XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. q in q

    Hello All,

    I'm writing from in Turkey and I'm a technical guy.

    In our country, we need Q-in-Q or using same Vlan in two braches.

    For Example , The customer is using Vlan 100 ( 10.1.100.0 / 24 ) and They wants to use same Vlan their other branches.

    Is there any roadmap about this solutions on the SD-RED ?

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  2. Increase maximum records as 200 instead of 50 in Mailed report of VPN

    Maximum records are showing only 50 in scheduled mail alert of VPN Logs and due to this unable to get the complete reporting which is imbecile feature if not getting complete report.

    Suggesting to you that increase maximum records as 200 in auto mail alert

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  3. Conexão Múltiplas SSL VPN

    I noticed that when I am connected within the company, and if I try to connect the SSL Client it allows, the right thing was not to allow, as it can loop the network. A call was opened and the only solution is by MAC, but it becomes impossible to do this for everyone, I have to register one by one, it would have to be a simple solution, to identify that if it is connected to the local network, do not let the SSL Client connect VPN.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  4. Remote reboot of a RED device

    Provide an option to reboot a RED device from the XG web GUI. Currently, the only way to reboot the device is to go to the site and power cycle the unit.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  5. Remote reboot of a RED device

    Provide an option to reboot a RED device from the XG web GUI. Currently, the only way to reboot the device is to go to the site and power cycle the unit.

    0 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  6. Option to load Balance with IPsec VPN

    Option require on load Balance with IPsec VPN

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. VPN icon is red even though 1 of 2 VPN connections to a site is up

    Since it's bad practice to use failover groups on both sites of a VPN tunnel, one side (without failover group) shows a red VPN icon in the dashboard. For example - one side can have 2 WAN connections and the other side has 1 WAN - so 2 tunnels are created for failover.

    It would be nice if we can still incorporate these multiple tunnels to the same site in a group, so that as long as 1 is online, the VPN icon doesn't turn red. Maybe if we can add both sides to a failover group, but toggle failover…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  8. Broadcast Routing on Bridged Inteface

    I would like to configure the multicast forwardin on a Bridge interface.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  9. ip sla for high latency failover

    we need ip sla feature for high latency fail over while we using two links if one link goes to high latency we need to switch over to secondary link automatically.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  10. Full tunnel VPN exceptions e.g. for Office 365 traffic

    Allow for exceptions to be created that will allow the traffic to go direct to the internet bypassing VPN configured as full tunnel for both SSL and IPsec VPN. This is recommended by Microsoft for Office 365 traffic.

    https://techcommunity.microsoft.com/t5/office-365-blog/how-to-quickly-optimize-office-365-traffic-for-remote-staff-amp/ba-p/1214571

    Alternatively it would be even better if Sophos can build in this functionality within the OS making it an option that can be enabled/disabled.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  11. SSL VPN with BSNL Link

    SSL VPN tunnel should be established with SUB Interface IP of BSNL which is public-facing and the main Interface IP is Connected to BSNL as L2 LAN.
    We can establish connectivity using Sub IP to IPSEC Tunnel and to Serve Internet to users but can not able to connect using SSL VPN as the Main interface IP is L2 LAN and Sub IP is public-facing.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  12. Prioritize the primary or seconday public gateway option on sophos XG 230

    Dear Support,

    We need the following option on sophos XG Firewall.

    Suggetion: while connecting to sophos remote ssl VPN, we need the option of prioritizing the primary or secondary ISP on Firewall.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  13. IPSec VPN Client Connections Need to generate a SIEM-compatible event

    Sophos Connect client IPSec connections generate separate log events for EVERY SUBNET mapped. There is no single event that any SIEM recognizes as a VPN login event. Every other firewall vendor we've tried doesn't have this issue.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  14. Force Microsoft NCSI probe as SSL VPN Connects

    (For Sophos Tech Support, this is from the back of #9887121)

    I was asked by Sophos Support Rep to post a feature request.

    We have seen with a large amount of our customers an issue arise whereby Sophos SSL VPN (OpenVPN) connects to the Sophos XG fine. With Sophos XG having "Default Gateway" checked for the SSL VPN users a default route is established as we expect.

    However, it cant take a while for Microsoft NCSI to complete it's probe to check if there is internet access. While the VPN interface is in "NoTraffic" or "No network access" mode, before…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  15. Have an option on creating SD WAN policy routing for VPN zone

    Hello Team,

    Requesting to have option on SFOS V18 on creating SD WAN policy routing for VPN zone
    so that we can configure for primary and secondardy gateway for VPN to WAN Firewall rule.

    For your assistance please.

    Thank You.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  16. umlauts

    Support for umlauts on ssl vpn

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  17. Automatically add ipsec_route(s) when configuring a site-to-site IPSec VPN

    By default traffic destined for any remote IPSec VPN subnets will be classified as 'WAN' if you do not manually configure ipsec_route(s) using the device console.

    This process should be automated when configuring remote network(s) for a site-to-site IPSec VPN connection.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  18. Sophos SSL VPN Client

    Hello Sir,

    my problem with Sophos is the SSL-VPN client that doesn't support a certificate based authentication. I don't want to store my credentials on each PCs where I use SSL-VPN client neither want to enter every time the credentials. It would be nice to have a certificate based authentication with SSL-VPN client.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  19. Sophos Connect TAP Adapter - register at dns server

    Set the option "register at dns server" on Sophos IPSec Connect Client at Windows TAP Adapter via parameter at installation of msi or in config file. If not active, the clientname (DNS) will not be reachable from LAN to VPN cause DNS didnt know about the VPN-Client IP. Usage of windows registrie or powehsell script on each client like these are very frustrating:

    Get-NetIPConfiguration | where {$_.InterfaceDescription -eq 'Sophos TAP Adapter'} | Set-DnsClient -RegisterThisConnectionsAddress:$True

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  20. vpn policy restrication

    any option for vpn access to checking mac address or antivirus policy ,,ok i want to restrict particular user laptop not connect our network through any vpn user.. i want to add this type of policy or future in xg 106 firewall....block laptop connection via mac address

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 10 11
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.