XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow web filtering exceptions to use the referrer field as well as the URL field

    Found this idea suggestion in the UTM but this would be very useful in the XG as well.

    https://ideas.sophos.com/forums/17359-sg-utm/suggestions/18539521-allow-web-filtering-exceptions-to-use-the-referrer

    This would allow you to create an exception for lets say a page that is not working due to ads on the site but with the referrer it would allow the site to be used.

    1 vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
    • Download restriction of sslvpn configuration file for user in user portal

      Download restriction of sslvpn configuration file for user in user portal

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • sso
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
      • Enhancements to Web Policy Overrides

        The "Web Policy override" is a welcome addition to Sophos XG, however I believe that there needs to be more options to enable admins to effectively control when these overrides are active and how they are implemented.

        I think Admins should be able to remove the "Allowed website categories" option so staff can only enable specific domains.

        Instead of the "Restricted to time periods" option i would prefer it if we could allow staff to select a start date and time, and pick from an admin controlled list of durations for the override (e.g. staff could set an override to…

        4 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • sso
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • AD SSO Auth By Join Appliance to AD

          It will Be Helpful to back to old method Auth. between AD and SFOS like UTM that will be decrees the most of the STAS problems.

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • sso
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • Better integration of eDirectory

            At present, eDirectory integration is very weak to the point of being unusable. Why?

            - Group membership cannot be imported from eDirectory but has to be manually assigned for EACH and EVERY user who is not supposed to be a member of the default group. The fact that this is not implemented is so surprising that it took even Sophos support a long time of treating this as an incident until they finally told me "It's not a bug,feature is simply not implemented." (case #7928200; case opened on 19.02.2018;case closed on 15.05.2018).

            - The manually assigned group membership does not…

            3 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • sso
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
            • Automatically submit unknown Web address for categorisation

              When blocking of unknown sites is activated you always have to submit many websites when you are surfing unusual websites such as blogs and personal websites of small companies etc.
              Could you please give XG an function to automatically submit unknown Websites for categorisation to Sophos when XG detects an unknown Website while surfing?
              This could improve the quantity and quality of the Sophos Website categorization data a lot!

              7 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • sso
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
              • Ability to block a specific web page

                Currently you can only block domains such as docs.google.com. Phishing attacks are being produced using google docs so I would like to be able to block an entire url
                ie. https://docs.google.com/forms/d/e/1FAIpQLSeRTnbGoDaAuJx_gZ0bHOIeS5MW9UI6PxoCJQ9It0mAFdUwSw/viewform

                3 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • sso
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                • Safeguarding

                  Safeguarding reports to meet prevent duties and keywords monitoring preconfigured.

                  3 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • sso
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • Targeted Verified Email List

                    Procure Data is an established and renowned name in the field of email marketing solutions and marketing databases for clients across the US, Canada, Europe and other countries.

                    http://www.procuredata.com/

                    2 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • sso
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                    • whitelist exception for office 365 by default

                      We've found that XG v17 and even some v16.5+ firmware breaks office365 activations, updates and downloads by Sophos' IPS/content filtering. The only way to get it to work is to go through the VERY long list to whitelist all the URL's to make it work. Office365 is a fairly widely used product for installations. Wouldn't it make sense to put in the exception's list (even if not enabled by default) in order to not have to do this for every firewall out there? Either that or fix the IPS/content filtering so that it stops tripping up on O365 updates and…

                      13 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • sso
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                      • Request to Increase the Inactive time to UNLIMITED for Android and IOS web clients

                        Dear Team,

                        Present in XG210 (SFOS 17.1.2 MR-2) Firewall, for Android and IOS web clients maximum inactive time is limited to 1440 minutes. If any user is not connected to Network with in 1440 minutes,he automatically logged out from Network.

                        Kindly Update this, Android and IOS web clients maximum inactive time to UMLIMITED As soon as possible.

                        Thanking you,

                        7 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • sso
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • Device specific web filtering for XG as in SG firewall

                          Allow web filtering policy based on device types - Chromebooks, IOS, MAC OS, among other device types including Windows and Linux. This was really very useful in SG firewall

                          4 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • sso
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • Lifestyle Says

                            Lifestyle says brings you a plethora of fashion, health, travel, etc. for the ever young and vivacious you. Keep yourself updated on the recent trends and innovation in the Lifestyle sector. We let you live your life to the fullest, enjoying every moment.

                            http://www.lifestylesays.com/

                            1 vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • sso
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                            • URL Rewrite

                              I'd like the ability to rewrite a URL for outbound proxy connections.

                              For example, this could be used to remove or inject a specific setting into the query string for specific websites.

                              I believe this is similar to how search engine "Safe Search" is set/enforced, but this could be set for other websites as well.

                              2 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • sso
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                              • Map IP Address to a user

                                I'd like to ability to map an unauthenticated IP Address to a particular user.

                                This could require the user to 'sign-in' the first time, and have the firewall 'remember' their device/static IP address, or it could be set manually in the firewall for an IP address/range/list.

                                This would need to work transparently with other authentication methods, such as Active Directory

                                1 vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • sso
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                • allow exclusions for certificate validation

                                  for Web Protection it would be good to have the option to download / exclude certificates for certificate Validation (Block invalid certificates in General Settings).
                                  the setting like we have in SWA is missing in XG: http://wsa.sophos.com/docs/wsa/webhelp/swa/tasks/ConfigGlobalPolCertValidAddFromWeb.html

                                  4 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • sso
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Web Block Tags

                                    When users see a blocked page it would be beneficial to see what group they belong to so that adjustments could be made quickly.

                                    Currently the only supported tags are: {user}{url}{category}

                                    1 vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • sso
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • need require interface internet date, timing with speed wise report monthly

                                      need require interface internet date, timing with speed wise report

                                      3 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • sso
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • OCSP stapling

                                        OCSP stapling for the XG Webproxy.

                                        3 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • sso
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Quota Time in actions (Policy Web Protection)

                                          add the option Surfing Quota in actions in the policies of the web protection as already exists in the UTM

                                          2 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • sso
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.