XG Firewall
Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.
-
Admin login “failed password” error
We recently setup a new XG 115 firewall saved the config and then found ourselves unable to login “failed password”
We contacted support and spent time using keyboard and screen to reset the password - still no login, then fully resetting and evenntually the Sophos support person advised we had a corrupted image and the unit was replaced as DOA.
The new unit was setup with the same result we proceeded to wipe and reset using different passwords which all worked when using the keyboard and screen
Only after setting up another Sophos incident and booking another engineer did we…1 voteStarted ·
AdminRich Baldry
(Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory)
responded
Thanks for your feedback. I’ve passed it on to our support team with a suggestion that they update their troubleshooting procedures for this kind of problem.
-
reporting
Single sheet reporting where you can drill down from IP to hostname to username, port, interface, URL, search by specific time and date and generate reports based on search criteria. Add columns remove columns based on what you are looking for. Almost like logger but for reporting. Basically take all the separate useless reports you have not and put them into one. Stop making it look pretty and just do a simple report with features. In my opinion the reporting on Sonicwall was great "Analyzer" If you guys could look at that tool and implement those features you would get…
5 votesStarted ·AdminRich Baldry
(Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory)
responded
Take a look at Central Firewall Reporting, which is currently in EAP along with XG Version 18.
-
Separating “YouTube Restricted Mode” from "Enable SafeSearch" feature
Separating YouTube "Restricted Mode" from "Enforce Safe Search" option in XG Firewall would allow much more flexibility for customers.
YouTube "Restricted Mode" is currently just too “restricted” (not usable) and customers should have possibility to turn it on or off without impact on SafeSearch.
On the other side, SafeSearch is very useful feature that customers would probably have always on.97 votesStarted ·AdminRich Baldry
(Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory)
responded
This feature is included in the upcoming v17.5 release (v17.2 was renamed).
-
Remove support for TLS v1.0 and Insecure Cyphers or Allow them to be disabled
The XG still supports protocols that are insecure and fail PCI compliance scans. These protocols such as TLS v1.0, 64-bit block ciphers, etc should be able to be disabled through at a minimum the CLI and preferably the UI.
71 votesThis is being implemented in v17 as a UI configurable option.
Note though, that PCI standards enforcing this requirement do not go into effect until mid-2018. Any audit failures due to crypto strength, prior to then, are premature.
-
Add packet tracer feature
A feature like Cisco's ASA Packet Trace utility will be very nice. I like the XG firewalls but I really miss the Packet Tracer. Here's a little bit about it:
https://supportforums.cisco.com/document/29601/troubleshooting-access-problems-using-packet-tracer
I like it because you don't need to setup test hosts - the test packet virtually injected from the appliance itself.
8 votesA full policy test utility, which will fully simulate the results of a a request, is planned for v17
-
Bring RED Tunnels to UTM's and also to Sophos XG
I would love to be able to create RED tunnels to other Sophos Firewall XG devices aswell as Sophos UTM's.
This was a big disappointment to myself who used RED tunnels between UTM's
29 votesStarted ·
AdminJan Weber
(Product Manager, Network Security Group, Sophos Features & Ideas Laboratory)
responded
Work on bringing back RED tunnels between two XG Firewalls has started and will be part of the next version of XG Firewall.
- Don't see your idea?
