Keep the XG flexible by starting cronjobs. Crontab would be great!28 votesDeclined · AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
This is an old item that has little information or activity. Please resubmit if this is still an issue, with more information about how this would be of value.
Requirement is Allow remote session and denied file transfer over Team-viewer application.
Refer the case id : 74866016 votesDeclined · AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
No activity for some time so closing. Please re-submit with more detail if still required.
The web category "Sexually Explicit" contains alot of mis-categorizations. The system admin generally uses this category to block sites. It would be better if there was a category named "" itself, with the all the websites that are absolutely **** oriented rather than vaguely explicit contents.3 votesDeclined · AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
It’s always difficult to know where to draw the line with content of this nature, and we find that most organizations will block any explicit content. If you see examples of sites that you think have genuinely been miscategorized, please submit those examples here, using ‘Submit a Site’ secure2.sophos.com/en-us/support/contact-su..
The ultrasurf proxy restriction in XG firewall gives false response. The log viewer indicates that the application is being denied while the user is bypassing all the policies with a simple extension in chrome browser. It would be better if it rather said allowed than give false information.8 votes
Products such as Ultrasurf try a number of different connection methods to circumvent firewall-level blocking. We log the methods we see and block, but if Ultrasurf goes on to attempt a method that we do not yet detect, it may get through. Because we didn’t recognize it as Ultrasurf, we cannot log it as a successful Ultrasurf connection.
Please add Support for SFOS-Images to the UTM Smart Installer.
Thank you very much.4 votes
I have configured user authentication from AD to access the internet. In present firewall is automatically logged out the user if the user is inactive for some time (same told by Cyberoam technician). So remove this feature or make an option for this for users to logged in continuously.5 votes
No further information provided.
I would like to include this on XG Firewall the Policy Checker, Time Schedule customization, and Total number of user per AP9 votes
Please limit your suggestions to one feature per post.
Please note that XG v17 included a Policy Test feature for Web and Firewall policies.
It is already possible to customize Time Schedules on v17 – Go to System > Profiles > Schedule
Option to select 2 or more wan ip in a business rule8 votes
Business rules and NAT are changing with version 18. Check to see if your use case is satisfied with the new release. If not, please re-submit with more detail.
Please use McAfee website databases from UTM again!
Please vote this feature!22 votes
Sophos is working to continually improve the URL categorization in XG Firewall, as we believe that this is the best way to protect our customers going forward. If you have specific requests or requirements for our URL categorization please submit them as separate ideas.
Current activity should have CTA option in authenticated users filter
As we are able to see login method as CTA which are logged in through STAS(Client less SSO),
Also current activity showing users method as SSO for CTA auth. user(its an issue as showing different types) and if we apply filter to check SSO user is not working
SO best Idea is for you to have a option as CTA in filter to check
960166 14244 votes
Declined as no activity for some time. Please re-submit if it is still relevant.
I want to add a https bookmark that will take the user to my internal vmware horizon html access landing page.
The clientless access bookmark is a dynamic url and currently the XG is unable to intercept the request and rewrite.
I am requesting that development create a regular expression to capture these types of requests.4 votes
HTTPS bookmarks have been removed from XG firewall.
Need to make change in sophos group policy , In that i need option for making policy for group.
When i select match group option by default that policy should be apply for group.3 votes
In XG we have chosen to move to a more straightforward method of making security decisions. Rather than having decisions spread across several sections of the product, all are handled directly from within firewall rules. This is largely an improvement over Cyberoam, and we will work instead to improve the current implementation, rather than moving to a more spread out model.
Please make us able to deactivate size Limit in Realtime scanning mode.
Please vote it!18 votes
Please unlock Sandstorm for XG home but please let sophos xg be a free software!41 votes
Unfortunately there are significant costs associated with running the Sandstorm service that make it uneconomical for us to provide it free for home use.
Few remote locations does not have neither ILL ISP nor Broadband ISP. Customer asks for SIM Slots in hardware appliances, which as of now not available.7 votes
The current model, where USB devices from local cellular provides can be connected to a firewall, is much more scalable and sustainable.
Safe Search runs on the windos devices seamlessly. And some customers want to exclude android or ios devices. They dont want to install the certificate on their personal or mobile .
IP/MAC host associated can be problem for the customer who has lots devices.
And some of them do not want their IPs to leave in another rule
So I think It would be nice to have a setting so that it can be applied separately for devices
( for more info >> https://community.sophos.com/products/xg-firewall/f/web-protection/89648/safe-serach )5 votes
It is no longer necessary to use HTTPS decryption in order to enforce SafeSearch, so the problem of mobile devices without an organizations CA certificate should not be an issue any longer.
Furthermore, in v17.5 we have moved SafeSearch configuration into Web Policy.
If you still want to support device-specific policy configurations, there are other existing idea requests on this forum you should consider supporting.
It would be amazing if Sophos added support for this WLAN USB NIC.9 votes
Customer would like to allow Text for Whats App but blocks the block download & Upload of Images,video & audio8 votes
Not possible because of WhatsApp’s encrypted protocol
There is an issue blocking .dll extensions causes problems with websites that use ISAPI.dll on their URL. Sample scenario web policy containing a block for System files which include dll on file type when enable is blocking the URL for ebay http://my.ebay.com.au/ws/eBayISAPI.dll?MyEbay&gbh=13 votes
This is working as expected, and unfortunately, changing it would result in more problems than wold be solved by the change. You may create exceptions for the few sites where you find this to be a problem.
Ability to report on downloaded and uploaded executables (.exe, .bat, .ps1) for each user, which website.6 votes
Check out Central Firewall Reporting, which is currently in EAP but will be release soon. It will provide much more flexible reporting options.
- Don't see your idea?