XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Multiple IPS in Business Application Rules

    When creating a Business Application Rule as a NAT, to have the option to choose more than just one IP Address to receive the connection.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Authentication Client automatically installs relevant Certificates

    I would really like it if teh Authentication Client automatically installed relevant Certificates from the firewall. I have a couple ideas about how this could be implemented:
    1) During the download and installation the relevent certificates could be downloaded and installed.
    2) During operation the client could sense a network location and firewall change (e.g. work/home) and suggest downloading and installing new certificates to support the firewall you are now sitting behind.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Choose interface IPs for built in services

    The XG does not allow the ability to choose which IP interface a built in service like VPN/IPsec and the SPX portal bind to. For example, I have a /24 public IP range, and in order for a NAT to function for outgoing traffic, I'm required to create an aliased IP address on the WAN link. Each and every aliased IP responds to requests on UDP 500 as the following (via namp or the nessus vulnerability scanner): 500/udp open isakmp StrongSwan ISAKMP.

    The fact that there may be rules in place in the VPN configuration to limit who can actually…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. route

    Ability to use IP Host names (Console --> System --> Hosts and Services) in creating routes and gateways (Console --> Configure --> Routing).

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. RBL type group can be used in Blocked client networks of Firewall rule.

    RBL type group can be used in Blocked client networks of Firewall rule.
    If the user's email password is leaked, the hacker will use the managed host to connect to the mail server. Most of these hosts come from low-reputation IP addresses, so we can deny connection requests from these low-reputation IPs in the business policy.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Wi-Fi URL Redirection and MAC address based managing

    I need to make a URL redirection for all Wi-Fi guest access once they are filling its details and submit the form they are enjoying internet access. Where I can make the following:-
    1. VLAN configuration: Wi-Fi port to be configured as a VLAN based URL redirection.
    2. Condition: Access to the internet based on the submit button inside the form.
    3. Use mac address criteria in case the same customer need to access the Wi-Fi in the next day he will don’t need to fill the form again.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Balance bandwidth option for QoS

    Currently there are two options - limit and guarantee. It'd be very interesting if there was an option to divide the available bandwidth between all users (so if you have 5 users and a 100mbit connection, each user would get 20mbit for himself). This would allow the network to be fast most of the time, while being able to cope with a high number of devices.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. requirer BGP-IPV6 is feature in XG

    Dear Team,

    We have IPV6 for WAN and want to configured BGP on IPV6.

    On current time it's not supported on IPV6.

    Kindly added this is feature.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add BGP v6

    Please add one more( BGP V6) feature in Sophos XG firewall.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Request to have option to delete bridge interface

    Hello Team,

    We have customer here requesting to have option to delete bridge interface under Sophos XG, For your assistance please. Thank You

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Create an XG Firewall for home users

    Create an XG Firewall appliance for home users that competes with Bitdenders Box2, Cujo, RATrap, and so on.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. IPS Real time alerts

    The firewalls must: Notify the administrator in real time of any items requiring immediate attention. -[Requirement of PCI CP)

    28 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. QOS per interface or Gateway

    Can we please get some QOS functionality on a per interface or per Gateway option,

    We have a lot of customers that have multiple links with different speeds, it is currently difficult to manage this with the current QOS functionality.

    I see a lot of other feature requests for QOS but none that cover this topic.

    Thank you

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. i need to enable load balancing between 2 isp where having 3 isp

    i need to enable load balancing between 2 isp where having 3 isp

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Ability to not have local data transmission count as data used on voucher quotas.

    Right now it would appear that data used by voucher users even for local traffic, affects their qouta balance, so if a voucher is for 1 Gig, if the voucher user consumes only local traffic, not WAN data, it still affects the user's data usage. Personally don't think it should be that way, or at least have the option to not have it affect the voucher balance.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. zabbix

    Gostaria de sugerir a implementação do agente do zabbix nos equipamentos Sophos XG, a sugestão é devido a necessidade que temos atualmente de monitorar alguns XG, que estão trabalhando como brigde e não possuem acesso quando a origem é a internet, com a possibilidade do agente zabbix poderíamos configurar para que o mesmo enviasse as informações para nosso servidor no SOC, independente do IP de saída.

    Resumidamente ter a opção de trabalho ativo e passivo.

    https://www.zabbix.com/documentation/3.0/pt/manual/distributed_monitoring/proxies

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Advanced NAT options for firewall rules

    I have seen multiple forum posts about this and there's also some feature requests that all come down to the same issue: managing NATs kind of sucks on the XG!

    On a user rule, the only thing we can do is masquerade. That's not always useful. There's no way to control DNAT and SNAT options in a good way. We don't have a proper way to set up a 1-to-1 NAT for a full network other than creating two business rules that are really not made for this purpose. It's completely unintuitive and not well designed.

    The Network Address Translation…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. wan traffic

    Per-WAN definition of available bandwidth.
    Traffic shaping and WAN load-balancing, as currently defined in the XG don't allow us to take advantage of knowledge of the available connections.

    In our typical use case, we have a secondary connection which it'd be great to load balance over, but we need to guarantee that we never use the last 10~20% of that connection as it's reserved for high-priority services that cannot sit behind the firewall.

    In the SG this was easy; you defined an bandwidth limit per interface when setting up QoS; I'm not sure why someone was possessed to come up…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Sandstorm progress page

    Would be awesome to be able to see the progress of a scan from the users perspective instead of a dead screen and then have to guess when the scan is done.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. SSL vpn user not able to access vpn remote access

    SSL vpn connection is all about remote connection to the local Lan and also it should be for VPN connection also. when we connect through SSL vpn we can access only local machines but not the remote VPN machine , thus admin has to provide another local machine for remote SSL_VPN user. Your thoughts on this......

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.