XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  2. Sophos Connect Client integration with Mac to allow SSL VPN config

    Sophos Connect Client 2.1 integration with Mac to allow SSL VPN config. This currently works great on Windows but is not supported on Macs yet. Why not? Please keep me posted if this changes in the next MR for the XG.

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  3. Auto-reconnect feature for Sophos Connect

    For remote access VPN, when the internet connection fluctuates, the VPN disconnects and users need to re-enter their credentials to connect again. It would be great if there was an auto-reconnect feature which would allow the VPN to reconnect automatically without user intervention when the internet is stable again.

    17 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  4. SSLVPN on ARM processor

    New notebooks are now based on ARM processors and they are not able to support SSLVPN

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  5. Ignore vendor-id check in site-to-site tunnel configuration

    To configure an IPSEC site-to-site tunnel, when the remote vendor ID does not match the remote IP address, this needs to be manually searched for in the strongwan.log file and inputted in the configuration for the tunnel to be established. It would be great if we had the option to ignore this check from the firewall.

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  6. SSL VPN

    when access VPN --> Show VPN Setting then select SSL VPN and try to modify any setting related to Port or Override Hostname, then click on apply

    nothing happened, there is no any notification to say this changes applied or failed

    the current version is SFOS 18.0.4 MR-4

    any help please

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. Application Based Split Tunneling

    Ability to exclude specific Subnets or Applications from a Full Tunnel Sophos Connect VPN Connection.

    Described at the Microsoft page here. -> https://docs.microsoft.com/en-us/microsoft-365/enterprise/microsoft-365-vpn-implement-split-tunnel?view=o365-worldwide#2-vpn-forced-tunnel-with-a-small-number-of-trusted-exceptions

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  8. RED Patternupdate and Installation automatically

    We want to do the RED Firmware installation automatically at night. Because there´s a downtime while the installation and at night normally nobody is working. Because we although don´t want to work at night, it should be done automatically.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  9. ipsec - IP pools

    We are currently trying to migrate from a UTM-9 to a XG and I am especially missing some setting options for RAS with IPsec:
    - no possibility to assign IP pools
    - No certificate is generated for users

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  10. Sophos Connect ipsec vpn Local service ACL

    Add Sophos Connect ipsec vpn column to the Administration >> Device access >> Local service ACL matrix. This is missing on sfos up to the current 18.0.4 MR-4.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  11. RED WiFi Uplink

    It would be nice to configure the Uplink of a RED-Device over WiFi (e.g. RED15W or WiFi-Modul for RED). The first-initialization over LAN is not the problem.
    This would be a good feature for HomeOffice.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  12. Sophos Connect Client 2.0 for macOS

    Currently XG Firewall only supports Sophos Connect Client version 2.0. At the moment, there is only a Windows version. I've contacted support and received the following reply:

    "Sophos XG now only support v2.0 of Sophos Connect Client which has only Window Support.
    For Mac its still in feature request. Our Sophos team is working on it.

    Sophos currently doesn't support your requested feature but values your input into improving the product to best meet our customer’s needs.

    We have requested you to raise feature request using http://ideas.sophos.com/ and subscribe the notifications.

    This would be reviewed by our Product Management Team…

    42 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow Link-Local IPs for Health check AWS uses them for interface IPs

    Allow Link-local IP for Health check under gateways. AWS uses link-local IPs for interface IP so if you are using tunnel interface mode for ipsec and have both gateways setup for failover you are unable to use a health check currently because you do not allow link-local IP. You are able to ping it though device console so it would work if you would just allow Link local IPs

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  14. PPTP - Set timeout for users that are inactive

    We have users who are connecting via PPTP to the VPN that are not terminating their PPTP VPN session on their PCs. They are using Windows Built-In VPN application to connect.

    This results in a single user having several sessions taking up IP address from our set VPN IP range.

    Unless I'm not seeing it, can the option to terminate PPTP VPN sessions based on activity be added?

    We're using SG330 (SFOS 18.0.4 MR-4)

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  15. IPSEC Site to Site with IKEv2 and RSA Keys should rekey instead of reauthenticating when phase 1 expires

    Actually, when phase 1 expires with IKEv2 and RSA-Keys, reauthenticating happens, which is leading to a short VPN interruption ans the corresponding log entries showing the connection as down and up again.
    I'd like to propose to implement "reauth=no" in the VPN Configuration. This will lead to rekeying instead of reauthentication when phase 1 expires. Rekeying happens on the fly without interrupting the tunnel and also without the log entries.
    This feature request was created based on the Sophos support ticket number [ ref:00D301GN6a.5003Z1728jB:ref ].

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  16. vpn alternatief connectoinpoint

    We use a XG firewall and two internet gateway to have a redundant internet access.
    This works fine; when one of the internet connectons has a failure we work through the other internet connection.
    However our remote workers connect to a VPN url which is linked to one of the internet connections. Redendancy can be created by third party solutions as DynDNS.
    Why not an alternative remote gateway solution in de VPN client.
    When the specified gateway is not reachable then try to connect to an alternative one.
    A solution as this creates redundancy for VPN without the dependancy of…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  17. RED as Software-Device-Image (for vmWare / HyperV)

    Is it possible to publish the RED devices as a software image (for example for vmWare and HyperV)?
    We have use cases in PaaS- / IaaS areas in which such a scenario would be very practical.

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  18. Sophos Connect Client Scaling

    Sophos Connect is TINY on 4k screens, making it next to impossible for users to see or read anything on laptop-screens.

    It would be great if Sophos Connect scales in accordance with the windows DPI-scaling settings.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  19. Ability to Ping actual RED IP

    It would be good to have an IP address on the actual RED itself that can be ping'd from a management system to get some idea of online status. I've just discovered that the interface IP for a RED appears on the XG and not on the RED. I.e. if you turn off the red, you can still ping the interface IP for that particular RED.

    Apart from email notifications or checking the XG GUI, there appears to be no way from a central point (e.g. SNMP monitor) that a RED is online/offline etc.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  20. Ability to see status of cellular interface

    The ability to see the status of the cellular interface to ensure that it is registered/connected to the cellular network as well as signal strength to aid in general troubleshooting (e.g. -65dBm, Idle or similar) (not just when the RED is running on cellular failover) as well as initial device placement etc.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.