XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Report on addresses seen in CC & BCC of emails

    We need to generate mail reports of mention mail id in CC & BCC

    Thanks,
    Bhavin Patel

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow XG to activate SPX Encryption without Data Control on - with the use of header value of x-sophos-spx-encryption yes

    I was informed by support today that the SPX encryption module only works with data control. In the SG series, one was able to set Exchange or an email client to modify the header to insert x-sophos-spx-encryption:yes - and the SPX encryption would activate on the firewall before leaving. It appears this is not the case in the XG series and cannot be done.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Make Sophos XG scan archives in mail attachments for forbidden file extensions

    In both - MTA and Legacy mode, currently there is no way to block file extensions which are inside archives. Example - php file in .zip as attachment.
    Tested and confirmed by the support guys - Ticket #7781559.
    Please add this functionality, because what we mostly see is malicious script droppers (.js mostly). This is not only my opinion, but as your partner we received multiple negative feedbacks regarding this.

    31 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Select which public IP MTA responds to

    When running MTA, MTA responds to all the public IP addresses available on the XG. To stop the MTA working on those public ips, you can create a firewall rule that does port forwarding to a non-existent IP address. This stops the MTA working on those public ip addresses.

    When you do a port scan on those public IP addresses, port 25 still shows as open.

    I think it should be possible to configure which public ip addresses MTA actually listens on.

    Support suggested I should raise this as a feature request.

    In configuration of MTA, you never specify the…

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Spam Action Reject

    Black holes are a problem.
    There MUST be the option to REJECT an e-mail when detected as spam.
    Consider the following situation:
    Somebody sends a genuine e-mail to your organization. Your Spam protection considers it as spam and DROP it (false positive) and the intended recipient, don't receive it.

    The sender will never know that the e-mail was not received. In fact, for the sender, the email was delivered because if you check the sender's smtp log, you will find a "250 message queued"
    And the recipient will never know he has not received a valid e-mail.

    If instead of…

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Customizable Quarantine Email Notification

    I would to request for a customizable Quarantine Email Notification, message send to the End-User and also after releasing Quarantine Emails.

    25 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Support SASL in the MTA upstream relay or smarthost function

    It's been confirmed that the MTA Smarthost relay function does not support SASL with wraps the PLAIN LOGIN with TLS using STARTTLS. This request is for the support of SASL similar to the implementation of it on the administration notification settings form which does support SASL.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. FQDN for quarantine notifications to avoid certificate errors for users

    FQDN for quarantine notifications to avoid certificate errors for users

    32 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. SFOS-XG, MTA- MODE: Add Black list / White List senders Emails -Domains

    SFOS-XG, MTA- MODE: Black list / White List senders Emails -Domains

    It would be a great feature if you can enable Blacklist / Whitelist of senders emails /domains on SFOS XG 17.0 MR1 when we use Emails Proxy -MTA mode.
    this feature used to be on UTM 9.xx and I'm wondering why its not on your next generation firewall.

    61 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. View Mail Logs on Console

    I would like to view Mail Logs on Console, either having console commands that accepts filter criteria, or ability to view mail log files. Thanks.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Mail Logs in MTA

    I would like to have better control on Mail Logs. I have hundreds of emails flowing through the network each day. Whenever user reports issues with emails, I would like to be able to:
    - filter emails by start/end date and time, having only start/end date is not adequate;
    - filter emails by sender/receiver/subject, having Recipient Domain is not adequate;
    - more details on status, especially for Dropped and Bounced emails, to help with troubleshooting;
    - specify how many emails to display per page;
    - specify which page to display; having only previous and next page navigation is too slow; …

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Mail Spool in MTA

    I would like to have better control on Mail Spool. I have hundreds of emails flowing through the network each day. I would like to be able to:
    - filter emails by start/end date and time, having only start/end date is not adequate;
    - filter emails by sender/receiver/subject, having Recipient Domain is not adequate;
    - display the email headers only, having to download the entire email one by one for troubleshooting is too tedious;
    - specify how many emails to display per page;
    - specify which page to display; having only previous and next page navigation is too slow;
    -…

    26 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Better SMTP Quarantine management

    I would like better control of SMTP Quarantine. When I have 10,000+ quarantined emails shown over 2000+ pages, I need to be able to:
    - filter emails by start/end date and time, having only start/end date is not adequate;
    - specify how many emails to display per page;
    - specify which page to display; having only previous and next page navigation is too slow;
    - perform bulk delete/release on all filtered emails on both WebGUI and API; select and delete/release emails page by page is too time consuming;
    Thanks.

    53 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    16 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. SMTP Recipient Verification

    XG lacks the SG feature of being able to query the backend AD or Mail Server to verify the destination recipient.

    By default when XG is acting as a MTA it will pass on a e-mail even if it's addressed to a user that does not exist. SG used to be able to poll Active Directory to ensure the address was valid (or you could disable this).

    This feature should be ported into XG as soon as possible.

    37 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. PFS

    In order to avoid warnings due to deficient email encryption, should be installed as soon as possible a PFS encryption in the XG.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. DMARC Support

    Please add DMARC to the E-Mail Protection. More Information under https://dmarc.org.

    This is a very important Security Feature for us.

    Thanks

    73 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add "Create new" option to Hostname field in email encryption

    Please add the function "Create new" to the Hostname field in E-Mail -> Encryption

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Email Protection: exceptions for virus,- spam and content checks

    Please make it possible to make specific exceptions for virus,- spam and content checks like it is possible in the UTM. Now you can only make general "Spam Check Exceptions" for "Domain Name"??? Which actually only creates an exception for the IP blacklisting check.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Outgoing email quotas

    The MTA should offer an option or a specific FW rule to set some email outgoing limit up (e.g. max 200 outgoing emails per hour, max 10 emails per hours if user is XYZ, ecc.).

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Content based email filtering

    It would be very helpful if it we could set a filtering rule to bypass/mark an email if the content of the email contain certains words or phrases. I could be similar to a DLP rule but with custom parameters.

    41 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.