XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Backup / restore from a wireless model to a non-wireless model

    I'm not sure why I'm evening posting in here. I'm yet to see a single enhancement implemented from here in 6 years, even those with hundreds of votes, but we'll give it a go.

    I have a lot of legacy clients on wireless Sophos models. As businesses have grown, a number of clients have instead deployed Sophos AP's throughout the business and no longer need (or want) wifi firewall models. However I can't restore backups when deploying non-wireless models to replace wireless models.

    This makes absolutely no sense whatsoever. All Sophos has to do is display a warning to say…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. SG Gui to XG&XGS

    Bring the old design of the Sophos SG UI into the XG and XGS as an optional button.
    (Like other Vendors for there Switches ;) )

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. Comment route

    Add a comment field to the static routes would make handling easier. Cisco Meraki done so.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. qemu

    Mi piacerebbe venisse implementata la possibilità di installare o di avere già installato a bordo del software il deamon qemu-guest-agent usato in Proxmox per dare correttamente lo shutdown e il freze durante il backup alla VM Sophos XG Firewall

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Request to hide dummy interface on WAN Link Manager when WAN is configured as dummy for VLAN

    Customer has WAN interface with VLAN configured on it
    When WAN interface is configured VLAN, the only active interface that will work is the VLAN interface
    The WAN interface will act as a dummy interface
    On WAN Link Manager , the dummay interface will have red status and the active VLAN interface will have green status
    This will also give orange interface status on the dashaboard on GUI of XG

    Customer is requesting, Ask our developers to simply update the Display Dashboard with the options to hide DUMMY Interface that is not active, in failed state so they will not…

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. Dashboard Alerts

    On Dashboard is no possibility to aknoweledge or disable Alerts that are not corresponding to the Costumer enviroment.

    Example the "Change admin Password Alter" (Customer has already done)
    Example the "RED Firmware Alert" (Customer has no REDs)
    Example the "AP Firware Alert" (Customer has no AP
    s)
    Example the "Exim Upgrade Alert" (Fine that it`s be done, but no Case for an Alert)
    Example the "Warning Managed from Sophos Central"

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Tool to test restoration of backups to verify password is correct

    It would be great if there was a method or tool to use to test backup passwords work without actually restoring backups. We backup clients' units and have a record of backup passwords but no way to test they are valid. Unless anyone has suggestions of how we can test backups since support have no ideas.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Assigning static ip to SSL VPN users

    FIRST REQUESTED SIX YEARS AGO.

    SIX YEARS!!!!!!

    IT'S A 5 MINUTE CHANGE.

    PLEASE LISTEN TO YOUR PARTNERS!

    https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/10828488-assigning-static-ip-to-ssl-vpn-users

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add pages or jump to end under users

    I would like to request the addition of a jump to the end option under Authentication\Users on the Sophos XG firewall. Case in point, we have a client that has 62 pages of users and we have to click through each page to get to the end of the list for various users. Clicking the arrow, waiting for the page to load, scrolling down to the bottom and then clicking to the next page (60 times) surely adds up. Ideally it would have the ability to select a page but at least being able to jump to the first and…

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Autoupdate of official Sophos sites exceptions

    Dynamically update Sophos Services and Sophos Liveconnect site exceptions

    We stumbled upon a problem where Sophos Enpoint can't send heartbeat to Sophos Central. The results was that XG firewall locked down client with no hearbeat as set in firewall rule. Diggin and diggin more with support staff, we found that web exception list was not complete. So after adding all suggested sites as listed here https://docs.sophos.com/central/Customer/help/en-us/central/Customer/concepts/DomainsPorts.html everything works again.

    The basic idea is to automatically keep this list (official Sophos and partner site) updated as "pattern updates" or "firmware updates" already did.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. JUST STOP TELLING ME WHAT TO DO

    I am sick and tired of Sophos telling me what to do. My password is 16 characters and complex. There is no need to change it. Give me a dismiss permanently option instead of skip and remind me next time. Only solution is for me to change it and then change it back again. Anyone administering an enterprise firewall is not a baby that needs their hand held.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. ospf

    Disable OSPF MTU mismatch detection

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. It is unbelievable that this is not a standard feature - Scheduling Firmware installations

    So I am new to XG, upgrading from UTM. A standard feature of a UTM firewall is to be notified when a firmware upgrade has been downloaded and ready for installation. Then you log in to the firewall and schedule it to be installed and reboot, generally during off hours when no-one is around.

    Why is this not a standard feature in an XG firewall? I guess it is possible to do it in Sophos Central, but did you ever stop to think that there are people that DON'T want to use Sophos Central? I don't allow access to my…

    14 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Traffic Shaping (QoS) improvements

    "Total Available WAN Bandwidth" should be broken down between WAN links, and broken down between upload/download. Many users have multiple links that are not the same speed, and many (most?) users have non-symmetrical links.

    Traffic Shaping bandwidth values should be in kilobits per second, not kilobytes. kbps / mbps / gbps are the industry standard ways of measuring bandwidth, not kBps / mBps / gBps. I see many users on the Community forum making that mistake.

    Traffic Shaping Bandwidth Usage Type can currently be set to Shared. This is great for sharing a Bandwidth Pool across multiple firewall rules, by…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Migration Bug - Firewall Linked Routing

    For full description see:
    https://community.sophos.com/sophos-xg-firewall/f/discussions/127734/schedules-in-routing

    Separating NAT and Routing from Firewall is good idea! However:
    The NAT and Routing must have the same (or more) qualifiers than the original Firewall.
    or
    Temporarily, let the user create a link from the Firewall rule to a Routing policy, the same way a Firewall rule can link to a NAT rule. Hiding the routing link during migration doesn't work when Sophos obsoletes HW and SW and doesn't allow new HW to be downgraded.

    Added full (Firewall) qualifiers to NAT and Routing is the correct answer. In the meantime, please expose the hidden routing…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Clone NAT Rules

    Add the ability to clone NAT rules

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. SNMP: View interface description, name or branch name

    When the XG is reporting to SNMP, view in the SNMP the interface name, desciption or branche name. Ej.
    SDRED, interface reds1, branch name: Detroit Officces.
    View in SNMP Detroit Offices no the interface name (reds1)

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Remove unnecessary contents published by Apache on User Portal

    The web path /error/README is accessible from the User Portal URL and it displays the multi language custom error documents information. Pages like this are irrelevant and is not required for the User Portal to function correctly. Though unlikely that this will result in a successful attack, it still provides information to potential attackers about the system.

    Removal of pages like this is appreciated.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add timing/schedule feature for SD-WAN policy routing.

    Please add timing/schedule feature for SD-WAN policy routing configurations. Because there are several cases of traffic being passed on a certain line at a certain time.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add time interval select feature when searching logs on XG Firewall interface.

    This is most basic feature when internet provider or law enforcement institution request to block or identify user that was making illegal network activity during specified time. There is option to filter by source port, but no way to jump to a specific time frame directly, making search very complicated and time wasteful.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 31 32
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.