XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Application Based Split Tunneling

    Ability to exclude specific Subnets or Applications from a Full Tunnel Sophos Connect VPN Connection.

    Described at the Microsoft page here. -> https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-vpn-implement-split-tunnel?view=o365-worldwide#2-vpn-forced-tunnel-with-a-small-number-of-trusted-exceptions

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  2. preview quarantined e-mail incl. mailheader in clear text

    Ability to preview quarantined mail in SMTP quarantine for administrators as with the SG is possible. This I used often to see if an e-mail was legit and would be safe to release .

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow to enter a partial MAC-Address to filter for Vendors

    It would be great to be able to enter a partial MAC-Address as eg. 00:1A:E8:* within the MAC Address Definition section.
    The MAC-Address in this example would involve every device from the vendor Unify.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. XG stops reading SMTP Exception with the first hit. SMTP Exception are not combined.

    I wanted to configure SMTP exceptions very granularly, when I started to configure SMTP exceptions in XG firewall.
    Therefore, I made one exception for antispam, one exception for dkim, one exception for malware and so on. I soon recognized that this does not work. XG firewall searches the SMTP exceptions until it has the first hit. If I add the email address example@example.com to the antispam exception and to the dkim exception, only one of these exceptions work. I have to configure a new exception, which skips both, and have to add example@example.com there and have to delete example@example.com in…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Creation of log / Record specific for a singol user and save like a template

    Currently is not possible cCreation of log / Record specific for a singol user and save the it like a template. Is it possible implement this feature?
    R

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  6. How Does Company Administration Work?

    Making the decision to enter administration can be a strong one, especially if you are not certain what the outcome will be. When an insolvency practitioner is arranged as the administrator of a company by its directors, the goal is generally to do whatever is necessary to preserve the company whilst making sure creditors’ areas are protected and returns maximized. All management of the business operations is relinquished to the company administrator. Company administration is a provisional measure rather than a long-term solution. The security available by an administration provides the time needed to devise an acceptable exit strategy to…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow netflow to be assigned to a specific zone

    It would be great to be able to assign the netflow service to zones the same as you can with most other services: SNMP, SSL portal, ping, user portal, etc..
    You cannot truly segregate all management traffic/duties with the current implementation without rewiring the default Lan port to be a dedicated management interface

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. GUI suche von Objekten

    Sehr geehrte Sophos XG-Team,

    könnt ihr BITTE BITTE die Suchfunktion beim erstellen von Firewallregeln o.ä. endlich auf eine Volltextsuche umstellen ?

    Es ist extrem nervig, das hier keine Volltextsuche funktioniert.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. GUI suche von Objekten

    Sehr geehrte Sophos XG-Team,

    könnt ihr BITTE BITTE die Suchfunktion beim erstellen von Firewallregeln o.ä. endlich auf eine Volltextsuche umstellen ?

    Es ist extrem nervig, das hier keine Volltextsuche funktioniert.

    0 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. RED Patternupdate and Installation automatically

    We want to do the RED Firmware installation automatically at night. Because there´s a downtime while the installation and at night normally nobody is working. Because we although don´t want to work at night, it should be done automatically.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  11. MTA spam quarantine - have details option to view the email headers and source

    Have a details option in MTA spam quarantine to view the email headers and source. Optional also to send it to a different email address for checking.
    See Puremessage functionality.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. In XG-106, one box search option should be given

    In XG-106 UI, a powerful functionality of one box search (like google) is required which can result search feature/option available in Firewall configuration application.

    Eg
    I need to search Protection Policies, it can search through all the menu/sub menu options, if possible it can search from the data also and result with the breadcrum path link where you can directly move.

    Purpose
    there are multiple option /features available in the application and its difficult to remember where these options are located in the application as its not in daily use.

    I hope Sophos developers team can incorporate this powerful feature…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. ipsec - IP pools

    We are currently trying to migrate from a UTM-9 to a XG and I am especially missing some setting options for RAS with IPsec:
    - no possibility to assign IP pools
    - No certificate is generated for users

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  14. TOP missing XG (basic) features

    TOP missing XG (basic) features (all present in UTM9):
    NAT rules: cloning, grouping
    Static routing: cloning, descriptions, use objects
    Objects: create object inside group (i.e. create IP host inside IP host group)
    HA: Unliked status like in UTM9, Monitoring for VLAN interfaces (without physical interface IP set), Backup interface
    Interfaces: Allow deconfigure interface without deleting all VLAN interface on that physical port
    Registration process: automatic passive box registration via active XG during HA creation
    Sophos Connect & SSL VPN: Allow use of IP host group insite resources
    DHCP: allow Dynamic IP lease accross Statis IP MAC mapping (and exclude internally)…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. HA Link for LAG port

    Current XG'S HA(-v18MR4) has SPOF against HA Link. Because HA link is available for only One-port/One-Link.

    If HA-Link port can be assigned LAG port, it's become more robust configuration against HA Link failure.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Hardware  ·  Flag idea as inappropriate…  ·  Admin →
  16. include XG revision # in "model" column of Sophos Central

    Include the hardware revision number in the XG "model" column of the Sophos Central >> Firewall Management >> Firewalls page. It's helpful to have this info all on one screen.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  17. Better Bandwidth Monitor

    It would be excellent if there could be a tab under "current activities" that showed a real time bandwidth monitor that updated every few seconds. This would include all the WAN interfaces showing at the same time in a line graph format. It could carry over the "interface name" so you knew which ISP was taking up bandwidth for better diagnosis of bandwidth usage.

    My institution would use such a screen all day. We have had several products in previous years that had such real time graphs.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Sophos Connect ipsec vpn Local service ACL

    Add Sophos Connect ipsec vpn column to the Administration >> Device access >> Local service ACL matrix. This is missing on sfos up to the current 18.0.4 MR-4.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  19. A method to open Thunderbird email into Outlook window

    We know that Mozilla Thunderbird stores the data in an MBOX file format while Outlook supports PST file format. In such a situation, MailsDaddy Thunderbird to Outlook converter is a precise application tool that easily imports Thunderbird email into Outlook without any changes. The tool also helps the user to move Maildir files to Outlook PST format. It has several other conversion options that allow user to open Thunderbird data into PST, EML, MSG, HTML & various other mail formats.

    For more info: https://www.mailsdaddy.com/thunderbird-to-outlook-converter/

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. FourEyes - Data Anonymization - Audit logging

    When Data Anonymization is enabled, one would think that it was possible to see when and who has initiated an de-anonymization of anonymized data, however this seems to be missing. We need this for compliance, it is simply not enough to anonymize the data.

    The only logs related to this is authorization events in the form of logins, but these events does not reflect an de-anonymization event.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 94 95
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.