When a user should be seeing the block notification when they hit a web protection rule, instead they get a security warning from the browser. According to support "As XG is only rewriting the content of the webpage on the blocking and not rewriting the URL itself that is why you are seeing certificate error on the block page." This happens even though we have a valid public certificate set up on the XG.
So if a user is trained correctly, they will not bypass the security warning and will never see the descriptive block notification. This should be corrected.1 voteDeclined · AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
A browser will only accept an HTTPS connection if it believes it has come from the server it was trying to connect to. It is necessary to create a certificate that looks like it comes from the server, just like we do for HTTPS decryption. This will only be trusted if the client device trusts the certificate authority that is installed on the device for HTTS decryption. In version 17.5 we introduced an option where we will just drop the connection instead of trying to connect and return a block page. This avoids the security warnings, but the user just sees a dropped connection.
Integrate a Yara Engine rules on IPS5 votesDeclined · AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
There is a Linux utility called ntopng https://www.ntop.org which is very good at identifying and classifying network traffic at high speed. If you could integrate this into SFOS it would be a very powerful tool.3 votes
the problem started when I wanted to allow only webmail to a specific group of users
most of webmail servers use generic URLs for their authentication.
the problem is that those URLs are categorized as (search engine, dynamic DNS & ISP, etc...)
it will be very helpful if you can add those specific URLs as part of the webmail category
as you can't access the webmail without them.
thanks in advance for your help and cooperation.1 voteDeclined · AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
This is not often practical because, as you say, they are used for other services as well. Blocking them on networks where you want to block webmail will prevent a lot of other services working as well.
The control center page which appears upon logon with the graphs, stats, and sfos update popups can take a very long time to load on lower end hardware such as xg105's. Working with 50 of these becomes time consuming. A configurable setting to select which page is the default after logon such as Administration, Firewall, Network would be helpful for those of us who don't need the control center every time.1 vote
It’s not necessary to wait for the Control Center to load before navigating elsewhere on the UI.
sandstorm dashboard and sandstorm activity. Please provide gui explanation on what shows up in sandstorm dashboard and sandstorm activity page. Currently it doesnt explain what, needs further explanation. NC-367222 votes
This will be changing significantly in v18. We think we have made it a lot clearer and more informative.
When some Business Rules are being configured, it would be helpful to have the possibility of create a template for a rule. In order to optimize the troubleshooting.3 votes
Business Application Rules will change significantly in version 18.
I am observing this issue with both Cyberoam and Sophos. I am able to telnet to any fake IP with port number 80 and 443 from any newly created firewall rule. It is so funny that SOPHOS support team is not able to provide a proper answer.Issues escaleted to Global support team but even they are saying that is the way the firewall should work. Pathetic.1 vote
Create complete(!) backups. There are many things missing in the Backup i.e. SPX-Text Mail-Qarantine.
There are also Bugs in Backup. When restoring a full backup some Groups and Hosts getting new Names (like old Name was: 'group' new name was 'group_123'3 votes
Please submit issues that you believe to be bugs through support.
The server behind the firewall goes down you get a notification on mail or through SMS. This feature is not available in Sophos XG firewall.
Let the admin can use deny-all to be as default when creating a new one. it will be helpful to block all ports and IPs not only mentioned APPs.1 vote
This is how the firewall already functions. Unless you add ‘Allow’ rules, everything is blocked.
The CLI command 'route' does not show IPSEC networks.
SFOS 17.5.0 GA5 votes
I suggest a search feature right from the Report menu, IP, username, domain name, port number, all traffic incoming or outgoing, there is nothing more troubling than having to click on 20 hyperlinks to find what you are looking for. Not to mention a competitor, but loved Sonicwall reporting just not their support.1 vote
We are planning a new Cloud-based reporting capability which will provide more flexibility than is possible with on-box reporting.
I want to Internet Schema feature on Sophos XG firewall.
This features is very useful but it was removed on a new UTM. Therefore I don't want to upgrade my Cyberoam aappliance to Sophos XG Firewall1 vote
"Data limit (Traffic Shaping) reached contact administrator" intimation needs its pop-up to be displayed in front of screen or in "Client A
Client Authentication Agent pop doesn't display in front of current screen.
But instead of that can we get a notification in task bar application icon mentioning "Data limit has been exceeded contact administrator".
If this is not possible can we have a trigger inform of email, message etc mentioning your data limit has only **mb or customized option for the same.1 vote
Client Authentication Agent is being deprecated.
Would love to give feedback on SFM where it's appropriate4 votes
We are no longer accepting feature requests for SFM.
Time based report for port forwarding4 votes
When you select Change Destination Port and enter a value, the tick box should remain if you go and enter/edit the rule again. As it is at the moment the tick box is removed and its not clear that the destination port is what you have enter (previously). And if you wish to change back to the default port (then you would just remove the tick box), as it is atm you have to enter that port by selecting change destination port1 vote
We have changed the way we handle NAT in version 18 so this suggestion is no longer relevant. Thanks for taking the time to submit.
FQDN host instant reverse lookup for rules, so they work first time, or periodic update of DNS cache for FQDN hosts. We see an issue with round robin style FQDN hosts not being picked up on a rule. The first IP attempt is not resolved and the correct rule doesn't get applied, however the next attempt is from another IP address which doesn't trigger the rule either, it's only once the round robin has gone all the way round that the rule works properly. For example we found this with Exchange Online, using IPs 65.55.88.X for SMTP, the rule wouldn't work unless I used IP hosts instead. Also the fact that they are stored in the volatile cache and get flushed at reboot time just means that FQDN hosts become next to useless after a reboot.
FQDN host instant reverse lookup for rules, so they work first time, or periodic update of DNS cache for FQDN hosts. We see an issue with round robin style FQDN hosts not being picked up on a rule. The first IP attempt is not resolved and the correct rule doesn't get applied, however the next attempt is from another IP address which doesn't trigger the rule either, it's only once the round robin has gone all the way round that the rule works properly. For example we found this with Exchange Online, using IPs 65.55.88.X for SMTP, the rule wouldn't…1 vote
The way DNS works, what you suggest is not plausible. It’s not always possible to retrieve all hosts that are configured for DNS round-robin in one go. It’s also not feasible to do reverse DNS lookups for IP addresses in real time without a huge impact on performance. We will continue to look for other ways to make this kind of feature more effective where we see major gaps.
In the default view, Business Application Rule do not show Source Hosts. Not even when you hover over the field. Cyberoam UI does show this handy and import information. You can see at an instance if you have the rule open to all or restricted to certain host/networks.1 vote
Business Application Rules are being replaces in version 18.
- Don't see your idea?