XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Clone NAT Rules

    Add the ability to clone NAT rules

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. SNMP: View interface description, name or branch name

    When the XG is reporting to SNMP, view in the SNMP the interface name, desciption or branche name. Ej.
    SDRED, interface reds1, branch name: Detroit Officces.
    View in SNMP Detroit Offices no the interface name (reds1)

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. Remove unnecessary contents published by Apache on User Portal

    The web path /error/README is accessible from the User Portal URL and it displays the multi language custom error documents information. Pages like this are irrelevant and is not required for the User Portal to function correctly. Though unlikely that this will result in a successful attack, it still provides information to potential attackers about the system.

    Removal of pages like this is appreciated.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add timing/schedule feature for SD-WAN policy routing.

    Please add timing/schedule feature for SD-WAN policy routing configurations. Because there are several cases of traffic being passed on a certain line at a certain time.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add time interval select feature when searching logs on XG Firewall interface.

    This is most basic feature when internet provider or law enforcement institution request to block or identify user that was making illegal network activity during specified time. There is option to filter by source port, but no way to jump to a specific time frame directly, making search very complicated and time wasteful.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. mac vendor identifying

    It would be great if the DHCP table would check the MAC Vendor and Display it.

    This would make identifying certain devices in a Network so much easier.

    Small solutions like a WLAN Router or bigger solutions like certain Firewalls have this feature but Sophos XG is lacking it.

    Thank you beforehand.

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. DNS host entry - NXDOMAIN for IPv4 OR IPv6 instead of resolving it externally

    For setting up a complex network scenario with split DNS it would be good if you could set also an NXDOMAIN entry/checkbox for IPv4 or IPv6.

    Example:

    Internally I want to have clients only connect to a specific service via IPv4, not via IPv6. Then I put in the DNS host entry for IPv4 and for IPv6 I set NXDOMAIN. Because if there is an external IPv6 entry the XG will deliver this one back as it can't resolve it internally.

    Also this is a big problem if the external DNS host entry is a CNAME because it resolves the…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Multiple nat on single ipsec tunnel

    Sophos XG210 failure to do Multiple NAT rules on IPsec Site-to-site VPN

    Description:

    We want to configure multiple NAT rules on IPsec site-to-site VPNs and the firewall only supports one NAT rule on each VPN. Please can we have advice on how to resolve this.

    Please refer to case:ref:00D301GN6a.5003Z1DegHy:ref where support mentioned is not supported at this stage.

    Also look at a previous request on this:
    https://community.sophos.com/sophos-xg-firewall/f/discussions/84062/multiple-nat-on-single-ipsec-tunnel

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Password Field

    All password fields within the XG should notify the user of the input restraints they have. They should notify a user of the min-max length.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Implement proper ARP handling in multi-interfaces setup ( ARP FLUX problem )

    Dear Sophos!

    Implement proper ARP-FLUX problem handling in multi-interfaces setup.

    ARP-FLUX:
    The ARP Flux problem occurs when a host replies to ARP requests for interfaces on the same subnet, from any interface on that same subnet. ... However, in specific cases, ARP Flux generates unexpected behavior of applications due to incorrect mapping between IPv4 addresses and MAC addresses.

    FIX:
    echo 1 > /proc/sys/net/ipv4/conf/all/arp _ filter
    echo 1 > /proc/sys/net/ipv4/conf/all/arp _ ignore
    echo 2 > /proc/sys/net/ipv4/conf/all/arp _ announce

    echo 1 > /proc/sys/net/ipv4/conf/default/arp _ filter
    echo 1 > /proc/sys/net/ipv4/conf/default/arp _ ignore
    echo 2 > /proc/sys/net/ipv4/conf/default/arp _ announce

    Request:
    Make this settings default,…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. DHCP Options GUI in WebAdmin

    DHCP Options configurable from the GUI (as they are in UTM 9.x) needs to be implemented in XG or it remains an incomplete product.

