XG Firewall
Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.
-
Subscribe to Microsoft Expressroute addresses
Creating definitions and firewall rules to allow traffic through an Express route link is exceptionally tedious at the moment as there are dozens of IP addresses and they can change.
Microsoft did have an XML feed and now has an API feed that can be used to pull the information.3 votesUnder Review ·AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
We are considering automating this in future releases.
-
Do not auto-expand Default Web policy
Web filter Default policy comes auto-expanded whenever we click on protection - Web.
This is annoying as every time we need to shrink it and go to our required.
Also, there is no filter option to search policy while such filter option given in application policy.
8 votesUnder Review ·AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
We are considering doing this in a future release, but need to bear in mind that there are valid opinions on both sides of this.
-
Let's Encrypt Integration
It would be very nice if Let's Encrypt certificates (letsencrypt.org) can be generated directly from the XG Gui. So that the "Let's Encrypt Client" is integrated in the XG. Would it be possible?
Best Regards975 votes -
Scheduled Installation of the AV Updates and Firmware Installation.
Scheduled Installation of the AV Updates and Firmware Installation is required. The firmware updates and AV Updates should get automatically downloaded over the WAN interfaces, however installation of this updates should be done only when the Date and time is scheduled by the Network Administrator.
In addition to the available scheduling options, the custom category should be added, where in the administrators can select a custom date and custom time, after selecting the custom date and custom time the system should prompt if these settings are just to be executed once, daily, weekly, every 15 days or monthly.
895 votesUnder Review ·AdminStuart Hatto, XG Product Manager (Admin, Sophos Features & Ideas Laboratory) responded
This feature is under review but as yet is not committed.
-
Ability to change default Admin username
Currently, the WebAdmin Master-User is fix named as admin. It would be great, if we would have the possibility to change the username. This would be an improvement for brute-force attacks, when the WebGUI is somehow published to the Internet.
416 votesThis is being considered. The current intention is to add a superadmin role, making the default admin account just a member of that role.
This will allow you to create new superadmin accounts, capable of logging into the shell, adding ssh keys, and any other features limited currently to the named admin account.
Second, you will be able to disable or demote the named admin account.
-
Can we have live Bandwidth speeds for Interfaces?
It would be great to be able to see live Bandwidth speed stats for each Interface like we had on UTM.
604 votesThis feature is under consideration for a future release in 2018, though a target version is not yet set.
-
XG as NTP Server
NTP Server is a small package and UTM9 has it. In some small organization, having a central NTP server is a nice feature.
Can you add it into future release?You can put it inside device access, denying WAN from using NTP server for security reason.
856 votesThis feature is under consideration for a future release, though a target version or timeframe is not yet set.
-
Allow Configuration of DHCP Options
UTM 9 had great DHCP options that you could assing globally or to an individual pool. For people with VoIP deployments this is Huge.
464 votesAdding DHCP options to the GUI is under consideration for a future release.
-
Rename objects
Add support to rename Policy rules name, IPSEC and SSL VPN tunnels name, Webfilter Policy and Category objects, Application Policy and Category objects, QOS rules and all other items.
This will Improve the management, it must be default to all objects. Currently to fix a simple typo error, we must to create a new policy or category and populate all items again. A simple task can turn into a hard task.Best regards,
Carlos
359 votesThis will be implemented in a future release. It is being included as part of a larger project, to generally improve configuration capabilities across the product. Version for release is not yet confirmed.
-
Add support to USB NIC
At home USB NICs are ideal. Exactly the same problem we had in UTM9. Link below.
331 votesThis feature is under consideration for a future release, though a target version or timeframe is not yet set.
-
Enable/Disable Interface
At the moment, there is no way to disable/enable an interface inside SFOS.
Strange!Even using CLI menu.569 votesThis is a high priority feature, and will likely be targeted as soon as possible after v17 ships, though it is not yet committed to a release.
-
Sophos VPN app for mobile platforms
Sophos should develop an own VPN app for mobile operating systems (iOS / Android / Windows Phone) which can connect via the UTM using the configuration pushed from the UTM to the SMC server.
It should also support the Per-App-VPN feature which was introduced in iOS 7.366 votesThis feature is considered a high priority, and is under consideration for a future release, though a target version or timeframe is not yet set.
-
Native Microsoft Azure Site-to-Site VPN
Sophos UTM already natively supports automatic site-to-site VPN tunnels with BGP routing to AWS. I look forward to Sophos UTM supporting the same sort of site-to-site VPN tunnels with BGP to Microsoft Azure in public and private cloud deployments.
I think the easiest way for this to work would be for Sophos UTM to look at the requirements of getting the VPN itself setup (which has been documented in the forums and works), then to make BGP work on top of that, then ensure that BGP and the VPN can work between multiple private cloud and public cloud sites, then…
215 votesUnder Review ·AdminJan Weber (Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
We will address this within XG Firewall in one of the upcoming releases.
-
Web Protection: Enforce policy on Sophos Endpoints
It would be amazing to configure the Sophos Endpoint (not the UTM-provided one) to inherit the Web Filtering policy defined in the UTM.
43 votesUnder Review ·AdminJan Weber (Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
Moved to XG forum for future tracking, will be reviewed as part of Synchronized Security.
- Don't see your idea?