XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. tls verification errors must be logged

    As long as you open a https page via browser you may see that there is an ssl verification error and xg did block traffic.

    as tls verification is also implemented in FTPS (Scan FTP for Malware) you wont get any message on fails, you just can imagine that traffic won't pass because of an tls error.

    same if https is use by applications e.g. internal software updates

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Disable default bridging

    When setting up XG 17.5 for the first time, all unconfigured interfaces are bridged with LAN :-(

    VERY annoying, because when you want to disable the bridge, you need to unbind one interface, assign a new ip on the unbinded interface and assign LAN zone to that interface. The you can switch port to the new interface and login to remove the bridge. NOT GOOD.

    When bridge is needed, we can easily configure it, when doing it from port 1 ourselves ;)

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. Reporting: Virus Detection Email Alert

    Please give us the option to automatically send an email alert to the admins, when a user visits a website that has a virus detection. I think this is the best way to get quickly imformed about an security incident. Not maybe a week later via reports.

    13 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  4. Advanced NAT options for firewall rules

    I have seen multiple forum posts about this and there's also some feature requests that all come down to the same issue: managing NATs kind of sucks on the XG!

    On a user rule, the only thing we can do is masquerade. That's not always useful. There's no way to control DNAT and SNAT options in a good way. We don't have a proper way to set up a 1-to-1 NAT for a full network other than creating two business rules that are really not made for this purpose. It's completely unintuitive and not well designed.

    The Network Address Translation…

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Edit a service object that is in use without removing it from rules

    Ability to edit a service, like changing port numbers on a service, that is in use in multiple business rules. Currently you can't change udp from port 9000 to 9001 and it update in the business rules it applies to. You have to remove the business rules first to edit the service or create a new service. This is a much bigger process. As an Admin I want to click the service, edit change, done. We are not end users, were are admins.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. DNat Rules By Schedule

    You should enable the option to add a schedule to a rule DNAT

    25 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. NAT Policies can only be edited/created when Creating a FW Rule

    In Cyberoam you had a separate section to create/edit NAT Policies. It looks like the only place is when you are creating the FW Rule itself.
    You can not
    * rename the NAT Policy
    * delete a NAT Policy
    It would be good if this was available in a section/tab (rather then hidden with a FW Rule)

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Time base restriction on business application rules on XG firewall

    Time base restriction on business application rules on XG firewall for external to internal traffic

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. allow exclusions for certificate validation

    for Web Protection it would be good to have the option to download / exclude certificates for certificate Validation (Block invalid certificates in General Settings).
    the setting like we have in SWA is missing in XG: http://wsa.sophos.com/docs/wsa/webhelp/swa/tasks/ConfigGlobalPolCertValidAddFromWeb.html

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Filter firewall rules by IP or Host or Group name

    When a user clicks on the "Enable Filter" link on the Firewall page, the user should have an option to filter rules by IP address or Host object or Group object. It shouldn't be this difficult to find the rule I'm looking for in the UI.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Nat on different Tab not on firewall rules

    Nat on a different TAB, like SG version,
    It will be great to use and categorize rules by selecting NAT SNAT,DNAT,1:1 NAT.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Backup File Encryption

    Encryption of File, needed especially when emailing backups

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow IPv6 address on VLAN interface

    Currently unable to add an IPv6 address to a VLAN interface when the physical interface doesn't have an IPv6 address.

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Quota Time in actions (Policy Web Protection)

    add the option Surfing Quota in actions in the policies of the web protection as already exists in the UTM

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Firewall rule group description can't be deleted

    If you enter a description in a firewall rule it can't be deleted. Once you remove the description, save it and reload the page the description re-appears. This is a bug which is still present in 17.1 MR1.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Do we have the SNMP V3 Services in Sophos XG FW ?

    I want to configure the SNMP V3 Services in FW but no option is there..

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  17. Zero Firewall Rule Traffic Counter

    Very simple, have an option to zero the traffic counter on a firewall rule.

    87 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. custom SPX template HTML

    Pls add a possibility to upload custom SPX templates as html files (like in UTM)

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Delete/Disable several Firewall rules at once

    Not possible to delete or disable several rules at once.

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Fix Windows Update Bug

    Any chance of Sophos fixing the Windows Update bug sometime this century? Almost a year old now.

    https://community.sophos.com/kb/en-us/127554

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.