XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Disable HTTPs Interception based on client software that starts the request

    At first i think Sophos does a great job, but i have one realy missing feature.
    Actual the most traffic in the Internet is HTTPS based, because of that scanning is mandatory.
    But the XG Certificate that we import on the Client is oonly valid for request that are opend from a browser like Firefox; IE or Chrome.
    On the client itself i see more and more Software that does her own requests and do not use the browser engine. This software does her on Checks if the Certificate from the HTTPs site is what they expact, and they have…

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  2. Category based surfing quota

    We have a request about surfing quota based on a specific category or categories. Right now, this is fuction is available for the general internet but not for a specific category. For instance, we need to restrict the users for accessing to social network websites about an hour a day. After they fill one hour allowance to social networking sites, they will not be able to reach to social networking but they will be able to use their usual internet usage.
    This function is available for other firewall brands and it is really necessary for some customers. I hope you…

    31 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. create a dns host with a underscore

    Currently you're not able to create a DNS host with an underscore, while it's perfectly legal to use an underscore in DNS entry.
    This minor change would be helpful.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Firewall rule display, filter options and rule move option.

    Firewall rule display, filter options and rule move option.

    instead of showing all rules, it can be by default categories by zone to a zone which gives more easiness to find any rule.

    It would be also great if we can have filter option with selection for Application filter, nat, gateway, load balancing.

    Also, there should be an option to show/hide used data by an individual rule which it shows by default now.

    Something simillier to Cyberoam Firewall Rule view would help an administrator lot.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add NO-IP as Dynamic DNS Provider

    Please add noip.com (formerly ddns.net) to your list of supported dynamic dns providers. I have used them for years with a Sonicwall and now find out I can not use them on my new Sophos fw. Just renewed a three-year contract with noip.com, so I hate to throw that money away on a alternative provider.

    21 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Dynamic DNS Providers  ·  Flag idea as inappropriate…  ·  Admin →
  6. Separating “YouTube Restricted Mode” from "Enable SafeSearch" feature

    Separating YouTube "Restricted Mode" from "Enforce Safe Search" option in XG Firewall would allow much more flexibility for customers.
    YouTube "Restricted Mode" is currently just too “restricted” (not usable) and customers should have possibility to turn it on or off without impact on SafeSearch.
    On the other side, SafeSearch is very useful feature that customers would probably have always on.

    97 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Select Culomns options

    Would be nice if there would be a select culomns option for e.g. firewall rules views (and others). Mainly I am interested in send/received data information per fw rule.
    Cyberoam UTM has this, nice feature.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. MTU sizes above 1500

    Allow the XG to increase the MTU size above 1500. Sophos SG has this capability. Our ISP requires setting MTU higher than 1500 MTU. What happens when we need to support jumbo frames on our LAGs?

    56 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. firewall rule edit

    For SFOS V17-Beta

    While in V16.05 Firewall Rule, we were able to EDIT the Rule by clicking on main Rule page directly but in V17 need to click on "..." Icon then need to edit,clone for firewall rule, please keep this as same was there in V16.05.

    12 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Captive Portal Timeout for mobile devices and workstations same value

    We spend more than one month with Sophos support for finding a timeout problem with Captive Portal and mobile devices (Android and iOS) because we ONLY set the timeout option under "Web Policy Actions for Unauthenticated Users (Captive Portal)", but we had to change to option at "Web Client Settings (iOS, Android and API)" also, but nowhere is any info about that. Please change the timeout time for mobile devices also, when I change the value under "Web Policy Actions for Unauthenticated Users (Captive Portal)".

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. header

    I would like the ability to add a header to sections of the firewall policy rules to easily separate rules for/by specific purposes.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Authentication: Configurable RADIUS timeout

    Repost from the UTM ideas board. This needs to be in XG as well. As it stands, if a Radius policy requires an MFA action, the login process does not wait long enough for users to respond. Because we have no control of the timeout during login for the admin portal, user portal, and SSL VPN, it renders Radius based MFA useless. This in turn makes XG and UTM an impossible sell for clients that mandate the use of MFA, which is increasingly in demand. Help us help you Sophos!

    71 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Disable web caching by default on XG firewalls

    Nowadays it is very rare to use web caching given the speeds/bandwidth of todays networks. This feature is on by default on the XG firewall - most products no matter the vendor has this option disabled.

    Caching often causes issues more issues than benefits and can often break webpages and is something overlooked.

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add Active Directory in XG using Domain Name instead of only IP Address

    There was an option in v15 to add AD server using either IP address or the domain name. In v16 this option has been reduced to just IP address which is causing SSL certificate authentication problem when we try to "Validate Certificate" using SSL/TLS connection type while adding AD server in firewall. Kindly bring back the option of joining AD server using its hostname.

    13 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. user agent

    Hello,

    I would like to have our proxy log all User Agent strings and possibly the referrer. This is a great way to see what is making network connections out and helps with root cause analysis. This is also import information when performing incident response.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Initial Installation Pattern update

    When installing a brand new XG series unit, the subscription license services may not yet be available. (In Australia it can take 48 hours to receive the licence information from Sophos).
    After the initial registration you can manually download and install upgraded firmware, but there is no way of upgrading patterns for AP or RED devices.
    This means that while you can configure a base unit for internet access, it is impossible to deploy and configure additional hardware until the subscription licence is valid.

    There should be a way of obtaining pattern updates for external / add-on hardware devices either…

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. web realtime scanning notification

    When I switch the Webprotection Malware scanning mode to Realtime scanning, I dont see any Notification when a Virus is found.
    So maybe you can make it possible to recieve a notification when a Virus is found in Realtime scanning mode.

    61 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    16 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Pption to clear (In:10GB & Out:20GB) of firewall rules, to check newly generated traffic is choosing the right policy or not. OR Rules sho

    Option to clear (In:10GB & Out:20GB) of firewall rules, to check newly generated traffic is choosing the right policy or not. OR Rules should give live session information like how many sessions are going through per rule.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Multiple parameters filter options in Firewall Rules like Source IP, Destination IP, Port and multiple rules IDs selected at once.

    Multiple parameters filter options in Firewall Rules like Source IP, Destination IP, Port and multiple rules IDs selected at once.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Synchronizing PPPoE sessions

    In SFOS version 16.05.4 MR 4, PPPoE sessions in HA mode are not synchronized.
    PPPoE goes down and reconnects when switching occurs from Primary
    PPPoE sessions are not inherited, so there is no point in configuring HA.

    Make sure PPPoE sessions are synchronized.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.