XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Some websites taking too much time to load, It works fine without using cyberoam CR25ing.

    In firmware version 10.6.2 of cyberoam CR25ing many websites taking too much time to load properly, but when I create new rule without attach identity it works fine.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  2. Let the admin can use deny-all to be as default

    Let the admin can use deny-all to be as default when creating a new one. it will be helpful to block all ports and IPs not only mentioned APPs.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  3. Time based report for port forwarding

    Time based report for port forwarding

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  4. block psiphone WITHOUT the need to scan HTTPS protocol

    We strongly request this features ! As, it is totally not practical to install https cert on all computer. Especially guest Network in order to stop Psiphone. From the report we are losing 223.92 GB or 11.21 % daily on bandwidth to psiphone. Hope this issue will get someone in XG team alert and a solution is indeed !!

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →

    Psiphon is extremely evasive and only needs to find one successful way through the firewall to connect. HTTPS decryption is essential as Psiphon is enable to disguise the non-encrypted parts of its HTTPS traffic sufficiently that detection without false positives is impossible.

    We continually monitor Psiphon and similar tools and try to respond to new connection methods, and try to find new more effective ways to detect and block.

  5. Webfilter & Application on User based like Cyberoam

    Webfilter & Application on User based control

    A great feature in cyberoam was the ability to change webfilter/App filter for a user or group in the identity section.

    With XG that good option was left off, allowing only firewall rule based webfilter/App filter application as competitors do.If this feature is came back its very helpful to small organisation like below 25-50 users

    Requesting Sophos to bring back that feature which made Cyberoam so popular.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →

    We prefer to move away from assigning policies to objects, and towards having policies that reference objects. This allows us to put all policies in one table rather than having them distributed around the UI. Web Policy is an example – since Cyberoam, we have added the ability to select user identities in Web Policy so that it’s not necessary to create many different firewall rules to grant different policies to users. We will extend this to App Control as well in the future.

  6. Allow remote session and denied file transfer over Team-viewer application

    Requirement is Allow remote session and denied file transfer over Team-viewer application.

    Refer the case id : 7486601

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  7. AD authenticated user stays logged in forever

    I have configured user authentication from AD to access the internet. In present firewall is automatically logged out the user if the user is inactive for some time (same told by Cyberoam technician). So remove this feature or make an option for this for users to logged in continuously.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  8. Web filters can be applied in a policy assigned to users or groups. This allows you to configure a single firewall rule. Application filters

    Web filters can be applied in a policy assigned to users or groups. This allows you to configure a single firewall rule.
    Application filters should be the same. Otherwise at the end you have to put several firewall rules, one for each application filter and user group.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →

    The current implementation allows exactly the same requested goal, in a different, and more straightforward way. A single firewall rule may be created, and the user logic is bound to the web policy, rather than the user.

    Mixing objects and policy decisions makes for a fragmented user experience, which can be very hard to understand for new users. The current model achieves the same desired goal, but does not make the user hunt in non-obvious places to implement decisions.

  9. Blocking file extension like *.docx, .that transfer through skype

    Blocking file extension like *.docx, .that transfer through skype

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  10. Create a microapp for Brother OmniJoin Web Conferencing

    The Brother OmniJoin Web Conferencing services resides on a server in the DMZ and proxies/relays HTTP(s) requests from the OmniJoin cloud servers. A BAPP rule is created to allow HTTP(s) traffic from the WAN to this server, and a Network rule is created to allow this server HTTP(s) access to the WAN. However, access to the DMZ server is not functional unless I disable microapp discovery from the Console: system application_classification microapp-discovery off. (This is reference in Sophos KB 125458).

    Please create a microapp for OmniJoin so I can turn microapp discovery back on. Having it off disables my ability…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Declined  ·  0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  11. Limit should be there for FTP download size and number for files.

    I want to allow the FTP base through my UTM but I want it to be restricted in terms of Size of file and number of file. As it should not be misused by users.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.