XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. L2TP VPN - Enable OTP

    We have purchased XG firewall for our customers in order to further secure their VPN tunnels by implementing OTP in addition.
    They have been using L2TP tunnels created using the native VPN provided with Windows 10 - very convenient and easy to use and also supports IPsec PSK's too.
    However, XG firewall DOES NOT support L2TP when enabling OTP / MFA.
    OTP works fine with the portal and enables syncing the OTP generator, but does not need the OTP pin when connecting the L2TP VPN - i.e. L2TP VPN continues to work as before.
    I was trying to avoid installing…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  2. Multiple VPN gateway for Sophos connect

    In instances where thousands of users need to connect to the company network especially now that a lot of users are WFH . It would be great to utilize multiple ISP links available when connecting to the company network. This will enable for creation of different profiles for different company sections while at the same time eliminating the single point of failure

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  3. RA VPN enhancements

    VPN agent must have functionality:
    > Scan/read OS patch status, version.
    > AV agent name, version.
    > Windows FW & Defender status.
    > Logon history tab, so that user will know who and when was previous logon done from their system, agent must also fetch from NGFW, is there any other user logged in from same account from a different machine. This also helps in identifying unauthorized logon attepts.
    > Diagnostic tab on VPN agent similar to XG for TShoot.
    > Dark Theme UI.
    > If multiple ADs are configured and those ADs have diferent domains then VPN agent must…

    17 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  4. IPSEC interface tunnel is hided on LAG port

    When I established IP Sec tunnel Interaface with LAG on WAN, they can't show Virtual Interface of IPSEC tunnel. Please update to show ít on LAG port.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  5. IPSEC interface tunnel is hided on LAG port

    When I established IP Sec tunnel Interaface with LAG on WAN, they can't show Virtual Interface of IPSEC tunnel. Please update to show ít on LAG port.

    0 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  6. RED Tunnel Sorting improvements

    Please improve numbering and allow sorting and filtering of RED tunnels so that they are no longer listed in the order of 1, 10, 11,100,101, 102,..., 198, 199, 2, 20, 200, ...
    When I list my REDs on 17 it is by tunnel ID sorted similar to above.

    When I look at the sorting in version 18.0.1, it shows the Branch Name, the tunnel ID is now invisible, but, the hidden tunnel ID is still the information that RED's are sorted by.

    You could add leading 0(s) to the 1 and 2 numbers numbers and show the Tunnel ID in…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. sophos connect

    Can we've an option to integrate AD with Sophos Connect same as SSL VPN?

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  8. users using ssl vpn have to use IP address when modem\phone resolves to ipv6 ip address

    users using ssl vpn have to use IP address when modem\phone resolves to ipv6 ip address

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  9. The SSLVPN connection using Sophos SSLVPN Client with ARM based Windows PC

    To whom it may concern,

    Regarding the SSLVPN connection using Sophos SSLVPN Client,
    we would like to request that you let it work with ARM based Windows PC like Surface.
    If Sophos SSLVPN Client comes to be compatible with TLS1.3,
    will the Sophos SSLVPN Client work with ARM based Windows PC?

    Sincerely,
    Takashi

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  10. Consolidated report for SSL VPN Last login

    Dear Team,

    We are looking for the consolidated report for SSL VPN last login from Sophos XG firewall which is currently not there in the firewall. This report will help the administrator to alter the user list which are inactive since long time. Hence kindly get this implemented in the firewall.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  11. CN Network Monitoring (LAN) - If the interface fails, start IPSEC over WAN

    Many Customers have a CN Network to connect different company location. The CN network is a LAN interface.

    What do we want?
    If the Sophos XG detects a problem with a LAN interface, automatically starts a ipsec tunnel over the wan interface.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  12. lan ipsec

    Many Customers have a CN Network to connect different company location. The CN network is a LAN interface.

    What do we want?
    If the Sophos XG detects a problem with a LAN interface, automatically starts a ipsec tunnel over the wan interface.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  13. q in q

    Hello All,

    I'm writing from in Turkey and I'm a technical guy.

    In our country, we need Q-in-Q or using same Vlan in two braches.

    For Example , The customer is using Vlan 100 ( 10.1.100.0 / 24 ) and They wants to use same Vlan their other branches.

    Is there any roadmap about this solutions on the SD-RED ?

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  14. Conexão Múltiplas SSL VPN

    I noticed that when I am connected within the company, and if I try to connect the SSL Client it allows, the right thing was not to allow, as it can loop the network. A call was opened and the only solution is by MAC, but it becomes impossible to do this for everyone, I have to register one by one, it would have to be a simple solution, to identify that if it is connected to the local network, do not let the SSL Client connect VPN.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  15. Remote reboot of a RED device

    Provide an option to reboot a RED device from the XG web GUI. Currently, the only way to reboot the device is to go to the site and power cycle the unit.

    15 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  16. Remote reboot of a RED device

    Provide an option to reboot a RED device from the XG web GUI. Currently, the only way to reboot the device is to go to the site and power cycle the unit.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  17. Option to load Balance with IPsec VPN

    Option require on load Balance with IPsec VPN

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  18. VPN icon is red even though 1 of 2 VPN connections to a site is up

    Since it's bad practice to use failover groups on both sites of a VPN tunnel, one side (without failover group) shows a red VPN icon in the dashboard. For example - one side can have 2 WAN connections and the other side has 1 WAN - so 2 tunnels are created for failover.

    It would be nice if we can still incorporate these multiple tunnels to the same site in a group, so that as long as 1 is online, the VPN icon doesn't turn red. Maybe if we can add both sides to a failover group, but toggle failover…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  19. Broadcast Routing on Bridged Inteface

    I would like to configure the multicast forwardin on a Bridge interface.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  20. ip sla for high latency failover

    we need ip sla feature for high latency fail over while we using two links if one link goes to high latency we need to switch over to secondary link automatically.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 11 12
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.