On the Network/Interface/configure PPPoE - VDSL setting area please change/add the text to indicate that this VLAN applies to a FTTH (fibre to the home) PPPoE configuration as well.
In NZ we have UFB (ultra fibre broadband) to most premises that requires a PPPoE with VLAN 10 configuration.

This isn't really a suggestion, it is a basic necesity just like in SG.

The time it takes to find out where for example a port or a user is in use is just annoying and exhausting (except if you have like up to5 firewall rules and 1 user).

I handle two networks which are nearly identical.

They have just one digit differencing in the DHCP for all devices.

Everytime a new device comes into this DHCP I have to update both Tables.

It would be very helpful if I could export these tables in a readable format and import them again.

Mark return traffic with a DSCP value, enabling the inbound flow for a session to be marked with the same DSCP value detected for the outbound flow.

This would be an excellent feature with with the increased number of video meetings. I have seen this feature with other firewall vendors.

Hi Team, XG firewall login homepage is having very high resolution image which takes lot of time to load / refresh while we admins work remotely on these firewalls. As an admin, I can disable this image load in chrome but that disables all images for that particular firewall' all admin sections which is not desirable.
Can you please decrease resolution of login page picture, not useful at all.

Thanks,
Nilesh Kahar.

Please enable the option for importing the new user credentials through .csv file, which was there but now you have removed after firmware upgradation.

Admins should be able require users to change password at next login.... We are setting up our users on a new XG Firewall, we should be able to require them to change password at next login so they are not using the common password for setup... So passwords are unique.

I don't want to use a secure storage master key. This is something we don't need and will just make life more difficult for our staff who manage more than 150 different Sophos XG devices having to store keys all over the place. I'm sick and tired of the screen popping up every time I log in and the fact I can't take a manual backup.

Will Sophos please stop forcing this and make it optional. I'm the Administrator, not Sophos.

Your XG vm in Azure currently has an OMS linux agent installed which is no longer supported or used by MS. The new MS Analytics Agent should be added to the XG so that Users of MS Security Center can log and manage the analytics the agent collects as well as review all the collected logs etc.

GEO IP database should be updated with pattern updates and not just when a firmware update happens. I have experienced too many issues with IP's being blocked due to the wrong country.

Dear Team,

Recently we have changed the devices from cyberoam cr100ing to sophos xg210 and In Cyberoam we are able to add the IP list supported hosts for the SSL VPN but in Sophos XG 210 we are unable to add that. Can you please add that feature in Sophos XG210? because to add the one by one host is the time consuming process as ws have the 200+ SSL VPN uers.

03116626
We failed the PCI scan from SecurityMetrics. The scan was just on the XG310 firewall.

Title: CPE Based Vulnerabilities for Linux 3.0
Impact: One or more vulnerabilities have been found that affect this service. Please see the relevant CVEs for more details.
Resolution: Apply the latest vendor patches to your operating system: Linux 3.0
CVE Score Vector
CVE-2012-1146 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C
CVE-2014-2523 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C
pages of patches

XG310 (SFOS 18.0.1 MR-1-Build396)

This is the same thing as the Sophos XG Firewall General Discussion Sophos XG v18 MR1-396 Failing SecurityMetrics PCI Compliance Scans.

Possibility of programming (day / time) the firmware update on XG

We were hoping to use the API to create a simple administrative interface that allows a helpdesk to toggle local XG accounts for remote access.

The current API documentation indicates that the <User> branch allows the <Password> to be updated via the API, but the <Status> is a read-only attribute.

This seems a bit daft really, if anything I would argue it should be the other way around.
It seems more secure to allow the API to toggle an account status but not actually change its password, thus requiring access webadmin to change a password.

I have seen two request for the ability to monitor temperature. One from 2016 and the other form 2018 both with a combined vote total over 200. What gives?

Required Live Bandwidth Speed Detail In XG Firewall if available in XG106 (SFOS 18.0.1 MR-1-Build396) so please support

There is only two options we have to set "Maximum login limit" i.e. globally and individually. What if we have to set this for only particular group in which there is so many users. IT's hard to set "Maximum login limit" for too many users. So please provide the same option for group.
Thank you.