XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Port 80 and Port 443 is not blocked by the firewall

    In default configuration without any workaround Port 80 and Port 443 is not block;
    That behaviour is also there when you enable an explicit drop rule;

    Instead of blocking the traffic the XG Firewall says on both web Ports "Hello I´m a Sophos XG Firewall". The behaviour is the Proxy function and It is there by design.
    (The behaviour is also from outside)

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add "Microsoft Team Foundation" to Application Control

    Please add Microsoft Team Foundation application to Application Control.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  3. 1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  4. surfing quota

    Sophos XG's time based quota works on logon time and session. When a user logs on to a machine the session will start and the quota will be triggered.

    If a user has granted web surfing Quota of Daily 1 hour Cyclic and he logons his PC at 9:00 hrs then his quota will expired at 10:00 hrs whether he has used Internet or not.

    As per the support team this is not possible right now and suggested a feature request.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. ECC certificates

    XG Firewall should accept ECC certificates

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. make firewall rule interface user friendly (Cyberoam like)

    Please take a look at the development of the firewall rules interface.
    This is far from being great and user friendly.

    Do like the cyberoam interface, automatically group rules by source zone & destination zone. I know you've created "groups" to do this but this is not sufficient at all.. (Already moving rules over an hour to different groups, firewall with 100 rules and 8 zones)

    Despite above, also make your groups user friendly.
    Bulk actions to move rules to group, the "add to group list" is not ordered A-Z

    But I'm really hoping you take a look at the…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. TLS (SSL) Encrypting remote syslog

    The ability to encrypt SYSLOG traffic would be very handy, this would need to be alongside a similar ability in iView so that there needn't be a VPN required to do the encryption for you when you have an offsite, central logging host.

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  8. Natting should be made simpler

    Natting should be made simpler asit was in cyberoam before auto rule creation and port nating. doing this in XG os is a task and not at all user friendly

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. 1 to 1 Subneted NAT

    for any firewall that´s is used in a corporation, it must implement 1 to 1 subnet to a subnet NAT.
    in fact allowing traffic in both sides.
    for security is uses a firewall Policy.

    As it was in UTM, NAT is a must in any circumstance. Administrators must have more flexibility to implement any type of NAT, they must not be tamed by the type that firewall forces them to use.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow me to change the MTU/MSS of RED Devices

    This was previously possible in UTM. Disappointing that I can't tweak this for performance since it uses predominantly UDP...and UDP fragmentation is a big problem in our world of oversold connections.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. SD-WAN

    SD-WAN

    186 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Web Category and Reputation Override like UTM

    On UTM we have the Web Category and Reputation override. This can help to add additional URL/Domains to proper category so even the reports match. On XG this is not possible. I guess this feature should not be so hard to implement. I really like the XG web section. Thanks

    35 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Display "allowed client networks" on firewall nat/business policy and UI improvements

    Hello,

    at the moment if you have a NAT rule in place for example 3389 to an internal server and you restrict the rule to a specific IP list. in the main firewall view you cannot see that the rule has any source restrictions unless you go into the rule.

    this can take 1 minute task of checking all your rules for security polices and make it a 1 hour task.

    it would be great if the firewall page used the entire screen and displayed more information for each rule so you never have to go into a rule to…

    47 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Request To Add the application Mobile Legends to be availablel under application filtering of Sophos UTM and XG

    Request To Add the application Mobile Legends to be control under application filtering of Sophos UTM and XG

    Customer is requesting to add the games mobile legends under Application Control on Sophos UTM and Sophos XG

    Application: Mobile Legends
    Publisher: https://www.mobilelegends.com/
    Reason for request: This is Game is not filtered on Sophos SG and XG Application Control

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  0 comments  ·  Application Detection Requests  ·  Flag idea as inappropriate…  ·  Admin →
  15. Sandstorm / IPS scanning

    Sandstorm will only scan HTTP on TCP 80 and HTTPS on TCP 433. The IPS/IPD system within the XG system should be proactive and understand when a HTTP/HTTPS transactions are happening and allow Sandstorm scanning.

    We have many web servers within our DMZ and they can use non-standard TCP ports for their connections. This means a large percentage of files are not being processed by Sandstorm.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. DHCP

    Goto Admin-GUI, Network -> DHCP -> Edit DHCP -> List "Edit static IP / MAC-Assignment".

    The Input-Fields in the Columns for Hostname and IP-Adress are to small. If I enter the value 192.168.178.100 in the IP-Input-Box, an you see only the first 1 from 100, because the Text-Box truncates the value. IP-Adresses have a standard length, so please expand the input fields.
    Right from the table is enought white space to make the table wider.

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Per-policy control for SafeSearch

    Please provide the option to enable/disable Safe search and youtube restricted mode per policy.

    In schools we need the ability to enable/disable the safesearch and youtube restricted mode based on the policy for individual user groups rather than globally while at the same time as having web category filtering.

    For example we would like to turn safesearch mode and youtube restricted mode off for certain staff groups but while maintaining the category filtering, where as students we want safesearch and the youtube restricted mode on at all time.

    88 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    13 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow SSL site to site and Remote access simultaneous

    SSL tunnels are excellent for remote use as well as site-to-site, but XG currently is limited to only one of them functioning at any one time. this should be changed!

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Email Notification Delivery Flexibility & Encryption

    I'm running v17 and it seems real lite in the flexibility on how email notifications are delivered.

    There should be an option to delivery to an MTA via Authenticated/Encrypted SMTP with just a username and password, who can use certificates with most providers? In UTM I simply gave it all of my account information along with the address and it worked beautifully!
    Please bring that back!

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Give name for interface

    It should be possible to give a name to an interface. I have over hundread VLAN interfaces configured for one of our customers and it is pain ********** to try to figure out that amount of VLANs without knowledge of their names.

    79 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.