XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. backup to central

    With the integration started with Sophos Central, it would be great if the last x number backups could be pushing into Sophos Central. This would provide a few capabilities. One - It could be backed centrally up without the required MR4 password affix to it, so no prior knowledge would be required to restore that backup if hardware failed. Two, it would create snapshots of the configs in time for audit / discover purposes, hopefully eventually leading into a change log of all UTM config changes. Three, in DR scenarios it exists outside of all company systems and people, so…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. Harmonize log format

    Current log format has key=value pairs, which are easy to manage in certain centralized logging solutions. However, some of these values contains quotation marks " and some does not. As there are several longer values, a quotation mark is reasonable and thus every value should have quotation marks.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. XG-Firewall: Allow Changing HA-monitored Interfaces without breaking HA

    Allow Changing HA-monitored Interfaces without breaking HA like in UTM/SG - OS possible.
    Why is there the need to break HA if only a change or modification on a productive plant ist planned, that schould be online 24x7? That´s why HA is implemeted!!

    13 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Please has all Public IP vs Internal IP NAT IP information in tabular format,

    Hi Team- could you please has all Public IP vs Internal IP NAT IP information in tabular format,every time i would need to check every NAT/Business rule .

    This is frustrating and time consuming process and has chances of wrong assessment.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Syslog Servers - Export Logs DHCP

    From our Sophos XG 450 devices we would need to export logs related to DHCP.

    The data we need are: IP address, Mac address, Host Name.
    We would also need to export logs related to SSL VPN Client connections with the same information (IP address, Mac address, Host Name)

    Rogari Andrea

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. Reflexive feature for Lan-Lan rule creation supposed to be there in Sophos Firewall as like cyberoam

    As I recently noticed while creating Business rule to forward port that if we select "create reflexive rule" it doesn't create rule for Lan-Lan access as cyberoam does have that.

    So request you to kindly add this feature in future upgrade. it helps to optimize time and have clarity for the same.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Disable default bridging

    When setting up XG 17.5 for the first time, all unconfigured interfaces are bridged with LAN :-(

    VERY annoying, because when you want to disable the bridge, you need to unbind one interface, assign a new ip on the unbinded interface and assign LAN zone to that interface. The you can switch port to the new interface and login to remove the bridge. NOT GOOD.

    When bridge is needed, we can easily configure it, when doing it from port 1 ourselves ;)

    11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Edit a service object that is in use without removing it from rules

    Ability to edit a service, like changing port numbers on a service, that is in use in multiple business rules. Currently you can't change udp from port 9000 to 9001 and it update in the business rules it applies to. You have to remove the business rules first to edit the service or create a new service. This is a much bigger process. As an Admin I want to click the service, edit change, done. We are not end users, were are admins.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. DNat Rules By Schedule

    You should enable the option to add a schedule to a rule DNAT

    25 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. NAT Policies can only be edited/created when Creating a FW Rule

    In Cyberoam you had a separate section to create/edit NAT Policies. It looks like the only place is when you are creating the FW Rule itself.
    You can not
    * rename the NAT Policy
    * delete a NAT Policy
    It would be good if this was available in a section/tab (rather then hidden with a FW Rule)

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Time base restriction on business application rules on XG firewall

    Time base restriction on business application rules on XG firewall for external to internal traffic

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Filter firewall rules by IP or Host or Group name

    When a user clicks on the "Enable Filter" link on the Firewall page, the user should have an option to filter rules by IP address or Host object or Group object. It shouldn't be this difficult to find the rule I'm looking for in the UI.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Backup File Encryption

    Encryption of File, needed especially when emailing backups

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow IPv6 address on VLAN interface

    Currently unable to add an IPv6 address to a VLAN interface when the physical interface doesn't have an IPv6 address.

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Firewall rule group description can't be deleted

    If you enter a description in a firewall rule it can't be deleted. Once you remove the description, save it and reload the page the description re-appears. This is a bug which is still present in 17.1 MR1.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Completed  ·  0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Delete/Disable several Firewall rules at once

    Not possible to delete or disable several rules at once.

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Fix Windows Update Bug

    Any chance of Sophos fixing the Windows Update bug sometime this century? Almost a year old now.

    https://community.sophos.com/kb/en-us/127554

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. ECC certificates

    XG Firewall should accept ECC certificates

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. make firewall rule interface user friendly (Cyberoam like)

    Please take a look at the development of the firewall rules interface.
    This is far from being great and user friendly.

    Do like the cyberoam interface, automatically group rules by source zone & destination zone. I know you've created "groups" to do this but this is not sufficient at all.. (Already moving rules over an hour to different groups, firewall with 100 rules and 8 zones)

    Despite above, also make your groups user friendly.
    Bulk actions to move rules to group, the "add to group list" is not ordered A-Z

    But I'm really hoping you take a look at the…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Natting should be made simpler

    Natting should be made simpler asit was in cyberoam before auto rule creation and port nating. doing this in XG os is a task and not at all user friendly

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.