XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. IPSec with IP Range and List Type

    In the IPSEC connection, we have the option to create an IP range.
    But we cannot choose the created rang.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  2. exceptions

    Add the following to web exceptions as standard as not all Office/Windows updates work correctly, some get part way through then stop, also affects Windows update assistant.

    ^([A-Za-z0-9.-]*.)?microsoft.com/

    ^([A-Za-z0-9.-]*.)?.microsoft.com/

    ^([A-Za-z0-9.-]*.)?.msecnd.net/

    ^([A-Za-z0-9.-]*.)?windowsupdate.com/

    ^([A-Za-z0-9.-]*.)?live.net/

    ^([A-Za-z0-9.-]*.)?azureedge.net/

    ^([A-Za-z0-9.-]*.)?windowsupdate.com/

    ^([A-Za-z0-9.-]*.)microsoftonline.com/

    ^([A-Za-z0-9.-]*.)?windowsupdate.microsoft.com

    ^([A-Za-z0-9.-]*.)?update.microsoft.com

    ^([A-Za-z0-9.-]*.)?download.windowsupdate.com

    ^([A-Za-z0-9.-]*.)?test.stats.update.microsoft.com

    ^([A-Za-z0-9.-]*.)?ntservicepack.microsoft.com

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. 1. How to grant/deny Internet Access Based on groups/IP 2. How to Exclude or Include clientless users/IP address from Web Usage Report.


    1. How to individually grant/deny internet access to an IP or Groups

    2. How to exclude/include a clientless user or IP from Web usage report or any other reports.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  4. Dashboard report with specific time

    Expecting a Dashboard report which will have a specific time period, eg: 8am to 10am instead of the existing one which only gives a consolidated report for the day (s).

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  5. waf java

    WAF cannot rewrite links in Java (there is no Java interpreter in the WAF).

    case : [#9104960]

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Declined  ·  0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Correct the unit used for WAN data transfer in System Graphs

    The unit used in System Graphs in the diagnostics menu is confusing and nonstandard

    For WAN Data Transfer, the unit used is KBits/s. I cannot find anywhere where this is a standard abbreviation for anything.

    I've confirmed with Sophos in case [#9204632] that the actual unit is Kilobits per second (Kbps, kbps, Kb/s, kb/s,), based on testing, even though some Sophos people I have called to have said its KiloBytes per second (KBps or KB/s)

    We confirmed this by doing speed tests showing that my client has a symmetric 50/50 Mbps pipe.
    Recent spikes recorded show as high as 20000…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  7. multiple addresses in dhcp relay on xg firewall

    Describe how 2 addresses in a dhcp relay are processed, please.

    Round-robin?
    Failover?
    Is the second address completely ignored?
    Are both addresses tried, fastest response wins?

    If Round-robin, please add option to choose Failover.

    If Failover, what are the failover conditions?

    Please allow at least a timer condition that can be set.
    If Failover conditions are met, when does the relay revert back to the primary address?

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Please Replace Hold Music with IT Security News

    I think Sophos should replace all their hold music for support calls with IT related news podcasts, at least then I could learn something while I wait. I mean, come on now! If you can have up to 60 minute waits at least make it more tolerable.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. quarentine

    It would be helpful to have an editable summary message with either my company logo or at least Sophos's logo to quickly know it is official. We are seeing scam messages get through pretending to me SPAM reports.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. SSL Site To Site VPNs between SG and XG

    When you want to migrate customers from an SG to an XG Firewall one of the hardest issues come when you can't establish SSL site to site VPNs between SG (Astaro) and XG when the SG is the master.

    Why can't the EPC files be compatible?

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Declined  ·  1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  11. Encrypted Backups - Option to use or not use

    Allow to not encrypt backups on XG Firewall 17.5. RIght now we are forced to do encrypted backups. It would be nice to have an option to skip it.

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Some websites taking too much time to load, It works fine without using cyberoam CR25ing.

    In firmware version 10.6.2 of cyberoam CR25ing many websites taking too much time to load properly, but when I create new rule without attach identity it works fine.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  13. Issue with Encrypted Backup File in XG Firewall

    Hi Sophos,
    I feel encrypted backup file feature on XG firewall which is inconvenience. Can you let this feature be optional on new firmware update?

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. SSO Client for Mac

    Could you please add an SSO Agent / Client for Mac OS devices?

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. AV Scanning DNAT

    We are using CR100ing device, when we create a virtual host(DNAT Rule), it create firewall rule automatically, it this automated created rule can enable av & as scanning on SMTP, SMTPS, FTP, HTTP, HTTPS, POP3, IMAP.
    But Know i just buy SOPHOS XG-210, this appliance does't have this feature. so Kindly work on that and resolve this issue asap.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Report in hourly units

    This feature is required if you want to find high traffic IP addresses from the past hour.

    Otherwise it will always be a daily report and cannot be used as a reference.

    I want to report the smallest unit to choose the hour

    thank you very much

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  17. Automatically create block rules for blacklisted IPs

    The Feature of machine learning/Artificial Intelligence ==> Detecting any blacklisted IP and automatically making a firewall rule for the IP with the action drop/reject

    this will take off the engineer load and protect the enviroment.

    It will an advantage for your appliacne and will become more recommeded.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. reports with time features

    In Report we need time : which Source IP access with which time

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  19. Generate reports on multiple categories

    We would really appreciate the ability to be able to provide a single report based upon multiple categories. At the moment, it seems that to produce reports on multiple categories they must be sent as separate reports to the email recipient.

    This method does not look professional when running XG devices as an MSP.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  20. missing DigiCert root in Certificate Authorities

    Missing DigiCert root in Certificate Authorities
    Uploaded PFX certificates from DigiCert are signed with red cross because root certificate "C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA " is missing in Certificate Authorities.
    So this certificate cannot be added as appliance cert.
    Please add it.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6 7 8
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.