XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. DNS https

    DNS over HTTPS or DNS over TLS
    I know there is a feature request for DoT already but id like to add to that request by asking for the option to choose DoH or DoT?

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Stick IP functionality for NAT Pools or any NAT rule

    Coming from a Juniper background, we have the functionality of "Sticky IP" (Junipers "Address-Persistent") for any NAT rule. In Sophos you can only do this if performing a load balance NAT to a webserver (KB:132277).
    It would be great to be able to do this in any NAT rule.
    Thank you

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. 1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Enable user inactivity timer issue

    Enable user inactivity time frame must be encrage ,Inactivity timer should be more then 5days (1440 to 7200 mints),we facing issue in every Monday mins after holiday next working day for authentication.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. : www.cert-in.org.in. The alerts on latest malware are published under VIRUS ALERTS section.

    JCry ransomware is designed to encrypt data and append filenames with a ".jcry" extension. Once data is encrypted, JCry opens a pop-up window and generates the HTML file, "JCRY_Note.html", then drops a copy in every existing folder. The HTML file delivers a message informing victims about the encryption and ransom demand. This activity was observed in the Information Technology Sector.

    *******************************IOC*****************************
    Analysis:

    Host
    IPv4: 172.81.182[.]63
    Sighted: 2019-03-08 [only single sightings used]
    Kill chain Phase: Command and Control
    Characterization: IP Watchlist

    Host
    URL: http://185.163.47[.]134/flashplayer_install.exe
    Sighted: 2019-03-08 [only single sightings used]
    Kill chain Phase: Delivery
    Characterization: URL Watchlist
    [MD5:C86C75804435EFC380D7FC436E344898].

    Host
    URL: http://76.74.177[.]236/flashplayer_install.exe

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Integrate a Yara Engine rules on IPS

    Integrate a Yara Engine rules on IPS

    3 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Create and maintain a host group for all O365 services this can be updated with firmware updates?

    Create and maintain a host group for all O365 service IP's this can be updated with firmware updates?

    4 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Require firewall rule details under Intrusion Attacks report

    Information about the firewall rule should be displayed under Intrusion Attacks report.

    It will help to filter out allowed attacks in case if the IPS logs are not available.

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add DynDns to support "dyndns.org". Currently it only support "dyndns.com" for XG.

    current XG only support dyndns.com but not dyndns.org

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow port forward of TCP and UDP in same rule

    So there's a limitation currently where if you're making a DNAT rule, and you want to change the destination port number, you can't forward ports from both TCP and UDP to the same server using the same rule.

    For example, I have an environment where RDP traffic from specific external public IP addresses is forwarded from one of my public IPs to an internal server (via DNAT). RDP uses both TCP 3389 and UDP 3389, but my users connect on a different port number (52389), which I need to forward an internal server on 3389.

    I can create services to…

    7 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Ability to apply UTM filters on traffic from Discover Interface so to create a report for POC

    Discovered traffic from Discover interface could be made more meaningful by applying web and application filters so to get some meaningful UTM reports not just application visibility for the new customer who wants to check the UTM capability of device before buying OR before device goes to inline production environment.
    Fortigate has some nice way with one-arm sniffer interface and sniffer firewall policy.
    It would definitely help sophos gaining more customers while doing POC

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Zone Groups

    It would be good to be able to build zone groups in a similar fashion to IP host groups, FQDN groups, service groups, etc. This would allow rules to include multiple zone sets quickly.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. reset firewall hit counter

    reset the firewall hit counter, not only after reboot

    3 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. alphabetical

    It would be great if in the XG550 interface the services and host listings in the Firewall Rules were listed in alphabetical order. That way you would have to search through dozens of objects in a 6 line window.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. XG 125 to support half duplex

    Hello Team,

    We have request here from customer to support half duplex for Sophos XG 125.
    For your assistance please. Thank You.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Two factor authentication for Active Directory synched under XG

    Hello Team,

    We have customer here requesting to have Two factor authentication for Active Directory synched under XG. For your assistance please. Thank You.

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Proxy tools

    For the people who using proxy tool to bypass the firewall , i hope that there an option to quarantine the ip who is using the proxy tool automaticlly .
    Like psiphone .

    3 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. ALLOW REMOVAL AND ADDITION OF PORTS TO THE HA WHEN THE CLUSTER IS MADE

    Please team of sophos, make that when you want to add or remove a port of the has not have to disarm the cluster.

    regards

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Sophos Home Guard Hardware for (Home Users)

    i have idea for new hardware Called Sophos Home Guard It can connected to router to protect all connected devices (IOT) for (Home Users) it contain Firewall,web protection traffic watcher and more

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. ppoe

    on the wan port PPOE connection not working properly. every 15 day it will be down automatically ,during that Modem is working fine but in network setting PPOE port shown down.

    please update any new MR for this problem

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 14 15
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.