Give us the chance to manage XG basic features from CLI, such as:
creating/editing/deleting network objects
creating/editing/deleting ips/application control/web policies
creating/editing/deleting and managing VPN
and more.....123 votes
If you have DHCP on the WAN interface and also an IP-Tunnel which terminates there, it would be great if you can configure the local endpoint dynamically. (Take the IPv4 value of interface Port1)7 votes
Add AICCU support (Like on UTM) [https://www.sixxs.net/tools/aiccu/] for Sixxs.net ipv6 tunnel handling.9 votes
In the log viewer, you have to choose the log View what you want to view for System, Web Filter, .. etc.
Because of you can add filter options like an IP address, would be better if you can see all logs related with that filter at the same time.12 votes
This is currently being developed for inclusion in v17
Would be useful if you can click in the tree menu path to go back in the config options.
For example in System > System Services > Web Proxy if you can click in "System Services"11 votes
It should be allowed to change the name of Physical Interface objects from default PORTx name to custom one.
Also, comment attribute/field should be added for additional description (like it was available in UTM9).391 votes
This is being implemented as part of a larger project, which makes some under-the-hood improvements to configuration handling, which is why this has not been implemented sooner.
NTP Server is a small package and UTM9 has it. In some small organization, having a central NTP server is a nice feature.
Can you add it into future release?
You can put it inside device access, denying WAN from using NTP server for security reason.584 votes
This feature is under consideration for a future release, though a target version or timeframe is not yet set.
At the moment, if you try to remove a object used somewhere (Policy Rule for example) a message appears saying that "the object is already in use." So give us where the object is in use and allow Admins to delete it.
You can add an extra column with number of times the object has been used and give LINK where the object is used so we can go directly to the place and check if can delete it or not.128 votes
UTM 9 had great DHCP options that you could assing globally or to an individual pool. For people with VoIP deployments this is Huge.317 votes
Adding DHCP options to the GUI is under consideration for a future release.
At the moment, automatic firewall rule is not available in any option as it was with UTM9. For example when you setup a new site-to-site or vpn. This is very useful and time saving. Also add inside Policy Section "Automatic Firewall Rules view".
Last, add the chance to create Groups so we are able to group rules together.134 votes
Firewall rule grouping is currently planned, and will be included in v17, shipping later this year.
Automatic firewall are being considered for a later release.
configure bandwith provided by the ISP in each wan interface for improve the traffic shapping feature382 votes
I would love to be able to create RED tunnels to other Sophos Firewall XG devices aswell as Sophos UTM's.
This was a big disappointment to myself who used RED tunnels between UTM's26 votesStarted · AdminJan Weber (Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
Work on bringing back RED tunnels between two XG Firewalls has started and will be part of the next version of XG Firewall.
In the moment it is a mess to select IPS Signatures and Applications in the
GUI, which additionally doesn't fit in the browser window very well.
Did i mention the (small) scroll bar on the right?
Please adjust the IPS and AppCtrl GUI according to best practices.14 votes
XG looks like Sophos Standard. On Email Virtual Appliance, when I have a new pending firmware to install, I recieve an email saying that a new firmware is available to install and it will be installed at .... (I have automatic upgrade during the night). Inside the email, I have the link to release notes.
Please implement this feature to XG too.204 votes
This will be implemented in a future update.
IKEv2 and dynamic routing114 votes
IKEv2 is currently being developed for inclusion in v17. Dynamic routing, or route-based VPN is also planned, but cannot be included in the same release.
Would be nice if the source port was already pre-populated like it was in UTM9220 votes
We will implement this, but I don’t have a target version for it just yet.
Improve the WAN Gateway monitor. Add Latency thresholds, Packet Loss thresholds.
This can help much to prevent false positive gateway status.
The same feature could be added on VPN Failover system
Carlos Cesario156 votes
Add support to notification component send email to multiple recipients.
Currently it is supported only 1 recipient.
Currently this makes impossible an efficient monitoring of appliances (Copernicus) with multiplpe WAN interfaces.
The SNMP server only works through a unique WAN interface.
Currently it is needed create one Community to each specific IP address.
It is impossible create two 'Public' communities by example to two different IP address or create a single Community String for any (0.0.0.0) Ip address.
- Don't see your idea?