XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. SFM: Add CCL Notifications

    In SFM, a notification for when a CCL entry is created would be ideal for Change Management. Upon receiving this notification from SFM, other administrators can look back over the CCL entry and bring up potential problems for reversion as necessary when they get an alert from SFM that a firewall's configuration was changed.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow resizing UI

    Currently, no matter how big the browser window is, certain screens such as the "Firewall" screen which have tables with a lot of information on them don't resize themselves to fit the browser window beyond a certain size. This leads to information in many of the columns being cut off and a bunch of unused screen space. If screens such as "Firewall" did resize their table to take up as much of the empty screen space as possible in the browser window, it would make this information MUCH easier to look at.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. STAS is broken by Windows remote desktop

    We stumbled across a bug in Sophos Transparent Authentication Suite (STAS) running on a Windows domain controller which is used to resolve user identification and permissions. When you open a remote desktop session to another Windows computer on the lan, your machines ip address becomes associated with the login credentials you used for the remote session instead of your own credentials. From that point on the firewall believes all traffic from your pc is coming from that user instead of you. Closing the remote session will not fix it. Only relogging in to your machine will get your ip back…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Wants to add 2 email id at System - Administration - Notification - Send Notifications to Email Address

    Wants to add 2 email id at System - Administration - Notification - Send Notifications to Email Address

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Be able to open multiple tabs/windows

    Currently I can only have one browser/tab open to the admin portal which makes it difficult to move around different pages especially when trying to compare settings from one rule to another or an IPS that is applied to the firewall rule. It would be helpful to be able to right click and open in a new tab/window all links on the admin portal.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. Alphabetize IPS/Application/Traffic shapping rules in the firewall rules

    When looking for a IPS/Application/Traffic in the firewall rules and other pages they are not alphabetized. If I want a rule to be showing at the top of the list I should be able to put a special character like a # and it will always be at the top.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Improve high availability logging

    At the moment it is not possible to see if the the initial syncing proces is finished and the auxiliary device is ready the become the master. Please give us a log where this is visible.

    Most needed when testing the HA function on-site. We restart node 1 und see if node 2 takes over. After that, node 1 comes back on and we need to see when we can restart node 2.

    27 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Reorder rules in SCFM Template

    In a template in Sophos Central Firewall Manager, it's currently impossible to reorder rules (neither create a new rule between two existing rules).
    It's supposed that this is a basic functionality of a firewall managing system.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Override administrator login timeout on a per user basis

    We want to create an account just for monitoring the status of the XG and have the control centre on display in the office. As this user is an administrator it's session times out after 10 minutes because that is the global setting we have for our other admin accounts. We don't want to change the global setting so it would be really useful if we could override it on a per user basis, similar to the concurrent login setting.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Unique identifier in browser title bar

    Identifying which browser tab corresponds to which XG when tabs all say "Sophos" isn't possible without memorizing or clicking through each one. Prefixing the page title that populates in the browser tab with either ip address, hostname, or some other custom variable would be helpful when working with many XG's. The icon alone tells us it's a Sophos product, the "Sophos" text adds nothing useful.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. polices for individual user

    Every individual user must have the possibles to change the web and application filter policy as like in cyberoam,

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. MAC Binding

    User Mac is not Binded automatically as like in cyberoam,
    Policy could not be applied for individual users pls try to sort these two as like in cyberoam

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Ability to Identify Connected Computers

    On the main firewall console, there is a section at the top labeled "User & device insights", then Security Heartbeat. It shows the number of Connected devices with Heartbeat. I regularly check to ensure the correct number of devices are displayed, but I can't ever tell which devices are connected because you can't drill down into that information. It would be enormously helpful to display additional information if I click on the number of Connected devices.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. SNMP for XG Firewall Upgrade

    Hi ,

    I request you that SNMP OID should be added for the the SOPHOS XG Firewall - MIB for Monitoring purpose as present MIB does not able to capture below points.

    1.Interface Utilization
    2.Bandwidth Monitoring
    3.Interface IP details
    4.WAN Link monitoring etc...

    Please have these all OID added in the Sophos XG MIB

    15 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. SNMP

    Hi ,

    I request you that SNMP OID should be added for the the SOPHOS XG Firewall - MIB for Monitoring purpose as present MIB does not able to capture below points.

    1.Interface Utilization
    2.Bandwidth Monitoring
    3.Interface IP details
    4.WAN Link monitoring etc...

    Please have these all OID added in the Sophos XG MIB .

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. search in port settings firewall

    When working in a firewall rule the options settings search should search the whole field and not just if it starts the string. Example: Destination networks- search for Filewave, internal_Filewave will not show up. Anything with the search string in it should show up.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Terminate all live connections when user reached traffic quota limit

    Sophos XG unable to terminate live sessions when user network traffic quota ends.
    For example; When we download the file via HTTP protocol, the connection cannot be terminated until it pauses the download process or the download is finished, so user can transfer as much as he wants from the open session. Depending on when the session is closed.
    Its very important for paid internet service providers. (If provider provides via satellite connection, costs calculating as per MB)

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Create STIG for XG Firewall

    Reference: https://iase.disa.mil/stigs/Pages/a-z.aspx?#
    Sophos' major competition have certified their products and provide STIG files for secure configuration in accordance with DISA standard for the DOD. A DISA IASE STIG file is needed regularly for each major XG firewall version. This is now required for far more than USG agencies - this is now being used by USG contracting suppliers in order to prove compliance with NIST SP 800-171 and it's now being used as a security standard for other country and industries for commerce security. This needs to be considered sooner rather than later - Sophos is losing sales over…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Notification App for Android and iOS

    It would be great if we could have a notification app for Android and iOS which is fully independent from Sophos Central, especially for home users or SMB companys which do not need central.
    The app should provide the Administrator alerts and informations about security events (IPS, Web- and Appfiltering, Emailprotection...) and advanced informations about the device (Memory, CPU,...).
    It would be great if this app is also available for users of XG Home without Sophos Central account.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Implementation LLDP/CDP

    The implementation of LLDP/CDP would help to recognize and present the product in automated network documentation.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.