XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

Let's Encrypt Integration

It would be very nice if Let's Encrypt certificates (letsencrypt.org) can be generated directly from the XG Gui. So that the "Let's Encrypt Client" is integrated in the XG. Would it be possible?
Best Regards

498 votes
Sign in
(thinking…)
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)

We’ll send you updates on this idea

Roman Krapf shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

41 comments

Sign in
(thinking…)
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)
Submitting...
  • Michael Jelinski commented  ·   ·  Flag as inappropriate

    Schade das Sophos die Wichtigkeit von Let's Encrypt noch nicht erkannt hat. Vielleicht sollten die Nutzer mal ein Fachzeitschriften-Abo für die Sophos Entscheider spendieren.
    Oder gibt es andere Gründe weshalb die Technik der XG dem aktuellen Stand der Technik mehrere Jahre hinterherhinkt?
    Selbst die Open Source Alternativen sind da meilenweit weiter... Schade...

  • Clark commented  ·   ·  Flag as inappropriate

    337 votes and all we get is "We're considering this"... For a security company, not so impressed...

  • Dave Hamer commented  ·   ·  Flag as inappropriate

    Crazy that this still hasn't been implemented - especially since the Google Chrome patch, and especially as you're implementing it in UTM.

  • Steve commented  ·   ·  Flag as inappropriate

    Agree, I've got multiple XGs that could use this, and I avoid UTM like the plague (because it's bad!)

  • Ermanno Goletto commented  ·   ·  Flag as inappropriate

    Native support for Sophos XG is a killer feature after July 2018 now that Google Is Marking Non-HTTPS Websites As ‘Not Secure’

  • Simon commented  ·   ·  Flag as inappropriate

    Is there any update on this request? how long do you need to consider something?

    Alan Toews
    (Sr. Product Manager, Sophos Features & Ideas Laboratory)
    Responded April 19, 2017
    We’re considering this

  • William de Vos - IMPROVES B.V. commented  ·   ·  Flag as inappropriate

    I support this idea, this would make it much easier to enable HTTPS services like the Webserver Protection and have the browsers of the users both internal and external automatically trust the sites.

  • Mike commented  ·   ·  Flag as inappropriate

    With Symantec-gate due to take down *all* Symantec certificates in October we're looking at switching a lot of things to Let's Encrypt, and I'd imagine a whole lot of other companies are doing the same. Without support from the XG side, the reverse proxy feature becomes somewhat useless in this scenario. Even the UTM has a way to import these certificates via a script running on another machine.

    This needs to go from a consideration to implemented real soon!

  • David Rudduck commented  ·   ·  Flag as inappropriate

    I've had a number of clients ask if it's correct that they get a certificate warning for the user portal when configuring SSLVPN.

    This would go a long way to making that process better - and also encourage users to only trust properly secured sites.

  • Chris commented  ·   ·  Flag as inappropriate

    This should be a much higher voted and prioritized request!

  • Dirck commented  ·   ·  Flag as inappropriate

    Let's Encrypt is a well known, solid and very mature system to easily assign certificates to a large amount of services. Integrating this in the XG would greatly decrease the amount of wildcard certificates being used by IT administrators and a more secure network. It would also lower the certificate costs for almost all users and simplify certificate management.

    Within the XG this could be used to generate a certificate for the User Portal, admin portal, SSL VPN, SMTPs and all the different webservers run behind being protected by WAF

  • Dirck commented  ·   ·  Flag as inappropriate

    Sophos, its time to get real. Do you want to protect your users? Lets get this encryption going and give them a quick and easy way to get recognized certificates. Many products already support this, why are you staying behind?

  • Rene commented  ·   ·  Flag as inappropriate

    I've a customer who would buy the XG if it had this feature. Mean reason would be cutting certificate costs as there are a large amount of certificates in play.

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.