XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. SSLVPN authentication by RADIUS Authentication via Active Directory

    Implementation of SSL VPN users on Sophos using RADIUS authentication. The RADIUS server to use the Active Directory to authenticate the SSL VPN request.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  2. SSL VPN client for PC -

    I would like to have the SSL VPN client have the ability to save the username and password as well as an option to start at login or system start up. I have been able to do this manually with services and text file for auth with shortcut, etc but would be much easier built into the software. Most other clients have this and it has not been officially supported nor developed into the app at all. I have been using SG and XG appliances for about 6 years now with no sign of having this added. Thanks in advance

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  3. macOS Sophos connect client paste password

    macOS Sophos connect client paste password :
    It would be cool if we can paster our password in Sophos Client Connect in macOS rather than write manually especially when the password is very strong.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  4. VPN client autoupdate for remote users

    Is there a Sophos idea existing, that the VPN client should be checked for updates when the VPN client dials in ?
    if necessary, automatically updated before the VPN client connects.
    The download is provided by the XG Firewall and the client is up-to-date without admin rights or end user oder administrator intervention.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add the Option to Download Windows 10 Always ON VPN Profiles

    Microsoft supports adding always on VPN profiles to Windows 10, would be great to be able to have an Always ON VPN profile that can be generated and downloaded from the VPN page in WebAdmin on the XG Firewall.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  6. Enable multiple source NAT in IPSEC tunnel

    Currently we are unable to NAT multiple source subnet with single IP on Sophos XG firewall, kindly enable it.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. ssl vpn

    Would like to see an option to create additional SSL VPN profiles based on AD Group membership. Having a single DHCP scope for all SSL VPN significantly hinders the potential of this feature. Being able to place different users into different subnets would allow administrators to tailor firewall rules for each group that better fit a given groups role within the organization. The current system requires I either grant excessive network permissions to standard end users, or otherwise make the SSL VPN completely useless for administrators attempting to address emergency issues remotely.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  8. Want to add option for Two WAN link for L2TP VPN

    Please add a option to select one more Local WAN port in Local Network details, in L2TP remote access VPN tab. As of now its only for one WAN port.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  9. SSL VPN ACCOUNT LOCKOUT

    Similar to the admin lockout screen - it would be useful to block users logging into ssl vpn after x amount of incorrect attempts - either lockout for a predetermined amount of time or what would be awesome would be to lock and allow an admin to unlock.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  10. IPSec Remote Access mode should hand out IP's to Android clients

    We should be able to hand out virtual IP for users on a plain IPSec (not Sophos Connect) by config or by user static remote access IP defined.
    Sophos XG's IPSec configuration does not have the ability to configure "rightsourceip" when setting up Remote Access IPSec connection. With this ability we could use the built-in android IPSec XAuth VPN client and not rely on third party apps.

    [IKE] <AndroidIPSec-1|28> peer requested virtual IP %any
    [APP] <AndroidIPSec-1|28> [IPPOOL] (acquire_address) acquire_address...
    [APP] <AndroidIPSec-1|28> [IPPOOL] (acquire_address) Access Server not provided IP for user: ********
    [IKE] <AndroidIPSec-1|28> no virtual IP found for %any requested…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  11. Mode Transparent/Unifié

    Il manque aux possibilités du RED le mode Transparent/Unifié. En effet pour nos clients Education il n'est pas possible que les accès Internet ne transitent pas par le XG. Si la liaison Internet ne fonctionne plus sur le site principal, il vaut mieux alors pour des raisons de sécurité que les élèves ne puissent plus accéder à Internet.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  12. SSL Site To Site VPNs between SG and XG

    When you want to migrate customers from an SG to an XG Firewall one of the hardest issues come when you can't establish SSL site to site VPNs between SG (Astaro) and XG when the SG is the master.

    Why can't the EPC files be compatible?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  13. Enable the Function for SSL VPN with SecurID RSA Authentication

    Please enable the function so that the SecurID RSA authenticationable to work with the XG Firewall, and this is due to previous Cyberoam Firewall able to support, but when come to SFOS unable to support due to protocol issue.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  14. SSL Site to Site VPN option "use as default gateway"

    When I create the SSL VPN Site to Site Server, possibility to configure "Use as Default Gateway"

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  15. VPN user Restriction

    Hi, If we have configured 40 VPN user ID under one group in Sophos XG, however we want only 4 users able to login at a time. We want to restrict VPN user access.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  16. Create field (source = Allowed client networks) to perform source control in establishing an SSL VPN.

    Create field (source = Allowed client networks) to perform source control in establishing an SSL VPN.

    Example:
    * Access the VPN from any source IP (any)
    * Access the VPN only from an IP / Network.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  17. okta

    We use Okta as SSO portal for all our web applications. Would be great to be able to add a link to our Sophos XG User Portal and pass users straight in from Okta.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  18. Dual Tunnel AWS VPC VPN Connection

    We are looking to have both of our tunnels show that they are connected to our AWS VPC site-to-site VPN connection, but from what I can see online it only appears that one tunnel can be active at a time. This would be ok if the XG firewall could make both Connected, but only one active. The issue is that we get alerts from AWS that one of the tunnels is down, so we don't really have confirmation as to if there might be an issue with the other one, or not.
    We are using the Failover Group so they…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  19. Reverse Route Injection

    Please Add a feature Reverse Route Injection as what Cisco ASA has for I can advertise on our SOPHOS XG 310 the networks known via IPSEC to OSPF dynamic routing protocol.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  20. The sophos connect client cannot select a bridge or no IP interface as the service interface

    When I was using SOPHOS Connect Client of XG firewall, I entered the configuration content and clicked application
    My firewall is bridged behind the gateway and switch (port1 area wan; port2 area LAN; IP address is given to the bridge port after wan bridging)
    However, I noticed that in the sophos Connect setting, only port2 port (area wan) can be selected as the VPN interface and bridge port cannot be selected, while port2 port has no IP state and shows NA. I suspect there is something wrong with this place
    Therefore, I tried to do the experiment, and configured a…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6 7
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.