XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. STAS application should allow changing WMI credential

    STAS application should allow changing WMI credential (case number 8430014). The installed STAS agent per domain controller should have an option to update the credentials used for collecting info. The only option to enter the credentials is during the install. So if the admin username / password changes, the only option is to uninstall / reinstall the agent.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. IP host rules linking

    Need a way to check how many firewall rules an IP host is associated with.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. IPS Signature details

    It is good to provide more details to an IPS signatures directly from the IPS policies/signature. This was found in Cyberoam last time but not available in Sophos.

    This is useful for the security admin to find a resolution to the "attack" rather than only bypassing it, without knowing what is going on.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Block l2tp and pptp requests at perimiter

    Today, it is quite possible to brute-force attack L2TP and PPTP as there is no way to drop incoming requests based on IP, geo or any other variable.

    I would like the ability to assign a network rule (or equivalent) that drops requests for such features before entering the firewall, before reaching authentication. Much like ACL exceptions for device access does.

    This is not possible today, and we have to contend with miles of logs with login requests and tries from far away, just probing for passwords.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. quota limit per IP (feature available through user only)

    quota limit per IP (feature available through user only)

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. fqdn

    FQDN host instant reverse lookup for rules, so they work first time, or periodic update of DNS cache for FQDN hosts. We see an issue with round robin style FQDN hosts not being picked up on a rule. The first IP attempt is not resolved and the correct rule doesn't get applied, however the next attempt is from another IP address which doesn't trigger the rule either, it's only once the round robin has gone all the way round that the rule works properly. For example we found this with Exchange Online, using IPs 65.55.88.X for SMTP, the rule wouldn't…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Data Control

    Data Control is rule based but has a hardcoded rule (per sophos support) that cannot be disabled: it blocks all communication to external devices that isn't initiated through Windows Explorer. But this is how backup software operates (Veeam in our case). We cannot enable Data Control and perform data backups. My request is to make this functionality of Data Control be rule based so end users can choose to enable or disable it to fit their environment.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Bypass IPS

    Give us a way to bypass the IPS based on source and/or destination. We have clients who pay for vulnerability scanning, pen-testing, web app auditing, etc. and currently there is no way to bypass the IPS if the rules are numerous without duplicating each rule where the first rule has the IPS turned off.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Enable/Disable Firewall rule

    It would good if you could enable/disable the firewall rule from the main list display, rather than having to click the "..." menu and then select disable/enable. Cyberoam could be enablde/disabled on the firewall rules list.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Static ARP Bulk upload feature is highly recommended

    Static ARP Bulk upload feature is highly recommended

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Nat on different Tab not on firewall rules

    Nat on a different TAB, like SG version,
    It will be great to use and categorize rules by selecting NAT SNAT,DNAT,1:1 NAT.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Please add the IPS Signature for CVE-2018-5924、CVE-2018-5925.

    This is a vulnerability in the HP printer. There are no Signature in XG Firewall, please add.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow IP Ranges larger than 255, Network larger than /24

    Allow IP Ranges larger than 255 and Network larger than /24 for Protected Servers in Business Application rules.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Data speed reduce after QOS limit

    Currently, Sophos has not limited data access on the firewall.
    No any rule on cyberoam for this.
    we need to set limit 1 GB data then after reduce the speed of bandwidth like jio.
    you can understand my problem and update your Cyberoam as per my requirement.
    we want set rule Data speed to reduce after QOS limit.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Block the internet sharing in client devices

    Need to block the internet sharing in client devices, users are sharing the internet from the laptop and bypass it on the mobile phones with applications.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. temporally firewall rule and then FW delete it

    Its very usefull if i can create a new User/Network rule temporally for certain Host. For example, some user in the network is being blocked with some Web categories, and they need to download some file (to work) from a blocked web page, for troubleshooting or helpdesk. So I create a user/network rule to this users without web filter or any app filter, but i have to delete this rule 1 hour later for example, or 5 minutes later, to avoid user has Internet without any restrictions.

    I think this feature of create a user/network rule for specific time and…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow upd port 500 forward on the bridge to use on device behind the firewall with public ip

    With other firewalls (fortigate) it is possibile to forward the upd port 500 to a device behind the firewall configured to use a public ip.
    With xg this port is not usable.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. MAC base DHCP

    Is it possible to implement the MAC base DHCP through. I am not talking about static DHCP. For example I have 300 MAC address these are only get IP in /24 subnet network range.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Online website to Upload Backup to check configuration

    It would be great if we had a online portal where we can upload any XG backup and check the configuration as it appears on a physical XG device. This will save us lots of time instead of searching for a physical compatible device.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. endpoint

    Better integration between XG and Endpoint beyond just heartbeat. e.g, logged on user can be passed to firewall for use in user-based rules.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.