XG Firewall
Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.
-
Need Bulk Users Upload Features (Hight Important )
I don't know what is logic of behind that they have removed the Bulk Users upload Feature.
really Bizarre, in this new MR -4 firmware they not provided this feature as well.
Sophos is not fulfill the customer satisfaction, also not provide alternative solution.
They force customers to use whichever they provided.could you add 100 users every week manually ?
2 votes -
Please add back the Drop Silently feature
Port 80 and Port 443 can’t be silently dropped by the firewall & logs incorrectly report traffic as “Accepted.” Even traffic that is "Dropped" gets a response form the firewall.
Firstly this is nonsensical. After weeks of back and forth Sophos support told us this is the intended behavior. Sadly this behavior makes the log files misrepresent the action taken, all traffic that get a "Drop" action shows as "Accept" in the logs.
Secondly it removes the first layer of protection. Normally we use "Drop" to silently hide from unwanted traffic and potential attackers, this "new feature" Sophos added eliminates…
2 votes -
connect user portal
Even if LDAP server authentication is configured, Sophos Connect users have to login to User Portal one time before connect thru VPN.
Connect's Users must be can connect without doing login to user portal before.Regards
1 vote -
Add NordVPN to application control
Our client is asking to block NordVPN, unfortunately there's no NordVPN to application control.
3 votes -
Responsive HTML5 Client
I suggest a responsive HTML5 Web Admin UI and User Portal UI. This allows having a more lightweight UI in general and reduces effort for the XG dev team in scripting. For the users / customers a HTML5 UI would result in a more flexible and faster user experience, especially when they use different sizes of screens the Web Admin UI can adapt through a responsive design to the different resolutions.
2 votes -
Include clientless access logs in the messages sent by syslog reporting service of the XG FW
Hello,
We are using clientless access VPN to allow remote VNC sessions.
XG firewall realease is : SFOS 18.0.3 MR-3
In order to create dashbords for clientless activity and bookmarks usage correlated with data from other systems, we need to centralize clientless activity logs from the XG FW to a global log server.
On the XG firewall, we configured syslog for all logs but we were unable to receive logs for clientless detailed sessions. They are visibly not handled by syslog.
The only way to access the logs is to read the /log/clientlessacces.log file directly, or to download it…1 vote -
Gateway failover notification
Gateway failover notification required by mentioning ISP name in subject line as in ver18 getting in mail body only
2 votes -
Gateway failover notification
Gateway failover notification required by mentioning ISP name in subject line as in ver18 getting in mail body only
0 votes -
Please chage category of site https://bg.as51430.net
bg.as51430.net change category to proxy or none, as in customer enviournment due to this site psiphon is establishing, its current cat. is Personal sites
1 vote -
Mouse over / Tooltip when editing IP Host Groups
When editing (add or review) IP-Host Groups it would be really helpfull if you could see at least the IP address of the IP Host in a tooltip when hovering over it with the mouse.
1 vote -
Prevent Authentication Requests from Computer Accounts
We are seeing issues with NTLM/Kerberos authentication where the device name is authenticating with Sophos XG vs the user. It seems to be that some Microsoft services are causing this and it is causing blocked web access.
Ideally, it would be nice to see an option made available where you can filter out or prevent Sophos from Authenticating computer objects/devices in AD, and only to authenticate user objects.
1 vote -
make live changes on service rule to enable port forwarding
allow making editable the services rule in hosts & services option while the rule is live.
As if the site is live and we want to allow a new port on the server then we have to take it down first from the firewall rule then need to go to the services option and then it will allow us to change after that we are able to add the new port in ruleIt's not proper way if we want to take down our live site for a few min it will bad impression on business
1 vote -
vpn alternatief connectoinpoint
We use a XG firewall and two internet gateway to have a redundant internet access.
This works fine; when one of the internet connectons has a failure we work through the other internet connection.
However our remote workers connect to a VPN url which is linked to one of the internet connections. Redendancy can be created by third party solutions as DynDNS.
Why not an alternative remote gateway solution in de VPN client.
When the specified gateway is not reachable then try to connect to an alternative one.
A solution as this creates redundancy for VPN without the dependancy of…1 vote -
SSL VPN Public Key Authenication.
Allow Public Key authenication method for XG SSL VPN clients. It would also be a bonus if keypairs could be generated within the GUI rahter than CLI.
1 vote -
Netflow data over IPsec VPN
Netflow data can travel on Ipsec vpn.
1 vote -
Granular VPN Report
I would like to see the XG VPN report yield a detailed view of each successful connection and the duration of said connection (similar to the UTM's remote access logs). We currently get a detailed view of failed attempts, but an aggregate of the successes per user.
This is required for compliance purposes.
2 votes -
Qos Queue monitor
Hi,
I am in the process of trying to convince the manager that the Sophos XG is not causing any delay in Video Voice communication. To do this I would need to bit of information. The size of the QoS queue so I can show the voice queue remains low. The time it takes to process traffic through the Sophos XG, or time to process traffic through each QoS Queue.
So it would be great to have a feature that monitor, reports on processing time of packets through the Sophos XG and Size of QoS queues.
Thanks
3 votes -
Bulk Users Upload feature Removed
How strange, shocking…..
Now Sophos has removed ths bulk users upload feature in this MR18 Version. This was a good feature in my previous firmware so i could be easily uploaded 100 of users at the time. Can you tell me why removed this feature?It is a campus and 100 students are admitted in a new batch every week, I want to upload 100 new users so how do I do this?
Do I have to do this manually? Can you do that ?We are planning to go back to the previous version to avoid more issue
Sophos…
1 vote -
RED as Software-Device-Image (for vmWare / HyperV)
Is it possible to publish the RED devices as a software image (for example for vmWare and HyperV)?
We have use cases in PaaS- / IaaS areas in which such a scenario would be very practical.3 votes -
Granularity on Networking Configuration
Hello!
Sophos SFOS v18+ brought with it the ability to set the MTU size of the Sophos RED, internal interface.
This now allows you to fix the inability to load websites through a separate zone wireless over a RED tunnel. However, there are is still some addition performance I can get out of it when override other values using the "Advanced Shell".I'd like to see the ability of overriding the MTU size of all interfaces - inclusive of Separate Zone WLAN interfaces, which you could override on Sophos SG.
4 votes
- Don't see your idea?