XG Firewall
Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.
-
Change the port names
Give us the ability to change the names of the ethernet ports, I can never remember if the WAN is port 1, port 2, or port 3. If we could name them something that indicates their purpose it would be very helpful.
28 votes -
Allow VLANs to be added to a bridge
This function was available in UTM 9, but it's missing in the new XG Firewalls. I should be able to create a new vlan and add it to a bridge so that it spans multiple physical interfaces. As it is right now, a new vlan can only be added to a single physical port.
177 votesCompleted ·AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
In SFOS version 18 it is possible to set a VLAN virtual interface on a pre-existing bridge group.
Find out about the early access program for V18 here: https://events.sophos.com/v18eap
-
Ability to choose which LAN interface IP the captive portal will redirect to.
Customer's situation is that they have two interfaces with the same LAN type. The problem was that the captive portal keeps redirecting to the wrong interface IP. I asked GES about this and was advised that currently captive portal only redirects to the IP of the first LAN interface, there is no way to manually change the IP it uses. So feature request is the way to go.
5659720
6 votesCompleted ·AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
This was added in version 17.5
-
SSL VPN Port modification request
Hi Sophos XG Firewall Team,
Need your support to allow the Firewall administrator to configure the SSL VPN port, because most of the networks are not allowing to use 8443 port especially in ISP side.
It is crucial for all Sophos XG Firewall end customer.
Regards
Damodharan..13 votesCompleted ·AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
This was added in SFOS v 17.1
-
Possibility of modifying the logo in customer portal, as is the entrance to the company. Cheers
Possibility of modifying the logo in customer portal, as is the entrance to the company.
Cheers
9 votesCompleted ·AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
Captive Portal can be completely customized.
-
Add Google's DynDNS Provider
Please provide ability to use Google's Dynamic DNS service.
42 votesCompleted ·AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
Native support for Google DynDNS will be in version 18 of SFOS.
-
Add inheritance to App and Web filter policies.
It is hard to develop several filter policies with little differences for several groups of users. It would be nice to have ability to inherit, for example, web categories from other web filter policies and for application filters as well.
Or there could be the ability to duplicate policies as it has been mentioned before.
Thank you.4 votes -
Allow High Availability with DHCP
"HA cannot be configured when one or more interfaces are DHCP/PPPoE/WWAN-enabled."
Much like with the previous UTM's, users should have the option to utilize High Availability regardless of their interface type.
16 votesSupport for this feature was added in XG v16
-
NTP - no need for rebooting the Firewall
When making changes to the NTP Configuration, it should not be necessary to reboot the Firewall afterwards.
104 votes -
Change SSL VPN Port
Right now it is not possible to change the SSL VPN Port by GUI. Port 8443 is used by default. Please add the possibility to change, because Port 8443 is not allowed in many networks.
411 votes -
Add no-ip.com DynDNS Provider
No-IP.com was a provider in UTM9 for DyanmicDNS, and who I had my DNS with. I just upgraded to the XG Firewall only to find it's not there, now time to roll back to UTM9. Could you please add this back in?
44 votesCompleted ·AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
Native support for No-IP has been added in version 18 of SFOS.
-
Policy custom View
Would be better if an admin can view the active flags in a security policy. This will be usefull for example to know when a policy is using a NAT policy or have Web Filter policy active. The best option would be a customizable view where the admin can choose what flags want to view.
7 votes -
Webfilter & Application on User
A great feature in cyberoam was the ability to change webfilter/App filter for a user or group in the identity section.
With XG that good option was left off, allowing only firewall rule based webfilter/App filter application as competitors do.
Please bring back that feature which made Cyberoam so popular.
186 votesIn v16, we added user and group constraints to web policies. This allows admins to control all web behaviors for all users, from a single screen, while adding more powerful and simple to maintain web polices than in any other firewall. This allows you to define behavirs for users or groups in a single policy, while also defining exceptions and overrides in that same policy, and not needing to create policy clutter, with multiple, similar web policies.
-
Display addresses when hovering over a host name or host group
when creating a new policy rule and choosing an IP host or a host group, it would be nice if you could hover of the name of the group and pop up the address(es) of that host or group.
I can't be the only one who sometimes names things poorly and would like to verify the correct address before creating the rule
31 votes -
Installation: Manually set IP address for LAN
The XG Firewall installer should allow me to configure the IP address that I want to use on my LAN, so I can easily integrate it into my existing network.
32 votes -
Initial Install
During the initial install, Sophos XG chooses the interfaces on its own. User should be able to decide which interface to use.
Also basic setup is the only option someone can do to configure WAN port in order to register device. This would also be nice to choose the interface to use.
Add Registration log to console menu to permit user to see the logs regarding registration errors. At the moment I am unable to register the device, it was difficult to track down log messages.
39 votes -
Change Hostname
It would be nice if we were able to change the hostname when configuring the Sophos XG Firewall. One of the major reasons is unless you create a certificate with a common name of "localhost", the hostname on the certificate and the appliance will never match.
42 votesSupport for this feature was added in XG v16
-
Bring back Web Filter override for specific AD groups
In Sophos UTM there was an option to allow specific user groups to override a URL block under Web Filtering. This was really useful for educational environments so our teachers could bypass unintentional blocks for kids. Please bring it back! :)
64 votesCompleted ·AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
Web overrides was released in version 17.5 of SFOS.
-
Improve Port Forwarding
Port forwarding configuration is confusing at best.
39 votesSignificant changes were implemented in v16.5, and additional capabilities (object based service selection, multiple services forwardable per rule) will be added in v17, expected to GA in October 2017
-
View logs for "any"
In the log viewer, you have to choose the log View what you want to view for System, Web Filter, .. etc.
Because of you can add filter options like an IP address, would be better if you can see all logs related with that filter at the same time.12 votes
- Don't see your idea?