router.html?_ga=1.41909153.2038724511.1480961611

    10 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Detection Requests  ·  Flag idea as inappropriate…  ·  Admin →
  6. Transparent Subnet Configuration

    It would be great if Sophos XG would allow you to created a transparent interface like SonicWall does. https://support.sonicwall.com/kb/sw5979. Sophos currently only supports using a bridge interface or proxy ARP to achieve this which is not as easy or clean as SonicWall's method.

    https://community.sophos.com/kb/en-us/123524
    https://community.sophos.com/kb/en-us/123525

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Synchronizing PPPoE sessions

    In SFOS version 16.05.4 MR 4, PPPoE sessions in HA mode are not synchronized.
    PPPoE goes down and reconnects when switching occurs from Primary
    PPPoE sessions are not inherited, so there is no point in configuring HA.

    Make sure PPPoE sessions are synchronized.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Static Mapping window size

    Static Mapping size seems to be just too small to see the last octe in most IPs. 192.168.60.200 shows the 2 and half of a 0. If space is at a premium, MAC Address seems like it could spare some length...

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Load Backup instead Basic Setup

    Could be a good option if when perform the initial wizard setup, instead need to config Basic Settings you can load a previously taken Backup. This could be useful when you have just flashed the device.

    12 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Hotspot functionality to support VLAN and custom zone

    The hotspot functionality doesn't show an option to choose VLAN with custom zone. It does show a physical interface with custom zone and a VLAN with LAN/DMZ zone. However it does not show a VLAN that is custom zone, even if the zone is type LAN or DMZ. An example would be two networks that share the same interface: BYOD (physical) and Guest (VLAN). BYOD can be used with a custom zone, but Guest cannot.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow modification to HTTP timeout value

    We use an http service that lets you download a dynamically rendered PDF specific to our site. Unfortunately, XG 16.0.5 does not let you change the timeout value for an http response, and the PDF takes about 67 seconds to render, and the XG times out the connection before it has a chance to download. Reaching the site directly via cell phone or other firewalls allows the https server enough time to deliver the PDF, but not through the XG. Support rep confirmed there are no console commands to change this behavior, please refer to case number 6855875.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →

    This was added in v17.0 of XG Firewall.

    To change the response timeout:

    1. Connect to the device console via SSH or directly with a keyboard/monitor or serial cable.
    2. Login
    3. On the main menu, select (4) Device Console
    4. At the prompt, to increase the timeout to 3 minutes from the default of 60 seconds, enter the following:

    console>set http_proxy response_timeout 180

    5. Exit the console and log out.

    To see the current value, enter the following command at the console:

    console>show http_proxy

    Note that setting this value too high will increase the risk that misbehaving servers could cause a denial of service – consuming excessive open connections by just not responding to requests sent.

  12. Add 40GE QSFP+ slots on XG650/XG750

    Those XG models can be used even on big installation where connection are beyond the 10G. Make sure to provide us more power and fast connection on those in order to be competitive against other vendors.
    Thank you.

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Automatically Displayed Captive Portal

    In SFOS 15 Captive Portal appeared automatically when users associated with a wireless network. This made it very easy for less tech savvy users to authenticate.

    In version 16 users are no longer automatically are presented with the captive portal. Users must now access a web page and click a login link on a content blocked error page to authenticate.

    This seems clumsy and has presented problems for our users. Many mobile device users start an app, like Spotify, immediately after connecting to the network. This doesn't work, of course, since they aren't authenticated. This causes calls to the help…

    35 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Want to appear web blocked page with category mentioned in it.

    In Cyberoam OS,the blocked page was appearing with the category that i have blocked, but in Sophos OS i am unable to see the same feature in blocked page.Because of this ,it is getting difficult to identify the category through which the page is blocked.Need to change the html code & make available these feature.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Captive Portal issue with v16

    In version 15 captive portal is auto connect or show to our browsers automatically,,but in firmware 16 we are not able to get Captive portal directly.for that we need to maanualy add url in our browsers.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. URL category update

    Review and update Category periodically as some URL are being wrongly categorized

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. on reboot

    When restarting after clicking "Install" to apply a firmware update, in a green tab at the top, it states: "On reboot, Firmware version 'undefined' will be applied to the system". Why not correct "undefined" to reflect the version being applied and add a period to the end?

    I can send you a screen shot if you'd like.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. We need to filter on description Rule

    The filter on Firewall Rule is insufficient.
    Il will be better to filter on Description Rule, Masqueraded Rule.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Apple FaceTime application is listed in the application list but it seems to have a different pattern now. Maybe

    Apple FaceTime application is listed in the application list but it seems to have a different pattern now.
    Maybe with iOS 10 something has changed?
    When FaceTime is started the call can be received by the receiver but the video cannot be transmitted.
    The log viewer shows "Freegate Proxy" as blocked (I blocked risk level 5 applications") - allowing "Freegate Proxy" makes FaceTime calls possible but the name is misleading and what else is allowed this way I don't know.

    Would be great to fix this.
    Latest Sophos XG version ********

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  1 comment  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  20. Language

    Language PT-BR!!!

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.