XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enable scripting to XG over SSH

    In our environment, we subscribe to lists of dynamically blocked IPs based on reputation and other factors. This dynamic list is on my system to which every day I must manually go and add or remove these IPs from our blacklist. Conversely, we also subscribe to MSFT O365 dynamic IPs and FQDN that needs to be whitelisted for our services to work. We would like to be able to script these dynamic updates to the appropriate hosts/host groups to make better use of our rules.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. IPv6 Stateful Firewall Bypass like you can for IPv4 using set advanced-firewall bypass-stateful-firewall-config

    Using set advanced-firewall bypass-stateful-firewall-config del sourcenetwork x.x.x.x sourcenetmask 255.255.255.0 destnetwork y.y.y.y destnetmask 255.255.255.0 works for Ipv4 but not Ipv6. Or if you can disable invalid packet blocking on Ipv6. This is especially needed when using asymmetric routing scenarios.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Sophos Connect - AD Group

    Allow users to be granted Sophos Connect access via AD Group rather than just by individual user access.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Seperate Sophos Connect Alerts from IPsec Alerts

    Please differentiate the site to site tunnel alerts from Sophos Connect tunnel alerts. The way it works now is that the same alerts (17801 Established and 17802 Terminated) are generated for site to site IPsec tunnels and Sophos Connect tunnels. I don't need to be notified when a Sophos Connect tunnel goes up/down, but I do need an alert for site to site up/down. The frequency of the Sophos Connect alerts makes it impossible to notice when a more important site to site tunnel goes up or down.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  5. EML to PST converter - Shoviv

    Shoviv EML to PST converter is efficient software to export EML files into Outlook. This software converts EML to PST, and MSG formats. EML to PST conversion tool can also export EML files to Office 365/Live Exchange Server. Shoviv EML to PST converter software provides a safe & secure conversion of EML files. This software supports all version of Outlook & Windows Operating System.
    Software URL= https://www.shoviv.com/eml-converter.html

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. MBOX to PST converter - Shoviv

    If the user wants to export MBOX files into PST, MSG, EML, Office 365, and Live Exchange server then, you can also try MBOX to PST converter from Shoviv which is a reliable solution for MBOX users and convert multiple MBOX files into PST format in one go. The tool supports 20 email clients that support MBOX file format such as Entourage, Thunderbird, Eudora, Seamonkey, Spicebird, Mulberry, etc.
    For more info visit here:https://www.shoviv.com/mbox-converter.html

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. security advisor with recommendations

    there should be an option that would check all security settings with a nice overview as well as recommendations with shortcuts to right place as well as a shortcut to a easy explanation.
    this will tighten security for experts and first time users.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. CN Network Monitoring (LAN) - If the interface fails, start IPSEC over WAN

    Many Customers have a CN Network to connect different company location. The CN network is a LAN interface.

    What do we want?
    If the Sophos XG detects a problem with a LAN interface, automatically starts a ipsec tunnel over the wan interface.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  9. lan ipsec

    Many Customers have a CN Network to connect different company location. The CN network is a LAN interface.

    What do we want?
    If the Sophos XG detects a problem with a LAN interface, automatically starts a ipsec tunnel over the wan interface.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  10. WAF is unable to protect exe file upload

    I am handling XG750 v18 sopohs firewall. WAF is also implemented. but WAF is unable to protect exe file upload in server. IWAFed website should protect to it(i.e. manage custom policy for to allow or deny upload any type of file in server . Even from server side exe upload is allowed, but from WAF it should be turned off.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. q in q

    Hello All,

    I'm writing from in Turkey and I'm a technical guy.

    In our country, we need Q-in-Q or using same Vlan in two braches.

    For Example , The customer is using Vlan 100 ( 10.1.100.0 / 24 ) and They wants to use same Vlan their other branches.

    Is there any roadmap about this solutions on the SD-RED ?

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  12. Increase maximum records as 200 instead of 50 in Mailed report of VPN

    Maximum records are showing only 50 in scheduled mail alert of VPN Logs and due to this unable to get the complete reporting which is imbecile feature if not getting complete report.

    Suggesting to you that increase maximum records as 200 in auto mail alert

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  13. SMTP Quarantine Added Feature: Customizable Quarantine Digest Settings

    The Quarantine Digest (QD) is currently an all or nothing affair short of deciding if individual users receive the QD . There is no setting for individual users to have questionable emails bypass the digest and be delivered directly to them if they do not wish to bother with the extra steps of logging into the User Portal.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Adding IP host and FQDN host using CLI

    Please add a feature to add ip host and fqdn host using cli

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. XG:135 there is reporting constraints in Sophos

    There is reporting constraints in Firewall .At a time only 200 Records can be dowloaded.
    This is affecting for data analysis.Please make some update to download a report at one shot.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  16. XG: move rule to position X by entering new position number

    Changing the order (priority) of firewall rules is currently only possible by dragging and dropping.

    Not only is it exceedingly cumbersome to move a rule this way if there are a lot of rules, is it not always clear where the rule will "land" after dragging it. This unpredictable behavior is unacceptable in many Change Management policies.

    Please add an option to move the rule by entering a specific location.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Currently the following features are not available in the firewall. I hope that these features will be updated in the firewall in the future

    Currently the following features are not available in the firewall. I hope that these features will be updated in the firewall in the future.
    • If internet traffic exceeds the internet plan, the alerts e-mail should be automatically sent to admin from firewall.
    • Currently live internet speeds cannot be checked in the firewall which should happen.
    • If the speed of the internet is less than the plan of the internet, the alert email should be sent automatically to admin from the firewall.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  18. Firmware - 3 slots

    This morning I just updated the firmware. I only had the option to update to the non-active firmware slot. However, that is my FALLBACK firmware. It is (reasonably) stable and most importantly, known and known to work. I wanted to replace the current version of the firmware, but that was not possible.

    Solution: 3 slots required for firmware.

    The first, is the "long term stable" version the user can revert to if needed.
    The second, the current (or active) service release.
    The third, to slot for downloading and running the lastest version that is offered on the website.

    I really…

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. General Customized services extend to icmp

    You can define customized services, for example tcp/udp port from 1:65535 to 4444. Also you can define custom icmp services, but it's not possible choice options out of RFCs. If you want define a ICMP service of type 1 (in RFC type 1 and 2 are unassigned), simply, you can not do it. It's not sense you can define your own service, but a custom icmp service does not be. By definition it is a "custom" not "standard" service.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Support for RFC-5309

    We need "IP Unnumberd" for Internet connection.

    Because
    1.it is very major function on Japan market.
    2.Many competitors have already supported.
    3.It is also useful function for managing network connection on IPv6 environment.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.