XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Filtro

    XG Firewall Sophos, debería permitir el filtrado de contenido por dominio completo, por ejemplo: .io , .com , .co

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Apply different traffic shaping per Web Category

    Hello,

    the actual need is to apply different traffic shaping policy to the same Web category,
    each policy is to be applied to a specific group of people

    example: allowing streaming Category to all users (for normal users with a limitation of 128 KB/s but for managers the limit could be 512 KB/s)

    in order to do so 3 possible solutions

    1 ) give us the ability to clone Web categories
    2 ) give us the ability to create new categories of categories
    3 ) do not apply any traffic shaping to the Categories but apply it directly on the…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. let Web-mail category include all it's URL

    the problem started when I wanted to allow only webmail to a specific group of users

    most of webmail servers use generic URLs for their authentication.

    the problem is that those URLs are categorized as (search engine, dynamic DNS & ISP, etc...)

    it will be very helpful if you can add those specific URLs as part of the webmail category
    as you can't access the webmail without them.

    thanks in advance for your help and cooperation.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Office 365 corporate domain

    Dear Team,

    As you updated in 17.5 MR3 for Google app restriction in which customer can allow thier custom domain, can we expect the same platform for Office365 apps. As of now there is no workaround to restrict personal domain login on office 365 except corporate domain.

    We hoping the same in you future firmware release.

    Regards,
    Aasif

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow Sandstorm to show every request to help debugging

    Sometimes I find Web sites that appear to be unresponsive unless I add an exception to the XG to skip Sandstorm scanning for them (or create a clone rule that has "Scan for zero-day threats with Sandstorm" disabled.) I spent over three hours with Sophos tech support trying to figure out why this was happening because nothing was showing in the sandboxd log, and it couldn't be set to debug log level to confirm if this is a bug or if Sandstorm is working as designed.

    So please add a debug log level option to sandboxd and allow it to…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. FTP file path should be included in the FW Manager Maintenance Config Backup

    In the Firewall Manager (17.x.x) there is no file path option in the FTP configuration download when backing up the Firewall Manager configurations. This option is however present for the Firewall Config backups. It should be available for both.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. WAF: SSO when path-specific-routing is used

    WAF: SSO when path-specific-routing is used
    When path specific routing is enabled, users must authenticate in EVERY path they use even when paths use the SAME authentication policy. An example: a user is using Outlook web access in path /owa/ (1st authentication) adn goes to OWA Options in path /ecp/ (2nd authentication), goes to some internal document (3rd authentication) and so on.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Enable Google Safe Search without the need of installing a certificate on each client device

    Enable safe search for HTTPS connection without installing a certificate on a client device. It is impossible for a school using Bring Your Own Device to force a certificate installation to enable Safe Search. Such settings have to be performed on Cyberoam only. If a student or staff member decides to bring another device without warning, Safe Search would not be enabled unless the certificate is installed manually. Such an option is not feasible.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. XG web proxy CRL checking

    Please implement certificate revocation list (CRL) checking for the XG web proxy.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow web filtering exceptions to use the referrer field as well as the URL field

    Found this idea suggestion in the UTM but this would be very useful in the XG as well.

    https://ideas.sophos.com/forums/17359-sg-utm/suggestions/18539521-allow-web-filtering-exceptions-to-use-the-referrer

    This would allow you to create an exception for lets say a page that is not working due to ads on the site but with the referrer it would allow the site to be used.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Download restriction of sslvpn configuration file for user in user portal

    Download restriction of sslvpn configuration file for user in user portal

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Enhancements to Web Policy Overrides

    The "Web Policy override" is a welcome addition to Sophos XG, however I believe that there needs to be more options to enable admins to effectively control when these overrides are active and how they are implemented.

    I think Admins should be able to remove the "Allowed website categories" option so staff can only enable specific domains.

    Instead of the "Restricted to time periods" option i would prefer it if we could allow staff to select a start date and time, and pick from an admin controlled list of durations for the override (e.g. staff could set an override to…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. AD SSO Auth By Join Appliance to AD

    It will Be Helpful to back to old method Auth. between AD and SFOS like UTM that will be decrees the most of the STAS problems.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Better integration of eDirectory

    At present, eDirectory integration is very weak to the point of being unusable. Why?

    - Group membership cannot be imported from eDirectory but has to be manually assigned for EACH and EVERY user who is not supposed to be a member of the default group. The fact that this is not implemented is so surprising that it took even Sophos support a long time of treating this as an incident until they finally told me "It's not a bug,feature is simply not implemented." (case #7928200; case opened on 19.02.2018;case closed on 15.05.2018).

    - The manually assigned group membership does not…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Automatically submit unknown Web address for categorisation

    When blocking of unknown sites is activated you always have to submit many websites when you are surfing unusual websites such as blogs and personal websites of small companies etc.
    Could you please give XG an function to automatically submit unknown Websites for categorisation to Sophos when XG detects an unknown Website while surfing?
    This could improve the quantity and quality of the Sophos Website categorization data a lot!

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Ability to block a specific web page

    Currently you can only block domains such as docs.google.com. Phishing attacks are being produced using google docs so I would like to be able to block an entire url
    ie. https://docs.google.com/forms/d/e/1FAIpQLSeRTnbGoDaAuJx_gZ0bHOIeS5MW9UI6PxoCJQ9It0mAFdUwSw/viewform

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Safeguarding

    Safeguarding reports to meet prevent duties and keywords monitoring preconfigured.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Targeted Verified Email List

    Procure Data is an established and renowned name in the field of email marketing solutions and marketing databases for clients across the US, Canada, Europe and other countries.

    http://www.procuredata.com/

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. whitelist exception for office 365 by default

    We've found that XG v17 and even some v16.5+ firmware breaks office365 activations, updates and downloads by Sophos' IPS/content filtering. The only way to get it to work is to go through the VERY long list to whitelist all the URL's to make it work. Office365 is a fairly widely used product for installations. Wouldn't it make sense to put in the exception's list (even if not enabled by default) in order to not have to do this for every firewall out there? Either that or fix the IPS/content filtering so that it stops tripping up on O365 updates and…

    17 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Request to Increase the Inactive time to UNLIMITED for Android and IOS web clients

    Dear Team,

    Present in XG210 (SFOS 17.1.2 MR-2) Firewall, for Android and IOS web clients maximum inactive time is limited to 1440 minutes. If any user is not connected to Network with in 1440 minutes,he automatically logged out from Network.

    Kindly Update this, Android and IOS web clients maximum inactive time to UMLIMITED As soon as possible.

    Thanking you,

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.