XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Why is there on the different pages no reference to the name off the firewall. If you manage different firewalls and you have differe

    Why is there even on the control center page no reference to the firewall name.
    I don't memorize all serial numbers.
    If you manage different firewalls or have multiple firewall windows open, it is easy to make a mistake because you cannot easy see the name off the device you are working on.
    At least the control center window should have the firewall name, but also on other pages this would be very helpful.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. Support for HSM to Protect XG Appliance Private Keys

    Sophos is heavily promoting TLS inspection, especially with the engine improvements in v18.

    Given that those features require creation and enterprise wide trust of an issuing CA certificate for the XG, there are obvious concerns about the security of this key.

    Can Sophos include support for cryptographic Hardware Security Modules (HSM) via network and/or USB to protect the confidentiality of these crucial keys and provide a higher level of confidence in defending against unauthorised extraction of the private key from the XG appliance.

    The client authentication feature also requires enterprise wide trust of a private key for the XG appliance(s).

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. WAN Authentication for Firewall Rule

    I miss a Pre-Authentification Option for WAN 2 LAN Rules. Example for TS Access. ALL Sonicwall Boxes have/can this!

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. firewall rule with last access date and time

    It would be great for audit unused firewall rules, if all rules had information with the last access date and time.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. A group setting for multiple MAC host.

    In SYSTEM > Hosts and services , there are group setting for IP host and FQDN host.
    Please also add the group setting for MAC host.

    Customer is using the Sophos wireless; when they configure "MAC filtering", they hope can select a MAC group rather than MAC list.

    One specific name mapping to a MAC address , then grouping multiple MAC addresses to a group, for easy to maintain the MAC filter table.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. Planed Firmware Update Sopohs XG

    In Sophos XG in there is no option to plan a Firmware Update. You just can update it manualy. I woul'd like to have the option to plan a installation of the Firmware Update.
    It would be very helpful.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Load IP list from url and autoupdate, to use in in a firewall rule

    Load IP list from url.
    It would be almost mandatory in any coporate firewall the ability to load an IP list from a URL to create an IP list in "host and services" to use it in a firewall rule

    For example I want to load this IP list to use it in a rule to allow only this IP
    https://s3-eu-west-1.amazonaws.com/plex-sidekiq-servers-list/sidekiqIPs.txt
    This IP list gets updated frequently so it should include as well an option to autoupdate

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. iperf

    Having iPerf available on the system. Would make it very easy to test bandwith speeds.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. stix/taxii integration

    Add support for STIX/TAXII threat intelligence feeds

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. CTR files must have file extension name.

    CTR file must have file extension name

    CTR files don't have any file extension name. It caused
    1. Customer can't upload file through Support Web Form
    2. FTP server or client sometimes misunderstand file type as Text and make it corrupted,

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Assign physical interfaces to networks manually

    Right now the physical interfaces are assigned automatically to WAN, LAN... and can't be changed, if after an installation you add more virtual or phisical interfaces you can't configure them in Sophos.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. GUI, interface shutdown (off/on switch), without losing config of the interface

    Im missing a feature in XG GUI that will allow me to shutdown/(and power on) interface without loosing it configured static IP settings. At this point this can be only achieved by switching interface zone to NONE, but all config is lost.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Change port without editing firewall rules or other objects

    At the moment, if you want to change the port of a zone form PortX to PortY, the process is not straightforward without pain. Since XG is using zone concept, port and zone should be decoupled but it is not like this at the moment.
    Thanks

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. HA unlinked status like in UTM9

    Please introduce unliked status in XG HA like it is in UTM9.

    After we upgrade customer's XG firewall in HA, often the box without important ethernet cables end up as master (active) and then important networks are not available.

    At least in XG18 EAP3 is should be possible to change monitored ports? We hope so.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. NTP server authentication

    NTP authentication is to verify the time source is legit.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. DNS - Import entries from a text file

    It would be useful to able to import DNS entries from a text file.

    Buongiorno, in seguito ad una richiesta di supporto, sono a chiedere l'implementazione di import entry dns sul firewall da un file txt.
    grazie

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Per-user session timeouts

    We need session time out after 10 minutes for specific user but this setting availed for all users not for one specific user so please add this feature in firewall.
    I recommend you to add captive portal session in suffering quota where is Cycle hours.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. DHCP options 81

    If you use the Sophos DHCP Server and another DNS Server it is necessary that the option 81 is active to set and update the reverse zone pointer in the DNS Server.
    It is possible to add per CLI options to the DHCP Server but just to set an option without to know which fields has to be set makes no sense.
    Please add the option 81 to the DHCP Server.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Integrate with prtg for monitoring

    regarding monitoring for sophos products with prtg from paessler:
    is there any planning for a partnership to create sensors for utm, xg, wireless etc based on standard sensors for prtg ?

    or - is there any planning to distribute sensors or rest api scripts to take senseful analysis of this items / regarding too - snmp and operating values.

    at the moment, it is really a lot of work to create new simple sensors for monitoring sopohs products on a base level.

    it can be nix if the events were dropped by sophos central - but it is not nearly…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Sophos firewall rule routing control works.

    Routing internet traffic via another gateway should be supported when configured via a firewall rule. Case number 9360729 goes into detail with issue.

    I would also like to do policy based routes for only internet bound traffic so that internal traffic can still use the routing table of the Sophos to reach corporate networks and only internet traffic will go out via another gateway.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 24 25
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.