XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Sophos XG Unified firewall Business application should accept a host/services object

    Under: Policies
    Security Policies

    Adding a Business application non-HTTP rule you should have the option to use "Objects > Hosts and Services > Services" objects as the Port Forwarding target.

    This reduces the rules required and keeps it more unified..

    At the moment you need to add multiple rules I.E. A hosted service uses a mixture of single ports, port ranges and both tcp/udp will require multiple rules to achieve something very simple.

    97 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  7 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Rename/Comment Physical Interface objects

    It should be allowed to change the name of Physical Interface objects from default PORTx name to custom one.
    Also, comment attribute/field should be added for additional description (like it was available in UTM9).

    420 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    26 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →

    The ability to rename interface objects will be delivered in version 18 of SFOS. We will not be adding comments at this time.

    If comment/description field is important to you, support this item, which is specifically about providing comments fields more generally across the board: https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/38328700-more-objects-should-have-note-fields

    For information on how to get early access to version 18, go here: https://events.sophos.com/v18eap

  3. Country - Improve

    On XG you are using lists instead checkbox and we miss it. For country blocking, to block an entire continent, you have to open a web page and track all nation that belong to.
    At least create Continent group already and add exception list as you do inside Business Application Policy. For example, block Asia except Cina. The exception should work in both way. For example allow all Asia except Japan, Taiwan, etc...

    35 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Automatic Firewall Rule and Group

    At the moment, automatic firewall rule is not available in any option as it was with UTM9. For example when you setup a new site-to-site or vpn. This is very useful and time saving. Also add inside Policy Section "Automatic Firewall Rules view".
    Last, add the chance to create Groups so we are able to group rules together.

    138 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Sophos XG - Google App domain controls via HTTP header insertion

    This feature was added to UTM 9. Can we get it put back into XG?

    Google supports a ways for organizations to limit which Google Apps domains users are allowed to visit. This is done by adding an HTTP header to outbound requests containing a list of allowed domains.

    http://support.google.com/a/bin/answer.py?hl=en&answer=1668854#providers

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. IKE v2 and dynamic routing

    IKEv2 and dynamic routing

    117 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    13 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. default source port when adding new services to "1:65535"

    Would be nice if the source port was already pre-populated like it was in UTM9

    227 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  5 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Improve GUI

    At moment the Dashboard cannot be customized, no flow control and no in/out of each interface. Really missing many nice features from UTM9. Sort option inside menu in alfabetic order.
    Make sure GUI can use all screen resolution; allow us to reset alarms from GUI;
    GUI should be similiar in feature as UTM9. We will see!

    93 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add support SNMP service to multiple WAN interfaces

    Currently this makes impossible an efficient monitoring of appliances (Copernicus) with multiplpe WAN interfaces.

    The SNMP server only works through a unique WAN interface.

    Best regards,

    Carlos

    12 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow interface port to be configured with just vlans

    As it is right now you must assign an ip address to an interface and then add vlans. doesn't allow you to just assign vlans.

    281 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    25 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add support to copy/duplicate policy rules

    This will help us to reduce time, management in this operation.
    By example, Policy Rules with the same same destination, ports, gateway through but with the source address different, could be easily cloned with based from other one.

    Best regards,

    Carlos

    98 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add support to choose both protocols (TCP/UDP) in Service object

    Currently we have to create a separated rule to each protocoal TCP/UDP.

    Best regards,

    Carlos

    229 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  5 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add FreeDNS.afraid.org DynDNS Provider

    FreeDNS was on UTM 9, is there any reason why it has not been carried over to XG Firewall.... I for one would like to have FreeDNS enabled in XG firewall as I see no technical reason why it should not be there.

    or at least have a custom setting for Dynamic DNS that enables a feature to set Dynamic DNS via a url that can be called by curl.

    159 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    77 comments  ·  Dynamic DNS Providers  ·  Flag idea as inappropriate…  ·  Admin →
  14. 193 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    35 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Adjustable column width and ordering.

    As a firewall administrator, I want the ability to adjust column width and column ordering in any log display in order to have better visibility of data I am monitoring for.

    As it stands, the log display grid is not intuitive, and requires scrolling down to get to the horizontal scroll before you scroll back up to see data.

    (Can be applied anywhere there is a grid display too.)

    46 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. 57 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  17. Improve Logging

    At the moment understand what's going on is very HARD. Live logs are missing and notepad on every section is missing.
    Add live log and allow admins to configure itself coloured live logs (globally or on single windows?). In this way logs have different level of importance and Admins can better understand if they need to worry about or not. For example allows Admins to set red for high-risk/denied traffic/system error, yellow for warning/natted/or whatever and so on.
    I really love the live log on Firewall section of UTM9 where reading what's happen is very very easy.

    440 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    29 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →

    We have released significant improvements to logging since this idea was first posted.

    There are certainly still more things we could do.

    I’m closing this item in the hope that users will post some more specific and detailed ideas for where to go next, with good examples of use cases/value provided. There are also many interesting ideas already posted that you could support or contribute to.

  18. MTA - Bring it back

    UTM9 has MTA built-in while SFOS does not. You need to configure external SMTP to send notifications and many small installation does not have internal email server.
    You can add external private email server but it is not acceptable that a UTM does not have smtp capabilities.
    Please add it ASAP.

    91 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. 48 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
1 2 5 6 7 9 Next →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.