XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Subscribe to Microsoft Expressroute addresses

    Creating definitions and firewall rules to allow traffic through an Express route link is exceptionally tedious at the moment as there are dozens of IP addresses and they can change.
    Microsoft did have an XML feed and now has an API feed that can be used to pull the information.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Do not auto-expand Default Web policy

    Web filter Default policy comes auto-expanded whenever we click on protection - Web.

    This is annoying as every time we need to shrink it and go to our required.

    Also, there is no filter option to search policy while such filter option given in application policy.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Let's Encrypt Integration

    It would be very nice if Let's Encrypt certificates (letsencrypt.org) can be generated directly from the XG Gui. So that the "Let's Encrypt Client" is integrated in the XG. Would it be possible?
    Best Regards

    786 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    75 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Ability to change default Admin username

    Currently, the WebAdmin Master-User is fix named as admin. It would be great, if we would have the possibility to change the username. This would be an improvement for brute-force attacks, when the WebGUI is somehow published to the Internet.

    374 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →

    This is being considered. The current intention is to add a superadmin role, making the default admin account just a member of that role.

    This will allow you to create new superadmin accounts, capable of logging into the shell, adding ssh keys, and any other features limited currently to the named admin account.

    Second, you will be able to disable or demote the named admin account.

  5. Can we have live Bandwidth speeds for Interfaces?

    It would be great to be able to see live Bandwidth speed stats for each Interface like we had on UTM.

    541 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    26 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. XG as NTP Server

    NTP Server is a small package and UTM9 has it. In some small organization, having a central NTP server is a nice feature.
    Can you add it into future release?

    You can put it inside device access, denying WAN from using NTP server for security reason.

    748 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    47 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow Configuration of DHCP Options

    UTM 9 had great DHCP options that you could assing globally or to an individual pool. For people with VoIP deployments this is Huge.

    399 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    16 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Rename objects

    Add support to rename Policy rules name, IPSEC and SSL VPN tunnels name, Webfilter Policy and Category objects, Application Policy and Category objects, QOS rules and all other items.
    This will Improve the management, it must be default to all objects. Currently to fix a simple typo error, we must to create a new policy or category and populate all items again. A simple task can turn into a hard task.

    Best regards,

    Carlos

    317 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. 314 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    64 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Enable/Disable Interface

    At the moment, there is no way to disable/enable an interface inside SFOS.
    Strange!Even using CLI menu.

    499 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    16 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Sophos VPN app for mobile platforms

    Sophos should develop an own VPN app for mobile operating systems (iOS / Android / Windows Phone) which can connect via the UTM using the configuration pushed from the UTM to the SMC server.
    It should also support the Per-App-VPN feature which was introduced in iOS 7.

    336 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    18 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Native Microsoft Azure Site-to-Site VPN

    Sophos UTM already natively supports automatic site-to-site VPN tunnels with BGP routing to AWS. I look forward to Sophos UTM supporting the same sort of site-to-site VPN tunnels with BGP to Microsoft Azure in public and private cloud deployments.

    I think the easiest way for this to work would be for Sophos UTM to look at the requirements of getting the VPN itself setup (which has been documented in the forums and works), then to make BGP work on top of that, then ensure that BGP and the VPN can work between multiple private cloud and public cloud sites, then…

    204 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    26 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Web Protection: Enforce policy on Sophos Endpoints

    It would be amazing to configure the Sophos Endpoint (not the UTM-provided one) to inherit the Web Filtering policy defined in the UTM.

    41 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Synchronized Security (Heartbeat)  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.