XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Site to Site SSL manageable via SDWAN Routing.

    As it is right now, SDWan can be used to do routing between Devices that have a definable Gateway. That being said, you need to define a Physical interface and when doing the site to site SSL VPN you cannot use SDWAN routing as the SSLVPN is defined as a virtual interface. Would suggest that improvements are made to the SDWAN routing to allow either defined VPNS to show up as a interface, or allow for all virtual interfaces to show up as a interface along with the physical ones.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Monitor utilization bandwidth for every subnet vlan and create the report or sending to NMS

    Hi Teams,

    In the sophos XG310 we have configured port 11(LAN Zone) & port 12 (WAN Zone) as a member bridge interface.

    We run iftop in advance shell to monitor sample traffic from the src VLAN with subnet x.x.x.x/x that we can see bandwidth usage in interval 2s, 4s & 10s as reference from

    https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/118249/sophos-xg-firewall-how-to-monitor-bandwidth-usage-between-ips-in-realtime

    Can we sent the result of "iftop" traffic monitor to NMS like as prtg, zabbix, OpManagers or etc via snmp ?

    Best Regards,
    Qomar

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  3. ospf

    Disable OSPF MTU mismatch detection

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Radius 802.1x Authentication on RED Ethernet Ports

    Control the Network Access on RED Devices on the Ethernet Ports.

    If deployed in, for example, a home-office I cant control the Network Access for devices that are not company owned devices.

    Right now the only possibility is sophos endpoint, but then I cant use IP Phones or any other non Windows/Linux/Mac device.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  5. SSL VPN able to reach computer devices by computer hostname

    Once connected to SSL VPN, user will still be able to reach internal computer or server by hostname

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  6. User activity connection polling after SSL VPN or Sophos Connect IPSEC

    User activity connection polling after SSL VPN or Sophos Connect IPSEC

    Remote workers with a full TUNEL connection forget to turn off the VPN even though they are done. Consequently, an unnecessary connection is created on Sophos.

    Users who have a Full TUNEL connection with Sophos VPN or Sophos Connect can be notified in the computer application once an hour or at specified periods.

    The connection can be terminated with the user's option of not continuing to work.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. Business Rules needed Schedule Feature

    Business Rules needed Schedule Feature, there is no schedule option available to on and off the firewall specially in WFH environment really requires it.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. 3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Export entire report to PDF

    Would like an option to export all data in a report for a large date range to PDF, instead of only exporting the records seen on screen.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  10. SSL VPN Client Error Disabled State

    SSL VPN client not getting disconnected automatically after internet disconnection. Hence it is going in error disabled state and user has to restart their pc to connect to VPN. It should be disconnected automatically once internet connection goes off.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  11. SSL VPN Client Error Disabled State

    SSL VPN client not getting disconnected automatically after internet disconnection. Hence it is going in error disabled state and user has to restart their pc to connect to VPN. It should be disconnected automatically once internet connection goes off.

    0 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  12. Auto Registration (Authenticaton)

    Self-registtration by emaill address for hotspots would be a good feature.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. L2TP notifications separate from IPsec notification

    Previously, in v17, enabling notification for IPSEC VPN would only send alerts for IPSEC tunnels. Once we upgraded to v18, we noticed that we were receiving alerts when a remote user connects using L2TP too. Ideally more granular alert options are enabled for VPNs, so that we can disable L2TP alerts.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  14. Customize SSL Block notification

    Under Web -> User Notifications, you can customize block and warning messages. This appears to not cover SSL block warnings (eg, invalid cert, etc). It would be great to customize this as I can provide better instructions to user of how to report the issue, etc.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. It is unbelievable that this is not a standard feature - Scheduling Firmware installations

    So I am new to XG, upgrading from UTM. A standard feature of a UTM firewall is to be notified when a firmware upgrade has been downloaded and ready for installation. Then you log in to the firewall and schedule it to be installed and reboot, generally during off hours when no-one is around.

    Why is this not a standard feature in an XG firewall? I guess it is possible to do it in Sophos Central, but did you ever stop to think that there are people that DON'T want to use Sophos Central? I don't allow access to my…

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Enabled/Disable exceptions from the CLI/console

    As O365 exceptions are added/updated, as it is currently, you must log into the firewall, import the exceptions, once that is completed, you must enable each and every one of them manually. If there was a global 'Enable/Disable' slider that would be immensely helpful, as well as a way to enable/disable thru CLI/console option.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow to set a Name or Description in Spoof protection trusted MAC

    Allow to set a Name or Description in Spoof protection trusted MAC

    Protect > Intrusion Prevention > DoS & Spoof Protection

    On the table only show mac address an ip address, it would be nice to relate the FQDN or any kind of description to the mac addres and ip.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Permit to use FQDN as local ACL source

    The idea is to allow the use of a FQDN in the local ACL when adding a rule to allow for example the WAN HTTPS management. The interface only allow IP addresses for the moment.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. chrome sso

    At present the Windows AD domain HAS to use the same domain name as your Google Apps. We have the correct information in our AD Attributes to match against Google but its not held in the "mail" attribute but instead in the "wwwHomepage" attribute.

    My suggestion is to allow us to CHOOSE which AD attribute to use rather than forcing the domain to be the same name on Google and our Local AD.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  20. Traffic Shaping (QoS) improvements

    "Total Available WAN Bandwidth" should be broken down between WAN links, and broken down between upload/download. Many users have multiple links that are not the same speed, and many (most?) users have non-symmetrical links.

    Traffic Shaping bandwidth values should be in kilobits per second, not kilobytes. kbps / mbps / gbps are the industry standard ways of measuring bandwidth, not kBps / mBps / gBps. I see many users on the Community forum making that mistake.

    Traffic Shaping Bandwidth Usage Type can currently be set to Shared. This is great for sharing a Bandwidth Pool across multiple firewall rules, by…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.