XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. SSL Site To Site VPNs between SG and XG

    When you want to migrate customers from an SG to an XG Firewall one of the hardest issues come when you can't establish SSL site to site VPNs between SG (Astaro) and XG when the SG is the master.

    Why can't the EPC files be compatible?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  2. Enable the Function for SSL VPN with SecurID RSA Authentication

    Please enable the function so that the SecurID RSA authenticationable to work with the XG Firewall, and this is due to previous Cyberoam Firewall able to support, but when come to SFOS unable to support due to protocol issue.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  3. SSL Site to Site VPN option "use as default gateway"

    When I create the SSL VPN Site to Site Server, possibility to configure "Use as Default Gateway"

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  4. VPN user Restriction

    Hi, If we have configured 40 VPN user ID under one group in Sophos XG, however we want only 4 users able to login at a time. We want to restrict VPN user access.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  5. Create field (source = Allowed client networks) to perform source control in establishing an SSL VPN.

    Create field (source = Allowed client networks) to perform source control in establishing an SSL VPN.

    Example:
    * Access the VPN from any source IP (any)
    * Access the VPN only from an IP / Network.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  6. okta

    We use Okta as SSO portal for all our web applications. Would be great to be able to add a link to our Sophos XG User Portal and pass users straight in from Okta.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. Dual Tunnel AWS VPC VPN Connection

    We are looking to have both of our tunnels show that they are connected to our AWS VPC site-to-site VPN connection, but from what I can see online it only appears that one tunnel can be active at a time. This would be ok if the XG firewall could make both Connected, but only one active. The issue is that we get alerts from AWS that one of the tunnels is down, so we don't really have confirmation as to if there might be an issue with the other one, or not.
    We are using the Failover Group so they…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  8. Reverse Route Injection

    Please Add a feature Reverse Route Injection as what Cisco ASA has for I can advertise on our SOPHOS XG 310 the networks known via IPSEC to OSPF dynamic routing protocol.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  9. The sophos connect client cannot select a bridge or no IP interface as the service interface

    When I was using SOPHOS Connect Client of XG firewall, I entered the configuration content and clicked application
    My firewall is bridged behind the gateway and switch (port1 area wan; port2 area LAN; IP address is given to the bridge port after wan bridging)
    However, I noticed that in the sophos Connect setting, only port2 port (area wan) can be selected as the VPN interface and bridge port cannot be selected, while port2 port has no IP state and shows NA. I suspect there is something wrong with this place
    Therefore, I tried to do the experiment, and configured a…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  10. SSL VPN Insecure

    I have Installed SSL-VPN to users and provided userid and password to users.With this Userid and password users can install in their Personal laptops aswell.This is a top notch security Sophos has not clarrified or checked.As we are using DHCP even with IP we cant able to create a firewall rule,My suggestion that there need to be a specific configuration to add Device MAC id to configure VPN.Please getback on this

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  11. MAC address binding with SSL_VPN users machine

    Hi,
    We have configured SSL_VPN clients. I require settings like user can allow to login or install agent in specific given laptop only. Users should not allow to login SSL_VPN in any other machine.
    Can you please help me to do settings like this

    Thanks

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  12. Mobile (Portable) RED

    It would be fantastic to have a portable Wireless RED, such as a Netgear AC800S https://www.netgear.com.au/home/products/mobile-broadband/hotspots/AC800S.aspx with RED functionality. We could install this in our fleet vehicles where our officers have an in car computer and run it off of 12V. It would also help with staff who think its too hard to VPN into the network when abroad, to simply have the single device which gets them back to our network.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  13. SSL VPN (remote access) - edit options / advanced config - for .ovpn files

    Hello Everyone

    We should be able to edit some of the options of the .ovpn file

    Right now I need to manualy edit theese two options a lot in the .ovpn file directly:

    comp-lzo no -> yes (so SMB traffic does work)
    route-delay 4 -> 0 or 1 (so the route are set faster and remote ressources can be accessed immediatly)

    When there are a lot of users this is a lot of work as every user generates its own .ovpn file

    It would be really nice if this could be set for everyone on the XG UI or trough…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  14. XG SSL VPN MAC Restriction

    XG210 FW

    To allow MAC binding for SSL VPN (remote access) in order to increase security and allow users VPN connection from specific machines (e.g. company laptops only) - as VPN client could be installed in different machines without such restriction. I called tech support and confirmed that such feature is not available for XG eventhough the function is there but it doesnt work when registering MAC address.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  15. pre-shared key

    In XG, when the pre-shared key of one IPSec tunnel is changed, it affects all the tunnels. This problem was there in Cyberoam also. Kindly work to get rid of this behavior in future firmware releases.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  16. Option to Download Sophos Connect Client and Config from LAN / WAN IP

    Option to Download Sophos Connect Client and Config from LAN / WAN IP

    Enable Option, where we can configure the Sophos Connect Client and .scx file to be downloaded from Public IP. Something similar to the way it is for Sophos SSL VPN client.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  17. Increase idle timeout to 24 hours for SSL VPN remote users

    Currently the idle timeout for SSL VPN remote users is only 1 hour at maximum. Please increase it to 24 hours or longer as an option. We have remote users that run data sync through the VPN session for long hours and we do not want the user to be cut off because of a mere one-hour idle time. I'd imagine this is a relatively simple code change and has no negative effect on anything? Please help.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  18. IPsec Load Balancing

    IPSEC Site to Site Load Balancing. This is for me must have option. UTM had it and I dont know why there is no Load Balancing on XG.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  19. IPsec Load Balancing

    IPSEC Site to Site Load Balancing. This is for me must have option. UTM had it and I dont know why there is no Load Balancing on XG.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  20. IPSec with IP Range and List Type

    Establishing an IPSec between two XG devices and adding IP or Network is fine. But try adding an IP Range or a IP List. You are able to create it (and can see it later in Hosts and Services) but there is no way to choose it as a local or remote address type.

    This is quite confusing and shouldn't be there in the first place if it serves no purpose.

    Cheers.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.