XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Improve Logging

    At the moment understand what's going on is very HARD. Live logs are missing and notepad on every section is missing.
    Add live log and allow admins to configure itself coloured live logs (globally or on single windows?). In this way logs have different level of importance and Admins can better understand if they need to worry about or not. For example allows Admins to set red for high-risk/denied traffic/system error, yellow for warning/natted/or whatever and so on.
    I really love the live log on Firewall section of UTM9 where reading what's happen is very very easy.

    440 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    29 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →

    We have released significant improvements to logging since this idea was first posted.

    There are certainly still more things we could do.

    I’m closing this item in the hope that users will post some more specific and detailed ideas for where to go next, with good examples of use cases/value provided. There are also many interesting ideas already posted that you could support or contribute to.

  2. Rename/Comment Physical Interface objects

    It should be allowed to change the name of Physical Interface objects from default PORTx name to custom one.
    Also, comment attribute/field should be added for additional description (like it was available in UTM9).

    420 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    26 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →

    The ability to rename interface objects will be delivered in version 18 of SFOS. We will not be adding comments at this time.

    If comment/description field is important to you, support this item, which is specifically about providing comments fields more generally across the board: https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/38328700-more-objects-should-have-note-fields

    For information on how to get early access to version 18, go here: https://events.sophos.com/v18eap

  3. Change SSL VPN Port

    Right now it is not possible to change the SSL VPN Port by GUI. Port 8443 is used by default. Please add the possibility to change, because Port 8443 is not allowed in many networks.

    411 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  41 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow interface port to be configured with just vlans

    As it is right now you must assign an ip address to an interface and then add vlans. doesn't allow you to just assign vlans.

    281 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    25 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add support to choose both protocols (TCP/UDP) in Service object

    Currently we have to create a separated rule to each protocoal TCP/UDP.

    Best regards,

    Carlos

    229 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  5 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. default source port when adding new services to "1:65535"

    Would be nice if the source port was already pre-populated like it was in UTM9

    227 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  5 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. 193 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    35 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Webfilter & Application on User

    A great feature in cyberoam was the ability to change webfilter/App filter for a user or group in the identity section.

    With XG that good option was left off, allowing only firewall rule based webfilter/App filter application as competitors do.

    Please bring back that feature which made Cyberoam so popular.

    186 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    16 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →

    In v16, we added user and group constraints to web policies. This allows admins to control all web behaviors for all users, from a single screen, while adding more powerful and simple to maintain web polices than in any other firewall. This allows you to define behavirs for users or groups in a single policy, while also defining exceptions and overrides in that same policy, and not needing to create policy clutter, with multiple, similar web policies.

  9. SD-WAN

    SD-WAN

    186 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow VLANs to be added to a bridge

    This function was available in UTM 9, but it's missing in the new XG Firewalls. I should be able to create a new vlan and add it to a bridge so that it spans multiple physical interfaces. As it is right now, a new vlan can only be added to a single physical port.

    177 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    16 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Zero-config HA

    Clustering UTM is very easy. Now you have to assing an IP to the ***** XG and create the cluster. UTM clustering technology is the simplest one I never seen. The other thing is the DMZ zone to be used when you need to create the cluster. A dedicated zone should be available (maybe HA?). Also a second interface is missing as an alternate interface.

    163 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add FreeDNS.afraid.org DynDNS Provider

    FreeDNS was on UTM 9, is there any reason why it has not been carried over to XG Firewall.... I for one would like to have FreeDNS enabled in XG firewall as I see no technical reason why it should not be there.

    or at least have a custom setting for Dynamic DNS that enables a feature to set Dynamic DNS via a url that can be called by curl.

    159 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    77 comments  ·  Dynamic DNS Providers  ·  Flag idea as inappropriate…  ·  Admin →
  13. Automatic Firewall Rule and Group

    At the moment, automatic firewall rule is not available in any option as it was with UTM9. For example when you setup a new site-to-site or vpn. This is very useful and time saving. Also add inside Policy Section "Automatic Firewall Rules view".
    Last, add the chance to create Groups so we are able to group rules together.

    138 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. IKE v2 and dynamic routing

    IKEv2 and dynamic routing

    117 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    13 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. NTP - no need for rebooting the Firewall

    When making changes to the NTP Configuration, it should not be necessary to reboot the Firewall afterwards.

    104 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add support to copy/duplicate policy rules

    This will help us to reduce time, management in this operation.
    By example, Policy Rules with the same same destination, ports, gateway through but with the source address different, could be easily cloned with based from other one.

    Best regards,

    Carlos

    98 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Separating “YouTube Restricted Mode” from "Enable SafeSearch" feature

    Separating YouTube "Restricted Mode" from "Enforce Safe Search" option in XG Firewall would allow much more flexibility for customers.
    YouTube "Restricted Mode" is currently just too “restricted” (not usable) and customers should have possibility to turn it on or off without impact on SafeSearch.
    On the other side, SafeSearch is very useful feature that customers would probably have always on.

    97 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Sophos XG Unified firewall Business application should accept a host/services object

    Under: Policies
    Security Policies

    Adding a Business application non-HTTP rule you should have the option to use "Objects > Hosts and Services > Services" objects as the Port Forwarding target.

    This reduces the rules required and keeps it more unified..

    At the moment you need to add multiple rules I.E. A hosted service uses a mixture of single ports, port ranges and both tcp/udp will require multiple rules to achieve something very simple.

    97 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  7 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow wildcard subdomains in Firewall rules

    Firewall packet filtering based on wildcard subdomains and reverse DNS resolution.

    We would like to allow/deny connections based on a wildcard subdomain (think *.example.com). Only way to do that is to reverse DNS the destination IP and allow/deny based on the wildcard rule?
    Although there is the common possibility that the reverse DNS is not the same as the A or CNAME record requested, so I'm not sure how useful that would be.

    But, we would really appreciate the ability to filter based on wildcard subdomains.. like *.update.microsoft.com. See:
    https://technet.microsoft.com/en-us/library/bb693717.aspx

    93 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Improve GUI

    At moment the Dashboard cannot be customized, no flow control and no in/out of each interface. Really missing many nice features from UTM9. Sort option inside menu in alfabetic order.
    Make sure GUI can use all screen resolution; allow us to reset alarms from GUI;
    GUI should be similiar in feature as UTM9. We will see!

    93 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 8 9
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.