XG Firewall
Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.
-
Browser based proxy authentication
Implement browser based authentication like what the UTM and all other solutions offer. This would be brilliant for the authentication to be browser based on devices with multiple users using it with the same IP
11 votesPlanned ·AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
We are planning this feature for an upcoming release – hopefully it will get into version 18.5.
-
Sophos Endpoint should pass user login info to firewall
Better integration between XG and Endpoint beyond just heartbeat. e.g, logged on user can be passed to firewall for use in user-based rules.
12 votes -
Firewall rule with content/application matching for custom QoS/Gateway configurations
Allow firewall rules to "match" by application, and thus permit custom routing/qos. E.g (Streaming out lower cost WAN1, VoIP out faster/more expensive WAN2)
This would be (layer7) application based (Not Subnet/Port based)
15 votesPlanned ·AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
We are making improvements in this area with version 18.
-
WAN without gateway
Earlier on SG, we used to have options to check if gateway is available on any interface but on XG it is compulsory to keep gateway on WAN which is quite annoying while having L2 links connecting its numbers of offices where I need IPsec VPN.
32 votesI may have misunderstood the intent here, but I believe it is to allow use of a gateway, even when that link is not an internet facing gateway – perhaps an MPLS circuit connected to the LAN, or DMZ, for instance. This is currently planned for the next version of XG.
-
Common Objects used in all configurations
Give us objects like in the UTM, Why do i have to set a static ip in the dhcp, add a dns record in the dns server and create a ip host object for firewall rules, when i could do it all with one object in the UTM.. This was for me a really really perfect feature and it makes it all a lot easier to administrate since you don't have to do the same over and over again for different parts of the configuration.
110 votesThis is currently being planned for inclusion in an upcoming version
-
Create and Manage Multiple ehlo
As Enterprise product, XG should be able to manage multiple ehlo to protect multiple email domain behind it. On UTM9 we have profile mode but multiple ehlo was missing too. Add some sort of profile (including ehlo) for multiple domai for one/multiple public IP, such as WAF does with virtual domain.
26 votes -
Add support SNMP via VPN without add static
Add support SNMP via VPN without add static routes. This could be as SSH via VPN, only choose a checkbox allowing or deny the service.
Today it is needed add static route pointing to tunnel name.Best regards,
Carlos
11 votesThis should be addressed, as part of our improvements to VPN tunnel capabilities in v17.
- Don't see your idea?