XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add support for cipher suite in Cyberoam OS

    Add a support to ciper suit TLSECDHERSAWITHAES128GCM_SHA256 -

    {0xC0,0x2F} in Cyberoam OS

    88 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    19 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Admin login “failed password” error

    We recently setup a new XG 115 firewall saved the config and then found ourselves unable to login “failed password”
    We contacted support and spent time using keyboard and screen to reset the password - still no login, then fully resetting and evenntually the Sophos support person advised we had a corrupted image and the unit was replaced as DOA.
    The new unit was setup with the same result we proceeded to wipe and reset using different passwords which all worked when using the keyboard and screen
    Only after setting up another Sophos incident and booking another engineer did we…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Hardware  ·  Flag idea as inappropriate…  ·  Admin →
  3. 4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  4. XG-Firewall: Allow Changing HA-monitored Interfaces without breaking HA

    Allow Changing HA-monitored Interfaces without breaking HA like in UTM/SG - OS possible.
    Why is there the need to break HA if only a change or modification on a productive plant ist planned, that schould be online 24x7? That´s why HA is implemeted!!

    13 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. SNMP v3 version in XG105 firewall is not available

    SNMP v3 version in XG105 firewall is not available, please check possibility to add it in the new firmware version ASAP. Because without SNMP v3 i dont like to call it as firewall itself.

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  6. Zero Firewall Rule Traffic Counter

    Very simple, have an option to zero the traffic counter on a firewall rule.

    87 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. have detailed reports/graphs on XG as available in central (cloud)

    Implemented the wifi graphs/reports that are available in the cloud (central) to the XG as well, as currently, the XG options for wifi are useless.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. SD-WAN

    SD-WAN

    186 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. XG is not working to perform hair pinning. now a days so many device to access internaly by global ip without fqdn so enable this feture

    XG is not working to perform hair pinning. now a days so many device to access internaly by global ip without fqdn so enable this feture

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. STAS allow un autherised users to access the internet

    STAS to allow unauthenticated users internet access. We use STAS to map ~IP against users for web use monitoring, we don't want to restrict non authenticated users or annoy them with having to login to the XG.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. OpenSSL

    Can we please update OpenSSL to a newer version and also maybe compile it to use the AES extensions in the CPU for those of us that have processors that support it? 50 road warrior vpn users and 12 red devices, and 5 site to site tunnels can crush a 310.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  12. DNat Rules By Schedule

    You should enable the option to add a schedule to a rule DNAT

    25 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Reporting: Virus Detection Email Alert

    Please give us the option to automatically send an email alert to the admins, when a user visits a website that has a virus detection. I think this is the best way to get quickly imformed about an security incident. Not maybe a week later via reports.

    13 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  14. Disable default bridging

    When setting up XG 17.5 for the first time, all unconfigured interfaces are bridged with LAN :-(

    VERY annoying, because when you want to disable the bridge, you need to unbind one interface, assign a new ip on the unbinded interface and assign LAN zone to that interface. The you can switch port to the new interface and login to remove the bridge. NOT GOOD.

    When bridge is needed, we can easily configure it, when doing it from port 1 ourselves ;)

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Multiple IPS in Business Application Rules

    When creating a Business Application Rule as a NAT, to have the option to choose more than just one IP Address to receive the connection.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. reset firewall hit counter

    reset the firewall hit counter, not only after reboot

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow Sandstorm to show every request to help debugging

    Sometimes I find Web sites that appear to be unresponsive unless I add an exception to the XG to skip Sandstorm scanning for them (or create a clone rule that has "Scan for zero-day threats with Sandstorm" disabled.) I spent over three hours with Sophos tech support trying to figure out why this was happening because nothing was showing in the sandboxd log, and it couldn't be set to debug log level to confirm if this is a bug or if Sandstorm is working as designed.

    So please add a debug log level option to sandboxd and allow it to…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. backup to central

    With the integration started with Sophos Central, it would be great if the last x number backups could be pushing into Sophos Central. This would provide a few capabilities. One - It could be backed centrally up without the required MR4 password affix to it, so no prior knowledge would be required to restore that backup if hardware failed. Two, it would create snapshots of the configs in time for audit / discover purposes, hopefully eventually leading into a change log of all UTM config changes. Three, in DR scenarios it exists outside of all company systems and people, so…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Syslog Servers - Export Logs DHCP

    From our Sophos XG 450 devices we would need to export logs related to DHCP.

    The data we need are: IP address, Mac address, Host Name.
    We would also need to export logs related to SSL VPN Client connections with the same information (IP address, Mac address, Host Name)

    Rogari Andrea

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Hairpining

    Can automatic NAT hairpining be built into SFOS automatically like it is in UTM? Very frustrating to have to create hairpin rules in order to access published servers from behind the same XG firewall. The best solution I've found to date is to set the source zone as "any" on the business rule governing the DNAT for the published service, however, that masks the true source IP address for any device on the outside accessing that published service because the firewall translates the source to it's own IP address. That makes it impossible to filter and restrict access to some…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 8 9
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.