Give us the ability to change the names of the ethernet ports, I can never remember if the WAN is port 1, port 2, or port 3. If we could name them something that indicates their purpose it would be very helpful.28 votes
This function was available in UTM 9, but it's missing in the new XG Firewalls. I should be able to create a new vlan and add it to a bridge so that it spans multiple physical interfaces. As it is right now, a new vlan can only be added to a single physical port.177 votesCompleted · AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
In SFOS version 18 it is possible to set a VLAN virtual interface on a pre-existing bridge group.
Find out about the early access program for V18 here: https://events.sophos.com/v18eap
Customer's situation is that they have two interfaces with the same LAN type. The problem was that the captive portal keeps redirecting to the wrong interface IP. I asked GES about this and was advised that currently captive portal only redirects to the IP of the first LAN interface, there is no way to manually change the IP it uses. So feature request is the way to go.
56597206 votesCompleted · AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
This was added in version 17.5
Hi Sophos XG Firewall Team,
Need your support to allow the Firewall administrator to configure the SSL VPN port, because most of the networks are not allowing to use 8443 port especially in ISP side.
It is crucial for all Sophos XG Firewall end customer.
Damodharan..13 votesCompleted · AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
This was added in SFOS v 17.1
Possibility of modifying the logo in customer portal, as is the entrance to the company.
Captive Portal can be completely customized.
Please provide ability to use Google's Dynamic DNS service.42 votes
Native support for Google DynDNS will be in version 18 of SFOS.
It is hard to develop several filter policies with little differences for several groups of users. It would be nice to have ability to inherit, for example, web categories from other web filter policies and for application filters as well.
Or there could be the ability to duplicate policies as it has been mentioned before.
Thank you.4 votes
"HA cannot be configured when one or more interfaces are DHCP/PPPoE/WWAN-enabled."
Much like with the previous UTM's, users should have the option to utilize High Availability regardless of their interface type.16 votes
Support for this feature was added in XG v16
When making changes to the NTP Configuration, it should not be necessary to reboot the Firewall afterwards.104 votes
Right now it is not possible to change the SSL VPN Port by GUI. Port 8443 is used by default. Please add the possibility to change, because Port 8443 is not allowed in many networks.411 votes
No-IP.com was a provider in UTM9 for DyanmicDNS, and who I had my DNS with. I just upgraded to the XG Firewall only to find it's not there, now time to roll back to UTM9. Could you please add this back in?44 votes
Native support for No-IP has been added in version 18 of SFOS.
Would be better if an admin can view the active flags in a security policy. This will be usefull for example to know when a policy is using a NAT policy or have Web Filter policy active. The best option would be a customizable view where the admin can choose what flags want to view.7 votes
A great feature in cyberoam was the ability to change webfilter/App filter for a user or group in the identity section.
With XG that good option was left off, allowing only firewall rule based webfilter/App filter application as competitors do.
Please bring back that feature which made Cyberoam so popular.186 votes
In v16, we added user and group constraints to web policies. This allows admins to control all web behaviors for all users, from a single screen, while adding more powerful and simple to maintain web polices than in any other firewall. This allows you to define behavirs for users or groups in a single policy, while also defining exceptions and overrides in that same policy, and not needing to create policy clutter, with multiple, similar web policies.
when creating a new policy rule and choosing an IP host or a host group, it would be nice if you could hover of the name of the group and pop up the address(es) of that host or group.
I can't be the only one who sometimes names things poorly and would like to verify the correct address before creating the rule31 votes
The XG Firewall installer should allow me to configure the IP address that I want to use on my LAN, so I can easily integrate it into my existing network.32 votes
During the initial install, Sophos XG chooses the interfaces on its own. User should be able to decide which interface to use.
Also basic setup is the only option someone can do to configure WAN port in order to register device. This would also be nice to choose the interface to use.
Add Registration log to console menu to permit user to see the logs regarding registration errors. At the moment I am unable to register the device, it was difficult to track down log messages.39 votes
It would be nice if we were able to change the hostname when configuring the Sophos XG Firewall. One of the major reasons is unless you create a certificate with a common name of "localhost", the hostname on the certificate and the appliance will never match.42 votes
Support for this feature was added in XG v16
In Sophos UTM there was an option to allow specific user groups to override a URL block under Web Filtering. This was really useful for educational environments so our teachers could bypass unintentional blocks for kids. Please bring it back! :)64 votes
Web overrides was released in version 17.5 of SFOS.
Port forwarding configuration is confusing at best.39 votes
Significant changes were implemented in v16.5, and additional capabilities (object based service selection, multiple services forwardable per rule) will be added in v17, expected to GA in October 2017
In the log viewer, you have to choose the log View what you want to view for System, Web Filter, .. etc.
Because of you can add filter options like an IP address, would be better if you can see all logs related with that filter at the same time.12 votes
- Don't see your idea?