XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

Let's Encrypt Integration

It would be very nice if Let's Encrypt certificates (letsencrypt.org) can be generated directly from the XG Gui. So that the "Let's Encrypt Client" is integrated in the XG. Would it be possible?
Best Regards

382 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
  • sso
  • facebook
  • google
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Roman Krapf shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    22 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Michael Jelinski commented  ·   ·  Flag as inappropriate

        Schade das Sophos die Wichtigkeit von Let's Encrypt noch nicht erkannt hat. Vielleicht sollten die Nutzer mal ein Fachzeitschriften-Abo für die Sophos Entscheider spendieren.
        Oder gibt es andere Gründe weshalb die Technik der XG dem aktuellen Stand der Technik mehrere Jahre hinterherhinkt?
        Selbst die Open Source Alternativen sind da meilenweit weiter... Schade...

      • Clark commented  ·   ·  Flag as inappropriate

        337 votes and all we get is "We're considering this"... For a security company, not so impressed...

      • Dave Hamer commented  ·   ·  Flag as inappropriate

        Crazy that this still hasn't been implemented - especially since the Google Chrome patch, and especially as you're implementing it in UTM.

      • Steve commented  ·   ·  Flag as inappropriate

        Agree, I've got multiple XGs that could use this, and I avoid UTM like the plague (because it's bad!)

      • Ermanno Goletto commented  ·   ·  Flag as inappropriate

        Native support for Sophos XG is a killer feature after July 2018 now that Google Is Marking Non-HTTPS Websites As ‘Not Secure’

      • Simon commented  ·   ·  Flag as inappropriate

        Is there any update on this request? how long do you need to consider something?

        Alan Toews
        (Sr. Product Manager, Sophos Features & Ideas Laboratory)
        Responded April 19, 2017
        We’re considering this

      • William de Vos - IMPROVES B.V. commented  ·   ·  Flag as inappropriate

        I support this idea, this would make it much easier to enable HTTPS services like the Webserver Protection and have the browsers of the users both internal and external automatically trust the sites.

      • Mike commented  ·   ·  Flag as inappropriate

        With Symantec-gate due to take down *all* Symantec certificates in October we're looking at switching a lot of things to Let's Encrypt, and I'd imagine a whole lot of other companies are doing the same. Without support from the XG side, the reverse proxy feature becomes somewhat useless in this scenario. Even the UTM has a way to import these certificates via a script running on another machine.

        This needs to go from a consideration to implemented real soon!

      • David Rudduck commented  ·   ·  Flag as inappropriate

        I've had a number of clients ask if it's correct that they get a certificate warning for the user portal when configuring SSLVPN.

        This would go a long way to making that process better - and also encourage users to only trust properly secured sites.

      • Dirck commented  ·   ·  Flag as inappropriate

        Let's Encrypt is a well known, solid and very mature system to easily assign certificates to a large amount of services. Integrating this in the XG would greatly decrease the amount of wildcard certificates being used by IT administrators and a more secure network. It would also lower the certificate costs for almost all users and simplify certificate management.

        Within the XG this could be used to generate a certificate for the User Portal, admin portal, SSL VPN, SMTPs and all the different webservers run behind being protected by WAF

      • Dirck commented  ·   ·  Flag as inappropriate

        Sophos, its time to get real. Do you want to protect your users? Lets get this encryption going and give them a quick and easy way to get recognized certificates. Many products already support this, why are you staying behind?

      ← Previous 1

      Feedback and Knowledge Base

      icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-lightbulbCreated with Sketch.