XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Migration Assistant VM to support UTM 9.7+ Configurations

    Migration Assistant VM to support UTM 9.7+ configurations. Tested this recently at a customer's site, and the MA only accepts up to 9.605. This set me back by a few months of firewall changes.

    Also, I'm sure it's been suggested, but why is the MA not a web-based tool in the partner portal? A local running VM is a bit of overkill just to convert a file. Could even just boot your existing VM in Azure or AWS and have it refresh it's image every 60 minutes or so and give web login access to partners. Partner's log in, upload…

    8 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Pass traffic button

    It would be nice if we have a button next to firewall log 'Denied' entry, that can create a Firewall rule based on that log entry.
    Quite often it would be much more effective and efficient if I could allow traffic with one button, instead of doing all rule creation step-by-step procedure.

    5 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Send Wake On Lan Magic packet to host.

    Create a Button, that will send Magic Packet to defined host or host from DHCP leases list. It would be much more pleasant to use Firewall to wake hosts instead of other machines, cause sometimes in one site there are only workstations, without any 24/7 working server any kind.

    6 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Super Admin & Admin

    Super Admin Can Access from Public Network WAN Interface and Admin Can access from Local Network LAN interface only and from WAN interface only accessible by Super Administrator which is should be owner can able to change his own Super Admin.

    1 vote
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. IPS Not Working ! on Sophos XG Home

    IPS not Working on SOPHOS XG Home

    3 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Make a way to add to Sophos Connect "Allowed user" list without booting all currently connected Sophos Connect users.

    The title pretty much spells it out here. It's very disappointing that you can't add a VPN user without disrupting all your current VPN users...

    12 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Geo Blocking

    Geo Blocking is a great addition, but doesn't list all the countries.

    For instance, I have a customer getting hit by Kenya and Kyrgyzstan. Any ETA on when Geo Blocking will be fully rolled out?

    4 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. NAT Rules - Grouping

    Grouping NAT rules - same as grouping Firewall Rules.

    13 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. loopback interface and ip sla features in v18

    kindly add loopback interface and ip sla features in v18. loopback interface is need to use in bgp and "ip sla" is needed for link high lentency failover.

    3 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Revoke DHCP lease from client

    The ability to revoke the DHCP leased out to certain client.

    3 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. office 365 SMTP Host set up

    Have a pre-configured O365 smtp host option, which includes all Exchange Online Protection IP address ranges. So we dont have to manually add in all of the reccomended ones from Microsoft

    https://docs.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges

    10 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. IPv6 support in "Policy Tester"

    Currently one can only use the Policy Tester for IPv4 addresses. Please add the ability to also test IPv6 addresses.

    8 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. scan ftp for malware on encrypted FTP

    requesting for scanning of encrypted FTP

    5 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. subodha@idawngroup.com

    Hi Team,

    On now Sophos can add bandwidth limitation to user wise/ Application wise and Rule wise.
    But if bandwidth limitation had on network adapter wise and VLAN wise, It will be very helpful to all of them. So I'm requesting to add that feature ASAP.

    1 vote
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. please provide filter option under intrusion prevention under Spoof Protection Trusted MAC it is very difficult to change the mac or ip

    please provide filter option for mac with ip
    under intrusion prevention
    under Spoof Protection Trusted MAC
    it is very difficult to change the mac or ip numbers . In our organization 250 Hosts are bind with mac for security purpose. There are 40 pages across we have to search it is very difficult. Thee is no option for export also. This feature is available in cyberoam 100ing firewall. but in sophos XG210 its a major pain to always scroll all the pages to find a single entry.

    2 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Sophos Switches with Synchronized Security

    In case anyone up high at sophos is listening, how about this idea: Sophos is already in the firewall and AP business. Now we just need switches managed through Sophos Central with Sophos Synchronized Security added.
    Ports to infected endpoints could be shutdown when the XG or the endpoint see a device in an unhealthy state.

    There would be better visibility with Synchronized Applications, seeing traffic that the firewall can't see.
    Partners could offer a complete "Network in a box" solution for every point of endpoint connectivity, whether wired or wireless!

    3 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Import a CSV or have more predefined services

    It would be great to have more Pre-defined services with their relevant ports listed.
    Like some other Firewalls have such as CheckP...t.

    Or perhaps a way to import a services scv file.

    3 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. MAC not capture in Authentication agent app

    MAC not capture in Authentication agent mobile app
    To impliment MAC bases authentication.
    Please provide New version of App in Android and ios to capture MAC also.

    1 vote
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Ability to restrict ALL system services under Administration -> Device Access

    This is similar to https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/16593775-assign-the-built-in-services-vpns-admin-etc-to which was marked as "Already Possible" even though it is not. I want to restrict RED device access to a single external IP address. Currently ALL external/WAN IP addresses have port 3400 open listening. I can restrict SSL VPN and User Portal but I cannot restrict RED access or IKE (port 500) even if I wanted to. This is causing me pain in my PCI compliance scans. If this cannot be done then I need to be able to enable these services per IP address and not per Zone like it currently is.

    If I…

    5 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Shared Network Quota

    I have a new request about issuing shared limit network quota for a group.
    Now when I assign to network quota to group , that group each user will getting that particular data quota.

    Ex: User Group Name - Test and Allocated 200GB to group, The test group have 10 Users.
    As now In sophos Each user will get 200GB. But I want to use this 200GB as a Shared Data bundle.

    14 votes
    Sign in Sign in with: Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.