Need to have Ip2country for IPv6 based hosts and IPv6 addresses per country. Also be able to list of networks in IP object like IPlist.

Hello Team,

We have customer here requesting to Utilize the weight value for WAN failover order of priority to become active. For your assistance please. Thank You

Hello Team,

We have customer here requesting to Utilize  the weight value for WAN failover order of priority. For your assistance please. Thank You

Please make it possible to move existing VLANs to another base interface without the need of deleting/reconfiguring. Almost every other manufacturer allows that and it really helps when we have to temporarily build a network on ports other than the ones that will be used in the end.

Using Sophos XG 18.01 , had a recent issue where a LAN>>LAN rule was deleted automatically when a RED device interface was removed from the XG.

It would be great, if "Tags" or "Locks" could be applied to Firewall rules, that either stops these rules from being deleted, or alternatively prompts for login credentials or a warning before the rule is deleted.

When a Network zone is added, firewall rules shoud be created with a specific "view" of zone to zone rules to help administrators to maintain firewall rules and add specific accept rules in the correct "view" of zone to zone scope by copying the default deny zone to zone rule and position with the good sequence number after verification to avoid traffic dismissing

When DDOS attack is detected, a web page should authorize the admin to send after validation
a BGP FLOWSPEC message with preformated tupples acl to upstream routers with network traffic limitation or drop
just to load balance the security defense between routers and the target or intermediary firewall

self sourced traffic of the firewall services should be defined on a specific "micro service" address type loopback to simplify acl special security in the menu "system" "administration""device access" even if this special menu is greatfull

route maps with acl defined subnets, interfaces, next hop should be usefull to mitigate routing table hijacking propagation inside severals IGPs and BGP

"Should be used in conjonction with network namespace and vrf lite"

network namespaces or vrf lite are a way to mitigate the internal private routing tables exposition to external public routing table when there is no way to build a multi level firewall architecture

Please provide this option urgently in XG430 because its very difficult to find MAC or IP. I was used Cyberoam before and this option available and its very easy to use. After upgrading Cyberoam CR750ing to sophos its very difficult. Thanks for Understanding.

sophos xg firewall dashboard icon for vpn color should not be red once one tunnel is working
it should be yellow with triangle icon and down you can mark 1out of 2 is down

Currently, blocking or redirecting TLD / ccTLD (https://icannwiki.org/Countrycodetop-level_domain) dns lookups for clients using XG dns requires configuring dns request routes for each one to send those lookups to an external Microsoft or other dns server populated with fake TLD / ccTLD zones and wildcard records. It would be simpler to be able to control lookup results within XG without having to route to an external server.
This request was similar but applied only to web http traffic rather than the dns level to address all protocols: https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/31267192-block-tld

In MONITOR & ANALYZE | Reports | Network & Treats, we'd like to have ability to see the name of the file that is attacking the network internally.

i.e. The Intrusion Attack is: 'FILE-PDF Adobe Acrobat ImageConversion PCX Parsing Out-of-Bounds Write'. File name of source attack: 'malware.pdf'.

We can use that info to search out the attacking file and delete it if not picked up by AV.

Using set advanced-firewall bypass-stateful-firewall-config del sourcenetwork x.x.x.x sourcenetmask 255.255.255.0 destnetwork y.y.y.y destnetmask 255.255.255.0 works for Ipv4 but not Ipv6. Or if you can disable invalid packet blocking on Ipv6. This is especially needed when using asymmetric routing scenarios.

there should be an option that would check all security settings with a nice overview as well as recommendations with shortcuts to right place as well as a shortcut to a easy explanation.
this will tighten security for experts and first time users.

Please add a feature to add ip host and fqdn host using cli

Under IP Host, it would be great to have a Network List feature where we can add multiple networks, similar to IP List (which only allows for IP address' and not Networks).