Describe how 2 addresses in a dhcp relay are processed, please.
Is the second address completely ignored?
Are both addresses tried, fastest response wins?
If Round-robin, please add option to choose Failover.
If Failover, what are the failover conditions?
Please allow at least a timer condition that can be set.
If Failover conditions are met, when does the relay revert back to the primary address?3 votesDeclined · AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
Suggest you post this query in the community forum, not here.
Allow to not encrypt backups on XG Firewall 17.5. RIght now we are forced to do encrypted backups. It would be nice to have an option to skip it.8 votesDeclined · AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
It is very unsafe to have this kind of information sitting in unencrypted files. We don’t plan to make this optional.
Could you please add an SSO Agent / Client for Mac OS devices?1 voteDeclined · AdminRich Baldry (Senior Product Manager, Network Security Group, Sophos Features & Ideas Laboratory) responded
We are deprecating the SSO agents generally.
Missing DigiCert root in Certificate Authorities
Uploaded PFX certificates from DigiCert are signed with red cross because root certificate "C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA " is missing in Certificate Authorities.
So this certificate cannot be added as appliance cert.
Please add it.2 votes
This is an intermediate certificate used for signing the certificate you purchased. We do not include intermediate certificates in the built-in certificate store. You can upload this certificate yourself – a copy of it should be available to you from DigiCert.
There is a Linux utility called ntopng https://www.ntop.org which is very good at identifying and classifying network traffic at high speed. If you could integrate this into SFOS it would be a very powerful tool.3 votes
The control center page which appears upon logon with the graphs, stats, and sfos update popups can take a very long time to load on lower end hardware such as xg105's. Working with 50 of these becomes time consuming. A configurable setting to select which page is the default after logon such as Administration, Firewall, Network would be helpful for those of us who don't need the control center every time.1 vote
It’s not necessary to wait for the Control Center to load before navigating elsewhere on the UI.
Create complete(!) backups. There are many things missing in the Backup i.e. SPX-Text Mail-Qarantine.
There are also Bugs in Backup. When restoring a full backup some Groups and Hosts getting new Names (like old Name was: 'group' new name was 'group_123'3 votes
Please submit issues that you believe to be bugs through support.
The CLI command 'route' does not show IPSEC networks.
SFOS 17.5.0 GA5 votes
I want to Internet Schema feature on Sophos XG firewall.
This features is very useful but it was removed on a new UTM. Therefore I don't want to upgrade my Cyberoam aappliance to Sophos XG Firewall1 vote
"Data limit (Traffic Shaping) reached contact administrator" intimation needs its pop-up to be displayed in front of screen or in "Client A
Client Authentication Agent pop doesn't display in front of current screen.
But instead of that can we get a notification in task bar application icon mentioning "Data limit has been exceeded contact administrator".
If this is not possible can we have a trigger inform of email, message etc mentioning your data limit has only **mb or customized option for the same.1 vote
Client Authentication Agent is being deprecated.
Would love to give feedback on SFM where it's appropriate4 votes
We are no longer accepting feature requests for SFM.
When you select Change Destination Port and enter a value, the tick box should remain if you go and enter/edit the rule again. As it is at the moment the tick box is removed and its not clear that the destination port is what you have enter (previously). And if you wish to change back to the default port (then you would just remove the tick box), as it is atm you have to enter that port by selecting change destination port1 vote
We have changed the way we handle NAT in version 18 so this suggestion is no longer relevant. Thanks for taking the time to submit.
In the default view, Business Application Rule do not show Source Hosts. Not even when you hover over the field. Cyberoam UI does show this handy and import information. You can see at an instance if you have the rule open to all or restricted to certain host/networks.1 vote
Business Application Rules are being replaces in version 18.
If the device you have does not support wireless, you should hide the GuestAP Network Interface,3 votes
All devices are capable of supporting external APs even if they do not have wireless built-in.
Please add the feature of web & application filter on user and user group.
It is useful for XG9 votes
We are moving towards having user conditions in policies. We already implemented this for Web policies and will do so for APplications in the near future. Putting objects in policies makes it much easier to see and review policy overall that spreading it across assignments to objects all over the place.
Provide redirect option for either HTTP or HTTPS in Guest user settings portal, as it blocks the access on Google Chrome
Provide redirect option for either HTTP or HTTPS in Guest user settings portal, as it blocks the access on Google Chrome1 vote
Using the guest user portal over HTTP is insecure. The best way to remedy this is to obtain a certificate to use in the UI of your firewall.
To make this easier, vote for the Let’s Encrypt support suggestion:
I would suggest SSO client compatible with Samba4 as domain controller1 vote
We don’t intend to specifically support Samba4. If Samba4 can work with our AD integration, that’s great but we won’t be doing anything to specifically support it when it’s not compatible.
new firewall rule is immediatly active; default should deactivated7 votes
Unclear what it proposed.
On the general Firewall page where you see a list of all of your rules, it would be nice to see what the gateway configuration is for each rule. Since the multipath routing occurs in the firewall rule itself it would be very helpful to get an overall view like you can get in the Multipath Rules tab located in UTM.4 votes
No longer relevant with v18’s policy-based routing.
Add option to change the accepted string length for the API XML call to avoid the error:
Request-URI Too Long5 votes
You can also send XML API calls in the body of POST requests. This is a better way to do large transactions.
- Don't see your idea?