XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Update Sophos XG Email notifications to function with Google and Yahoo.

    Update Sophos XG Email notifications to function with Google and Yahoo. It seems that the presentation by Sophos for this communication is considered by other parties to be of a lower level of security. Yahoo shows the following:

    Someone attempted to sign in to your Yahoo account (five9s) from an app that doesn't meet Yahoo's security standards. We blocked this sign in attempt, which was
    made on:

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. Restrict YouTube via HTTP Header for some user groups

    Google has just introduced new methods for controlling access to YouTube--DNS and HTTP headers. It would be nice if ths XG supported the HTTP headers so we could setup restrictions for some user groups. Details of the changes are documented here: https://support.google.com/a/answer/6214622

    23 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Two-factor authentication for VPN

    The two-factor authentication for VPN was a core reason for choosing the 9.x UTM. Please bring it to XG!

    13 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow creation of both DHCP Server and DHCP Relay

    Please make it possible to configure both DHCP Server and DHCP Relay in the Firewall OS, perfect example is using DHCP Server for wireless/wired guests and DHCP Relay (internal domain DHCP server) for internal network. That way the internal DHCP server don't contain any data of guest devices and any DHCP requests from guest devices (malicious or not) are noty being sent to internal DHCP servers.

    12 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Breadcrumb Navigation

    It would be really useful to be able to navigate through the interface using the breadcrumbs displayed on each configuration page. For example, the Firmware page is at System > Administration > Firmware; it would be great to be able to click "Administration" to go to a page that lists all of the administration options, and then drill deeper again from there, to say, "Licensing"

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. XG displays nothing about what new firmware adds, updates, etc.

    HW-SFOS15.01.0MR-1.1.SF300-407 just came out. There is no information displayed in the XG about what this firmware update adds, repairs, etc and of course I'm a bit wary of installing it. It would be very helpful if this information (a short summary of the release notes) was displayed on the Firmware page (and maybe with a link to the release notes). I've been unable to find this info anywhere else either so I'll be wasting tech support's time to get it before upgrading. I like the other posters idea about receiving an email notification for updates as well but…

    21 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add the ability to use a regex expression for https scanning similar to http scanning for content delivery providers such as akamai

    The existing web content http scanning rules allow for the use of a regex url expression to bypass scanning. This same capability is needed for https also to set rules bypassing scanning/blocking for content providers such as akamai and Apple iTunes. When viewing HD content on Apple iTunes and web content filtering is on, Apple iTunes redirects to [multiple addresses].akamaitechnologies.com to deliver the HD content. The only other current alternative is to turn off web content scanning for the user or device altogether which is not good.

    18 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add OTP feature to XG firewall

    Would be great to have the OTP feature on XG

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. PPTP/L2TP no members by default

    By default, as soon as you enable PPTP or L2TP all the users are added as members (local and AD too). This is not safe. Instead the "show members" list should be empty and Admin adds the needed users. Even if you can manage PPTP and L2TP on single users or group, Admin should decide who put in the list. Please adjust this feature. Also change the name to PPTP (Remote access) and L2TP (Remote Access). Last but not least, instead of having show members and add members tab, create the same Identity area as you did for SSL VPN…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. SSL VPN Port modification request

    Hi Sophos XG Firewall Team,

    Need your support to allow the Firewall administrator to configure the SSL VPN port, because most of the networks are not allowing to use 8443 port especially in ISP side.

    It is crucial for all Sophos XG Firewall end customer.

    Regards
    Damodharan..

    13 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  11. Provide a way to increase HTTP response_timeout

    Currently, there is no way to increase HTTP response_timeout=60 in awarrenhttp.conf file. This option was available in Sophos UTM version 9

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →

    This was added in v16 of XG Firewall. It can be accessed by logging in to the system console (with ssh) and selecting option 4 (Device Console).

    To see the current value enter this command:

    console> show http_proxy
    HTTP add_via_header: on
    HTTP core_dump: off
    HTTP relay_invalid_http_traffic: on
    HTTP response_timeout: 60

    To set it to a new value (e.g. to 240 seconds), enter this command:

    console> set http_proxy response_timeout 240

  12. Allow High Availability with DHCP

    "HA cannot be configured when one or more interfaces are DHCP/PPPoE/WWAN-enabled."

    Much like with the previous UTM's, users should have the option to utilize High Availability regardless of their interface type.

    16 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Block I2P

    Please add I2P to the list of Very High Risk applications.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Detection Requests  ·  Flag idea as inappropriate…  ·  Admin →
  14. Change Hostname

    It would be nice if we were able to change the hostname when configuring the Sophos XG Firewall. One of the major reasons is unless you create a certificate with a common name of "localhost", the hostname on the certificate and the appliance will never match.

    42 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Improve Port Forwarding

    Port forwarding configuration is confusing at best.

    39 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add support to copy/duplicate policy rules

    This will help us to reduce time, management in this operation.
    By example, Policy Rules with the same same destination, ports, gateway through but with the source address different, could be easily cloned with based from other one.

    Best regards,

    Carlos

    98 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Improve GUI

    At moment the Dashboard cannot be customized, no flow control and no in/out of each interface. Really missing many nice features from UTM9. Sort option inside menu in alfabetic order.
    Make sure GUI can use all screen resolution; allow us to reset alarms from GUI;
    GUI should be similiar in feature as UTM9. We will see!

    93 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. MTA - Bring it back

    UTM9 has MTA built-in while SFOS does not. You need to configure external SMTP to send notifications and many small installation does not have internal email server.
    You can add external private email server but it is not acceptable that a UTM does not have smtp capabilities.
    Please add it ASAP.

    91 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. 48 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
1 2 5 6 7 9 Next →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.