Using Sophos XG 18.01 , had a recent issue where a LAN>>LAN rule was deleted automatically when a RED device interface was removed from the XG.

It would be great, if "Tags" or "Locks" could be applied to Firewall rules, that either stops these rules from being deleted, or alternatively prompts for login credentials or a warning before the rule is deleted.

When a Network zone is added, firewall rules shoud be created with a specific "view" of zone to zone rules to help administrators to maintain firewall rules and add specific accept rules in the correct "view" of zone to zone scope by copying the default deny zone to zone rule and position with the good sequence number after verification to avoid traffic dismissing

When DDOS attack is detected, a web page should authorize the admin to send after validation
a BGP FLOWSPEC message with preformated tupples acl to upstream routers with network traffic limitation or drop
just to load balance the security defense between routers and the target or intermediary firewall

self sourced traffic of the firewall services should be defined on a specific "micro service" address type loopback to simplify acl special security in the menu "system" "administration""device access" even if this special menu is greatfull

route maps with acl defined subnets, interfaces, next hop should be usefull to mitigate routing table hijacking propagation inside severals IGPs and BGP

"Should be used in conjonction with network namespace and vrf lite"

network namespaces or vrf lite are a way to mitigate the internal private routing tables exposition to external public routing table when there is no way to build a multi level firewall architecture

Please provide this option urgently in XG430 because its very difficult to find MAC or IP. I was used Cyberoam before and this option available and its very easy to use. After upgrading Cyberoam CR750ing to sophos its very difficult. Thanks for Understanding.

sophos xg firewall dashboard icon for vpn color should not be red once one tunnel is working
it should be yellow with triangle icon and down you can mark 1out of 2 is down

Currently, blocking or redirecting TLD / ccTLD (https://icannwiki.org/Countrycodetop-level_domain) dns lookups for clients using XG dns requires configuring dns request routes for each one to send those lookups to an external Microsoft or other dns server populated with fake TLD / ccTLD zones and wildcard records. It would be simpler to be able to control lookup results within XG without having to route to an external server.
This request was similar but applied only to web http traffic rather than the dns level to address all protocols: https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/31267192-block-tld

In MONITOR & ANALYZE | Reports | Network & Treats, we'd like to have ability to see the name of the file that is attacking the network internally.

i.e. The Intrusion Attack is: 'FILE-PDF Adobe Acrobat ImageConversion PCX Parsing Out-of-Bounds Write'. File name of source attack: 'malware.pdf'.

We can use that info to search out the attacking file and delete it if not picked up by AV.

Using set advanced-firewall bypass-stateful-firewall-config del sourcenetwork x.x.x.x sourcenetmask 255.255.255.0 destnetwork y.y.y.y destnetmask 255.255.255.0 works for Ipv4 but not Ipv6. Or if you can disable invalid packet blocking on Ipv6. This is especially needed when using asymmetric routing scenarios.

there should be an option that would check all security settings with a nice overview as well as recommendations with shortcuts to right place as well as a shortcut to a easy explanation.
this will tighten security for experts and first time users.

Please add a feature to add ip host and fqdn host using cli

Under IP Host, it would be great to have a Network List feature where we can add multiple networks, similar to IP List (which only allows for IP address' and not Networks).

Dears ,

We need to have a Virtual domain in our XG firewall like in Fortigate & Palo alto . because sometime this feature kick us out from competition

Dears ,

It will be awesome if you make a change in your subscriptions EnterpriseGuard by adding email protection to be anti-spam like in Fortigate in this way Sophos will be more flexible to meet customer requirements . When customer asking about subscription with anti-spam and not full email protection we can provide EnterpriseGuard by this way we will be more competitive . but if the customer look to full email and WAF then the FullGuard will be choise

Dears ,

I'd like to suggest one thing regarding hard drive SSD . if it is become more flexible . i mean if we can change the SSD hard drive on the firewall according to the customer requirements

Because sometimes the firewall throughput's being acceptable but the customer be restricted to specific size of SSD this caused lost a lot of projects against other competitors

Static route should always be the top precedence by default. I have several tunnels that have stopped working after updating to v18 and having newly migrated policy routes take precedence.

Additionally, it would be nice to have a GUI-based option to change the precedence order, rather than needing to go and and make a CLI change for each device we upgrade.