XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. RADIUS IOS & Android authentication

    we would wish. that it is possible in the Sophos XG Registrations which of a IOS / Android over RADIUS run in the live users to be indicated.

    Thus it is also possible to create smartphones groups / custom firewall rules.

    The Sophos Network Agent for IOS / Android is very impractical and thus falls away for us.

    We have seen that in SFOS 17.1, some preliminary work has already been done on this feature.

    Sehr geehrte Damen und Herren,

    wir würden uns wünschen. dass es in der Sophos XG möglich ist Anmeldungen welche von einem IOS/Android über RADIUS laufen…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Wireless Accespoint IDS/IPS or UTM application <3

    Wireless Accespoint IDS/IPS or UTM application.
    Why? Because WAN is not the only "outside" of a network. As a Blueteam Sys/Netadmin aspirering to be an ethical hacker I consider all "acces ports/acces points/network entrys" as "Outside". Scanning for malware and payloads on Wireless Acces Point level would be an absolute godsend. (btw there is still no silver bullet for EvilTwins.. just saying xx.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Rogue access points

    Add a classification of "External" to the Rogue AP Actions. The reason is that we want to designate third party access points which are not approved for use, but which are not rogue (i.e. connected to our network without authorization) as External.

    Sophos should then develop a set of features we can implement by policy to take action. An example would be a policy that prevents authorized devices from connecting to Rogue or External access points.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. remove ERROR notification in access_server.log for radius

    As per case 8135146 this is a feature request.

    Using RADIUS SSO for the wireless. On the accessserver log in XG we see the following" errors"
    MESSAGE May 25 08:51:02 [4143859520]: handle
    radiusaccountreq: request received from radius client 172.16.1.68
    ERROR May 25 08:51:02 [4143859520]: handleradiusaccountreq: received radius accounting with status 3
    MESSAGE May 25 08:51:02 [4143859520]: handle
    radiusaccountreq: request received from radius client 172.16.1.68
    ERROR May 25 08:51:02 [4143859520]: handleradiusaccountreq: received radius accounting with status 3
    MESSAGE May 25 08:51:02 [4143859520]: handle
    radiusaccountreq: request received from radius…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Reboot AP via Web Admin UI

    Make it possible to reboot an AP from the XG's Web UI.

    Implementar a possibilidade de reiniciar AP via Interface Gráfica (WEB)

    26 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Improve WiFi roaming for Apple devices with 802.11 k

    Apple Devices & WiFi:
    So everybody knows that Apple has its own opinion for WiFi Roaming and switching to the next AP with the best wifi signal. I think it's a good idea to implement the 802.11k standard to Sophos AccessPoints, according to the knowledge page from Apple at: https://support.apple.com/en-us/HT202628 where they talking about the 802.11k Standard. Maybe this is a solution for Apple devices that have connection issues and do not want to switch the access point.

    30 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Support for WPA3

    I realize that it's a new standard, and the WFA is only just now beginning to certify devices, but are there plans to attain WPA3 certification for Sophos AP and managing firewalls?

    https://www.theverge.com/2018/1/9/16867940/wi-fi-alliance-new-wpa3-security-protections-wpa2-announced

    25 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Seamless activation of new Wi-Fi SSID

    If a new SSID goes online (due to a schedule), all other SSIDs goes offline for a short time. So all Wi-Fi clients on all SSIDs will be disconnected.

    This is very annoying, for example, if you have an all-time internal Wi-Fi for corporate devices and a guest Wi-Fi, which is only switched on between typical business hours.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. A way to view hotspot terms of use every time during testing

    Force a client to see the HOTSPOT's Terms of use acceptance page every time during testing? Or give us a way to clear out a session for testing he custom template.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Mesh for AP55s on 5ghz

    Currently you can only create a 2.4ghz mesh network on AP55s.Business requirement
    1/. Sophos stays competitive and in the business of WIFI security
    2/. Sophos has products that people want to add the their XG range of hardware
    3/. provides greater throughput than achievable using 2.4ghz mesh.
    Larger files take noticeably longer to load over a 2.4ghz mesh

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Mobile-based OTP for Wireless guest user login

    We need OTP for WiFi Guest users access to same same or different network. When new guest come in Office then they connected to network and when Guest users try to access internet they should for mobile number and after submitting Guest user get OTP on mobile number which he enter.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Facebook

    Is it possible to use Wireless authentication by Facebook and others social on Guest Wifi network via sophos AP ?

    38 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow Visibility and control of Live Guest Hotspot Users

    It would be really nice to be able to see a list of current Hostname/Mac addresses of those using the hotspot (and boot them if necessary).

    It would be even better if I could get a daily report that shows me hostnames/mac addresses of those people using the hotspot.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Wireless AP Unique Identifier (UID)

    It would be great if we can trigger UID LED on the wireless access point. Sometimes it is hard to determine which physical access point we're configuring especially when located in multiple levels.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Restart Wireless Access Point Function

    Each access point should be able to be restarted. This helps in two ways:


    1. Perform a OS restart of the Access Point if 'turning on and off' the wireless network does not work

    2. Allows you to see a port blip on the POE switch to confirm what port the AP is connected to in remote areas

    90 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. wireless client list

    On the UTM there is the option to add custom names to a wireless client.
    Wireless protection - Wireless clients - Wireless Client list
    Would be great to have this option on XG also.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Wireless AP Channel planning

    Require the ability to globally set the wireless environment channel plan, especially within 2.4Ghz space. At present although set to UK settings and in auto the system is selecting channel 13 which the upper frequencies stray into channel 14 which are not allowed in Europe. Ideally need to be able to select appropriate channel plan for AP's to follow. Adjusting a single AP is not an issue but for multiple the system should be dynamically calibrating correctly this selection.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Pre-authenticate Hotspot users by MAC

    I have created Hotspot and the vouchers for guest users. However, on this hotspot, I would like to have some users be authenticated with their MAC addresses such that they are not prompted with a captive portal to enter voucher. This feature is helpful - to authenticate/allow users based on MAC addresses on guest or other hotspot.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Ability to configure low signal drop off

    We all know Mac's don't support 802.11r fast transition, and instead do signal strength. Can we set the minimum receive RSSI to help force a device to a closer AP?

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Wireless Device steering when AP overloaded

    In our environment we use more AP's than needed to help with device density issues. The average employee has 5 devices on our WiFi network, with our older Aerohive devices we moved away from we could specify max clients per AP, it would then steer the user to the next closest AP with available space. This allows for better overall performance and to allow for higher density AP's.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.