XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. vpn ssl interface

    Ability to bind SSL VPN to a single interface.

    Currently when SSLVPN is enabled it listens on all interfaces regardless of what is set in Local ACL's.

    We need the ability to bind this to a single interface, if we use port 443 for SSL VPN as many want to it limits our ability to run WAF/DNAT for web servers on separate interfaces on 443.

    53 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  2. Sophos Connect - Add groups to "allowed users"

    In the current implementation we are unable to select groups in the "Allowed users" field. Selecting groups would vastly improve time spent rolling Sophos Connect out for our pilot users.

    I bet a lot of other customers also use LDAP against their domain to fetch users from there. Having to maintain pilot users two places makes this a headache.

    Thanks

    35 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  3. Configless SSL Client

    I would like to see a SSl VPN client that does not require reinstalling the application after every config change. The SSL VPN client config should be updating when it connects after a modification is made.

    33 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  4. Share port 443 with VPN and Webserver

    I have a webserver with SSL enabled, but I want also the SSL-VPN server at the same port (TCP,443) since this port is not blocking at the most firewalls.

    I know it is technical possible, with "port share" in the VPN-Server-Config.

    Regards,
    Marc

    30 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  5. SSL VPN user configurations

    Add ability for an Administrator to view and download SSL VPN configurations of users. Additionally make windows configurations available as .ovpn files as well as the 'executable'

    29 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  6. Stardard/Split restarts

    When using the devices "RED " in the Stardard/Split configuration type, the device at the time of not detecting the XG Firewall attempts to complete the connection 5 times and then reboots the device.

    In this mode, the computers go to the Internet through the WAN in the "network " not by the VPN so that being restarting the device stops offering Internet service.

    This is not optimal for computers under the RED device, as some services that do not use the VPN as a charge with credit/debit card cannot be carried out because you do not have access to…

    28 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. SSL VPN report

    I would like to have a report for the use of ssl vpn with duration and time.

    23 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  8. IPSec over LAN zone interface

    With SG you can configure IPSec site to site using LAN interfaces but with XG you only can configure IPSec site to site over a WAN zone interface. Please allow to do it also over LAN zone interfaces. Thanks

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  9. Update SSL VPN to newest OpenVPN version.

    MacOS users with the newest version of Tunnelblick are starting to experience compatibility issues with the current OpenVPN version used by SSL VPN.
    Specifically comp-lzo is deprecated. See the same idea for UTM

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  10. Wireguard

    I would like to see WireGuard added as VPN option since it is mote secure, lightweight and modern compared to the current available options.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  11. Sophos Connect Client - AD password reset

    It would save a lot of client frustration if there was a mechanism built into the Sophos Connect client that allowed users to securely reset their AD account password in the event that it has expired.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  12. Proxy WoL

    It's very disapointing not to be able to WoL all the computers on our LANs. We use WoL to update OS during the night but since we have XG, we can't do it anymore.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  13. Wake on Lan with RED

    Please implement the possibility to send a Wake On LAN (WOL) to computers behind RED devices.

    We have networked our branch offices with RED devices. In order to be able to service these computers during a maintenance window (e.g. for the installation of updates) they must be able to be started via Wake On LAN. Unfortunately this is not possible at the moment!

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  14. override hostname ssl vpn - multiple hostnames

    Would be usefull in SSL VPN, that you can have the possibility to override hostname, with multiple records.
    Now we do this by manually changing the configuration file.
    FE:
    remote isp1.dns.com 8443
    remote isp2.dns.com 8443

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  15. Sophos SSL client login before windows login

    I would like to auto login sophos ssl vpn before windows login like cisco anyconnect to enable remote user get connectivity AD for password resat..

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  16. active/active ipsec

    A feature to make an active/active (load balance/HA) VPN over IPsec, in this moment only failover is possible.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  17. SSL VPN profile that is generic so any user that is in the security group can log in using the one downloaded VPN configuration.

    Currently, if a company has a pool of laptops to be handed out by users that have the SSL VPN client installed, they cannot log into the SSL VPN client without first logging into the user portal and then downloading the configuration for their particular user. It would be nice to have one VPN client install and if the user is a member of a particular security group, be able to log in using the installed VPN client software.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  18. Sophos Connect IPSec mapping Network Drives

    Sophos Connect IPSec Client should have a possibility to execute a loginscript after successfull connection for mapping network drives. (for example like Sonicwall VPN Client)
    or possibility to execute a script on the client side.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  19. XG SSL VPN Site To Site assign traffic to specific WAN interface

    Hello Team,

    We have customer here requesting to have feature for XG SSL VPN Site To Site to assign traffic to specific WAN interface. For your assistance please. Thank You

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  20. Bandwidth allocation to IPSec VPN Tunnel

    While configuring / setting up IPSec VPN Tunnel, there is no option to allocate bandwidth.
    Please add this feature as this'll help to manage traffic and available bandwidth.

    There are instances where the users at Branch / Vendor site complain they are getting slow connections to the resources in HO. There is no way we can check how much bandwidth is being used by IPSec Tunnel and we can not change the same.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.