XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. IP Host List Can not be download in .CVS format

    IP Host List Can not be download in .CVS format. It is downloaded in html format.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. Harmonize log format

    Current log format has key=value pairs, which are easy to manage in certain centralized logging solutions. However, some of these values contains quotation marks " and some does not. As there are several longer values, a quotation mark is reasonable and thus every value should have quotation marks.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. Implement partial or wildcard filters in firewall user/network rule criteria

    Currently partial matches do not yield results if the filter doesn't start the same way as the criterion.

    Example:
    "and" will show "Andorra"
    "dorra" will not show anything (i.e. "Andorra" is not shown)

    "la" will show "LAN"
    "an" will not show "LAN"

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Firewall group should not close every time a rule is moved

    Every time a rule is moved (up or down) within a group that group is automatically closed.

    This is rather cumbersome if multiple rules need to be moved, or if you simply want to make sure the rule was moved to the right position.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Specify authentication method for RADIUS/TACACS+ users

    On the SG firewall, an admin could create a user and specify which method of remote authentication would be used. This is not possible on the XG. As a result, a new admin must first authenticate on the User Portal, then an existing admin can change that newly created user to an admin. This is an unnecessary step that could be improved by allowing admins to specify which remote authentication method should be used per user.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow for longer domain names in Parent Proxy field

    Currently there is a limit of 40 characters in the Parent Proxy field:
    Routing > Upstream Proxy > Parent Proxy > Domain Name/IPv4 Address

    Support was unable/unwilling to fix, looking for XG firewall to allow for longer entries in this field. Anything more than 40 characters is truncated, which breaks the parent proxy operation.

    Character limits in the upstream proxy field (currently capped at 40 characters), impacts use of upstream proxies with long names such as webdefence-pool-01.cluster-nyca.forcepoint.net

    Support case for reference (not being fixed by sophos when case was opened 3-13-2019)
    [#8693303] Parent Proxy field truncates at 40 Characters, need…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. SFM API

    Add ability to api import objects into SFM groups. Ability to import a csv style list of hosts, networks, services, groups,etc...

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. XG fw Qradar DSM

    Make Qradar SIEM able to parse XG firewall logs.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. jquery

    Please upgrade jquery in the gui from 2.1.3 to something newer which will pass pci compliance with ControlScan

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. IPv6

    Add OSPF support for IPv6. It's time to go to the futur !

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Initial install when updating Firmware - Manual Control

    should have the ability/option to upgrade the firmware manually, as currently if the internet connection is poor, then it can take an eternity to upgrade to the latest version.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Alert admin before GUI session expires due to inactivity (add countdown timer)

    The GUI session currently simply stops responding after it times out due to inactivity.

    Many sites (e.g. bank web site) alert the user before the session expires and allows the user to reactivate the session. Something like "Your session will expire in 2 minutes ".

    For XG I would suggest a running countdown timer somewhere at the top.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Policy Test should consider Application Control

    The Policy Test should run through all components that may be blocking a request.

    Currently Application Control is not included in the test. The result is that the Policy Test may report a URL as "allowed" even if Application Control blocks it.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Use proper title for Policy Test window

    The (popup) window for the Log Viewer / Policy Test has the URL of the log viewer instead of the function of the page (i.e. "Log Viewer / Policy Test").

    This makes it very difficult to locate the window if the administrator has a lot of open windows.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add Stunnel Functionality

    It would be really cool if you could add something like what the application STUNNEL can do to the XG. Think of it like reverse port forwarding, you have a service on the firewall listening on a particular port, machines on the network talk directly to the firewall on that port, and the firewall forwards the traffic on to the destination.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Dump AUFS file system

    AUFS is an old technology, and slow, switch to a more modern overlay system. Docker dropped this filesystem long ago, time to catch up?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Ability to run Linux commands directly in the GUI

    While the console is a great it would be cool if we could just send a Linux command directly to the device from the GUI, perhaps from the Diagnostics page, and get the output immediately the same way the current Ping and Traceroute work. Some useful commands might be netstat, ifconfig, etc.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. More 2FA Choices

    Come on Sophos, it is 2019, give us more choices for 2FA already. You have your own 2FA service, why has that not been integrated into the XG?

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Network Port Scanner

    Under the diagnostics page add the ability to scan either a single IP address or a range of IP addresses for open ports. There is a great Linux utility called Fing that can do this very well and report on what it found, if you could integrate that into the XG it would be a very powerful tool. The ability to generate a report of all devices with open ports on every network accessible to the firewall would be likely the first in the industry.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Need more information on SSL VPN and RED connections

    As it is now it is very difficult to find out what networks are available through which tunnels. It would be great if we could get detailed information about what tunnels are up and what networks are available through those tunnels. Either a report or a separate tab on the Current Activities page would be awesome.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.