XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. smtp rule re ordering with multiple pages.

    When Number of SMTP scanning policy on Legacy mode reaches certain amount, new page of rules is created. The SMTP rules cannot be re-ordered between pages.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. SMTP Policy - File Protection - Better way to whitelist files (by type/extension)

    A better interface for selecting which file types/extensions you wish to allow/block.

    The SEA is better featured in this respect allowing you to select by extension rather than "mime type" (which is very hard to do effectively as some extensions share mime headers).

    If not then more mime types should be included by default!

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Blocked not only the attachment but also the email

    Currently when email file type attachment was blocked, the recipient still received the email with filtered added in the subject.
    Why can’t the XG just blocked the email and notify with a failure notice saying banned file type detected. Serve no purpose that the recipient received the email without the attachment and receiver still need to notify the sender.....

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. prefetch

    Prefetch for IMAP, so the Spam can eliminated on the Server before mobile receive.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. allowed senders

    If would be nice for the Allowed IP Addresses/FQDNs within the Allowed and Blocked senders section to actually work. As of SFOS 17.0.6 MR-6 this doesn't work. The only domain that works is one that Sophos Support entered for us.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. smtp port

    Give the ability to specify an outgoing email port.

    Exchange 2013 and 2016 do not perform recipient verification like the XG expects. The XG needs to communicate via port 2525 to allow for recipient verification. That port could be changed with Exchange to anything else but since it is preconfigured for 2525 it wouldn't matter because the port can't be changed on the XG.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. SMTP Quarantine admin console user only

    I would like to give one of our users access to SMTP Quarantine screen ONLY to go thru all quarantine emails and the user can delete or release the emails

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Custom message for return mail

    Consider Sophos XG in mail MTA Mode. If a mail is not delivered due to invalid address, it is returned with the first line "Sophos Firewall was unable to send the following mail:"... There should be option to customes this message under Administration - Messages - SMTP

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Restrict attachment limit on Email

    We want Restrict attachment limit on mail and As per the current firewall architecture it is not possible to restrict the size for the mail attachment.We need this feature for our email protection and please do the needful and inform us

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Exception for unscannable/encryted files based on file extension

    I have a customer who sends and receives software specific files between other customers using the same software. These files are deemed unscannable by the XG and are quarantined. Without having to disable "Quarantine Unscannable Content" it would be handy to have the option to allow a particular file extension through based on a manually defined exception list. A secondary problem is the XG does not notify users of quarantined email if it has been categorised as "unscannable" leaving the user to guess if the email has been sent to them or they have to check the quarantine via the…

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Send all SMTP logs to Syslog Server

    Currently only the AV and SPAM events are reported via syslog. For an overview and traceability of events, a complete forwarding of all SMTP log messages to an external Syslog host (or iView) is required.
    This is not possible in the current output of XG < v17.0. SMTP log data must be copied manually via SCP.

    Requested function: Send _all_ SMTP events to syslog host.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Insert Banner on Inbound Mail

    Banners can be added for outbound mail, but not for inbound mail. Being able to add a banner such as "This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender." could help in slowing down phishing emails

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Show all rejected mails in Mail Logs

    If an email was rejected, due to invalid HELO or missing RDNS, you can't see this in the Mail Logs, only in the Log Viewer.

    To make troubleshooting easier, this information should also be visible in the Mail Logs.

    23 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Show failed email recipient verification also in webinterface

    If an email was rejected, due to failed recipient verification, you can't see this in the Log Viewer or Mail Logs, only in the awarrenmta.log.

    To make troubleshooting easier, this information should also be visible via GUI.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow XG to activate SPX Encryption without Data Control on - with the use of header value of x-sophos-spx-encryption yes

    I was informed by support today that the SPX encryption module only works with data control. In the SG series, one was able to set Exchange or an email client to modify the header to insert x-sophos-spx-encryption:yes - and the SPX encryption would activate on the firewall before leaving. It appears this is not the case in the XG series and cannot be done.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Make Sophos XG scan archives in mail attachments for forbidden file extensions

    In both - MTA and Legacy mode, currently there is no way to block file extensions which are inside archives. Example - php file in .zip as attachment.
    Tested and confirmed by the support guys - Ticket #7781559.
    Please add this functionality, because what we mostly see is malicious script droppers (.js mostly). This is not only my opinion, but as your partner we received multiple negative feedbacks regarding this.

    29 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Select which public IP MTA responds to

    When running MTA, MTA responds to all the public IP addresses available on the XG. To stop the MTA working on those public ips, you can create a firewall rule that does port forwarding to a non-existent IP address. This stops the MTA working on those public ip addresses.

    When you do a port scan on those public IP addresses, port 25 still shows as open.

    I think it should be possible to configure which public ip addresses MTA actually listens on.

    Support suggested I should raise this as a feature request.

    In configuration of MTA, you never specify the…

    17 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Spam Action Reject

    Black holes are a problem.
    There MUST be the option to REJECT an e-mail when detected as spam.
    Consider the following situation:
    Somebody sends a genuine e-mail to your organization. Your Spam protection considers it as spam and DROP it (false positive) and the intended recipient, don't receive it.

    The sender will never know that the e-mail was not received. In fact, for the sender, the email was delivered because if you check the sender's smtp log, you will find a "250 message queued"
    And the recipient will never know he has not received a valid e-mail.

    If instead of…

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Customizable Quarantine Email Notification

    I would to request for a customizable Quarantine Email Notification, message send to the End-User and also after releasing Quarantine Emails.

    22 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. add support for sasl to the MTA upstream rely or smarthost function

    It's been confirmed that the MTA Smarthost relay function does not support SASL with wraps the PLAIN LOGIN with TLS using STARTTLS. This request is for the support of SASL similar to the implementation of it on the administration notification settings form which does support SASL.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.