XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Need Bulk Users Upload Features (Hight Important )

    I don't know what is logic of behind that they have removed the Bulk Users upload Feature.
    really Bizarre, in this new MR -4 firmware they not provided this feature as well.
    Sophos is not fulfill the customer satisfaction, also not provide alternative solution.
    They force customers to use whichever they provided.

    could you add 100 users every week manually ?

    2 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  2. Please add back the Drop Silently feature

    Port 80 and Port 443 can’t be silently dropped by the firewall & logs incorrectly report traffic as “Accepted.” Even traffic that is "Dropped" gets a response form the firewall.

    Firstly this is nonsensical. After weeks of back and forth Sophos support told us this is the intended behavior. Sadly this behavior makes the log files misrepresent the action taken, all traffic that get a "Drop" action shows as "Accept" in the logs.

    Secondly it removes the first layer of protection. Normally we use "Drop" to silently hide from unwanted traffic and potential attackers, this "new feature" Sophos added eliminates…

    2 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. connect user portal

    Even if LDAP server authentication is configured, Sophos Connect users have to login to User Portal one time before connect thru VPN.
    Connect's Users must be can connect without doing login to user portal before.

    Regards

    1 vote
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add NordVPN to application control

    Our client is asking to block NordVPN, unfortunately there's no NordVPN to application control.

    3 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  5. Responsive HTML5 Client

    I suggest a responsive HTML5 Web Admin UI and User Portal UI. This allows having a more lightweight UI in general and reduces effort for the XG dev team in scripting. For the users / customers a HTML5 UI would result in a more flexible and faster user experience, especially when they use different sizes of screens the Web Admin UI can adapt through a responsive design to the different resolutions.

    2 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. Include clientless access logs in the messages sent by syslog reporting service of the XG FW

    Hello,

    We are using clientless access VPN to allow remote VNC sessions.
    XG firewall realease is : SFOS 18.0.3 MR-3
    In order to create dashbords for clientless activity and bookmarks usage correlated with data from other systems, we need to centralize clientless activity logs from the XG FW to a global log server.
    On the XG firewall, we configured syslog for all logs but we were unable to receive logs for clientless detailed sessions. They are visibly not handled by syslog.
    The only way to access the logs is to read the /log/clientlessacces.log file directly, or to download it

    1 vote
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  7. Gateway failover notification

    Gateway failover notification required by mentioning ISP name in subject line as in ver18 getting in mail body only

    2 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  8. Gateway failover notification

    Gateway failover notification required by mentioning ISP name in subject line as in ver18 getting in mail body only

    0 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  9. Please chage category of site https://bg.as51430.net

    bg.as51430.net change category to proxy or none, as in customer enviournment due to this site psiphon is establishing, its current cat. is Personal sites

    1 vote
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Mouse over / Tooltip when editing IP Host Groups

    When editing (add or review) IP-Host Groups it would be really helpfull if you could see at least the IP address of the IP Host in a tooltip when hovering over it with the mouse.

    1 vote
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Prevent Authentication Requests from Computer Accounts

    We are seeing issues with NTLM/Kerberos authentication where the device name is authenticating with Sophos XG vs the user. It seems to be that some Microsoft services are causing this and it is causing blocked web access.

    Ideally, it would be nice to see an option made available where you can filter out or prevent Sophos from Authenticating computer objects/devices in AD, and only to authenticate user objects.

    1 vote
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  12. make live changes on service rule to enable port forwarding

    allow making editable the services rule in hosts & services option while the rule is live.

    As if the site is live and we want to allow a new port on the server then we have to take it down first from the firewall rule then need to go to the services option and then it will allow us to change after that we are able to add the new port in rule

    It's not proper way if we want to take down our live site for a few min it will bad impression on business

    1 vote
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. vpn alternatief connectoinpoint

    We use a XG firewall and two internet gateway to have a redundant internet access.
    This works fine; when one of the internet connectons has a failure we work through the other internet connection.
    However our remote workers connect to a VPN url which is linked to one of the internet connections. Redendancy can be created by third party solutions as DynDNS.
    Why not an alternative remote gateway solution in de VPN client.
    When the specified gateway is not reachable then try to connect to an alternative one.
    A solution as this creates redundancy for VPN without the dependancy of…

    1 vote
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  14. SSL VPN Public Key Authenication.

    Allow Public Key authenication method for XG SSL VPN clients. It would also be a bonus if keypairs could be generated within the GUI rahter than CLI.

    1 vote
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  15. Netflow data over IPsec VPN

    Netflow data can travel on Ipsec vpn.

    1 vote
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Granular VPN Report

    I would like to see the XG VPN report yield a detailed view of each successful connection and the duration of said connection (similar to the UTM's remote access logs). We currently get a detailed view of failed attempts, but an aggregate of the successes per user.

    This is required for compliance purposes.

    2 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  17. Qos Queue monitor

    Hi,

    I am in the process of trying to convince the manager that the Sophos XG is not causing any delay in Video Voice communication. To do this I would need to bit of information. The size of the QoS queue so I can show the voice queue remains low. The time it takes to process traffic through the Sophos XG, or time to process traffic through each QoS Queue.

    So it would be great to have a feature that monitor, reports on processing time of packets through the Sophos XG and Size of QoS queues.

    Thanks

    3 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  18. Bulk Users Upload feature Removed

    How strange, shocking…..
    Now Sophos has removed ths bulk users upload feature in this MR18 Version. This was a good feature in my previous firmware so i could be easily uploaded 100 of users at the time. Can you tell me why removed this feature?

    It is a campus and 100 students are admitted in a new batch every week, I want to upload 100 new users so how do I do this?
    Do I have to do this manually? Can you do that ?

    We are planning to go back to the previous version to avoid more issue

    Sophos…

    1 vote
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  19. RED as Software-Device-Image (for vmWare / HyperV)

    Is it possible to publish the RED devices as a software image (for example for vmWare and HyperV)?
    We have use cases in PaaS- / IaaS areas in which such a scenario would be very practical.

    3 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  20. Granularity on Networking Configuration

    Hello!

    Sophos SFOS v18+ brought with it the ability to set the MTU size of the Sophos RED, internal interface.
    This now allows you to fix the inability to load websites through a separate zone wireless over a RED tunnel. However, there are is still some addition performance I can get out of it when override other values using the "Advanced Shell".

    I'd like to see the ability of overriding the MTU size of all interfaces - inclusive of Separate Zone WLAN interfaces, which you could override on Sophos SG.

    4 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.