XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Change SSL VPN Port

    Right now it is not possible to change the SSL VPN Port by GUI. Port 8443 is used by default. Please add the possibility to change, because Port 8443 is not allowed in many networks.

    410 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    46 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Anti-portscan

    XG does not have a anti-portscan feature. Please vote it!

    376 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    38 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Sophos VPN app for mobile platforms

    Sophos should develop an own VPN app for mobile operating systems (iOS / Android / Windows Phone) which can connect via the UTM using the configuration pushed from the UTM to the SMC server.
    It should also support the Per-App-VPN feature which was introduced in iOS 7.

    275 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    16 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add support to choose both protocols (TCP/UDP) in Service object

    Currently we have to create a separated rule to each protocoal TCP/UDP.

    Best regards,

    Carlos

    221 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Assigning static ip to SSL VPN users

    It would be very convenient to assign static ip to users logging in through SSL VPN client. Currently this feature is available only to L2TP and PPP users.

    187 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    48 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Native Microsoft Azure Site-to-Site VPN

    Sophos UTM already natively supports automatic site-to-site VPN tunnels with BGP routing to AWS. I look forward to Sophos UTM supporting the same sort of site-to-site VPN tunnels with BGP to Microsoft Azure in public and private cloud deployments.

    I think the easiest way for this to work would be for Sophos UTM to look at the requirements of getting the VPN itself setup (which has been documented in the forums and works), then to make BGP work on top of that, then ensure that BGP and the VPN can work between multiple private cloud and public cloud sites, then…

    181 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    24 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. 135 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    17 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow wildcard subdomains in Firewall rules

    Firewall packet filtering based on wildcard subdomains and reverse DNS resolution.

    We would like to allow/deny connections based on a wildcard subdomain (think *.example.com). Only way to do that is to reverse DNS the destination IP and allow/deny based on the wildcard rule?
    Although there is the common possibility that the reverse DNS is not the same as the A or CNAME record requested, so I'm not sure how useful that would be.

    But, we would really appreciate the ability to filter based on wildcard subdomains.. like *.update.microsoft.com. See:
    https://technet.microsoft.com/en-us/library/bb693717.aspx

    89 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Zero Firewall Rule Traffic Counter

    Very simple, have an option to zero the traffic counter on a firewall rule.

    75 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. SSL VPN client that logs on before Windows

    We need a SSL VPN that can log on before windows. This is required in many environments as it allows GPOs to resolve properly.

    67 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. SSL VPN client for mass deployment

    We need a way to deploy the SSL VPN on mass without logging into the user portal. A standard MSI would be ideal which could be deployed by any ESD or as part of an image.

    66 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. dhcp lease remove

    Need to be option for remove DHCP lease IP address

    61 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. save username/password in ssl vpn login dialog

    Would be nice to be able to have a checkbox to save username/password for Sophos SSL VPN client, as this was before in Cyberoam SSL VPN Client. Optional. also Start with Windows (autostart) checkbox would be nice too.

    60 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    17 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Rename SSL VPN profile

    Every downloaded SSLVPN profile is named "username__ssl_vpn_config.exe" and there is no possibility to change this globally. So if you import different profiles with the same username (as we do this for our technicians with different customers) you can't differ which profile is for a specific customer.

    Please provide a ability to change this or change the naming convention to SG like.

    60 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Mac based authentication

    Give option to restrict a user accessing internet from specific MAC address only. Current in 16.05 there is option shown in Authentication > Users > Details, but it doe **** work.
    Sophos support says, such a feature is not available. Please bring the feature back.

    Summary: Restrict a user from a particular MAC address. User should able to login to internet/UTM from this MAC address only

    58 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. AWS MarketPlace XG Firewall

    Hi,

    Right now, UTM 9.5 is available at AWS Marketplace.

    When will be available XG?

    Regards

    51 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Feature request - Custom security risks level

    I am using SFOS at home (at moment) and I have seen from reports that some custom ports (in my case TCP:49275) does not have a risk level. All other know application are already classified. My questions are:

    1. why do not add the chance for custom port to become an application?

    2. why do not add custom risk level to custom application?

    3. Why users cannot change the risk level on know application?

    I work with Health care industry and banks too and every customer has different needs so I am sure that for some Skype (for example) is…

    49 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Service definition in inbound rule

    Currently with Non-Http based business policy no option to define service/application that a particular port is allowed to communicate to hosted server.For instance if we have 1 to 1 nat defined to host a mail server from wan &I want only SMTP &PING inbound-Xg firewall don't have option.Feature requested is for application parameter definition over present port mapping in a non-http based business rule similar to what we seen in competitions like fortigate which offers flexibilty to define port in virtual ip as well option to specify application in firewall rule

    47 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Implement support for dynamic/public IP/URL blacklist feeds

    Alienvault has OTX (Open Threat eXchange) and there's https://intel.criticalstack.com/.
    There's also a very big player, Palo Alto Networks that provides Minemeld (see links at bottom of this post).

    They all provide public feeds of known hostile IP addresses/ranges and URL's*.

    I would really like to be able to make use of such feeds so I can create specific rules on my firewall to block all incoming traffic from these sources and possibly outgoing URL requests to known C2 servers.

    If this blocked traffic (the outgoing attempts) is logged in a specific log, it would have the additional benefit of…

    42 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    13 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Virtual Domain

    We are highly waiting for the Virtual Domain support on the XG firewall series as same as VDOM in other vendors.

    We lost four to five order due to lack of this feature.

    Regards,
    Deepak Kumar

    41 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 16 17
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.