XG Firewall
Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.
-
Let's Encrypt Integration
It would be very nice if Let's Encrypt certificates (letsencrypt.org) can be generated directly from the XG Gui. So that the "Let's Encrypt Client" is integrated in the XG. Would it be possible?
Best Regards975 votes -
Scheduled Installation of the AV Updates and Firmware Installation.
Scheduled Installation of the AV Updates and Firmware Installation is required. The firmware updates and AV Updates should get automatically downloaded over the WAN interfaces, however installation of this updates should be done only when the Date and time is scheduled by the Network Administrator.
In addition to the available scheduling options, the custom category should be added, where in the administrators can select a custom date and custom time, after selecting the custom date and custom time the system should prompt if these settings are just to be executed once, daily, weekly, every 15 days or monthly.
895 votesUnder Review ·AdminStuart Hatto, XG Product Manager (Admin, Sophos Features & Ideas Laboratory) responded
This feature is under review but as yet is not committed.
-
XG as NTP Server
NTP Server is a small package and UTM9 has it. In some small organization, having a central NTP server is a nice feature.
Can you add it into future release?You can put it inside device access, denying WAN from using NTP server for security reason.
856 votesThis feature is under consideration for a future release, though a target version or timeframe is not yet set.
-
Can we have live Bandwidth speeds for Interfaces?
It would be great to be able to see live Bandwidth speed stats for each Interface like we had on UTM.
604 votesThis feature is under consideration for a future release in 2018, though a target version is not yet set.
-
Anti-portscan
XG does not have a anti-portscan feature. Please vote it!
579 votes -
Enable/Disable Interface
At the moment, there is no way to disable/enable an interface inside SFOS.
Strange!Even using CLI menu.569 votesThis is a high priority feature, and will likely be targeted as soon as possible after v17 ships, though it is not yet committed to a release.
-
538 votes
-
Notification Rules
At the moment no way to customize notification. I receive mail when the WAN gateway is down/up.
You need to provide us a way to create rules where we can decide when receive notification, alert level (warning, information, critical),who will receive the notification. As soon you integrate SMS, please also allow us to receive SMS (it is an old way) but when the mail does not work....
I would suggest you to create a panel as the Network Policy Rule rule to manage notification rules.467 votes -
Allow Configuration of DHCP Options
UTM 9 had great DHCP options that you could assing globally or to an individual pool. For people with VoIP deployments this is Huge.
464 votesAdding DHCP options to the GUI is under consideration for a future release.
-
Customization in User Portal
1- admin have rights to add and remove Tab on user Portal
2- User Portal with login integration SSO.
3- Company logo on user Portal
4- User just view blocked SMTP Quarantine email, they don't have right to release email.456 votes -
Ability to change default Admin username
Currently, the WebAdmin Master-User is fix named as admin. It would be great, if we would have the possibility to change the username. This would be an improvement for brute-force attacks, when the WebGUI is somehow published to the Internet.
416 votesThis is being considered. The current intention is to add a superadmin role, making the default admin account just a member of that role.
This will allow you to create new superadmin accounts, capable of logging into the shell, adding ssh keys, and any other features limited currently to the named admin account.
Second, you will be able to disable or demote the named admin account.
-
Assigning static ip to SSL VPN users
It would be very convenient to assign static ip to users logging in through SSL VPN client. Currently this feature is available only to L2TP and PPP users.
373 votes -
Sophos VPN app for mobile platforms
Sophos should develop an own VPN app for mobile operating systems (iOS / Android / Windows Phone) which can connect via the UTM using the configuration pushed from the UTM to the SMC server.
It should also support the Per-App-VPN feature which was introduced in iOS 7.366 votesThis feature is considered a high priority, and is under consideration for a future release, though a target version or timeframe is not yet set.
-
Rename objects
Add support to rename Policy rules name, IPSEC and SSL VPN tunnels name, Webfilter Policy and Category objects, Application Policy and Category objects, QOS rules and all other items.
This will Improve the management, it must be default to all objects. Currently to fix a simple typo error, we must to create a new policy or category and populate all items again. A simple task can turn into a hard task.Best regards,
Carlos
359 votesThis will be implemented in a future release. It is being included as part of a larger project, to generally improve configuration capabilities across the product. Version for release is not yet confirmed.
-
Add support to USB NIC
At home USB NICs are ideal. Exactly the same problem we had in UTM9. Link below.
331 votesThis feature is under consideration for a future release, though a target version or timeframe is not yet set.
-
Add options for IPv6 DHCPv6-PD
My ISP supports native IPv6, they support prefix delegation using DHCPv6-PD to assign a /56 subnet. They do not assign the WAN interface an IPv6 address (i.e. no IA-NA) and only provide a prefix delegation (IA-PD). Currently XG (and UTM9) doesn't work with my ISP to get a PD because there are no options to request IA-PD only. My ISP edge router will respond to a solicit message with a IA-NA and IA-PD request but it would appear that the XG doesn't conform to RFC7550 when it sends a IA-NA message and receives a "NoAddrsAvail" from my ISP edge router.
322 votes -
Users to have ability to manage emails Whitelist and Blacklist via User Portal and quarantine report .
Users to have ability to manage emails Whitelist and Blacklist via User Portal and quarantine report .
310 votes -
Mail notification to multiple recipients
Add support to notification component send email to multiple recipients.
Currently it is supported only 1 recipient.
Best regards,
Carlos
287 votes -
Allow outgoing emails to be signed with DKIM
Include the possibility of signing outgoing emails using DKIM for all or only selected email domains as in UTM9
279 votes -
Improve the WAN Gateway monitor
Improve the WAN Gateway monitor. Add Latency thresholds, Packet Loss thresholds.
This can help much to prevent false positive gateway status.
The same feature could be added on VPN Failover systemBest regards,
Carlos Cesario
262 votes
- Don't see your idea?