XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. exceptions

    Add the following to web exceptions as standard as not all Office/Windows updates work correctly, some get part way through then stop, also affects Windows update assistant.

    ^([A-Za-z0-9.-]*.)?microsoft.com/

    ^([A-Za-z0-9.-]*.)?.microsoft.com/

    ^([A-Za-z0-9.-]*.)?.msecnd.net/

    ^([A-Za-z0-9.-]*.)?windowsupdate.com/

    ^([A-Za-z0-9.-]*.)?live.net/

    ^([A-Za-z0-9.-]*.)?azureedge.net/

    ^([A-Za-z0-9.-]*.)?windowsupdate.com/

    ^([A-Za-z0-9.-]*.)microsoftonline.com/

    ^([A-Za-z0-9.-]*.)?windowsupdate.microsoft.com

    ^([A-Za-z0-9.-]*.)?update.microsoft.com

    ^([A-Za-z0-9.-]*.)?download.windowsupdate.com

    ^([A-Za-z0-9.-]*.)?test.stats.update.microsoft.com

    ^([A-Za-z0-9.-]*.)?ntservicepack.microsoft.com

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Automatically create block rules for blacklisted IPs

    The Feature of machine learning/Artificial Intelligence ==> Detecting any blacklisted IP and automatically making a firewall rule for the IP with the action drop/reject

    this will take off the engineer load and protect the enviroment.

    It will an advantage for your appliacne and will become more recommeded.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Block Notification Page Should Be Secure

    When a user should be seeing the block notification when they hit a web protection rule, instead they get a security warning from the browser. According to support "As XG is only rewriting the content of the webpage on the blocking and not rewriting the URL itself that is why you are seeing certificate error on the block page." This happens even though we have a valid public certificate set up on the XG.

    So if a user is trained correctly, they will not bypass the security warning and will never see the descriptive block notification. This should be corrected.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →

    A browser will only accept an HTTPS connection if it believes it has come from the server it was trying to connect to. It is necessary to create a certificate that looks like it comes from the server, just like we do for HTTPS decryption. This will only be trusted if the client device trusts the certificate authority that is installed on the device for HTTS decryption. In version 17.5 we introduced an option where we will just drop the connection instead of trying to connect and return a block page. This avoids the security warnings, but the user just sees a dropped connection.

  4. let Web-mail category include all it's URL

    the problem started when I wanted to allow only webmail to a specific group of users

    most of webmail servers use generic URLs for their authentication.

    the problem is that those URLs are categorized as (search engine, dynamic DNS & ISP, etc...)

    it will be very helpful if you can add those specific URLs as part of the webmail category
    as you can't access the webmail without them.

    thanks in advance for your help and cooperation.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. need require interface internet date, timing with speed wise report monthly

    need require interface internet date, timing with speed wise report

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Privoxy functionality

    Privoxy is able to supress redirects that google is placing on their search results. OR redirects to analytcs sites.
    Blocking categories makes the search sites not usable.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Web Filtering Category with coinminer type website

    In asia so many bitcoin miner case.
    Taiwan was test target with many countrys.
    so many business customer want to detect inside or outside problem with miner attcked.
    but some miner website is normal and legal.
    Just hacking category can't include all miner webside, just only inlegal webside is not enough.
    Endpoint protection this product has application contral with miner type category.
    so why in XG can't do this?

    17 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Declined  ·  0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. whitelist for safesearch

    It would be nice if a particular URL can be exempted from Safesearch.
    A whitelist for safesearch would be appreciated.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Sexually Explicit Category

    The web category "Sexually Explicit" contains alot of mis-categorizations. The system admin generally uses this category to block sites. It would be better if there was a category named "" itself, with the all the websites that are absolutely **** oriented rather than vaguely explicit contents.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Policy Checker, Time Schedule customization, and Total number of user per AP

    I would like to include this on XG Firewall the Policy Checker, Time Schedule customization, and Total number of user per AP

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Use McAfee database for Webfiltering

    Please use McAfee website databases from UTM again!
    Please vote this feature!

    22 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Scan files without size limit

    Please make us able to deactivate size Limit in Realtime scanning mode.
    Please vote it!

    18 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Declined  ·  1 comment  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. sandstorm for home users for free

    Please unlock Sandstorm for XG home but please let sophos xg be a free software!

    41 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. safe search exclude devices (ios,android,windows,linux etc.)

    Safe Search runs on the windos devices seamlessly. And some customers want to exclude android or ios devices. They dont want to install the certificate on their personal or mobile .
    IP/MAC host associated can be problem for the customer who has lots devices.
    And some of them do not want their IPs to leave in another rule

    So I think It would be nice to have a setting so that it can be applied separately for devices

    ( for more info >> https://community.sophos.com/products/xg-firewall/f/web-protection/89648/safe-serach )

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →

    It is no longer necessary to use HTTPS decryption in order to enforce SafeSearch, so the problem of mobile devices without an organizations CA certificate should not be an issue any longer.

    Furthermore, in v17.5 we have moved SafeSearch configuration into Web Policy.

    If you still want to support device-specific policy configurations, there are other existing idea requests on this forum you should consider supporting.

  15. File extension cause some URLs to get blocked

    There is an issue blocking .dll extensions causes problems with websites that use ISAPI.dll on their URL. Sample scenario web policy containing a block for System files which include dll on file type when enable is blocking the URL for ebay http://my.ebay.com.au/ws/eBayISAPI.dll?MyEbay&gbh=1

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Request to customize Sophos XG User Interface

    Feature Request Summary
    How will this new feature address your business requirements?:


    1.  Dashboard administrator view- license, DDOS Attack, Firmware update (add in more widget)
      

    2.  Navigation panel access customize – user experience ‘confuse all in one tab’. Example Report, Policy, Protection & Systems
      

    3.  Dashboard view – could we fully utilize the empty space by adding more graph, data?
      

    4.  Could you import existing Cyberoam CR200iNG configuration file to Sophos OS?
      

    5.  Could I know can I build up a SSL VPN, IPSec with different firewall product (Sophos XG with Cyberoam or Fortigate).
      

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.