XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Show failed email recipient verification also in webinterface

    If an email was rejected, due to failed recipient verification, you can't see this in the Log Viewer or Mail Logs, only in the awarrenmta.log.

    To make troubleshooting easier, this information should also be visible via GUI.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow XG to activate SPX Encryption without Data Control on - with the use of header value of x-sophos-spx-encryption yes

    I was informed by support today that the SPX encryption module only works with data control. In the SG series, one was able to set Exchange or an email client to modify the header to insert x-sophos-spx-encryption:yes - and the SPX encryption would activate on the firewall before leaving. It appears this is not the case in the XG series and cannot be done.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Make Sophos XG scan archives in mail attachments for forbidden file extensions

    In both - MTA and Legacy mode, currently there is no way to block file extensions which are inside archives. Example - php file in .zip as attachment.
    Tested and confirmed by the support guys - Ticket #7781559.
    Please add this functionality, because what we mostly see is malicious script droppers (.js mostly). This is not only my opinion, but as your partner we received multiple negative feedbacks regarding this.

    30 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Select which public IP MTA responds to

    When running MTA, MTA responds to all the public IP addresses available on the XG. To stop the MTA working on those public ips, you can create a firewall rule that does port forwarding to a non-existent IP address. This stops the MTA working on those public ip addresses.

    When you do a port scan on those public IP addresses, port 25 still shows as open.

    I think it should be possible to configure which public ip addresses MTA actually listens on.

    Support suggested I should raise this as a feature request.

    In configuration of MTA, you never specify the…

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Spam Action Reject

    Black holes are a problem.
    There MUST be the option to REJECT an e-mail when detected as spam.
    Consider the following situation:
    Somebody sends a genuine e-mail to your organization. Your Spam protection considers it as spam and DROP it (false positive) and the intended recipient, don't receive it.

    The sender will never know that the e-mail was not received. In fact, for the sender, the email was delivered because if you check the sender's smtp log, you will find a "250 message queued"
    And the recipient will never know he has not received a valid e-mail.

    If instead of…

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Customizable Quarantine Email Notification

    I would to request for a customizable Quarantine Email Notification, message send to the End-User and also after releasing Quarantine Emails.

    25 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. add support for sasl to the MTA upstream rely or smarthost function

    It's been confirmed that the MTA Smarthost relay function does not support SASL with wraps the PLAIN LOGIN with TLS using STARTTLS. This request is for the support of SASL similar to the implementation of it on the administration notification settings form which does support SASL.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. FQDN for quarantine notifications to avoid certificate errors for users

    FQDN for quarantine notifications to avoid certificate errors for users

    31 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. SFOS-XG, MTA- MODE: Add Black list / White List senders Emails -Domains

    SFOS-XG, MTA- MODE: Black list / White List senders Emails -Domains

    It would be a great feature if you can enable Blacklist / Whitelist of senders emails /domains on SFOS XG 17.0 MR1 when we use Emails Proxy -MTA mode.
    this feature used to be on UTM 9.xx and I'm wondering why its not on your next generation firewall.

    44 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. block

    Block senders allow senders

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. search mail

    Search in Mail Logs and Quarantine.

    We need a way (other than console) to search for emails by user, date and time, delivered etc. Scrolling trough 1000's of emails to find one is insane.

    This would be beneficial if exchange (or other mail server) was to go offline and the mail 'vanished' or a user accidentally deleted it.

    Please vote!

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. View Mail Logs on Console

    I would like to view Mail Logs on Console, either having console commands that accepts filter criteria, or ability to view mail log files. Thanks.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Mail Logs in MTA

    I would like to have better control on Mail Logs. I have hundreds of emails flowing through the network each day. Whenever user reports issues with emails, I would like to be able to:
    - filter emails by start/end date and time, having only start/end date is not adequate;
    - filter emails by sender/receiver/subject, having Recipient Domain is not adequate;
    - more details on status, especially for Dropped and Bounced emails, to help with troubleshooting;
    - specify how many emails to display per page;
    - specify which page to display; having only previous and next page navigation is too slow; …

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Manage Mail Spool in MTA on Console

    I would like to manage Mail Spool on Console. When I have thousands of emails in queue, I need to be able to quickly perform bulk delete/retry/abort on emails based on specified criteria to clear the queue. Thanks.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Mail Spool in MTA

    I would like to have better control on Mail Spool. I have hundreds of emails flowing through the network each day. I would like to be able to:
    - filter emails by start/end date and time, having only start/end date is not adequate;
    - filter emails by sender/receiver/subject, having Recipient Domain is not adequate;
    - display the email headers only, having to download the entire email one by one for troubleshooting is too tedious;
    - specify how many emails to display per page;
    - specify which page to display; having only previous and next page navigation is too slow;
    -…

    19 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Manage SMTP Quarantine on Console

    I would like manage SMTP Quarantine on Console. When I have 10,000+ quarantined emails shown over 2000+ pages and Total Utilization over 90%, I need to be able to quickly perform bulk delete/release on emails based on specified criteria to quickly free up the quarantine. Thanks.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. SMTP Quarantine

    I would like better control of SMTP Quarantine. When I have 10,000+ quarantined emails shown over 2000+ pages, I need to be able to:
    - filter emails by start/end date and time, having only start/end date is not adequate;
    - specify how many emails to display per page;
    - specify which page to display; having only previous and next page navigation is too slow;
    - perform bulk delete/release on all filtered emails on both WebGUI and API; select and delete/release emails page by page is too time consuming;
    Thanks.

    47 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. SMTP Recipient Verification

    XG lacks the SG feature of being able to query the backend AD or Mail Server to verify the destination recipient.

    By default when XG is acting as a MTA it will pass on a e-mail even if it's addressed to a user that does not exist. SG used to be able to poll Active Directory to ensure the address was valid (or you could disable this).

    This feature should be ported into XG as soon as possible.

    36 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Advanced antispam - Greylisting - SPF - DKIM

    Every vendor has it - ADD Greylisting, SPF and DKIM - that is last chance to do something with spam and XG antispam would really need it!

    64 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. SEA feature request: email header rewrites with variable support

    I have an interesting case that the Sophos Edge Appliance could be able to solve with the addition of more flexible email header rewrite rules and variables.

    Google Groups and several other mailing list services are mangling email headers from certain originators (yahoo.com, googlemail.com) in order to support their strict DMARC policy.

    Now, the following happens after a message from one of these services is redistributed via a Google Group or mailing list:
    Original email: From: Whatever <whatever@yahoo.com>
    Resulting email: From: 'Whatever' via <group@mailinglistservice.com>

    This is messing with institutional internal email list security since that typically…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Staging Test
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.