    Why? One big reason, when managing multiple DHCP scopes, it is inefficient in CLI, need to be able to control this visually. We are managing more and more devices every day in small partner companys, we dont have time to go into CLI mode and make these changes, but a GUI makes it quick and clean to add/modify Voice DHCP Options and more.

    Should be in there!

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. implement cli fast ping

    Some network equipment vendors provide zero interval icmp or tcp ping in the os. This will ping at a rate only limited by the response time of the destination with no delay enforced between pings. This is valuable for identifying packet loss due to problematic cabling or links missed by rate limited ping. At remote offices during diagnostics where this is also not available in the switch it's convenient to have it in the firewall/router rather than having to access a local computer to run psping (-i 0) or similar tool.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. GUI suche von Objekten

    Sehr geehrte Sophos XG-Team,

    könnt ihr BITTE BITTE die Suchfunktion beim erstellen von Firewallregeln o.ä. endlich auf eine Volltextsuche umstellen ?

    Es ist extrem nervig, das hier keine Volltextsuche funktioniert.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. GUI suche von Objekten

    Sehr geehrte Sophos XG-Team,

    könnt ihr BITTE BITTE die Suchfunktion beim erstellen von Firewallregeln o.ä. endlich auf eine Volltextsuche umstellen ?

    Es ist extrem nervig, das hier keine Volltextsuche funktioniert.

    0 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. In XG-106, one box search option should be given

    In XG-106 UI, a powerful functionality of one box search (like google) is required which can result search feature/option available in Firewall configuration application.

    Eg
    I need to search Protection Policies, it can search through all the menu/sub menu options, if possible it can search from the data also and result with the breadcrum path link where you can directly move.

    Purpose
    there are multiple option /features available in the application and its difficult to remember where these options are located in the application as its not in daily use.

    I hope Sophos developers team can incorporate this powerful feature…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. TOP missing XG (basic) features

    TOP missing XG (basic) features (all present in UTM9):
    NAT rules: cloning, grouping
    Static routing: cloning, descriptions, use objects
    Objects: create object inside group (i.e. create IP host inside IP host group)
    HA: Unliked status like in UTM9, Monitoring for VLAN interfaces (without physical interface IP set), Backup interface
    Interfaces: Allow deconfigure interface without deleting all VLAN interface on that physical port
    Registration process: automatic passive box registration via active XG during HA creation
    Sophos Connect & SSL VPN: Allow use of IP host group insite resources
    DHCP: allow Dynamic IP lease accross Statis IP MAC mapping (and exclude internally)…

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Better Bandwidth Monitor

    It would be excellent if there could be a tab under "current activities" that showed a real time bandwidth monitor that updated every few seconds. This would include all the WAN interfaces showing at the same time in a line graph format. It could carry over the "interface name" so you knew which ISP was taking up bandwidth for better diagnosis of bandwidth usage.

    My institution would use such a screen all day. We have had several products in previous years that had such real time graphs.

    13 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Role based access

    The Sophos role base profile when created and assigned to a user with very limited access privileges, the same user upon login-in can see all possible menu options available to the administrator access of the appliance. The user should only be shown the main menus (left hand side) to which it had been allowed access to. The same used to work with cyberoam but not with sophos which is supposed to be a much evolved product.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Role based access

    The Sophos role base profile when created and assigned to a user with very limited access privileges, the same user upon login-in can see all possible menu options available to the administrator access of the appliance. The user should only be shown the main menus (left hand side) to which it had been allowed access to. The same used to work with cyberoam but not with sophos which is supposed to be a much evolved product.

    0 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. prioritize navigation elements loading in xg web ui

    On lower end XG models such as 115's and 105's the web interface page load times tend to be very slow. The performance declines further with many features in use that factor into high cpu utilization. Upon login it's frustrating waiting for popup banners and all Control Center diagnostic data and graphics to load before being able to navigate into configuration areas of the system to get work done. This has been contributing to longer working hours with multiple XG's at different locations involved. The web code should be adjusted to load the navigation links at the left in a…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 31 32
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.