DNS Web filter
DNS Web filter would be a good add to Sophos XG.
its very important to scan dns forwarder like other vendors (fortigate , paloalto)
This will be great feature, because actually we need to have two systeme: 1) sophos - like firewall and 2) DNS filter - like OpenDNS
AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) commented
XG Firewall Web Filtering can filter HTTPS traffic and apply policy based on destination IP or on the server name, without having to decrypt. In v18 it can do this on any port. We also filter DNS requests with our ATP feature.
DNS filtering would add very little value, and has its own blind spots such as when clients use DNS over HTTPS or when apps bypass DNS in other ways.
Cool Guy commented
Given how prevalent HTTPS is these days , DNS Filtering on the Guest and Mobile WLANS is an absolute requirement.This should seriously be considered by Sophos.
This was an option in UTM9 and was great as decrypt isn't always possible in many small deployments or guest networks. Missing this feature it brutual, XG really seems like a step backwards from UTM9.