XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Policy Tester

    Need the ability to have Policy Tester use MAC address or host name as well as IP address. Currently it only returns true results if an IP address is explicitly part of a rule, i.e. the host name being affected is defined by its IP address and not its MAC address.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. Delete gateway but don't delete SD-WAN policy automatically

    once delete the gateway, all SD-WAN policies that using this gateway as the primary gateway will be removed at the same time without any prompt.
    if you delte the gateway as a backup gateway, In sd-wan policy will become None, thay very friendly.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. Show the primary and backup gateway in SD-WAN policy summary page

    The "Primary gateway" and "Backup gateway" in the SD-WAN function are important attributes, but they cannot be displayed intuitively in the SD-WAN policy summary page. You need to click in to see them. The user feels very inconvenient.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Unified Logging View

    It would be very helpful if the logging from all modules would be available in one pane, one line per connection with all info from all modules.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Redirect User Portal from HTTP to HTTPS

    At the moment there is no way to redirect HTTP to HTTPS automatically for User Portal. Since the configuration is inside a APACHE httpd.conf file, it should not be difficult to implement it. Thanks

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. DNAT XG18 missing basic features

    With a new server access assistant (DNAT) in SFOS 18.0.0 GA-Build339:
    1) You cannot select different original and translated port in a wizard
    2) You cannot create service inside the wizard
    3) You cannot create external source inside the wizard}
    4) The firewall rule shows allowed access to WAN interface instead of a local IP, which is misleading
    5) Wizard is automatically created reflexive rule effective destroying original, desired SNAT for the server.

    Instead of the 1 original rule in 17.5 you have 3-4 different rules on 2 screens (1 fw and 2-3 NAT rules)... not cool at all!

    Obviously…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. DNAT linked nat rule

    DNAT linked nat rule.

    The DNAT itself was best in 17.5 and will not require any additional changes. With current XG18 scenario please enable at least DNAT linked nat rule.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. WAF and DNAT Wizard

    v16 had a nice and simple wizard to use. With v18, the DNAT wizard is poor in terms of graphics and options you can select. WAF has became a action and customers are not able to find without asking or google it. Please bring the "old" wizard and the old different icons, as the idea of having different icons and wizard was nice. I also suggest to have a wizard for SD-WAN inside firewall policy. You can change Firewall tab to Policy Tab.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow to create Rule based on the Application.

    Please, Allow the creation of Application based Rules just like with any NGFW competitor.

    Currently on XG v18 you need to setup the service, then the web filter, and for last setup a Application filter just to block/allow something.

    Allowing to create the Rule directly based on the application instead of the service would allow for much better management of Sophos XG.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add local service ACL exception rule

    Add local service ACL exception rule to allow for a custom service to be added and selected. i.e.: Ubiquiti discovery service UDP 10001 ACL exception for device access.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. DHCP enhancements: Convert dynamic to static mapping and sticky DHCP

    Working with the XG DHCP-Services is quit exhausting. It could be much easier if there were a possibility at the IPv4- and IPv6-Lease-List to change an existing dynamic Lease to a static IP/MAC-Mapping.
    Additionally a kind of "sticky" DHCP Mapping - were devices get always the same IP-address as long as the range is not exhausted - would make troubleshooting much easier!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. firewall name

    When you are configuring something using the web interface you can't see the firewall name unless you are in the dashboard. It would be nice to have the firewall name at the top of the web page.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Network Interface Status

    Can you show Network Interface up/down status at Main/First Screen
    (Control Center --> Interface)

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Sophos XG v18 Rule & Policies display size

    Can we please increase the size of the box used to show the Firewall rules to something larger that 5 rules?

    Making it expandable either manually or automatically as you expand or collapse rules..

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. karthik@zog.live

    Please add the modification for hotspot voucher templets and captive portal registration page

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Let's Encrypt integration like the SG already has.

    Please integrate Let's Encrypt. I remember an anouncement at one of the first XG Roadshows that new features will be provided for xg and later maybe for sg. But SG gets Let's Encrypt first and un XG we waiting for it since years....

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Make DNS-Request Routes actually use the additional DNS-Servers specified

    When creating a DNS request route via Network -> DNS -> DNS request route, one may specify a list of hosts to be queried for this specific DNS-domain. According to the UI, the order of this list indicates priority of the servers.
    However, should the first server fail to reply (because it is down or unreachable), NO other DNS-server will be queried. According to Sophos Support, this is the intended behavior as the additional Servers are only queried if the first server replies with NXDOMAIN.

    This is obviously not usable as a failover scenario and is certainly not the behavior…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Include reserved ip addresses in backup

    Unless I'm mistaken, experience taught me that restoring from backup will not re-populate reserved IP addresses based on MAC.
    This, combined with the manual-only method of entering reserved IP's makes for a lot of work in situations where a long list of reserved IP's exist and need to be kept.
    Could this please be reviewed?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Turn on/turn off an IPv4 unicast route

    Hello all, could you add the option to turn on/turn off an IPv4 unicast route? UTM v9 has had this feature for years and I think for many reasons other administrators would welcome it too.

    Thank you in advance
    alda

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Sophos XG - Policy Tester - Exception

    Sophos XG should display the Name of Exception on results of Policy Tester.
    If You test a policy, the result show only which exceptions skips is applied.
    So, will be very nice if show the name of Exception to troubleshooting.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 25 26
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.