XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Enable "Maximum login limit" Group wise

    There is only two options we have to set "Maximum login limit" i.e. globally and individually. What if we have to set this for only particular group in which there is so many users. It's hard to set "Maximum login limit" for too many users for a group. So please provide the same option for group.
    Thank you.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Cyberoam  ·  Flag idea as inappropriate…  ·  Admin →
  2. L2TP VPN - Enable OTP

    We have purchased XG firewall for our customers in order to further secure their VPN tunnels by implementing OTP in addition.
    They have been using L2TP tunnels created using the native VPN provided with Windows 10 - very convenient and easy to use and also supports IPsec PSK's too.
    However, XG firewall DOES NOT support L2TP when enabling OTP / MFA.
    OTP works fine with the portal and enables syncing the OTP generator, but does not need the OTP pin when connecting the L2TP VPN - i.e. L2TP VPN continues to work as before.
    I was trying to avoid installing…

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  3. Disable Static assignments in DHCP server

    With some devices requiring the management or network creation to be on the same network, having to delete and recreate static assignments for specific management devices each time is quite a chore. Being able to disable a static assignment in one network so the device can be enabled in another network would be of great assistance. When using IPv6 recreating a static assignment is difficult at the best of times.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Multiple VPN gateway for Sophos connect

    In instances where thousands of users need to connect to the company network especially now that a lot of users are WFH . It would be great to utilize multiple ISP links available when connecting to the company network. This will enable for creation of different profiles for different company sections while at the same time eliminating the single point of failure

    12 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  5. bypass snort application recognigtion per rule

    Please add the ability to bypass ips/application regognigtion per rule, when performance is needed. even without applied ips rule, snort is analysing the traffic for application control, which result in a performance impact.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  6. bypass snort application recognigtion per rule

    Please add the ability to bypass ips/application regognigtion per rule, when performance is needed. even without applied ips rule, snort is analysing the traffic for application control, which result in a performance impact.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  7. Custom report download in PDF & HTML in one go

    Dear Team,

    In PDF & HTML, we can only download the report page by page only which is very time consuming and also not the right way to export the data.

    In CSV format above requested format is available but it should also be with PDF & HTML option so that on one go we could export the data in single file.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow Edit of SNMP Manager Port in XG v18x

    Cyberoam and SFOS v17x you can change SNMP Manager port from default 162
    Please allow in XG SFOS v18x to make this similar change for compatibility.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Where used option for IP host and/or FQDN host

    In the UTM on "Network Definitions", you can click on a network and with the "blue I" from information option, there was information where the selected network is used in which configurations.
    Even the modification time/date was visible.
    For purpose to keep the systeem nice and clean, i would this option again in the XG version.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. pppoe light touch configuration

    Currently there is no option in the light touch configuration for an interface type of pppoe. As a result I cannot deploy XG firewalls remotely to locations with DSL connections. Please add this feature.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  11. Own CCL definition on Sophos XG

    Email protection and DLP on Sophos XG is possible use just with Data control list based on predefined dictionaries (CCL - content control list).

    Could you add support for definition of the own dictionary/CCL (based on keywords and regular expression)?

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Change request for SFOS 18: Diagnose, Tools, Ping through VTI tunnel

    I was wondering if in one of the next MRs in SFOS 18 it was possible to include one or both of the following changes:

    Including the VTI interfaces in the pull-down menu options for PING diagnose
    When pinging with an internal interface, letting the ping go through the routing tables including routing through VTI interfaces


    • In policy-based IPsec it is possible to configure system-traffic to go through the IPsec. When these settings are correct, then a ping from the LAN to an address configured in the system-traffic rules is routed through the IPsec.
      With VTI IPsec, this doesn't work.…
    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Improve sample submission page

    I have list of many suspicious URLs but our Sophos products XG, Endpoint & Central Email categorize/filter/handle them differently. If all these products use same URL categorization DB it will be helpful for all of us.

    In many cases Sophos Labs doesn't know URL belongs to which category and we have to keep submitting them constantly this is tedious process in which we are helping Sophos to becomes stronger and Sophos is making this process lengthy & difficult to submit. There should be an easy way so that we too can contribute faster.

    > Submit a FalsePositive mail should from…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Sophos XG does not send quarantine digest for outboung emails

    Sophos does not send a quarantine digest if an outbound email is quarantined by antispam. I checked antispam engine for outbound traffic by using the gtube string. My Outbound message has been quarantined as expected. I am not notified about that issue. So my users are not able to recognize that important Business email are not delivered.

    I opened support case 03082732 for that behaviour. They told me:

    “Regarding the quarantine summary digest for the outbound emails, right now this feature seems not be supported on the XG.”

    Please improve quarantine digest.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. VLAN bridge support in MESH network

    Currently in XG v18 VLAN bridge in MESH newtwork using APX appliances is not supported.
    This feature does exist in current Central Wireless.

    Please support it also in XG.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. RA VPN enhancements

    VPN agent must have functionality:
    > Scan/read OS patch status, version.
    > AV agent name, version.
    > Windows FW & Defender status.
    > Logon history tab, so that user will know who and when was previous logon done from their system, agent must also fetch from NGFW, is there any other user logged in from same account from a different machine. This also helps in identifying unauthorized logon attepts.
    > Diagnostic tab on VPN agent similar to XG for TShoot.
    > Dark Theme UI.
    > If multiple ADs are configured and those ADs have diferent domains then VPN agent must…

    18 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  17. MIME-Type recognition is sometimes wrong!

    I analysed MIME-Type recognition and found that MIME-Type recognition is not working proper. As example, DOCX-files are recognized as "application/msword". The right MIME-Type of DOCX-files is "application/vnd.openxmlformats-officedocument.wordprocessingml.document".

    I already opened a support case with request number 03058060 and got this answer:
    "Yes, the MIME recognization from XG for .docx is under applications/msword"

    So please change MIME-Type recognition, that it serves the MIME-Types, which are listed here:
    https://docs.microsoft.com/de-de/microsoft-365/compliance/supported-filetypes-datainvestigations?view=o365-worldwide

    or here:
    https://developer.mozilla.org/en-US/docs/Web/HTTP/BasicsofHTTP/MIMEtypes/Commontypes

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Utilize the weight value for WAN failover order of priority to become active

    Hello Team,

    We have customer here requesting to Utilize the weight value for WAN failover order of priority to become active. For your assistance please. Thank You

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Utilize  the weight value for WAN failover order of priority

    Hello Team,

    We have customer here requesting to Utilize  the weight value for WAN failover order of priority. For your assistance please. Thank You

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. change vlan base

    Please make it possible to move existing VLANs to another base interface without the need of deleting/reconfiguring. Almost every other manufacturer allows that and it really helps when we have to temporarily build a network on ports other than the ones that will be used in the end.

    20 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.