XG Firewall
Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.
-
Per-policy control for SafeSearch
Please provide the option to enable/disable Safe search and youtube restricted mode per policy.
In schools we need the ability to enable/disable the safesearch and youtube restricted mode based on the policy for individual user groups rather than globally while at the same time as having web category filtering.
For example we would like to turn safesearch mode and youtube restricted mode off for certain staff groups but while maintaining the category filtering, where as students we want safesearch and the youtube restricted mode on at all time.
89 votesStarted ·
AdminRich Baldry
(Product Owner, Web Protection, Sophos Features & Ideas Laboratory)
responded
This feature is currently being worked on for inclusion in version 17.2.
It will enable per-policy settings for SafeSearch as well as separate settings for YouTube, including the ability to select Strict or Moderate mode.
-
Separating “YouTube Restricted Mode” from "Enable SafeSearch" feature
Separating YouTube "Restricted Mode" from "Enforce Safe Search" option in XG Firewall would allow much more flexibility for customers.
YouTube "Restricted Mode" is currently just too “restricted” (not usable) and customers should have possibility to turn it on or off without impact on SafeSearch.
On the other side, SafeSearch is very useful feature that customers would probably have always on.96 votesStarted ·AdminRich Baldry
(Product Owner, Web Protection, Sophos Features & Ideas Laboratory)
responded
This feature is included in the upcoming v17.5 release (v17.2 was renamed).
-
Upgrade Cyberoam to Sophos and lost features
In Cyberoam, we could go to firewall rules and in one view could see all the rules, what the source and destination restrictions were.
With Sophos O/S we now have to go in and edit each rule, one-by-one, just to see what the settings are.
In addition, on a 24" monitor, we can only see 9 rules per screen on Sophos, as opposed to Cyberoam where you can see 32 rules per screen. On a device that has 30-40 firewall rules, navigation on Sophos O/S is an absolute disaster.
Please bring back the old GUI, or AT LEAST allow it…
10 votesWe are making some layout improvements to better support larger rulesets. We won’t copy the CR ui in XG, but we will make a number of improvements in v17, to make working with large rulesets better. Some of that will be improving the layout and use of vertical space.
Our priorities in v15 and v16, were to reduce the need to scroll horizontally in as many cases as possible, and then to make the rules themselves more powerful, allowing for excessive numbers of similar rules to be consolidated into many fewer rules. This is largely successful, and we are now focusing on improving the display efficiency, to allow more rules visible on the screen at once, ability to group and hide related rules, making the display shown per rule more efficient, and other improvements to make working with larger rulesets easier.
-
Remove support for TLS v1.0 and Insecure Cyphers or Allow them to be disabled
The XG still supports protocols that are insecure and fail PCI compliance scans. These protocols such as TLS v1.0, 64-bit block ciphers, etc should be able to be disabled through at a minimum the CLI and preferably the UI.
69 votesThis is being implemented in v17 as a UI configurable option.
Note though, that PCI standards enforcing this requirement do not go into effect until mid-2018. Any audit failures due to crypto strength, prior to then, are premature.
-
SMTP Smarthost
Get back the possibility to relay outgoing email from the Sophos XG to a SMTP smarthost like we had in UTM 9
72 votesThis is planned for our v17 release
-
packet tracer
A feature like Cisco's ASA Packet Trace utility will be very nice. I like the XG firewalls but I really miss the Packet Tracer. Here's a little bit about it:
https://supportforums.cisco.com/document/29601/troubleshooting-access-problems-using-packet-tracer
I like it because you don't need to setup test hosts - the test packet virtually injected from the appliance itself.
9 votesA full policy test utility, which will fully simulate the results of a a request, is planned for v17
-
Initial Install
During the initial install, Sophos XG chooses the interfaces on its own. User should be able to decide which interface to use.
Also basic setup is the only option someone can do to configure WAN port in order to register device. This would also be nice to choose the interface to use.
Add Registration log to console menu to permit user to see the logs regarding registration errors. At the moment I am unable to register the device, it was difficult to track down log messages.
38 votesThe initial product setup process is being updated in an upcoming release, before v17. This will improve the registration process, and interface configuration options available during the registration process.It will also update the setup wizard offered on first login, providing an improved initial install experience, end-to-end.
-
Bring RED Tunnels to UTM's and also to Sophos XG
I would love to be able to create RED tunnels to other Sophos Firewall XG devices aswell as Sophos UTM's.
This was a big disappointment to myself who used RED tunnels between UTM's
28 votesStarted ·
AdminJan Weber
(Product Manager, Network Security Group, Sophos Features & Ideas Laboratory)
responded
Work on bringing back RED tunnels between two XG Firewalls has started and will be part of the next version of XG Firewall.
-
56 votesStarted ·AdminJan Weber
(Product Manager, Network Security Group, Sophos Features & Ideas Laboratory)
responded
We are working on providing more guides and documentation at the moment, this includes video tutorials. This is going to be an ongoing process and we will add more over time.
- Don't see your idea?
