XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Currently the following features are not available in the firewall. I hope that these features will be updated in the firewall in the future

    Currently the following features are not available in the firewall. I hope that these features will be updated in the firewall in the future.
    • If internet traffic exceeds the internet plan, the alerts e-mail should be automatically sent to admin from firewall.
    • Currently live internet speeds cannot be checked in the firewall which should happen.
    • If the speed of the internet is less than the plan of the internet, the alert email should be sent automatically to admin from the firewall.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  2. Firmware - 3 slots

    This morning I just updated the firmware. I only had the option to update to the non-active firmware slot. However, that is my FALLBACK firmware. It is (reasonably) stable and most importantly, known and known to work. I wanted to replace the current version of the firmware, but that was not possible.

    Solution: 3 slots required for firmware.

    The first, is the "long term stable" version the user can revert to if needed.
    The second, the current (or active) service release.
    The third, to slot for downloading and running the lastest version that is offered on the website.

    I really…

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. General Customized services extend to icmp

    You can define customized services, for example tcp/udp port from 1:65535 to 4444. Also you can define custom icmp services, but it's not possible choice options out of RFCs. If you want define a ICMP service of type 1 (in RFC type 1 and 2 are unassigned), simply, you can not do it. It's not sense you can define your own service, but a custom icmp service does not be. By definition it is a "custom" not "standard" service.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support for RFC-5309

    We need "IP Unnumberd" for Internet connection.

    Because
    1.it is very major function on Japan market.
    2.Many competitors have already supported.
    3.It is also useful function for managing network connection on IPv6 environment.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Conexão Múltiplas SSL VPN

    I noticed that when I am connected within the company, and if I try to connect the SSL Client it allows, the right thing was not to allow, as it can loop the network. A call was opened and the only solution is by MAC, but it becomes impossible to do this for everyone, I have to register one by one, it would have to be a simple solution, to identify that if it is connected to the local network, do not let the SSL Client connect VPN.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  6. HTTP option for Guest User Self Registration Page

    The captive portal has an option to run in HTTP. But the self registration page by default shows up in HTTPS.Is there any way to make it work in HTTP?I want to avoid any certificate errors.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Cyberoam  ·  Flag idea as inappropriate…  ·  Admin →
  7. Current Activities: Add column for Hostname - only shows IP-address in v18

    Under Current Activities (e.g. Live Connections) only the IP-address is shown.

    This often requires navigating to different sections (e.g. DHCP) to hunt down the hostname.

    Efficiency would be greatly enhanced if a column were to be added showing the hostname.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  8. SFTP for log files

    Add SFTP support under the connection options, so that files (particularly log files) can be downloaded from the XG on the LAN interface, so that they can be analysed off-system. It is a real inconvenience to try and do detailed searches of the log files while on the console. Not everyone has a syslog server.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Remote reboot of a RED device

    Provide an option to reboot a RED device from the XG web GUI. Currently, the only way to reboot the device is to go to the site and power cycle the unit.

    13 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  10. Remote reboot of a RED device

    Provide an option to reboot a RED device from the XG web GUI. Currently, the only way to reboot the device is to go to the site and power cycle the unit.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  11. Network List

    Under IP Host, it would be great to have a Network List feature where we can add multiple networks, similar to IP List (which only allows for IP address' and not Networks).

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. SD-WAN Support Forward Error Correction (FEC)

    Forward Error Correction (FEC) is a mechanism to recover lost packets on a link by sending extra “parity” packets for every group (N) of packets.

    Forward Error Correction (FEC) is a technology that is well known for its ability to correct bit errors at the
    physical layer. However, this technology can also be adapted to operate on packets at the network layer to improve
    application performance across WANs that have high-loss characteristics. With packet-level FEC, network equipment
    can reconstitute lost packets at the far end of a WAN link, avoiding delays that come with multiple round-trips
    retransmissions. This enables WANs…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. MD5 checksum for SFOS  

    MD5 checksum is not listed on the download site in the Hardware Installers and Virtual Installers of Firewall OS for XG Series.

    MD5 should be written like SG from the viewpoint of security and installation failure.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow multiple DNS records per ip

    it would be great to be able to manage multiple host on the same IP while creating a DNS record on the Sophos XG.

    Right now we se the gateway as a DNS server and creating more than 100 records is no cool.

    Allowing the use of wildcard would be even better.
    *.domain.com A 192.168.0.1

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Option to load Balance with IPsec VPN

    Option require on load Balance with IPsec VPN

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  16. VPN icon is red even though 1 of 2 VPN connections to a site is up

    Since it's bad practice to use failover groups on both sites of a VPN tunnel, one side (without failover group) shows a red VPN icon in the dashboard. For example - one side can have 2 WAN connections and the other side has 1 WAN - so 2 tunnels are created for failover.

    It would be nice if we can still incorporate these multiple tunnels to the same site in a group, so that as long as 1 is online, the VPN icon doesn't turn red. Maybe if we can add both sides to a failover group, but toggle failover…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  17. Virtual domain

    Dears ,

    We need to have a Virtual domain in our XG firewall like in Fortigate & Palo alto . because sometime this feature kick us out from competition

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. EnterpriseGuard License

    Dears ,

    It will be awesome if you make a change in your subscriptions EnterpriseGuard by adding email protection to be anti-spam like in Fortigate in this way Sophos will be more flexible to meet customer requirements . When customer asking about subscription with anti-spam and not full email protection we can provide EnterpriseGuard by this way we will be more competitive . but if the customer look to full email and WAF then the FullGuard will be choise

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. XG hard drive

    Dears ,

    I'd like to suggest one thing regarding hard drive SSD . if it is become more flexible . i mean if we can change the SSD hard drive on the firewall according to the customer requirements

    Because sometimes the firewall throughput's being acceptable but the customer be restricted to specific size of SSD this caused lost a lot of projects against other competitors

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. WAN DHCP Option 60

    Most ISPs in Europe require you to use a DHCP Option on the WAN Interface in order to use your own Router or Firewall.

    If this can't be done on the Sophos XG it is useless to me and a lot of other people, which would be a shame.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.