XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Update SSL VPN to newest OpenVPN version.

    MacOS users with the newest version of Tunnelblick are starting to experience compatibility issues with the current OpenVPN version used by SSL VPN.
    Specifically comp-lzo is deprecated. See the same idea for UTM

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  2. Share port 443 with VPN and Webserver

    I have a webserver with SSL enabled, but I want also the SSL-VPN server at the same port (TCP,443) since this port is not blocking at the most firewalls.

    I know it is technical possible, with "port share" in the VPN-Server-Config.

    Regards,
    Marc

    30 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow VPN Client Connection using L2TP with AD user not only with PAP

    If you want to connect a client with a user from AD using L2TP is only possible with the PAP protocol. The PAP protocol is insecure because the password travels without encryption.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  4. Prevent SSL VPN DNS leaks on Windows 10 with simple OpenVPN option "block-outside-dns"

    Windows 10 has issue with DNS leaks, that DNS requests are made to all accessible DNS servers and the quickest one to respond is selected. This causes problems if the same DNS name has different IP on external DNS and DNS internal to VPN.

    Right now, this has to be solved on case-by-case basis with change of metric/interface priority on each client system - as suggested by Sophos support.

    As the Sophos SSL VPN is based on OpenVPN, by adding the ability in GUI to configure push of "block-outside-dns" option to clients, this could be resolved system-wide and is tested…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  5. Request to add keep alive feature for GRE tunnel

    Hello Team,

    We have customer here requesting to add keep alive feature for GRE tunnel as a requirement on their network set up. For your assistance please. Thank You

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  6. remote desktop

    Provide setting for Clientless Access RDP to allow multiple monitors.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow Copy Paste Feature on RDP Clientless Access Connection

    Hello Team,

    We have customer here requesting to add the Copy Paste Feature on RDP Clientless Access Connection. For your assistance please. Thank You

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  8. SSL VPN portal access without using WAN IP Via URL,Domain Name Or any LINK IP(STATIC IP)

    give a option for Create SSL VPN Link or Domain Name or URL instead of WAN Ip For VPN Portal.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  9. SSL VPN user configurations

    Add ability for an Administrator to view and download SSL VPN configurations of users. Additionally make windows configurations available as .ovpn files as well as the 'executable'

    29 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  10. Create Inline OVPN File for Site to Site SSLVPN

    As it is now the Site to Site SSLVPN server still exports the now ancient Astaro .epc/.apc format. Give us the option or switch over to creating a more "universal" inline .OVPN file that can be used with clients other than Sophos gateways. We can easily convert the .epc to .ovpn with a script like we have been doing for the past, oh I don't know, 8 years, but don't you think it is time to leave the past behind? I mean I can login to the user portal and download an ZIP file that contains an ovpn configuration, whay…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  11. Support VPN Configuration from Microsoft Intune and Windows 10

    Microsoft have been working on their Intune Solution which includes a way to configure a VPN policy that is deployed. There are a number of "Connections" available from other vendors but Sophos are not present. It would be great if Sophos would create a "UWP VPN plug-in" which will allow us to be able to configure VPN's via this. If using Autopilot in the future too a VPN maybe required if not in the office and this same configuration is used.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  12. VPN Architecture

    Sophos should develop a new User friendly policy for shifting from One network to another through VPN. As in Cyberoam we used to install a client and whenever we need to shift from One VPN to other just we just import specific Configuration file and start with the network login using credentials but in case of Sophos its different every time i have to download a entire setup file. When using many networks it becomes a problem. We need to think re structure the design

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  13. Improve problems of RED devices.

    Please make sure that existing "RED" does not reconnect when new "RED" is added.

    Each time we add or change the setting VPN is disconnected, so customer complaints are coming.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  14. Wireguard

    I would like to see WireGuard added as VPN option since it is mote secure, lightweight and modern compared to the current available options.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  15. Harden SSL VPN (OpenVPN) Configuration

    SSLVPN uses a weak cipher, AES-128-CBC, which is rapidly aging at this point. Couple that with a lack of TLS Auth protection and you have a pretty insecure implementation of OpenVPN. Either up your game and default to a stronger cipher or let us decide which one we want. Also need the ability to enable TLS Auth if we so desire.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  16. Expose more OpenVPN Configuration Options

    SSL VPN is based upon OpenVPN, it would be great if you could expose more of the options available to that platform. OpenVPN is a very powerful piece of software and can do many things, however, the implementation on the XG prevents us from accessing that power. I also noticed that the cipher used is a pretty weak 128 bit one, would be great if we could choose the cipher. TLS-Auth is also not enabled which would be an added plus.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  17. SSLVPN OTP SELECTABLE PER PROFILE

    Need to have the ability to choose which SSL VPN server (OpenVPN) uses OTP. As it is now OTP is applied accross the board to ALL SSL VPN connections. We use devices that logon as SSL VPN users, enabling OTP on SSL VPN breaks that ability. We don't wish to disable OTP on SSL VPN as that would make it less secure for actual users that need to login to SSL VPN. What would be ideal is the ability to have one profile for devices that needs no OTP and one for users that does. An alternative to this would…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  18. Make Cisco VPN Client Client Functional Or Replace it with Cisco Any Connect VPN Client

    As Cisco Vpn Client is now obsolete and no more supported by Cisco, it doesn't work with Sophos XG as said by one of Sophos Technical Support Team member, names " Yagnik Goswami "in my service request number "8232842".

    As there is still the "Cisco VPN Client" option is available in Sophos XG so it should also be working fine or Sophos has to give its replacement option of "Cisco Any Connect".

    As this thing is annoying the costumer so Sophos must think on this matter seriously.

    Best Regards

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  19. Authy

    Integrate Authy 2FA into the SSL VPN server

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  20. Create a

    Create the ability to monitor individual VPN IPsec tunnel status and SNMP traffic.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.