XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Please add the IPS Signature for CVE-2018-5924、CVE-2018-5925.

    This is a vulnerability in the HP printer. There are no Signature in XG Firewall, please add.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow IP Ranges larger than 255, Network larger than /24

    Allow IP Ranges larger than 255 and Network larger than /24 for Protected Servers in Business Application rules.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Data speed reduce after QOS limit

    Currently, Sophos has not limited data access on the firewall.
    No any rule on cyberoam for this.
    we need to set limit 1 GB data then after reduce the speed of bandwidth like jio.
    you can understand my problem and update your Cyberoam as per my requirement.
    we want set rule Data speed to reduce after QOS limit.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Block the internet sharing in client devices

    Need to block the internet sharing in client devices, users are sharing the internet from the laptop and bypass it on the mobile phones with applications.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. temporally firewall rule and then FW delete it

    Its very usefull if i can create a new User/Network rule temporally for certain Host. For example, some user in the network is being blocked with some Web categories, and they need to download some file (to work) from a blocked web page, for troubleshooting or helpdesk. So I create a user/network rule to this users without web filter or any app filter, but i have to delete this rule 1 hour later for example, or 5 minutes later, to avoid user has Internet without any restrictions.

    I think this feature of create a user/network rule for specific time and…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow upd port 500 forward on the bridge to use on device behind the firewall with public ip

    With other firewalls (fortigate) it is possibile to forward the upd port 500 to a device behind the firewall configured to use a public ip.
    With xg this port is not usable.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. MAC base DHCP

    Is it possible to implement the MAC base DHCP through. I am not talking about static DHCP. For example I have 300 MAC address these are only get IP in /24 subnet network range.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Online website to Upload Backup to check configuration

    It would be great if we had a online portal where we can upload any XG backup and check the configuration as it appears on a physical XG device. This will save us lots of time instead of searching for a physical compatible device.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. endpoint

    Better integration between XG and Endpoint beyond just heartbeat. e.g, logged on user can be passed to firewall for use in user-based rules.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Mouse over more details for firewall rules

    It would be great if less information was displayed in the list of firewall rules. However, a mouse over would show all the details of the firewall rule instead.

    For example, limit Source and Destination to just show Zones and not subnets, user groups, etc..

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Firewall Rules - Save filters

    Would be great if we can create filters for firewall rules and then save them as tabs on top of the firewall list view. For example, we can create a filter for source WAN zones called 'WAN'. Then a tab called WAN will appear next to the firewall tab.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. XG as a RADIUS server for External 2FA

    I'd like to use XG as a RADIUS server for 2 Factor authentication. Now we can use the XG for VPN, Portal access ect.ect all XG internally

    I'd like to have "external RADIUS" added for example use 2FA on Citrix of VMware Horizon or other networking equipment that can use radius authentication together with the XG's users and software tokens.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. IS-IS routing protocol support for XG Firewall

    It would be nice to get the IS-IS routing protocol for the XG Firewall.

    RFC1195

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Sophos Firewall Manager - Template Pushing

    When pushing a template, all types of configuration should not already be selected - you should have to select which items you want to push, rather than deselect those you do not want to push.
    Having all items pre-selected is more likely to cause issues from human error, overwriting config with portions of templates you don't wish to utilize/push to a device.
    It's a minor change that could make a big difference for our customers.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. browser based mac binding not available in xg 115. so should to upgrade with this features. it's only in client based authentication.

    browser based mac binding not available in xg 115. so should to upgrade with this features. it's only in client based authentication.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Zero Firewall Rule Traffic Counter

    Very simple, have an option to zero the traffic counter on a firewall rule.

    61 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. DNS RPZ Support: DNS Spam protection by Response Policy Zones

    Please extend Sophos XG FW by DNS RPZ FW option to filter spam and malicious domains similar to mail reputation system (e.g. via SpamHaus).
    See: https://dnsrpz.info/ "Domain Name Service Response Policy Zones (DNS RPZ) is a method that allows a nameserver administrator to overlay custom information on top of the global DNS to provide alternate responses to queries. It is currently implemented in the ISC BIND nameserver (9.8 or later). Another generic name for the DNS RPZ functionality is "DNS firewall"."

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Request to support Verizon network for USB dongle under XG

    Hello Team,

    We have customer here requesting to support Verizon network for USB dongle under XG.
    As Verizon, unable to see Sophos XG on their end when they connect dongle with verizon network

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. IPsec NAT

    IPsec NAT: we need the possibility to NAT several local subnets to only one NAT-address and not 1 local subnet to 1 NAT-address. So that the remote peer has to configure only one ip-address as remote subnet.

    This is still working with an unsupported workaround. One snat firewall rule translates all our subnets to one ip-address which is part of "Local Subnets" in the affected ipsec connection. To get routes and snat working correctly, we've added an ipsec_route on xg CLI.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Public Access Need To Be Secure

    Hello Team,
    I have install XG 135 firewall to secure my network but my firewall is not secure yet, after enabling wan access my firewall then any budy can hack my firewall so take it seriously heir should be any advance login procedure like throw OTP or any other way.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.