XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. new firewall rule is immediatly active; default should deactivated

    new firewall rule is immediatly active; default should deactivated

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. Display Gateway configuration of rule in the Firewall page

    On the general Firewall page where you see a list of all of your rules, it would be nice to see what the gateway configuration is for each rule. Since the multipath routing occurs in the firewall rule itself it would be very helpful to get an overall view like you can get in the Multipath Rules tab located in UTM.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. Traffic Graph

    need to create traffic graph destination domain/IP wise. also want custom real time traffic report and filter by IP or domain

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  4. Inline WAF

    1) WAF is not supported when deployed inline.
    2) WAF not supported if NAT/traffic is not terminated on the firewall

    Ticket reported : [#7882861] WAF requirment

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Request-URI Too Long

    Add option to change the accepted string length for the API XML call to avoid the error:

    Request-URI Too Long

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. log

    Include an option for any graph or event to drill down into the associated log entry. Currently, clicking on graphs or event charts in the UI takes us to a report page that's only somewhat helpful. I want to be able to jump to the logs for any event I choose so I can see the details of what went on. Seeing graphs and charts doesn't help me get to the root of an event or issue.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. IPSEC VPN aggressive mode use preshared keys.

    When I upgraded the version to 17.03 MR 3, VPN ceased to connect.

    I am troubled because I can not use preshared keys in aggressive mode.
    Certificates can not be used due to problems with opposing equipment.
    Please make sure to use preshared keys in aggressive mode.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Make Support Access function more useful

    Make support access function more useful so enabling SSH and WebGUI access from WAN for every support request is not needed anymore.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. External IPS engine

    The IPS function can be expanded with external engines. For example, Suricata. This will be of great significance at that time, when many artificial intelligence-based IPS modules will be developed by more teams. I think many of them are open and free. There is a possibility in the firewall to use these as well.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Increased security

    Dear Support!

    Please let us know down all the files (ISO, GPG ...) MD5 checksums.
    I think this is very important. You should not download anything until it has been publicly released on the forum. At a new release, it must always be there from now on. I think it should not be downloaded until it is resolved. In the firewall system, there should be an option to not be required to remove the updates from the cloud. (IPS Rules, Virus Definitions ... Other). If you think you trust Sophos, but not in the cloud service provider, you can completely…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Exporting Logs all to a storage device such as an External HDD

    Exporting Logs all to a storage device such as an External HDD

    We have XG 210. Our requirement is to store the logs for at least couple of years. However, the device only has 100 GB of space. When the logs exceeds 100 GB size the device starts deleting the logs. Instead we need to transfer the Logs to another external storage device. We would need the logs for analysis at a later date. Not able to storage the logs forever is a very disappointing.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  12. Enhancement Required on both CROS for iNG-XP appliances and SFOS for XG Appliances

    Dear Team,

    I am Pankaj Lohar , Tech Lead - Network & Security Design / Implementation and my Company is BMG Informatics Pvt. Ltd. We are IT System Integrator and IT Service Provider India based company.

    I am writing this mail as I got so many calls from customers requesting some Enhancement.

    Enhancement required on Cyberoam Firmware Version 10.6.6

    1) We can not send Guest Users Username and Password to guest user's mail id.

    2) On application control if I search for a particular application signature under individual search then it shows so many application signatures but we can not…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Declined  ·  0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Syncronized Security without Sophos Cloud on own hardware

    Possibiltiy to make a own environment for the Syncronized Security on our own hardware, to use it without Sophos Cloud like a management-server for communicating XG with Endpoint.
    Thanks.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Synchronized Security (Heartbeat)  ·  Flag idea as inappropriate…  ·  Admin →
  14. whitelist for safesearch

    It would be nice if a particular URL can be exempted from Safesearch.
    A whitelist for safesearch would be appreciated.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Improve Network Visibility

    Can i recommend you further improve Network Visibility of the XG / SG devices by incorporating a Day-Glow orange stripe on the outside of the hardware? I'm certain this will improve visibility, especially in darkened server rooms.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add VPN tunneling for services such as Private Internet Access

    Add VPN tunneling for services suck as Private Internet Access. All other firewalls support (pfsense, untangle)

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  17. save username/password in ssl vpn login dialog

    Would be nice to be able to have a checkbox to save username/password for Sophos SSL VPN client, as this was before in Cyberoam SSL VPN Client. Optional. also Start with Windows (autostart) checkbox would be nice too.

    60 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    20 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Firewall on a Raspberry Pi

    Unix got where it is by being offered free to universities. More recently the very powerful Mathematica package has attempted a similar route by offering it free on the Raspberry Pi. A clever move - it allows people to play with it and discover its versatility without jeopardising sales of the full product to people who need its full power, only realisable on a high-end CPU.

    If you offered the firewall free as a Pi image it would sell the concept, give home users a device which was useful yet low enough power to leave on 24/7 (unlike an old…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Change Hostname

    It would be nice when changing the hostname in the Sophos XG webgui it will be also changed in the OS-System. Actual only the application changes it for certificates, but the Operating System ist still localhost. This looks confusing in the ESXi virtual maschine overview.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Make this work for on premise!

    Make Hearbeat work for on premise installations with a local SFM and Endpoint. The traditional customers wont't update to cloud if Sophos FORCE them.

    The customer must have a choice - do I want it in the cloud or in my own datacenter.
    We're loosing them.....

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Synchronized Security (Heartbeat)  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.