XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Conexão Múltiplas SSL VPN

    I noticed that when I am connected within the company, and if I try to connect the SSL Client it allows, the right thing was not to allow, as it can loop the network. A call was opened and the only solution is by MAC, but it becomes impossible to do this for everyone, I have to register one by one, it would have to be a simple solution, to identify that if it is connected to the local network, do not let the SSL Client connect VPN.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  2. HTTP option for Guest User Self Registration Page

    The captive portal has an option to run in HTTP. But the self registration page by default shows up in HTTPS.Is there any way to make it work in HTTP?I want to avoid any certificate errors.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Cyberoam  ·  Flag idea as inappropriate…  ·  Admin →
  3. Current Activities: Add column for Hostname - only shows IP-address in v18

    Under Current Activities (e.g. Live Connections) only the IP-address is shown.

    This often requires navigating to different sections (e.g. DHCP) to hunt down the hostname.

    Efficiency would be greatly enhanced if a column were to be added showing the hostname.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  4. SFTP for log files

    Add SFTP support under the connection options, so that files (particularly log files) can be downloaded from the XG on the LAN interface, so that they can be analysed off-system. It is a real inconvenience to try and do detailed searches of the log files while on the console. Not everyone has a syslog server.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Remote reboot of a RED device

    Provide an option to reboot a RED device from the XG web GUI. Currently, the only way to reboot the device is to go to the site and power cycle the unit.

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  6. Remote reboot of a RED device

    Provide an option to reboot a RED device from the XG web GUI. Currently, the only way to reboot the device is to go to the site and power cycle the unit.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. Network List

    Under IP Host, it would be great to have a Network List feature where we can add multiple networks, similar to IP List (which only allows for IP address' and not Networks).

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. SD-WAN Support Forward Error Correction (FEC)

    Forward Error Correction (FEC) is a mechanism to recover lost packets on a link by sending extra “parity” packets for every group (N) of packets.

    Forward Error Correction (FEC) is a technology that is well known for its ability to correct bit errors at the
    physical layer. However, this technology can also be adapted to operate on packets at the network layer to improve
    application performance across WANs that have high-loss characteristics. With packet-level FEC, network equipment
    can reconstitute lost packets at the far end of a WAN link, avoiding delays that come with multiple round-trips
    retransmissions. This enables WANs…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. MD5 checksum for SFOS  

    MD5 checksum is not listed on the download site in the Hardware Installers and Virtual Installers of Firewall OS for XG Series.

    MD5 should be written like SG from the viewpoint of security and installation failure.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow multiple DNS records per ip

    it would be great to be able to manage multiple host on the same IP while creating a DNS record on the Sophos XG.

    Right now we se the gateway as a DNS server and creating more than 100 records is no cool.

    Allowing the use of wildcard would be even better.
    *.domain.com A 192.168.0.1

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Option to load Balance with IPsec VPN

    Option require on load Balance with IPsec VPN

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  12. VPN icon is red even though 1 of 2 VPN connections to a site is up

    Since it's bad practice to use failover groups on both sites of a VPN tunnel, one side (without failover group) shows a red VPN icon in the dashboard. For example - one side can have 2 WAN connections and the other side has 1 WAN - so 2 tunnels are created for failover.

    It would be nice if we can still incorporate these multiple tunnels to the same site in a group, so that as long as 1 is online, the VPN icon doesn't turn red. Maybe if we can add both sides to a failover group, but toggle failover…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  13. Virtual domain

    Dears ,

    We need to have a Virtual domain in our XG firewall like in Fortigate & Palo alto . because sometime this feature kick us out from competition

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. EnterpriseGuard License

    Dears ,

    It will be awesome if you make a change in your subscriptions EnterpriseGuard by adding email protection to be anti-spam like in Fortigate in this way Sophos will be more flexible to meet customer requirements . When customer asking about subscription with anti-spam and not full email protection we can provide EnterpriseGuard by this way we will be more competitive . but if the customer look to full email and WAF then the FullGuard will be choise

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. XG hard drive

    Dears ,

    I'd like to suggest one thing regarding hard drive SSD . if it is become more flexible . i mean if we can change the SSD hard drive on the firewall according to the customer requirements

    Because sometimes the firewall throughput's being acceptable but the customer be restricted to specific size of SSD this caused lost a lot of projects against other competitors

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. WAN DHCP Option 60

    Most ISPs in Europe require you to use a DHCP Option on the WAN Interface in order to use your own Router or Firewall.

    If this can't be done on the Sophos XG it is useless to me and a lot of other people, which would be a shame.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Policy setting

    The very purpose of the Cyberoam firewall is defeated as the Cyberoam does not/cannot prevent users from setting a weak password. The Cyberoam should prevent users from setting weak password. Also, admin shoul be able to set complex password policy.

    Secondly, the user should be allowed to reset his password after the first logon. Why should the admin know the users password? The admin can assign the password initially. However, when the users logs in for the first time using that password the user should be able to change his password so that it is known only to him.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Cyberoam  ·  Flag idea as inappropriate…  ·  Admin →
  18. 802.1x

    XG already has 802.1x for AP authentications, but it can't be used as a client. Many ISP's (specifically AT&T) use 802.1x client on their supplied CPE with priority vlan 0 tagging to authenticate.
    UTM can replace the vendor-supplied CPE by adding a wpa_supplicant, but you don't have the kernel-level control on XG as you do on UTM. Sophos would have to add this feature to XG.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  19. Do not add "Cache-Control: no-cache" to header when publishing web through WAF with form autentication

    Do not add "Cache-Control: no-cache" to header when publishing web through WAF with form autentication. It was discussed in support ticket #9847958:
    "According to the development team, Header "Cache-Control: no-cache" is set by reverse proxy for pages protected by reverse form authentication. This is necessary because requesting protected pages must be checked against the origin server."

    When publishing web with no autentication or with basic authentication, it is OK and no caching is affected.
    All webs published with form auth are extremly slow because all requested items (jpg, css, script, ...) are transfered from XG every time user clicks or…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. SMTP Quarantine/Reject/Drop based on keyword/ip address

    Currently in MTA Mode you only have the ability to block inbound spam based on email address of FQDN. Having the ability to block by keyword and or ip address would be a significant gian. We curerntly get 20 od emails a day from "Famous Parts" all different email domains. If we could block "Famous Parts" or IP these would be siginificantly reduced.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.