XG Firewall
Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.
-
tls verification errors must be logged
As long as you open a https page via browser you may see that there is an ssl verification error and xg did block traffic.
as tls verification is also implemented in FTPS (Scan FTP for Malware) you wont get any message on fails, you just can imagine that traffic won't pass because of an tls error.
same if https is use by applications e.g. internal software updates
3 votesCompleted ·AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
Version 18 has a new SSL/TLS decryption engine that provides much more log informatino about success or failure of SSL/TLS connections
-
Remove support for TLS v1.0 and Insecure Cyphers or Allow them to be disabled
The XG still supports protocols that are insecure and fail PCI compliance scans. These protocols such as TLS v1.0, 64-bit block ciphers, etc should be able to be disabled through at a minimum the CLI and preferably the UI.
71 votes -
Sophos XG Unified firewall Business application should accept a host/services object
Under: Policies
Security PoliciesAdding a Business application non-HTTP rule you should have the option to use "Objects > Hosts and Services > Services" objects as the Port Forwarding target.
This reduces the rules required and keeps it more unified..
At the moment you need to add multiple rules I.E. A hosted service uses a mixture of single ports, port ranges and both tcp/udp will require multiple rules to achieve something very simple.
97 votes
- Don't see your idea?