XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Assigning static ip to SSL VPN users

    It would be very convenient to assign static ip to users logging in through SSL VPN client. Currently this feature is available only to L2TP and PPP users.

    411 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    100 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  2. SSL VPN Reports should include the timestamp of when the user connects and disconnects

    SSL VPN Reports should include the Timestamp of when the user connects and disconnects.

    This feature needs to be added.

    246 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    35 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  3. SSL VPN client that logs on before Windows

    We need a SSL VPN that can log on before windows. This is required in many environments as it allows GPOs to resolve properly.

    185 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    22 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  4. SSL VPN: configure listening interface(s)

    Ability to bind SSL VPN to a single interface.

    Currently when SSLVPN is enabled it listens on all interfaces regardless of what is set in Local ACL's.

    We need the ability to bind this to a single interface, if we use port 443 for SSL VPN as many want to it limits our ability to run WAF/DNAT for web servers on separate interfaces on 443.

    172 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    19 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  5. Share port 443 with VPN and Webserver

    I have a webserver with SSL enabled, but I want also the SSL-VPN server at the same port (TCP,443) since this port is not blocking at the most firewalls.

    I know it is technical possible, with "port share" in the VPN-Server-Config.

    Regards,
    Marc

    105 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  6. SSL VPN client for mass deployment

    We need a way to deploy the SSL VPN on mass without logging into the user portal. A standard MSI would be ideal which could be deployed by any ESD or as part of an image.

    100 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    13 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. Rename SSL VPN profile installer file

    Every downloaded SSLVPN profile is named "username_sslvpn_config.exe" and there is no possibility to change this globally. So if you import different profiles with the same username (as we do this for our technicians with different customers) you can't differ which profile is for a specific customer.

    Please provide a ability to change this or change the naming convention to SG like.

    90 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  8. Sophos Connect - Add groups to "allowed users"

    In the current implementation we are unable to select groups in the "Allowed users" field. Selecting groups would vastly improve time spent rolling Sophos Connect out for our pilot users.

    I bet a lot of other customers also use LDAP against their domain to fetch users from there. Having to maintain pilot users two places makes this a headache.

    Thanks

    89 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  9. Support for Wake on LAN

    It's very disapointing not to be able to WoL all the computers on our LANs. We use WoL to update OS during the night but since we have XG, we can't do it anymore.

    65 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  10. Support Wireguard VPN

    I would like to see WireGuard added as VPN option since it is mote secure, lightweight and modern compared to the current available options.

    63 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  11. multiple WAN interface option in Ipsec client vpn settings

    Need the Option to add multiple WAN interfaces in Sophos Connect client settings.
    if there is 2 WAN connection and 1 connection is down then the remote client don't have any option to connect to VPN through 2nd available ISP. if this option is available then the user will have 2 profiles in their Sophos connect client.

    62 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  12. SSTP VPN - Native Support

    Microsoft PPTP VPN is using a weak algorithm (MS-CHAP v2 which can be cracked) so you should upgrade to SSTP vpn protocol available from Windows Vista. You could allow users to download certificate from user portal and no more actions are required on client side. Think about whem you need to manage 100 users and you need to manage them, such as udating their client or when they move from once PC to another. In this way, is the client OS that manage the entire overhead and from XG side is another add-on from TMG's competitor.
    The same request has…

    53 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  13. Sophos connect client allowed users

    The Sophos connect client permit list should be able to add users by active directory security group. We are a firm spread across 9 offices and the STAS works great on 17.5 MR9 to load the users to all firewalls but the process of adding all users into the connect client is really laborious especially when there is high turnover.

    52 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  14. Configless SSL Client

    I would like to see a SSl VPN client that does not require reinstalling the application after every config change. The SSL VPN client config should be updating when it connects after a modification is made.

    44 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  15. Make SSL VPN user configurations available to the Admin

    Add ability for an Administrator to view and download SSL VPN configurations of users. Additionally make windows configurations available as .ovpn files as well as the 'executable'

    43 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  16. Sophos Connect Client 2.0 for macOS

    Currently XG Firewall only supports Sophos Connect Client version 2.0. At the moment, there is only a Windows version. I've contacted support and received the following reply:

    "Sophos XG now only support v2.0 of Sophos Connect Client which has only Window Support.
    For Mac its still in feature request. Our Sophos team is working on it.

    Sophos currently doesn't support your requested feature but values your input into improving the product to best meet our customer’s needs.

    We have requested you to raise feature request using http://ideas.sophos.com/ and subscribe the notifications.

    This would be reviewed by our Product Management Team…

    42 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  17. Update SSL VPN to newest OpenVPN version.

    MacOS users with the newest version of Tunnelblick are starting to experience compatibility issues with the current OpenVPN version used by SSL VPN.
    Specifically comp-lzo is deprecated. See the same idea for UTM

    41 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  18. RED Support IPv6

    Currently RED devices can not use IPv6,
    I want RED devices to support IPv6.

    40 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  19. 4096 bits SSL VPN Encryption

    4096 bits SSL VPN Encryption is currently very common on many appliances but not on Sophos XG. Could you please add this level of encryption to the XG?

    40 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  20. Sophos Connect with OTP – eliminate 4 hours reauthentication

    Today when using Sophos Connect with OTP, the firewall asks for a new OTP token every 4 hours. According Sophos support, this value is hardcoded. If employees working the whole day remotely, an interruption very 4 hours is a pain.
    Please make these 4 hours configurable. Or at least extend it to 10 hours, so a full working day can be achieved without any interruption.

    39 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 13 14
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.