XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow MAC binding feature on Individual User

    Allow MAC binding feature on Individual User. Cyberoam had the MAC binding features , where i can bind the single user to its MAC id for authentication.

    17 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow firewall rule Summary to be copied to the Clipboard

    In XG firewalls, allow firewall rule Summary to be copied to clipboard. We would like to use the rule summary in our documentation.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. GRE tunnel support for Policy base routing feature.

    The Sophos XG firewall GRE/IPsec VPN could not supported Policy Base Routing. It will get some GRE tunnel lost traffic for the specific routing on the links from the Peer GRE tunnel of the Firewall.

    12 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Local Service ACL Exception Rule default action

    Please change the default action in the Local Service ACL Exception Rules from drop to allow.
    I already locked out myself twice. Makes now sense to me that this is drop from default.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Better configuration for many to many masquerading NAT

    XG allows to masquerade an internal network with an IP range. To works fine it need a valid Alias address configured on the out interface (valid ip = ip in the masquearding range). So if we create a range of 200 IP we MUST define all 200 ip on the out interface. This is a feature needed in different scenarios such as a primary gateway with authentication or a network overlap ...

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Load Balancing Ratio - Usage of % instead of numbers

    Gateway Load Balancing accepts number and if you have more than 2 gateways, finding the ratio number can be challenging. Using percentage is less confusing and more simple to use.
    Thanks

    48 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Custom Name on SSLVPN Profile

    On the XG Firewall is not possible to change the Profilename for the Remote SSL-VPN. Profilename is always "usernamesslvpnconfig". Please add the possibility to change that like on the UTM with override hostname.
    I think, a field to customize the String "
    sslvpnconfig" would be better.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. VPN Connection Details list should work for large numbers of connections

    In IPSEC VPN connections with too many remote and local subnets you loose ability to see up/down status, when you click on "Connection Details" the list is blank rather than showing which networks are connected.

    I spoke with support and they confirmed the bug and asked me to submit a feature request. Can you please look into and repair this?

    Thank you!
    James

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. TLS 1.2 support for SSL VPN

    Currently TLS 1.2 is not supported for SSL VPN for SF-OS.

    Reference FR ID is NPM-264.

    We have a partner's firm that deals in Financial services and they are allowed to use only TLS.
    1.2 for SSL VPN due to compliance.

    45 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Support GRE even when XG is not the source of the tunnel

    GRE is not supported if XG is not the source of the tunnel. Very limiting feature in some big installation where other Appliances support GRE and need to be kept. XG should support GRE in any condition.
    Thanks

    19 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. IPS: Custom Categories based on keyword filters

    Currently IPS rules can only be selected via Category, OS, Risk or Target/Client. We need the ability to create custom categories, such as 'SMB' which would be triggered off keywords. This would allow us to get newly added signatures automatically to our custom categories, rather than creating an entirely new IPS rule with a brand new search for 'SMB' every update.

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. MAC binding with captive portal

    Need Mac bounding with captiportal and auto mac find option. if you implement the option bound with First mac use of user its so convenient for all user

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Disable virtual mac address in HA mode

    Running the Sophos XG firewall in high availability mode in a virtualized environment (where virtual MAC addresses are not supported) is currently not possible. Please implement a feature to disable the usage of virtual MAC addresses (similar to what the UTM does when using the command 'cc set ha advanced virtual_mac 0'.

    Thanks.

    14 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Firewall rule re-ordering by using Up and Down buttons

    Drag and drop for firewall rules seems to be unreliable on some browsers and can be difficult to do if using a tablet or trackpad.
    Can we add the ability to click on "UP", "DOWN", "MOVE TO TOP" and "MOVE TO BOTTOM" buttons to move the selected firewall rule?

    26 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. RED Interface:"3G/UMTS Failover" setting is DHCP mode support

    XG is Cellular WAN IF IP assign mode is support DHCP client
    but RED WAN I/F is not supported.

    Please support similarly.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Enable to configure multiple VPN Zones

    All of the zones of the VPN of the connection destination are the same and different policies can not be written.

    14 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Anti-portscan

    XG does not have a anti-portscan feature. Please vote it!

    522 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    57 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Use Office365 MFA for VPN user authentication

    It would be great to have integration of Office 365 multifactor authentication process (ability to use it to protect vpn connections for instance)

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Device inventory

    I suggest a view of devices on the network, divided by operating system and bringing the essential information such as host name, IP and MAC address, and which interface are connected.

    39 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow selection of CA Certificate to enroll SSL VPN User's certificate

    It would be great to allow selection of CA Intermediate certificate used to enroll SSL PVN Users Certificates (like already done for Web Scanning)

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.