OSPF dynamic routing should allow advertising of summarized routes. For reference Cisco's documentation refers to this behavior as "a key feature of OSPF".

As an example, 10.0.1.0/24 and 10.0.2.0/24 in area 0.0.3.1 should be able to be advertised as only a part of the larger supernet 10.0.0.0/12 to 0.0.0.0; in this way only 10.0.0.0/12 is advertised with remote routers having no concept of the smaller subnets.

What currently happens is if you add 10.0.0.0/12 to 0.0.3.1, it advertises only 10.0.1.0/24 and 10.0.2.0/24. This gets messy as internal routes get more complex and none of them need to be individually advertised.

Could you please improve Sophos XG admin dashboard responsive fit for wide screens and scale properly on mobile devices. At the moment layout is narrow and doesn't utilise modern website scale availabilities. Also is it possible to improve Control Center, main page, start time as takes too long time to load?

Policy tester should be able to test/display results for the following:

• Direct proxy mode (currently you need to search matching rules via proxy debug log)




• Firewall services (having https://firewallip:4443 as URL will give the result "blocked", even in scenarios where an explicit firewall rule for like the direct proxy is present)




• SD-WAN rule that would match the specified traffic (must not display the gateway decision itself)




• NAT rule that would match the specified traffic

Please provide a ftp client that supports ssl-auth TLS, so you can upload files directly to ftp.sophos.com server.

ftpput doesnt support it. Maybe use lftp, which is included in many distros
http://lftp.yar.ru/

best regards,
Max

It's already possible to search for IP Hosts but not for IP Host Groups.

When you have 50 IP Host Groups pages you have to click quite often to find the right group.

It would be nice to have a "Night Mode" version of the UI.

Would make everything visually better on the eyes, instead of blinding.

Currently there is no way to bulk add FQDN hosts in the UI. We receive many IOCs from our Threat Intel provider and have to manually create each FQDN host in our UI before adding them to a FQDN host group. There isn't any way to do this via CLI as well afaik. Please look into this feature request to make our lives easier.

We as a remote administrator for XG firewalls face high delay in loading home screen for admin login page due to its high resolution image on that page. Admin page should be kept normal & minimal of graphics to have efficient response time & fast loading.

The administration of the XG UTM is so slow. We have tried several models but the loading of the pages is always slow.

Hello everyone
We need that sophos implement an option to configure or allow user accounts with administrator role to access by SSH. This would facilitate the tracking of changes that firewall administrators can make.

Currently the only "admin" account can access to SSH but we need an option to provide SSH access for another account with the administrator role.

Historic Logs stored on the local disk in the antique format that Sophos UTM has in the directory /var/log. like fwlog00-00-0000 where the first is the day, next month and year. stored by day and the capacity to export those logs to an external disk.

The actual format of the XG is not confortable because all the logs is purged by day.

This feature is important to store all historic conntrack information and the others module logs, like IPS, WAF, EMAIL, WIRELESS, etc.

Allow systems such as Auvik access to create backups

The messages on the Control Center page have become completely useless after firewalls have been in operation for some time. The messages are not sorted according to any logic I can ascertain, and I'm unable to clear messages that have been there since literally the day the device was installed.

In our environment, we subscribe to lists of dynamically blocked IPs based on reputation and other factors. This dynamic list is on my system to which every day I must manually go and add or remove these IPs from our blacklist. Conversely, we also subscribe to MSFT O365 dynamic IPs and FQDN that needs to be whitelisted for our services to work. We would like to be able to script these dynamic updates to the appropriate hosts/host groups to make better use of our rules.

Allow users to be granted Sophos Connect access via AD Group rather than just by individual user access.

Changing the order (priority) of firewall rules is currently only possible by dragging and dropping.

Not only is it exceedingly cumbersome to move a rule this way if there are a lot of rules, is it not always clear where the rule will "land" after dragging it. This unpredictable behavior is unacceptable in many Change Management policies.

Please add an option to move the rule by entering a specific location.