XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Populate admin user info from Central in XG logs

    In XG SFOS up to the current 18.0.5 only generic admincentralsa is logged as the username and 127.0.0.1 (localhost) as the ip in the XG Admin log for management authentication and actions performed by Central admins. Given that multiple Central admin users exist, logging the specific account username and/or the public ip of the client logged into Central would be an improvement rather than the generic placeholder that can't be directly traced back to a user.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  2. speedtest

    speedtest app in dashboard

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  3. Sophos Connect - Hide "Save User name and Password" from SSL VPN Connections

    We are able to hide the "Save user name and password" facility for IPSEC VPN connections, but not for SSL VPN connections.

    Please can we have a way to hide/disable the "Save user name and password" facility for SSL VPN connections in the Sophos Connect VPN client.
    Some of our customers want both IPSEC and SSL VPN connections available.
    In many cases allowing users save their credentials is a security risk.

    Sophos Support have advised this is currently not possible with SSL VPN connections in the Sophos Connect VPN Client.
    Sophos support ref - ref:00D301GN6a.5003Z1GgvFd:ref

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  4. smarthost

    When two or more WAN interfaces are configured enable smart host relay according to defined rules, i.e. smart host must be enabled only if one (or more) defined WAN connectivity is down.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. XG logviewer - add multiple IP's

    In the logviewer for XG appliances, being able to filter out multiple values for SRC or DST would be extremely useful!

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. sophos connect

    I just found an interesting "feature" in Sophos Connect.

    I have a connection added

    I rename it to OldIPsecVPN_remote

    Then I try to import a new set of settings for the same remote firewall

    Wrong!

    When I click ok to import the other settings it just overwrites my "OldIPsecVPN_remote" with the other set of settings and renames it...

    So what's the use of having a possibility to rename if you can only change the display name...

    Kind regards, Peter

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. Multiple public ip and proper way to DNAT/SNAT with XG high availability FW on azure

    Please provide a proper guide of how to DNAT or SNAT for your HA XG on Azure, also how to implement it with multiple public IP

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  8. Email Alerts for Web Hits

    The ability to receive an email alert when a device/user hits a certain blocked web category.

    Example: An email alert when a device is blocked from accessing a website categorized as Virus/Spyware.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. digest

    the Release link and My account on the Quarantined digest report use IP address and not the URL of the firewall. so the person gets a certicate error because it does not match the certcate we have install on the firewall.

    I been told by support its not possible in the auto generated mails to use a hostname
    we are running SFOS 18.0.4 MR-5

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. no option to add url in SSL VPN allowed network tab.

    HI team,

    I am not able to add url through ssl vpn group permitted network. please add this feature if possible

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  11. JUST STOP TELLING ME WHAT TO DO

    I am sick and tired of Sophos telling me what to do. My password is 16 characters and complex. There is no need to change it. Give me a dismiss permanently option instead of skip and remind me next time. Only solution is for me to change it and then change it back again. Anyone administering an enterprise firewall is not a baby that needs their hand held.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Site path routing case insensitive or customize with regex.

    Make site path routing case insensitive. Because the URL can be typed in any combination of case by the endpoint wanting to access the webserver, this feature is rendered worthless if you are trying to block certain path combinations. This was experienced on an XG 330.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Reports

    In our Head office we are using XG 550 Firewall and we are connected 20 location in that Firewall with VPN we are request to get the reports of all location utilization report (Example Traffic external WAN

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  14. Simply set Individual hotspot password instead of Voucher / POTD

    In our former hotspot solution we simply could set an individual password which makes some sense for us/customers. Now I can only generate a password for an unlimited number of devices to gain the same effect but without the possibility to define this password on my own.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Feature to export the user details in a csv file

    Please provide us feature to export the user details in a csv file

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  16. OWA Publishing on Exchange 2016 or above

    Hi Teams,

    One of our Customer wants to publish OWA with Exchange 2016 but as per Sophos, we were communicated by Sophos, OWA is not supported by XG Firewall for Exchange 2016. Customer is currently using two appliances of XG firewall 650 as a web proxy in their environment. Now we have a feature request or idea to include the OWA Publishing on Exchange 2016 through the XG Firewall. For future enhancement is there any product that supports both Web Proxy and OWA Publishing on Exchange 2016.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Site to Site SSL manageable via SDWAN Routing.

    As it is right now, SDWan can be used to do routing between Devices that have a definable Gateway. That being said, you need to define a Physical interface and when doing the site to site SSL VPN you cannot use SDWAN routing as the SSLVPN is defined as a virtual interface. Would suggest that improvements are made to the SDWAN routing to allow either defined VPNS to show up as a interface, or allow for all virtual interfaces to show up as a interface along with the physical ones.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Monitor utilization bandwidth for every subnet vlan and create the report or sending to NMS

    Hi Teams,

    In the sophos XG310 we have configured port 11(LAN Zone) & port 12 (WAN Zone) as a member bridge interface.

    We run iftop in advance shell to monitor sample traffic from the src VLAN with subnet x.x.x.x/x that we can see bandwidth usage in interval 2s, 4s & 10s as reference from

    https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/118249/sophos-xg-firewall-how-to-monitor-bandwidth-usage-between-ips-in-realtime

    Can we sent the result of "iftop" traffic monitor to NMS like as prtg, zabbix, OpManagers or etc via snmp ?

    Best Regards,
    Qomar

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  19. ospf

    Disable OSPF MTU mismatch detection

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Radius 802.1x Authentication on RED Ethernet Ports

    Control the Network Access on RED Devices on the Ethernet Ports.

    If deployed in, for example, a home-office I cant control the Network Access for devices that are not company owned devices.

    Right now the only possibility is sophos endpoint, but then I cant use IP Phones or any other non Windows/Linux/Mac device.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 100 101
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.