XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. DSCP on Business Application Rule

    DSCP is a new feature but can be only used on User/Network rule. I would like to see the DSCP even on BAR in order to better manage multiple ISP.
    Cyberoam has this feature.
    Thanks.

    13 votes
    Sign in
    (thinking…)
    Sign in with: sso facebook google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. WAF Virtual Patching and Brute Force Attack

    Other UTM/WAF vendors integrate virtual patching features on their product. A really brute force protection in missing on WAF too.
    Please add it.

    33 votes
    Sign in
    (thinking…)
    Sign in with: sso facebook google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Let's Encrypt Integration

    It would be very nice if Let's Encrypt certificates (letsencrypt.org) can be generated directly from the XG Gui. So that the "Let's Encrypt Client" is integrated in the XG. Would it be possible?
    Best Regards

    470 votes
    Sign in
    (thinking…)
    Sign in with: sso facebook google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    36 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Sophos XG Unified firewall Business application should accept a host/services object

    Under: Policies
    Security Policies

    Adding a Business application non-HTTP rule you should have the option to use "Objects > Hosts and Services > Services" objects as the Port Forwarding target.

    This reduces the rules required and keeps it more unified..

    At the moment you need to add multiple rules I.E. A hosted service uses a mixture of single ports, port ranges and both tcp/udp will require multiple rules to achieve something very simple.

    94 votes
    Sign in
    (thinking…)
    Sign in with: sso facebook google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. WAF: more authentication type

    At the moment there are different type of authentication missing even on UTM9 against ISA server 2006, such as:

    1. Two-factor authentication using forms-based authentication and a client certificate.
    2. Delegation of credentials by using NTLM or Kerberos authentication.
    3. Kerberos constrained delegation.
    4. Secure Sockets Layer (SSL) client certificate constraints

    In this way, XG and UTM9 are the very alternative to ISA Server.

    126 votes
    Sign in
    (thinking…)
    Sign in with: sso facebook google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
1 3 Next →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.