XG Firewall
Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.
-
SSL VPN Reports should include the timestamp of when the user connects and disconnects
SSL VPN Reports should include the Timestamp of when the user connects and disconnects.
This feature needs to be added.
129 votes -
SSL VPN client that logs on before Windows
We need a SSL VPN that can log on before windows. This is required in many environments as it allows GPOs to resolve properly.
99 votes -
vpn ssl interface
Ability to bind SSL VPN to a single interface.
Currently when SSLVPN is enabled it listens on all interfaces regardless of what is set in Local ACL's.
We need the ability to bind this to a single interface, if we use port 443 for SSL VPN as many want to it limits our ability to run WAF/DNAT for web servers on separate interfaces on 443.
85 votes -
SSL VPN client for mass deployment
We need a way to deploy the SSL VPN on mass without logging into the user portal. A standard MSI would be ideal which could be deployed by any ESD or as part of an image.
70 votes -
Rename SSL VPN profile installer file
Every downloaded SSLVPN profile is named "usernamesslvpnconfig.exe" and there is no possibility to change this globally. So if you import different profiles with the same username (as we do this for our technicians with different customers) you can't differ which profile is for a specific customer.
Please provide a ability to change this or change the naming convention to SG like.
63 votes -
Share port 443 with VPN and Webserver
I have a webserver with SSL enabled, but I want also the SSL-VPN server at the same port (TCP,443) since this port is not blocking at the most firewalls.
I know it is technical possible, with "port share" in the VPN-Server-Config.
Regards,
Marc53 votes -
Sophos Connect - Add groups to "allowed users"
In the current implementation we are unable to select groups in the "Allowed users" field. Selecting groups would vastly improve time spent rolling Sophos Connect out for our pilot users.
I bet a lot of other customers also use LDAP against their domain to fetch users from there. Having to maintain pilot users two places makes this a headache.
Thanks
49 votes -
SSTP VPN - Native Support
Microsoft PPTP VPN is using a weak algorithm (MS-CHAP v2 which can be cracked) so you should upgrade to SSTP vpn protocol available from Windows Vista. You could allow users to download certificate from user portal and no more actions are required on client side. Think about whem you need to manage 100 users and you need to manage them, such as udating their client or when they move from once PC to another. In this way, is the client OS that manage the entire overhead and from XG side is another add-on from TMG's competitor.
The same request has…41 votes -
Support for Wake on LAN
It's very disapointing not to be able to WoL all the computers on our LANs. We use WoL to update OS during the night but since we have XG, we can't do it anymore.
36 votes -
Configless SSL Client
I would like to see a SSl VPN client that does not require reinstalling the application after every config change. The SSL VPN client config should be updating when it connects after a modification is made.
35 votes -
Make SSL VPN user configurations available to the Admin
Add ability for an Administrator to view and download SSL VPN configurations of users. Additionally make windows configurations available as .ovpn files as well as the 'executable'
32 votes -
4096 bits SSL VPN Encryption
4096 bits SSL VPN Encryption is currently very common on many appliances but not on Sophos XG. Could you please add this level of encryption to the XG?
31 votes -
Do not auto-reboot RED in Standard/Split configuration
When using the devices "RED " in the Stardard/Split configuration type, the device at the time of not detecting the XG Firewall attempts to complete the connection 5 times and then reboots the device.
In this mode, the computers go to the Internet through the WAN in the "network " not by the VPN so that being restarting the device stops offering Internet service.
This is not optimal for computers under the RED device, as some services that do not use the VPN as a charge with credit/debit card cannot be carried out because you do not have access to…
29 votes -
Rename RED devices on XG
Why on earth am i not able to rename my RED units to something sensible? Instead all units is called reds1,reds2, reds3 etc, in the name they are added!
This is hopeless - and it quickly becomes hard to identify the units/networks!29 votes -
Bring RED Tunnels to UTM's and also to Sophos XG
I would love to be able to create RED tunnels to other Sophos Firewall XG devices aswell as Sophos UTM's.
This was a big disappointment to myself who used RED tunnels between UTM's
29 votesStarted ·AdminJan Weber (Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
Work on bringing back RED tunnels between two XG Firewalls has started and will be part of the next version of XG Firewall.
-
Update SSL VPN to newest OpenVPN version.
MacOS users with the newest version of Tunnelblick are starting to experience compatibility issues with the current OpenVPN version used by SSL VPN.
Specifically comp-lzo is deprecated. See the same idea for UTM24 votes -
RED traffic in system graphs
We can see RED traffic in report,
but we can't see the traffic in system graphs.Please add the RED interface in system graphs.
Thanks~24 votes -
Support Wireguard VPN
I would like to see WireGuard added as VPN option since it is mote secure, lightweight and modern compared to the current available options.
23 votes -
RED - device info and bandwith monitoring
Sophos RED:
I have just begun implementing Sophos RED devices to branch offices. And the implementation have been very straight forward and easy to deploy.
What i really need is some way to get information about the device connectivity.
- How much bandwith is the location using? (Daily, weekly etc.).
- How is my 3G failover connectivity connection? (No/bad/good/excelent connection)
- Email notification in the event of failing over to backup 3G / WAN.Right now i am simply blind on what status is on the RED...
AND also - please add a RED category...
22 votes -
Sophos Connect Client - AD password reset
It would save a lot of client frustration if there was a mechanism built into the Sophos Connect client that allowed users to securely reset their AD account password in the event that it has expired.
21 votes
- Don't see your idea?