XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. XG logviewer - add multiple IP's

    In the logviewer for XG appliances, being able to filter out multiple values for SRC or DST would be extremely useful!

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. OWA Publishing on Exchange 2016 or above

    Hi Teams,

    One of our Customer wants to publish OWA with Exchange 2016 but as per Sophos, we were communicated by Sophos, OWA is not supported by XG Firewall for Exchange 2016. Customer is currently using two appliances of XG firewall 650 as a web proxy in their environment. Now we have a feature request or idea to include the OWA Publishing on Exchange 2016 through the XG Firewall. For future enhancement is there any product that supports both Web Proxy and OWA Publishing on Exchange 2016.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Site to Site SSL manageable via SDWAN Routing.

    As it is right now, SDWan can be used to do routing between Devices that have a definable Gateway. That being said, you need to define a Physical interface and when doing the site to site SSL VPN you cannot use SDWAN routing as the SSLVPN is defined as a virtual interface. Would suggest that improvements are made to the SDWAN routing to allow either defined VPNS to show up as a interface, or allow for all virtual interfaces to show up as a interface along with the physical ones.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Business Rules needed Schedule Feature

    Business Rules needed Schedule Feature, there is no schedule option available to on and off the firewall specially in WFH environment really requires it.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. 3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow to set a Name or Description in Spoof protection trusted MAC

    Allow to set a Name or Description in Spoof protection trusted MAC

    Protect > Intrusion Prevention > DoS & Spoof Protection

    On the table only show mac address an ip address, it would be nice to relate the FQDN or any kind of description to the mac addres and ip.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Permit to use FQDN as local ACL source

    The idea is to allow the use of a FQDN in the local ACL when adding a rule to allow for example the WAN HTTPS management. The interface only allow IP addresses for the moment.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Hide network attack count for added exceptions

    It appears that the Sophos dashboard displays network attacks even for vulnerabilites that have been given an exception.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. virustotal scanning option on reports or logs

    I use VirusTotal often either manually or via 3rd party apps or even via the API, so it would be ideal if we could use VirusTotal within Sophos XG v18 Web UI somewhere for diagnostics or threat hunting as an option on live logs or reports.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. XG Firewall Web Portal Pages and Config loading too slow

    The Sophos XG Firewall routers need the web interface config pages speeded up - all units are much slower than the Cyberoam UTM pages load at and adding and changing a config can take from 5 to 15 seconds to load. Makes configuring a sophos from scratch a slow and tedious process.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. IGMP version

    Possibility to change the highest supported version of IGMP. Prohibition of use of IGMPv3 version.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. IPSec Remote Acess - Selection of other policy than the default one

    To summarize:


    Default re-key time for IPsec remote access is set to 4 hrs and does not have any option to change it from GUI.
- This usually happens in the backend without any interruption (with only one authentication). However, if we have configured MFA then it will prompt for the OTP after every 4 hours as it requires reconnecting.

    Administrators may be able to config this behaviour as well be able to associate the IPSec Remote Access to another Policy than the default one.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Support user authentication in rules from WAN to LAN using 2-factor authentication as we do when connecting to user portal

    Currently LAN to WAN is supported, but not WAN to LAN. Checking known users, selecting users, and having them login if they are an unknown user will be a replacement for the https bookmarks removed from the user portal.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Revert subject of gateway status notification e-mails back to SFOS 17 style

    We use a RMM that allows us to assign an incoming alert e-mail to a specific client based on the subject, which we labeled the gateway name on the Sophos appliance based on the client ID and ISP, for example "XYZ Comcast". When a client's Sophos appliance with SFOS 17 would report an interface is down via e-mail, the ticket would be assigned to client XYZ in our RMM due to the subject: Gateway XYZ Comcast Went Down or Gateway XYZ Comcast Went Up

    With SFOS 18 the subject is now "ALERT Sophos XG Firewall - Gateway status" and…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Better filter search in the add new item

    In the different rules creation fileds it's not very easy to find your objects in the "Add new item" button. The search is effective only if you know the beginning of the word you are searching but it's not always the case. Please add the possibility to search a word or a partial term of an object like it was possible in SG. It will make your product much more user friendly...

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Being able to filter rules with keyword in views

    It's very difficult to find your rules in XG compared to SG. In SG there was a textbox search who was very efficient because it was filtering rules on any fields with the text entered. Please add this functionality into the different XG views !

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Better interface with adjustable column size

    In the firewall rules the column are too small and it's difficult to look for the desired rule as their name are troncated with "...". It would be much more easier if the size of the column were adjustable or even filterable like in SG....

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow to enter a partial MAC-Address to filter for Vendors

    It would be great to be able to enter a partial MAC-Address as eg. 00:1A:E8:* within the MAC Address Definition section.
    The MAC-Address in this example would involve every device from the vendor Unify.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow netflow to be assigned to a specific zone

    It would be great to be able to assign the netflow service to zones the same as you can with most other services: SNMP, SSL portal, ping, user portal, etc..
    You cannot truly segregate all management traffic/duties with the current implementation without rewiring the default Lan port to be a dedicated management interface

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Ghost ip detection

    We are using DHCP server from our XG firewall. IP leasing setting is 12 hrs. I am looking for some tools from which i can find the ghost IP ( IP which is not active) and clear it up from the DHCP pool in order to assign to new connection.

    Secondly I want to know that how can i make a rule that if a device is not authorized to access internet should not get the IP from the DHCP server.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 13 14
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.