XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. SFOS 16.05.2 MR-2

    After frimware upgrade email protection MTA 1 min working 10 min notworking after reboot device email worked.Spam quarantine release not working new frimware ı downgraded SFOS 16.05.1 MR-1 this frimware.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Mail Logs

    in the Mail Logs Filter need
    Date Status From To Subject

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Enable/disable Server Authentication

    Ability to Enable or disable Server Authentication.
    Currently only able to add, edit & delete

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. IPSec - automatic reconnect after editing

    Please start the IPSec-tunnel after editing it automatically.
    Thanks.

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  5. schedule time for the Business Rules Applications

    Set the schedule for the Business Rules Applications rules would be an important thing to enter.
    Thanks
    Carlo

    39 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →

    We are removing the idea of Business Application Rules in version 18. Instead, there will be Webserver Protection rules for configuring WAF services and separated NAT configuration for when you just want to use DNAT. The DNAT options will inherit by the regular firewall rule schedule capability. Webserver protection/WAF rules will not yet have the ability to set schedules. If this is required for WAF, please transfer your vote to this item:
    https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/39186325-schedule-waf-rules

  6. Web filters can be applied in a policy assigned to users or groups. This allows you to configure a single firewall rule. Application filters

    Web filters can be applied in a policy assigned to users or groups. This allows you to configure a single firewall rule.
    Application filters should be the same. Otherwise at the end you have to put several firewall rules, one for each application filter and user group.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →

    The current implementation allows exactly the same requested goal, in a different, and more straightforward way. A single firewall rule may be created, and the user logic is bound to the web policy, rather than the user.

    Mixing objects and policy decisions makes for a fragmented user experience, which can be very hard to understand for new users. The current model achieves the same desired goal, but does not make the user hunt in non-obvious places to implement decisions.

  7. Blocking file extension like *.docx, .that transfer through skype

    Blocking file extension like *.docx, .that transfer through skype

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  8. Create a microapp for Brother OmniJoin Web Conferencing

    The Brother OmniJoin Web Conferencing services resides on a server in the DMZ and proxies/relays HTTP(s) requests from the OmniJoin cloud servers. A BAPP rule is created to allow HTTP(s) traffic from the WAN to this server, and a Network rule is created to allow this server HTTP(s) access to the WAN. However, access to the DMZ server is not functional unless I disable microapp discovery from the Console: system application_classification microapp-discovery off. (This is reference in Sophos KB 125458).

    Please create a microapp for OmniJoin so I can turn microapp discovery back on. Having it off disables my ability…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Declined  ·  0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  9. Captive portal direct login

    While taking the browser to get captive portal directly and should not provided with denied message and click here option for captive portal.This message is irritating for the users while they are trying to login into the portal.The first message should be Captive portal Login page instead of Denied message

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →

    Overall, the new mechanism is preferred. We had many customers whose users were confused because they were browsing fine and then suddenly hit the Captive Portal when they went to site that was blocked for unauthenticated users.

    If you check the ‘Show captive portal’ box in the firewall rule, the users will always be taken to the Captive Portal when they start browsing.

  10. Exporting Dell Sonicwall to XG310

    I have a XG 310 unit I am evaluating. I hope to migrate from my Dell Sonicwall NSA 3500.

    I can get my sonicwall's backup file to see the text base configuration.

    Here are my notes on how to read sonicwall config files.

    Following these procedures will also allow you to read SonicWall exported backup files & compare text based configurations across firewalls if you so desire.
    Steps:
    1. Download backup of firewall (.exp) to computer c:\temp
    2. To decode the backup file (base64) you need to open the file in Notepad++ and remove the two ampersands (&) at the…

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Lots of features missing or half done.

    Sophos XG
    - Wildcard WAF
    - Overall, allow wildcard domains.
    - Relay SMTP Outbound
    - Many default objects such as Any IPv6 etc. network interfaces etc.
    - Rename PORT objects.
    - USB Network dongle
    - Single object management
    - Disable Wireless feature (completely)
    - Disable HA when not in use
    - Still missing create object options in certain configuration options such as EMail protection category.
    - 6RD support ; https://www.onsbrabantnet.nl/IPV6/
    - Redicilous name requirements for tunnel names.

    23 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Have the possibility to create route to HostGroup

    We need to create static route to HostGroup

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Limit should be there for FTP download size and number for files.

    I want to allow the FTP base through my UTM but I want it to be restricted in terms of Size of file and number of file. As it should not be misused by users.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  14. SFM unable to sync via push with managed firewalls through PAT/NAT

    We were unable to get the push mode to work when syncing a SFM with a managed firewall. Ping works between the SFM and all firewalls, but no syncing or pushing. The workaround is using the fetch/pull configuration. Though this is a technical issue, some of your competitors have faced a similar issue and have created workarounds. We look forward to future updates and working with you further.

    Please see similar issues here: https://community.sophos.com/products/xg-firewall/f/43/t/80124 and https://community.sophos.com/products/xg-firewall/f/119/t/78302.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Synchronized Security (Heartbeat)  ·  Flag idea as inappropriate…  ·  Admin →
  15. Wrong reporting for allways active connections

    The traffic is only reported in the Reports when the connection is closed.
    If the connection is open since yesterday, then there will be no traffic reported in the dashboard for yesterday.
    If the connection is closed after a couple of days al the traffic will be reported on the day when the connection is closed.

    Example
    You have a remote device like a camera and you are recording the data locally. All the data is send thought the UTM. If the connection is never interrupted and the camera is always recoding the connections stays open for weeks or even…

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  16. User Interface Regression

    The UI has taken some serious steps backwards. Instead of all facets of a component being located in one section of the UI, they are instead spread across the 'Policies', 'Protection', 'System', and 'Objects' sections. This is counter-intuitive, especially since I still have yet to divine what makes a configuration element fall into which section. Reminds me heavily of SonicWALL. That is about the worst I can say about a network appliance - they are the standard in terrible. Please either provide better explanation of the configuration sections, or unify each system, more like UTM 9. For instance: 'Web Protection'…

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Request to customize Sophos XG User Interface

    Feature Request Summary
    How will this new feature address your business requirements?:


    1.  Dashboard administrator view- license, DDOS Attack, Firmware update (add in more widget)
      

    2.  Navigation panel access customize – user experience ‘confuse all in one tab’. Example Report, Policy, Protection & Systems
      

    3.  Dashboard view – could we fully utilize the empty space by adding more graph, data?
      

    4.  Could you import existing Cyberoam CR200iNG configuration file to Sophos OS?
      

    5.  Could I know can I build up a SSL VPN, IPSec with different firewall product (Sophos XG with Cyberoam or Fortigate).
      

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Not able to see live bandwidth

    Dear Team,

    in current Version Mr-3 Is Not Showing a Which user or ip usages a High Bandwidth i request you please *** this in next version

    25 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Mail field

    Email field user in the Sophos XG imports only 63 characters when it is imported from Active Directory. this is bad, we need more positions.

    I reported to the support, but said to post here!

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Client Authentication Agent Update Push

    This is an idea for having future CAA agents detect newer versions available typically after a SFOS upgrade and prompt the user to update (or allow auto update). In the past I've had to manually update client authentication agents in the field after each release. The other sticking point is while the clientauthagent.exe is digitally signed it does not include the product version number which makes identifying the version a bit tricky. However having the CAA auto-update (maybe from an admin checkbox on the UI) would save the time of the CAAs in the field on getting the…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.