XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. User permissions distinguishing between ADDING and REMOVING an entry to web- /content filter

    A more granular permission setting than read-only and read/write in web- and content filtering would be great: distinguishing between ADDING a new category, activity or URL to a web policy or REMOVING an already existing one is often needed by clients.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Change/Override URL category for website

    I need to recategorize a site, similar used in Sophos UTM. Today I can only create a whitelist.
    Is there any possibility of doing this in the XG Firewall?

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Configure time allowed after Web policy warn

    I would like to be able to define the amount of time the device is given after proceeding through a web policy warn page. The hard coded value is 30 minutes but that is not long enough for some tasks.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Provide an easier way to deploy SSL Decryption CA on mobile devices

    I again noticed last night, the issue of getting Cert's onto Client devices in order for HTTPs decrypt and scan to work. Its fine for us IT people or Techies but for end users its always a headache (well in my case it has) So I wondered if it would be possible for Cert installation to be added as a feature of either Sophos Mobile control or another App that can be downloaded via the XG user portal or even just a link on the user portal (we already have the Client Auth cert on the user portal for IOS/Android…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. happy eyeballs for Web protection

    As of right now, the Sophos XGs web Protection feature does not implement happy eyeballs which renders it unusable for IPv6 Endpoints - the only way to "fix" this is to simply force all http(s) traffic to use ipv4 instead.

    It would be nice to see real dual stack support by implementing Happy Eyeballs.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. executable files

    we need Sophos to add more executable files extensions MIME headers in the predefined file type that comes with Sophos.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Click-to-add Web policy modification from log viewer

    Hello Support Team,

    In log viewer of web Protection we can easily allow site by clicking right allow this site it will automatically go into FQDN site.

    It will easy to handle the site allow issue.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add support for cipher suite in Cyberoam OS

    Add a support to ciper suit TLSECDHERSAWITHAES128GCM_SHA256 -

    {0xC0,0x2F} in Cyberoam OS

    88 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    20 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. File extensions mime headers

    At the moment files who match File extensions, or MIME headers are be blocked, or broke the downloaded file. It would be nice if there is a option, that only blockes files if extension and MIME Headers match.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. PAC/WPAD file hosting on XG

    Couldn't find it previously suggested, so want to throw this in the mix. It would be awesome if we could host WPAD/PAC file locally on the XG unit. If I missed it in the documentation I'd appreciate if someone corrected me.

    27 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Restrict file upload by extension type

    XG Firewall should have an option for restricting file upload by extension type.
    this would really help in protecting the confidential data

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Display user notification when Surfing Quota is expired

    If a user finished his internet surfing quota Warn / notify the user with a redirected message that your daily internet surfing quota has been finished.In old web filtering technology have the same function and sophos should include this also to reduce the risk of administrator.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Block/allow YouTube categories

    YouTube uses categories for the videos and it would be quite valuable to block/allow based on those.

    Sample categories for the US:

    1 - Film & Animation
    2 - Autos & Vehicles
    10 - Music
    15 - Pets & Animals
    17 - Sports
    19 - Travel & Events
    20 - Gaming
    21 - Videoblogging
    22 - People & Blogs
    25 - News & Politics
    26 - Howto & Style
    27 - Education
    28 - Science & Technology
    29 - Nonprofits & Activism
    30 - Movies
    33 - Classics
    34 - Comedy
    35 - Documentary
    36 - Drama
    39 - Horror …

    23 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Apply different traffic shaping per Web Category

    Hello,

    the actual need is to apply different traffic shaping policy to the same Web category,
    each policy is to be applied to a specific group of people

    example: allowing streaming Category to all users (for normal users with a limitation of 128 KB/s but for managers the limit could be 512 KB/s)

    in order to do so 3 possible solutions

    1 ) give us the ability to clone Web categories
    2 ) give us the ability to create new categories of categories
    3 ) do not apply any traffic shaping to the Categories but apply it directly on the…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. XG web proxy CRL checking

    Please implement certificate revocation list (CRL) checking for the XG web proxy.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow web filtering exceptions to use the referrer field as well as the URL field

    Found this idea suggestion in the UTM but this would be very useful in the XG as well.

    https://ideas.sophos.com/forums/17359-sg-utm/suggestions/18539521-allow-web-filtering-exceptions-to-use-the-referrer

    This would allow you to create an exception for lets say a page that is not working due to ads on the site but with the referrer it would allow the site to be used.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Enhancements to Web Policy Overrides

    The "Web Policy override" is a welcome addition to Sophos XG, however I believe that there needs to be more options to enable admins to effectively control when these overrides are active and how they are implemented.

    I think Admins should be able to remove the "Allowed website categories" option so staff can only enable specific domains.

    Instead of the "Restricted to time periods" option i would prefer it if we could allow staff to select a start date and time, and pick from an admin controlled list of durations for the override (e.g. staff could set an override to…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Better integration of eDirectory

    At present, eDirectory integration is very weak to the point of being unusable. Why?


    • Group membership cannot be imported from eDirectory but has to be manually assigned for EACH and EVERY user who is not supposed to be a member of the default group. The fact that this is not implemented is so surprising that it took even Sophos support a long time of treating this as an incident until they finally told me "It's not a bug,feature is simply not implemented." (case #7928200; case opened on 19.02.2018;case closed on 15.05.2018).


    • The manually assigned group membership does not even survive…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Safeguarding

    Safeguarding reports to meet prevent duties and keywords monitoring preconfigured.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Automatic FQDN and Web exceptions for Office365 based on Microsoft published lists

    We've found that XG v17 and even some v16.5+ firmware breaks office365 activations, updates and downloads by Sophos' IPS/content filtering. The only way to get it to work is to go through the VERY long list to whitelist all the URL's to make it work. Office365 is a fairly widely used product for installations. Wouldn't it make sense to put in the exception's list (even if not enabled by default) in order to not have to do this for every firewall out there? Either that or fix the IPS/content filtering so that it stops tripping up on O365 updates and…

    17 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.