XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Virtual VPN Interfaces

    I suggest that adding a Site-2-Site VPN is assignable to a virtual interface (i.e. tunnel0) that is can be assigned to a zone.
    This would make multiple VPNs much more manageable (especially if you cannot control the other end of the tunnel).
    To make it even better, the tunnel endpoint could be assigned to a physical bridge or VLAN interface.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  2. Login disclaimer for VPN client access

    Please provide the way to add a login disclaimer for user access via SSL VPN and Sophos Connect.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  3. Want to block files & folders through SSL VPN

    Dear Team,
    Need to disable the file and folder security reason block to ssl vpn user currently ssl vpn user are allow to copy and past option available. This is risk to the business User easily sum important data copy and share the competitors.
    so please Disable this option ASAP.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  4. IPsec Tunnel PSK asks for PSK everytime I save on XG135 (SFOS 17.5.10 MR-10)

    Previous versions would retain the PSK between updates to an IPsec VPN. It gets tedious when troubleshooting to have to find and enter this over and over.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add GCM Ciphers

    Add AES128GCM and other GCM ciphers to the IPSec and SSL VPN options. They perform much better. At the moment only CBC ciphers seem to be used.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  6. IPSEC tunnel configuration should alert when Remote Gateway (ANY) are the same

    Okay ran into an issue where we added 4 IPSEC tunnels and did not realize that you needed to have the same Preshared Key. As I get every tunnel up and operational it was changing the key tied to the Remote Gateway of (ANY).... So thinking the Firewall was buggy I would have to go into the tunnel that accidentally went down and set the key to that users config, not knowing I was resetting the key for all of the tunnels related to that key. I finally called support and it took the tech 5 minutes to figure out…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. Dynamic dns

    Dnt buy Sophos I baught is mistakenly I am not going to renew this now, No VPN failover not reliable

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  8. Option to assign each user for SSL VPN remote for specific WAN interface

    Hello Team,

    We have customer here requesting to have on XG firewall an option to assign each user for SSL VPN remote for specific WAN interface if XG has multiple ISP

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  9. L2TP VPN to support multiple users

    The L2TP VPN currently does not allow multiple users connecting from behind the same NAT address. This adversely affects people attending a meeting or conference away from the business as only one attendee can use the VPN at a time. It also means that the first user is disconnected without warning when a second user attempts to connect.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  10. i want Sophos ssl vpn reconnect when restart pc

    i want Sophos ssl vpn auto reconnect when restart pc .that feature was availble on cyberoam but its not working on sophos .

    please kindly add this feature on next firmware.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  11. I want to save passwords for SSL-VPN

    OpenVPN wants to be able to store passwords, just like the Sophos Connect client.
    Please improve.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  12. I want to use a segment with a 20-bit mask in IPsec

    Remote VPN supports IPsec and SSL-VPN.
    SSL-VPN can specify a segment with a 20-bit mask, but IPsec cannot specify a 20-bit mask.
    I want to be able to specify other than 24-bit mask in IPsec.
    Please improve.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  13. On IPSec config "Create Firewall Rule" create two rules, not one

    Actual, when you choose "Create firewall rule" in IPSec Config, one rule from zone any to zone any is created.

    it would be much better, when a rule for each direction is created, in the first rule: souce zone vpn, in the second rule: dst zone vpn.

    when you build an ipsec tunnel from 10/8 to 10/8, your internal traffic would now be allowed too, when you use multiple 10/8 networks.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  14. sophos connect

    Sophos connect automatically connects upon windows startup without clicking connect button, is there a solution for this already?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  15. Azure Virtual WAN

    Become Virtual Wan Partner Azure.
    It is a business opportunity for the manufacturer and for Sophos Partners!
    https://docs.microsoft.com/es-es/azure/virtual-wan/virtual-wan-locations-partners

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  16. ECC certificates SSL VPN

    Allow the use of ECC certificates in place of the RSA certificates for SSL VPN. I realize ECC support was added in 17.5 but it was only partially implemented. The current (version 18 as of this writing) version of your firmware uses OpenVPN version 2.3.6. which does not support ECC. OpenVPN 2.4.0+ is required to support ECC. I had opened a support ticket, they confirmed the limitation and indicated there is no current upgrade timeline.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  17. VPN - Inform the user via Email that he has been connected or failed

    This would increase the security that not somebody else is trying to steal his identity. It would be also great that the admins are informed with too many failed logins.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  18. Client certificate based authentication for SSL VPN remote access

    Clients should be authenticated based on the client certificate instead of username/password for SSL VPN remote access. The Sophos XG should validate the certificate via a CRL or via OCSP.
    This functionality is supported by most other vendors and solutions (e.g. Cisco Anyconnect or OpenVPN).

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  19. 2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  20. Sophos Connect client connect pre login Windows for domain connection

    Please make it possible to connect Sophos Connect client VPN befor a Windows user is logged in like NCP client Pre-Logon feature, to get all AD domain features like GPO and networkshares.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 8 9
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.