XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Block Notification Page Should Be Secure

    When a user should be seeing the block notification when they hit a web protection rule, instead they get a security warning from the browser. According to support "As XG is only rewriting the content of the webpage on the blocking and not rewriting the URL itself that is why you are seeing certificate error on the block page." This happens even though we have a valid public certificate set up on the XG.

    So if a user is trained correctly, they will not bypass the security warning and will never see the descriptive block notification. This should be corrected.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →

    A browser will only accept an HTTPS connection if it believes it has come from the server it was trying to connect to. It is necessary to create a certificate that looks like it comes from the server, just like we do for HTTPS decryption. This will only be trusted if the client device trusts the certificate authority that is installed on the device for HTTS decryption. In version 17.5 we introduced an option where we will just drop the connection instead of trying to connect and return a block page. This avoids the security warnings, but the user just sees a dropped connection.

  2. Integrate a Yara Engine rules on IPS

    Integrate a Yara Engine rules on IPS

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Integrate NTOPNG or similar funtionality into SFOS

    There is a Linux utility called ntopng https://www.ntop.org which is very good at identifying and classifying network traffic at high speed. If you could integrate this into SFOS it would be a very powerful tool.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Declined  ·  0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. let Web-mail category include all it's URL

    the problem started when I wanted to allow only webmail to a specific group of users

    most of webmail servers use generic URLs for their authentication.

    the problem is that those URLs are categorized as (search engine, dynamic DNS & ISP, etc...)

    it will be very helpful if you can add those specific URLs as part of the webmail category
    as you can't access the webmail without them.

    thanks in advance for your help and cooperation.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Option to select which page to load after logon

    The control center page which appears upon logon with the graphs, stats, and sfos update popups can take a very long time to load on lower end hardware such as xg105's. Working with 50 of these becomes time consuming. A configurable setting to select which page is the default after logon such as Administration, Firewall, Network would be helpful for those of us who don't need the control center every time.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. Sandstorm Activity Explanation

    sandstorm dashboard and sandstorm activity. Please provide gui explanation on what shows up in sandstorm dashboard and sandstorm activity page. Currently it doesnt explain what, needs further explanation. NC-36722

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  7. Create template for Business Application Rules

    When some Business Rules are being configured, it would be helpful to have the possibility of create a template for a rule. In order to optimize the troubleshooting.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. misbehaviour of Sophos box on port no 443 and 80

    Hi Team,
    I am observing this issue with both Cyberoam and Sophos. I am able to telnet to any fake IP with port number 80 and 443 from any newly created firewall rule. It is so funny that SOPHOS support team is not able to provide a proper answer.Issues escaleted to Global support team but even they are saying that is the way the firewall should work. Pathetic.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Declined  ·  1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Complete

    Create complete(!) backups. There are many things missing in the Backup i.e. SPX-Text Mail-Qarantine.

    There are also Bugs in Backup. When restoring a full backup some Groups and Hosts getting new Names (like old Name was: 'group' new name was 'group_123'

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Server behind the firewall goes down you get a notification on mail or through SMS.

    The server behind the firewall goes down you get a notification on mail or through SMS. This feature is not available in Sophos XG firewall.

    Thanks

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Declined  ·  1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  11. Let the admin can use deny-all to be as default

    Let the admin can use deny-all to be as default when creating a new one. it will be helpful to block all ports and IPs not only mentioned APPs.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  12. Routing table does not show IPSEC networks

    The CLI command 'route' does not show IPSEC networks.

    SFOS 17.5.0 GA

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Report Enhancement

    I suggest a search feature right from the Report menu, IP, username, domain name, port number, all traffic incoming or outgoing, there is nothing more troubling than having to click on 20 hyperlinks to find what you are looking for. Not to mention a competitor, but loved Sonicwall reporting just not their support.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  14. internet schema

    I want to Internet Schema feature on Sophos XG firewall.
    This features is very useful but it was removed on a new UTM. Therefore I don't want to upgrade my Cyberoam aappliance to Sophos XG Firewall

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Declined  ·  0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. "Data limit (Traffic Shaping) reached contact administrator" intimation needs its pop-up to be displayed in front of screen or in "Client A

    Client Authentication Agent pop doesn't display in front of current screen.
    But instead of that can we get a notification in task bar application icon mentioning "Data limit has been exceeded contact administrator".

    If this is not possible can we have a trigger inform of email, message etc mentioning your data limit has only **mb or customized option for the same.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. 4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Time based report for port forwarding

    Time based report for port forwarding

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  18. Business Application Rule Change Destination Port

    When you select Change Destination Port and enter a value, the tick box should remain if you go and enter/edit the rule again. As it is at the moment the tick box is removed and its not clear that the destination port is what you have enter (previously). And if you wish to change back to the default port (then you would just remove the tick box), as it is atm you have to enter that port by selecting change destination port

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. fqdn

    FQDN host instant reverse lookup for rules, so they work first time, or periodic update of DNS cache for FQDN hosts. We see an issue with round robin style FQDN hosts not being picked up on a rule. The first IP attempt is not resolved and the correct rule doesn't get applied, however the next attempt is from another IP address which doesn't trigger the rule either, it's only once the round robin has gone all the way round that the rule works properly. For example we found this with Exchange Online, using IPs 65.55.88.X for SMTP, the rule wouldn't…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →

    The way DNS works, what you suggest is not plausible. It’s not always possible to retrieve all hosts that are configured for DNS round-robin in one go. It’s also not feasible to do reverse DNS lookups for IP addresses in real time without a huge impact on performance. We will continue to look for other ways to make this kind of feature more effective where we see major gaps.

  20. Firewall rule display

    In the default view, Business Application Rule do not show Source Hosts. Not even when you hover over the field. Cyberoam UI does show this handy and import information. You can see at an instance if you have the rule open to all or restricted to certain host/networks.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.