XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Please add ability to associate an IPSec profile to Cisco IPSec VPN Client configuration

    The current configuration page for System->VPN->CISCP VPN Client does not have the option to associate an IPSec profile containing settings. Over time the standard has changed to use different Diffie-Hellman (DH) group 14 and group 5 with different phase 1/phase 2 algorithms. The current setting does not work with OS X 10.11.4 and above or later releases of CISCO IPSec VPN clients (unless you downgrade the client encryption settings).

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. DSCP on Business Application Rule

    DSCP is a new feature but can be only used on User/Network rule. I would like to see the DSCP even on BAR in order to better manage multiple ISP.
    Cyberoam has this feature.
    Thanks.

    16 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. SSL VPN client for Surface RT devices

    Provide an SSL VPN client for Surface RT devices

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. I suggest to add Device transfer, license migration, and remove device options at My Sophos portal.

    I suggest to add Device transfer, license migration, and remove device options at My Sophos portal.

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. 42 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. Support for Microsoft DirectAccess in XG

    Accessing server resources using Microsoft DirectAccess feature so that remote users don't need to use traditional VPN. So there should be a way to port forward necessary ports/services in Sophos XG firewall for allowing access

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow downgrade/conversion from XG85 to SG

    We accidentally bought a Sophos XG 85 and expected Sophos SG GUI. We want to convert or downgrade our product and licenses to a SG UTM device.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. mac

    Allow a user to assign mac addresses to their account so they do not have to authenticate on the specific device. Presently if there is no browser available to authenticate through the captive portal then the device will not function (this is the case on playstation 4 console and some phones.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. bring back the Cyberoam GUI

    bring back the Cyberoam GUI, please

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. To have VPN Wizard: Configuring Failover on Sophos Firewall Manager

    On Sophos Firewall Manager to have Configuring Failover on VPN Wizard

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  11. Possibility of granular Management like UTM

    The XG is the next step to ACI but there are things that aren't right:


    • creat a LAG need to have a IP address at least a DHCP client

    • each Network will have a DHCP server which isn't needed maybe

    • no chance to avaluate Automatic Processes inside the XG

    • the Dashboard shows data that takes a long time while you don't even need it

    Create a Pro-User Frontend like the UTM is or have a possibility to switch back to the old frontend.

    Most people that contribute on Sophos UTM likes the transparency of the UTM and beeing simple on…

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Essential Version

    I would love to be able to install a free essential version just like on the UTM 9. This is perfect for small simple companies, schools in the developing world, organisations etc. Please implement this so that as an IT guy one product fits all. Then firewall XG can be used in any situation from free with basic tools to advanced with subscription. This was perfect about the UTM.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow Ping using Business Application Rule

    When creating an Alias (System > Network > Interfaces > Add Alias) and then creating a Business Application Policy for the external address


    • Business Application Policy does not have an option to forward pings through to the Internal Server

    Currently it is only possible if Forward All Ports is selected from the Business Application rule

    -
    

    12 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Sophos Cloud Deployment Behind an XG -Firewall(Initial deployment)

    Security heartbeat is indeed a great innovtion.But issue comes ,when it comes to deployment of sophos cloud in a corporate/Enterprise network with 500 odd users.Rite now,Installer which is delivered over mail which is a quick installer & some 150 +MB need to get downloaded from internet each time a user clicks on setup link eating about 30 minutes for installation on a single client machine.So how much time for a 500 user network & load it takes on network.
    So most IT administrators reluctant to go for cloud deployment when it comes head-office deployments.
    So this idea deals with an…

    20 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Synchronized Security (Heartbeat)  ·  Flag idea as inappropriate…  ·  Admin →
  15. Exploded View of the Navigation Bar

    I would like to be able to see the all of the menu options on the left hand side. Instead right now I have to click every tab to figure out where I should be looking when I should be able to just glance on the left hand side and see all of the menu options.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Email Filtering Profile

    Unified policy rocks. Inside policy we can create and manage multiple IPS profiles, Application control and Web while Email is managed separately, why? So you need to go to email protection > scanning rules and decide what to do with email (pop3, imap, smtp).
    If you have integrated everything, please integrate email profiles inside policy so we do not need to change page to configure email protection.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Configure Hotspot users for backend authentication on XG Firewall

    Configure Hotspot users for backend authentication on XG Firewall.
    there is no such option in the new version of XG Firewall

    14 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Select individual wan interface for vpn


    1. I have noticed that the Cisco VPN client has the option of choosing which WAN interface on the firewall is to be bound to for SSLVPN
      This feature is NOT available on the sophos vpn client
      Please put this a default because if Cisco client is not available then we have t use the sophos vpn client and this feature is necessary


    2. There is no dedicated filter option for SSLVPN in the log viewer instead it is going under system view which is wrong


    26 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Installation: Do not run DHCP Server by default on LAN

    After installation there is a DHCP server running on the LAN port, this should not be the case without explicitly enabling it during installation.

    26 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. AD join domain

    Using the Sophos SSO agent is nice and give us improvement but it is a service and can be affected to service stop or other service related issue.
    Using domain integration is easy form Administrator to manage even when a new Domain Controller is added. So allow us to join AD domain using even the "UTM9 old method". Of course you have to allow us to assign a name to XG firewall, which at the moment is missing.

    44 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.