XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Yandex

    hi,

    There are problems with YandEx. There are thirty application types from google. For Yandex, we need that much detail.

    web side and application side are very inadequate.

    I want a download / upload solution for yandex applications.

    3 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Detection Requests  ·  Flag idea as inappropriate…  ·  Admin →
  2. Change IP on front panel

    Be able to change the IP's through the front panel. Put behind a password to make it even better then the SG front panel.

    4 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. Route to local IP should auto-create bypass stateful firewall

    When routing internally to remote subnets we MUST use:
    set advanced-firewall bypass-stateful-firewall-config
    or when the return traffic comes back to the subnet without going through the Sophos XG) it breaks the session.

    For instance,
    Remote office is behind a MetroE/MPLS
    Connected via local IP address
    Route is added in XG for the remote subnet
    ! Traffic does not flow

    If you add
    set advanced-firewall bypass-stateful-firewall-config add sourcenetwork 10.10.10.0 sourcenetmask 255.255.255.0 destnetwork 192.168.5.0 destnetmask 255.255.255.0

    Then it works.

    1 vote
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Firewall rule UI: Only show networks/devices relevant to the selected zone

    In Firewall Rules, when selecting an unique ZONE in "Source Zones", display only objects of this Zone in "Source Networks and Devices" and not all objects

    3 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Provide visibility into object usage/references

    show references for each components, as example we can show which rules are using such object

    2 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. Identify application activity in detail

    Identify application activity in detail eg. Webmail > message sent > via GMail/Office 355

    1 vote
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  7. Captive Portal should come from default gateway IP

    when VLAN users access the internet. that time captivate portal come default VLAN. we need to come this from VLAN default gateway

    8 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Usage reached messages, user authentication failure instead of unrecognized user.

    How about some better messages to the user when their login failed, particularly when they have used up their Quota, right now the unrecognized user message causes a lot of confusion to users. would be nice for user to get a "quota reached, or out of time, or etc" type of message when they've reached their allocated amount. possibly extend idea to include other messages, bad password, almost out of time, etc. right now the generic one size fits all message is no so helpful.

    1 vote
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. L2TP or PPTP client for WAN ip address

    Sometimes here in Europe we have some ISP that give us L2TP credentials in order to connect to a server to have access to an external, fixed and public ip address, becouse the isp default ip is from a wwan connection and so it's on a private network.
    For example my wireless isp give me a set of credentials, their vpn server ip for the connection and then i can access my router behind their antenna with the provided public ip address.
    I hope i was clear, what i need is to have l2tp and pptp options on wan interface,…

    2 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Ability to configure low signal drop off

    We all know Mac's don't support 802.11r fast transition, and instead do signal strength. Can we set the minimum receive RSSI to help force a device to a closer AP?

    5 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Bulk user edit tool to change properties of multiple users at one time

    It would be so good if you guys can include a bulk user edit function to enable settings such as Quarantine Digest across all or large selections of users. Right now we are forced to edit 200 users individually to enable quarantine digest. Its simply not acceptable for software to be this labour intensive.

    3 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. RED: Check local network connectivity before attempting to connect VPN

    On some ISP box, DHCP server is up before network is really connected. This allow RED to obtain IP adress, but to failed into reaching network and XG (if on another wan site).
    It should be good to add an ability to check if Network is up before trying to connect.

    1 vote
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  13. Dynamic user creation based on IP or MAC

    We need a way to do modern user/client authentication.

    Please check out the meraki method...dynamically created users based on I.P/or Mac address. See if they are online or offline. Get stats about the user. If they are in AD, automatically discovered by AD as well with no agent.

    The current method does not work at all for sites without AD, very clunky even with AD. Please modernize this feature.

    4 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. End User Network Registration

    Greetings TeamSophos

    I got this Idea from http://netreg.sourceforge.net and in a real network scenario it would entitle me setting up a netreg server then Sophos as well. So Why not marry Netreg features and functionalities into Sophos (best of both worlds).

    NetReg is an automated system that requires an unknown DHCP client (typically a user connecting on to the network for the first time) to register their hardware before gaining full network access. Through a simple web interface (perhaps an advanced captive portal first), the client is prompted for their user identification.

    Powerful scripts then retrieve the client's network fingerprint…

    3 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  15. User, Hosting Server and GUI

    1) On Identity, We cannot Enforce Web, App or IPS Policy on a user Directly. Previously it was in CyberoamOS. Please give that option.

    2) While hosting a server, we cannot give multiple source and destination Port numbers. Previously it was in CyberoamOS.

    3) Lots of customer whom I interacted have found cyberoamOS GUI is more easy and user friendly.

    2 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow changing of syslog server names

    At present, once a syslog server is created, the name cannot be changed. Syslog server names should be modifiable without having to delete\recreate the server.

    4 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Support SASL in the MTA upstream relay or smarthost function

    It's been confirmed that the MTA Smarthost relay function does not support SASL with wraps the PLAIN LOGIN with TLS using STARTTLS. This request is for the support of SASL similar to the implementation of it on the administration notification settings form which does support SASL.

    5 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow the ability to download\manage Snort rulesets

    There is a plethora of Snort rulesets that should be of great value to XG users but implementing these at present seems horribly difficult.

    Snort users have a lot of flexibility in terms of managing the rulesets within the application - it would be great to have more of that here as well.

    4 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Pagination Options for Clientless Users Dashboard

    It would be great to be able to display more Clientless Users within the Clientless Users screen. When dealing with large ranges it becomes tedious to alter the status of say an entire /24 worth of users.

    2 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Ignore L2 routing for WAN interfaces - async routing

    Ignore L2 routing for WAN interfaces.
    if not it casues DDOS attacks for uplink WAN
    if not it causes async routing issues for all remote inbound connections

    (Other vendors do this to prevent Async routing. Specially in Belgium where major ISP leases static IP's with /19 subnet. )
    Case: 7804710

    1 vote
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.