XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Administrators App for Android and iOS

    It would be great if we could have a notification app for Android and iOS which is fully independent from Sophos Central, especially for home users or SMB companys which do not need central.
    The app should provide the Administrator alerts and informations about security events (IPS, Web- and Appfiltering, Emailprotection...) and advanced informations about the device (Memory, CPU,...).
    It would be great if this app is also available for users of XG Home without Sophos Central account.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. Implementation LLDP/CDP

    The implementation of LLDP/CDP would help to recognize and present the product in automated network documentation.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. SNMP should provide breakdown of disk usage by partition

    We would like to monitor actively the usage of each disk partition of the XG firewall via snmpget. The current MIB allows only to request the usage of the whole disk what doesn't make much sense. We need a new MIB containing OIDs for each partition.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Local ACL exceptions should not be logged to the last firewall rule ID

    The traffic matching local ACL exception is showned in the logs as going through the last firewall rule. So it means when verifying the logs, you have extra entries in this rule logs which are totally not related to it.

    Would it be possible to display this traffic another way in the logs that is not linked with the last firewall rule? Because it's not related to it.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Auto-backup only if config changes

    Suggestion with regards to how XG Firewall handles backups. I would love to have the option to auto backup when the config changes. Weekly or daily often leaves me with either to many backups or the possibility of having a backup with missed changes

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. Updated API documentation for Country Host Groups

    The API documentation on your site is either outdated or just wrong in regards to Country Host Groups. The actual parameter is <CountryGroup>, but isn't listed anywhere in the documentation. The sub-parameter to pass it is <CountryList>, not <CountryHost>, which in turn needs to be passed a series of sub-parameters of type <Country>. There is also no example listed.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow upload of certificates with special characters in passphrase

    Currently I can upload certificates with keys including special characters to the "Certificates" tab under "Certificates". Unfortunately, uploading the same certificate under the "Certificate authorities" tab results in the following error:

    Special characters |, `, ', ", <, >, (, ) and \ are not allowed in the passphrase

    I don't see why special characters can be used in the passphrase for "Certificates" but not "Certificate authorities". Please allow special characters to be used in passphrases under "Certificate authorities".

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Importing groups: disable MAC binding option

    Get the option to disable MAC binding while importing groups from an authentication server (Example: Active Directory), this because it can be easily forgotten afterwords and this can break SSL VPN for users in the new groups because MAC binding is not supported on SSL VPN.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Split OTP from password entry field

    When OTP is enabled, provide a separate text box for the OTP on the WebAdmin, Captive Portal and VPN credential screens.

    It is not explicit that users are required to enter the OTP at the moment as it is just appended to their password, which can cause issues for staff trying to connect or login to resources as this is fundamentally different to how they enter OTP's in other applications.

    In order to resolve this issue it should be made clear to users that they have to enter the OTP in the form of an additional text box that only…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Better Handling of Cell Modems

    The Cellular Modem page under networks leaves a lot to be desired. There should be many more options to configure connections and a signal strength meter. Look to the Modem Manager application on Linux for inspiration, something like that in the XG would be fantastic. Also need more support for modern cell modems, the compatability list is starting to become quite dated. With 3G ending this year I think it is soon time to prune all 3G only devices and start supporting LTE/4G/5G models.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add the Use of Network Groups (objects) to Routing and firewall rules

    The issue seems pretty simple. On the SG, I was able to define Network groups, e.g. MOEGroup, MPLSGroup. From that, I was able to define my sites and put them into those groups which would provide firewall rules and routing. We never made it to the rules but the routing is what is killing me. Again, in the SG, I am able to define Static Gateway Routes using my Network Groups:

    Route Type: Gateway route
    Network: MOE_Group
    Gateway: MOE Router ( a router on the trusted internal network )

    Route Type: Gateway route
    Network: MPLS_Group
    Gateway: MPLS Router…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Firewall group should not close every time a rule is moved

    Every time a rule is moved (up or down) within a group that group is automatically closed.

    This is rather cumbersome if multiple rules need to be moved, or if you simply want to make sure the rule was moved to the right position.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Specify authentication method for RADIUS/TACACS+ Admin users

    On the SG firewall, an admin could create a user and specify which method of remote authentication would be used. This is not possible on the XG. As a result, a new admin must first authenticate on the User Portal, then an existing admin can change that newly created user to an admin. This is an unnecessary step that could be improved by allowing admins to specify which remote authentication method should be used per user.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow for longer domain names in Parent Proxy field

    Currently there is a limit of 40 characters in the Parent Proxy field:
    Routing > Upstream Proxy > Parent Proxy > Domain Name/IPv4 Address

    Support was unable/unwilling to fix, looking for XG firewall to allow for longer entries in this field. Anything more than 40 characters is truncated, which breaks the parent proxy operation.

    Character limits in the upstream proxy field (currently capped at 40 characters), impacts use of upstream proxies with long names such as webdefence-pool-01.cluster-nyca.forcepoint.net

    Support case for reference (not being fixed by sophos when case was opened 3-13-2019)
    [#8693303] Parent Proxy field truncates at 40 Characters, need…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Qradar SIEM integration

    Make Qradar SIEM able to parse XG firewall logs.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Update jquery

    Please upgrade jquery in the gui from 2.1.3 to something newer which will pass pci compliance with ControlScan

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. OSPF for IPv6

    Add OSPF support for IPv6. It's time to go to the futur !

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Alert admin before GUI session expires due to inactivity (add countdown timer)

    The GUI session currently simply stops responding after it times out due to inactivity.

    Many sites (e.g. bank web site) alert the user before the session expires and allows the user to reactivate the session. Something like "Your session will expire in 2 minutes ".

    For XG I would suggest a running countdown timer somewhere at the top.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Policy Test should consider Application Control

    The Policy Test should run through all components that may be blocking a request.

    Currently Application Control is not included in the test. The result is that the Policy Test may report a URL as "allowed" even if Application Control blocks it.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Set a title for the Log Viewer/Policy Test window

    The (popup) window for the Log Viewer / Policy Test has the URL of the log viewer instead of the function of the page (i.e. "Log Viewer / Policy Test").

    This makes it very difficult to locate the window if the administrator has a lot of open windows.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.