XG Firewall
Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.
-
In XG-106, one box search option should be given
In XG-106 UI, a powerful functionality of one box search (like google) is required which can result search feature/option available in Firewall configuration application.
Eg
I need to search Protection Policies, it can search through all the menu/sub menu options, if possible it can search from the data also and result with the breadcrum path link where you can directly move.Purpose
there are multiple option /features available in the application and its difficult to remember where these options are located in the application as its not in daily use.I hope Sophos developers team can incorporate this powerful feature…
2 votes -
TOP missing XG (basic) features
TOP missing XG (basic) features (all present in UTM9):
NAT rules: cloning, grouping
Static routing: cloning, descriptions, use objects
Objects: create object inside group (i.e. create IP host inside IP host group)
HA: Unliked status like in UTM9, Monitoring for VLAN interfaces (without physical interface IP set), Backup interface
Interfaces: Allow deconfigure interface without deleting all VLAN interface on that physical port
Registration process: automatic passive box registration via active XG during HA creation
Sophos Connect & SSL VPN: Allow use of IP host group insite resources
DHCP: allow Dynamic IP lease accross Statis IP MAC mapping (and exclude internally)…1 vote -
Better Bandwidth Monitor
It would be excellent if there could be a tab under "current activities" that showed a real time bandwidth monitor that updated every few seconds. This would include all the WAN interfaces showing at the same time in a line graph format. It could carry over the "interface name" so you knew which ISP was taking up bandwidth for better diagnosis of bandwidth usage.
My institution would use such a screen all day. We have had several products in previous years that had such real time graphs.
5 votes -
Role based access
The Sophos role base profile when created and assigned to a user with very limited access privileges, the same user upon login-in can see all possible menu options available to the administrator access of the appliance. The user should only be shown the main menus (left hand side) to which it had been allowed access to. The same used to work with cyberoam but not with sophos which is supposed to be a much evolved product.
1 vote -
Role based access
The Sophos role base profile when created and assigned to a user with very limited access privileges, the same user upon login-in can see all possible menu options available to the administrator access of the appliance. The user should only be shown the main menus (left hand side) to which it had been allowed access to. The same used to work with cyberoam but not with sophos which is supposed to be a much evolved product.
0 votes -
prioritize navigation elements loading in xg web ui
On lower end XG models such as 115's and 105's the web interface page load times tend to be very slow. The performance declines further with many features in use that factor into high cpu utilization. Upon login it's frustrating waiting for popup banners and all Control Center diagnostic data and graphics to load before being able to navigate into configuration areas of the system to get work done. This has been contributing to longer working hours with multiple XG's at different locations involved. The web code should be adjusted to load the navigation links at the left in a…
1 vote -
Bandwith monitoring of individual Site2Site VPNs
Please provide realtime bandwith usage information of individual Site2Site VPN connections
- via GUI (Report, Graph/24h/7d)
- via CLI (something like iftop for individual Site2Site VPNs)
- via SNMP
- ...
My 10+ year old router is able to provide current bandwith usage on every interface AND every vpn-connection using SNMP. This should be a basic feature of every utm!
5 votes -
SSL VPN logs
I want to suggest if we can have IPSec and SSL VPN logs to be visible from the GUI. Currently, we need to go to the advanced shell and it is very slow especially when you are accessing it through Sophos Central.
3 votes -
Make XG18 Web Filter User Notifications to Fully Customize HTML
Being able to fully customize the user notifications & logo (displayed to the user when browsing blocked or warned pages, for example (PROTECT --> Web --> User Notifications --> Block message )) is desirable, e.g for purposes of translating the pages, the possibility to use full HTML with variables & logo images maximum size 125x70 pixels; they are ridiculously small to display the customer's logo properly.
Additionally in the past we sold SonicWall and customers ask us for the same level of customization that they allow. (SonicWall even allows you to fully customize the UTM admin login interface)
Please keep…
1 vote -
WAN Interface DNS
Any interface configured as WAN cannot have their's ISP's internal DNS server configured right on the interface, just have to use those 3 DNS servers on the DNS page. Adding this function will allow many ISP DNS Servers to respond faster for any resolution, increasing the response time for the request for that ISP that runs better than with public DNS Servers, and making the end-users more unsatisfied with the WAN performance.
Just adding the option to set DNS Servers on the interface configuration for each WAN will resolve this issue.
6 votes -
Apply QoS / routing rules to XG generated traffic
It would be really useful if you could apply QoS and routing policy to data generated by the XG, such as signature updates. So these updates do not impact the WAN bandwidth low speed links.
2 votes -
Select which pattern module updates are downloaded automatically
We have a number of XG firewalls connected to very low bandwidth / high latency WAN connections.
On the old Cyberoam OS it was possible to select which pattern modules are updated automatically. This saved unnecessary data being downloaded as we only need IPS and Application signatures to stay up to date.
3 votes -
cisco
Cisco ASA to Sophos XG Migration tool
1 vote -
Bandwidth Graph for IPSEC VPN Tunnel
Bandwidth graph for IPSEC VPN tunnel gives us the overview of the traffic consume by the VPN tunnel currently which is not possible in Sophos XG, only the interface graphs can be view.
6 votes -
IPoE IPv4 in IPv6 Static Global IP Address Service [Japan JPNE V6 Plus Service ]
I would like Japan's JPNE to support IPoE IPv6 Plus (IPv4 in IPv6 fixed global IPv4 service) provided by NTT's NGN network.
FortiGate is supported, so please use Sophos XG Firewall.
3 votes -
Email notification when WAN link is up
When our ISP is down, we receive an email notification that the particular WAN connection is down. However, we never get a notification when it is back up. Instead we have to go into the web GUI to confirm. I would really like to be notified when our connection is up after it being down. I have talked to support about this and they have said that Sophos does not support this feature please reference [ref:00D301GN6a.5003Z1BCbKS:ref ] for more details.
5 votes -
Update the Addons
pls. while a new version of the Firewall Firmware is released update the Addons, like the Outlook Add-in to the latest version to download the Add-in from the User Portal and install it with the current MS Office version, because i think it is difficult to find the latest version of the Add-in on your website and the MYSophos account don´t list it, i have searched 3 Month for the Add-in which worked with MS Office 2016 and found it than there https://www.sophos.com/en-us/support/downloads/email/sophos-outlook-add-in.aspx
1 vote -
Responsive HTML5 Client
I suggest a responsive HTML5 Web Admin UI and User Portal UI. This allows having a more lightweight UI in general and reduces effort for the XG dev team in scripting. For the users / customers a HTML5 UI would result in a more flexible and faster user experience, especially when they use different sizes of screens the Web Admin UI can adapt through a responsive design to the different resolutions.
6 votes -
Mouse over / Tooltip when editing IP Host Groups
When editing (add or review) IP-Host Groups it would be really helpfull if you could see at least the IP address of the IP Host in a tooltip when hovering over it with the mouse.
1 vote -
Granularity on Networking Configuration
Hello!
Sophos SFOS v18+ brought with it the ability to set the MTU size of the Sophos RED, internal interface.
This now allows you to fix the inability to load websites through a separate zone wireless over a RED tunnel. However, there are is still some addition performance I can get out of it when override other values using the "Advanced Shell".I'd like to see the ability of overriding the MTU size of all interfaces - inclusive of Separate Zone WLAN interfaces, which you could override on Sophos SG.
4 votes
- Don't see your idea?