XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Please Replace Hold Music with IT Security News

    I think Sophos should replace all their hold music for support calls with IT related news podcasts, at least then I could learn something while I wait. I mean, come on now! If you can have up to 60 minute waits at least make it more tolerable.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Issue with Encrypted Backup File in XG Firewall

    Hi Sophos,
    I feel encrypted backup file feature on XG firewall which is inconvenience. Can you let this feature be optional on new firmware update?

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. AV Scanning DNAT

    We are using CR100ing device, when we create a virtual host(DNAT Rule), it create firewall rule automatically, it this automated created rule can enable av & as scanning on SMTP, SMTPS, FTP, HTTP, HTTPS, POP3, IMAP.
    But Know i just buy SOPHOS XG-210, this appliance does't have this feature. so Kindly work on that and resolve this issue asap.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Integrate a Yara Engine rules on IPS

    Integrate a Yara Engine rules on IPS

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Create template for Business Application Rules

    When some Business Rules are being configured, it would be helpful to have the possibility of create a template for a rule. In order to optimize the troubleshooting.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. misbehaviour of Sophos box on port no 443 and 80

    Hi Team,
    I am observing this issue with both Cyberoam and Sophos. I am able to telnet to any fake IP with port number 80 and 443 from any newly created firewall rule. It is so funny that SOPHOS support team is not able to provide a proper answer.Issues escaleted to Global support team but even they are saying that is the way the firewall should work. Pathetic.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Declined  ·  1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. fqdn

    FQDN host instant reverse lookup for rules, so they work first time, or periodic update of DNS cache for FQDN hosts. We see an issue with round robin style FQDN hosts not being picked up on a rule. The first IP attempt is not resolved and the correct rule doesn't get applied, however the next attempt is from another IP address which doesn't trigger the rule either, it's only once the round robin has gone all the way round that the rule works properly. For example we found this with Exchange Online, using IPs 65.55.88.X for SMTP, the rule wouldn't…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →

    The way DNS works, what you suggest is not plausible. It’s not always possible to retrieve all hosts that are configured for DNS round-robin in one go. It’s also not feasible to do reverse DNS lookups for IP addresses in real time without a huge impact on performance. We will continue to look for other ways to make this kind of feature more effective where we see major gaps.

  8. Enable/Disable Firewall rule

    It would good if you could enable/disable the firewall rule from the main list display, rather than having to click the "..." menu and then select disable/enable. Cyberoam could be enablde/disabled on the firewall rules list.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Please add the IPS Signature for CVE-2018-5924、CVE-2018-5925.

    This is a vulnerability in the HP printer. There are no Signature in XG Firewall, please add.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow IP Ranges larger than 255, Network larger than /24

    Allow IP Ranges larger than 255 and Network larger than /24 for Protected Servers in Business Application rules.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Public Access Need To Be Secure

    Hello Team,
    I have install XG 135 firewall to secure my network but my firewall is not secure yet, after enabling wan access my firewall then any budy can hack my firewall so take it seriously heir should be any advance login procedure like throw OTP or any other way.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Declined  ·  1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. WAN Optimization

    We are waiting for a feature called "WAN Optimization" or "WAAS".

    15 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Make Suricata a second option for IPS

    The addition of Suricata as an option for IPS while keeping Snort as the default option would be a great feature so people can test both and determine which option better suits their hardware and security needs.

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. External IPS engine

    The IPS function can be expanded with external engines. For example, Suricata. This will be of great significance at that time, when many artificial intelligence-based IPS modules will be developed by more teams. I think many of them are open and free. There is a possibility in the firewall to use these as well.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Improve Network Visibility

    Can i recommend you further improve Network Visibility of the XG / SG devices by incorporating a Day-Glow orange stripe on the outside of the hardware? I'm certain this will improve visibility, especially in darkened server rooms.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. save username/password in ssl vpn login dialog

    Would be nice to be able to have a checkbox to save username/password for Sophos SSL VPN client, as this was before in Cyberoam SSL VPN Client. Optional. also Start with Windows (autostart) checkbox would be nice too.

    60 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    20 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Firewall on a Raspberry Pi

    Unix got where it is by being offered free to universities. More recently the very powerful Mathematica package has attempted a similar route by offering it free on the Raspberry Pi. A clever move - it allows people to play with it and discover its versatility without jeopardising sales of the full product to people who need its full power, only realisable on a high-end CPU.

    If you offered the firewall free as a Pi image it would sell the concept, give home users a device which was useful yet low enough power to leave on 24/7 (unlike an old…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Make Changes in sophos like Cyberom

    Need to make change in sophos group policy , In that i need option for making policy for group.

    When i select match group option by default that policy should be apply for group.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →

    In XG we have chosen to move to a more straightforward method of making security decisions. Rather than having decisions spread across several sections of the product, all are handled directly from within firewall rules. This is largely an improvement over Cyberoam, and we will work instead to improve the current implementation, rather than moving to a more spread out model.

  19. Exporting Dell Sonicwall to XG310

    I have a XG 310 unit I am evaluating. I hope to migrate from my Dell Sonicwall NSA 3500.

    I can get my sonicwall's backup file to see the text base configuration.

    Here are my notes on how to read sonicwall config files.

    Following these procedures will also allow you to read SonicWall exported backup files & compare text based configurations across firewalls if you so desire.
    Steps:
    1. Download backup of firewall (.exp) to computer c:\temp
    2. To decode the backup file (base64) you need to open the file in Notepad++ and remove the two ampersands (&) at the…

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Mail field

    Email field user in the Sophos XG imports only 63 characters when it is imported from Active Directory. this is bad, we need more positions.

    I reported to the support, but said to post here!

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.