XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. want to apply different web & app policy for each user will have to play with firewall rules only as direct policy on user is not possible

    want to apply different web & app policy for each user
    will have to play with firewall rules only as direct policy on a user is not possible unfortunately on XG

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. I want

    I want to monitor individual vpn site to site trough SNMP, right know only I can monitor a channel IPSec0 but only is the traffic of all vpn site to site.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  3. VPN from LAN

    Hi
    In Sophos SG we can make a vpn connection to firewall from LAN . but in XG firewall it is disabled.
    we use it to shre internet for LAN Users and need it . Ii think it is a good idea . Please enable it.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  4. Validate passwords entered for smarthost and notifications

    It appears that passwords of a certain length or containing certain characters are not properly handled by Sophos when it attempts to authenticate with a smarthost. The result is that Sophos cannot authenticate with the smarthost and outbound e-mails remain stuck in the spool, showing as failed. There is no indicating in the logs accessible in the GUI that the problem is an authentication error.

    It might save users some frustration if Sophos were to either include validation logic to reject problematic passwords when they are entered and/or including a note or tip in the GUI indicating the applicable parameters…

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Per-user certificate authentication from third party CA

    Allow certificate based authentication for client VPN to authenticate users based on a certificate issued by a trusted third party or internal CA server. Additionally, grant authorization based on group membership of user presenting the certificate.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  6. Create STIG for XG Firewall

    Reference: https://iase.disa.mil/stigs/Pages/a-z.aspx?#
    Sophos' major competition have certified their products and provide STIG files for secure configuration in accordance with DISA standard for the DOD. A DISA IASE STIG file is needed regularly for each major XG firewall version. This is now required for far more than USG agencies - this is now being used by USG contracting suppliers in order to prove compliance with NIST SP 800-171 and it's now being used as a security standard for other country and industries for commerce security. This needs to be considered sooner rather than later - Sophos is losing sales over…

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. MAC Based Reporting

    Now in Pakistan, customers need reporting based on MAC addresses but I have not seen such thing expect user and IP based on firewall. Can you please confirm when it will be going to update in near future.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  8. Notification App for Android and iOS

    It would be great if we could have a notification app for Android and iOS which is fully independent from Sophos Central, especially for home users or SMB companys which do not need central.
    The app should provide the Administrator alerts and informations about security events (IPS, Web- and Appfiltering, Emailprotection...) and advanced informations about the device (Memory, CPU,...).
    It would be great if this app is also available for users of XG Home without Sophos Central account.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add content disarm and reconstruction

    Add Content Disarm and Reconstruction to XG-Firewalls Email Protection functionality.

    It would be great to enable the XG firewall to use CDR when handling incoming emails (with the possibility to access original files for a certain time if neccessary)

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. log viewer. Apply filter manually only after setting criteria first

    Log viewer automatically processes and filters data every time there is a change in the criteria. frustrating having to wait for the filter to show results, before being able to select all the criteria first. e.g. if I want to filter by IP and port, first I need to select IP, and then wait for filter to be applied, before I can select the port criteria.

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  11. Change MTU size on RED devices

    As there is a know issue with Citrix connections over a RED interface, I would like the possibility to change the MTU size on the WAN interface of a RED, or on the RED interface of the managing firewall.

    this can be done by running the following command from the advance firewall via putty ifconfig RED interface i.e. RED1 mtu XXXX

    Please be aware that a reboot or an firmware update will revert this back to the normal settings

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  12. Gateway failback timeout configuration in firewall

    Hi,

    When the Active gateway comes back online, traffic should fail back to the Active gateway within specific timeout option in seconds like Gateway Failover timeout.

    There should be an option for Gateway Failback timeout.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Enable SPF protection on transparent mode as well as current MTA mode

    Enable SFP email protection in transparent mode.. with the phishing these days, it only makes sense (not just MTA mode as not everyone can use this efficiently or if they have additional anti-spam measures on their own mailserver.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. restrict file upload by extension type

    XG Firewall should have an option for restricting file upload by extension type.
    this would really help in protecting the confidential data

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Internet Surfing Quota Notification for Users

    If a user finished his internet surfing quota Warn / notify the user with a redirected message that your daily internet surfing quota has been finished.In old web filtering technology have the same function and sophos should include this also to reduce the risk of administrator.Requesting to sophos to fix this issue in next patch update and it is not available in the version XG210 (SFOS 17.5.4 MR-4-1).

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Implementation LLDP/CDP

    The implementation of LLDP/CDP would help to recognize and present the product in automated network documentation.

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Unique traffic-shaping rules per WAN interface

    If an XG has 2 WAN interface; say fiber and LTE, it would be wonderful to be able to have different application based traffic shaping rules.

    e.g.

    When the primary fiber WAN is active, I want VOIP to be prioritized.

    When the primary fiber WAN fails and the XG switches over to backup LTE WAN, I want VOIP to be prioritized, Backup-traffic&File-transfers&Youtube&Spotify&Twitch&etc. to be blocked, and general HTTPS to be throttled.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  18. Sophos SSL client login before windows login

    I would like to auto login sophos ssl vpn before windows login like cisco anyconnect to enable remote user get connectivity AD for password resat..

    3 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  19. DNS https

    DNS over HTTPS or DNS over TLS
    I know there is a feature request for DoT already but id like to add to that request by asking for the option to choose DoH or DoT?

    4 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add

    If a user finished his internet surfing quota Warn / notify the user with a redirected message that your daily internet surfing quota has been finished.In old web filtering technology have the same function and sophos should include this also to reduce the risk of administrator.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 89 90
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.