XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Sophos Connect TAP Adapter - register at dns server

    Set the option "register at dns server" on Sophos IPSec Connect Client at Windows TAP Adapter via parameter at installation of msi or in config file. If not active, the clientname (DNS) will not be reachable from LAN to VPN cause DNS didnt know about the VPN-Client IP. Usage of windows registrie or powehsell script on each client like these are very frustrating:

    Get-NetIPConfiguration | where {$_.InterfaceDescription -eq 'Sophos TAP Adapter'} | Set-DnsClient -RegisterThisConnectionsAddress:$True

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  2. vpn policy restrication

    any option for vpn access to checking mac address or antivirus policy ,,ok i want to restrict particular user laptop not connect our network through any vpn user.. i want to add this type of policy or future in xg 106 firewall....block laptop connection via mac address

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  3. Sophos Connect Client IPv6 Support on XG

    Connect Client should support IPv6 on WAN Interface

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  4. Selectable VPN configuration files on Sophos XG for Split Tunnel or Full Tunnel

    I am currently replacing a Cisco ASA/AnyConnect VPN environment with a Sophos XG 210. There is a requirement that some users have the ability to select either Split Tunnel or Full Tunnel client access vpn connectivity. They can currently do this in the Cisco environment.
    I can create the separate SSL VPN profiles in the Sophos XG but there is no way to download the configuration file for both profiles. User account is tied to a specific profile so they only have access to one or the other. The only workaround I have is for the user to have 2…

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  5. Sophos Connect Charon Logs

    I've come across an incident where the Charon logs for Sophos connect reached over 91GB in size, it would have got larger but it had consumed all of the available space on the hard drive. As such, I was unable to download the Sophos help tool in order to seek help and had to use another machine and remotely connect using RDP.

    On rebooting, the logs were completely cleared and all went back to normal.

    There really should be a process in place that prevents a log reaching that sort of size, maybe log rotation with a purge in place…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  6. Disconnect SSL VPN User after a set length of time

    Disconnect an SSL VPN user session after a set amount of time. E.G. if connection has been live for 10 hours disconnect it. The idle timeout doesn't work as there is still Anti-Virus updates and such running over the connection to the computer when the user is not there.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. Sophos Connect for ARM architecture

    Hello,

    Could you developp an executable which can be run on ARM architecture?

    ARM is coming pretty fast on the computer side with for example the "Surface Pro X" and it would be interessant to have a compatible executable.

    Thanks you

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  8. failover option for sophos connect client VPN

    Hi team, can you please introduce a failover option for Sophos connect client VPN option, as this option used to be there for any vendor but it is not available in Sophos for global VPN setup.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  9. Fix the DHCP Scope Limitation in Sophos RED Configurations

    We came upon a unique problem, had two Sophos RED appliances (RED 15 and RED 50) that were configured for two completely different companies. They both functioned just fine for a day or so, then went offline completely shutting down the site. RED services in the XG firewall crashed and wouldn't restart.

    Turns out you cannot have more than one DHCP scope in a RED configuration. We had parsed the IP ranges to 2 and 3 scopes to account for static reservations that already existed. Having more than one DHCP scope basically crashed the RED services on the XG.

    According…

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  10. console> system ipsec_route command show in the gui & route precedence

    Is it possible to show and adapt static ip sec routes through the gui? Also it would be nice that the route precedence can be showed and modified.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  11. Sophos Connect VPN DHCP Relay Option

    The Sophos Connect VPN client/server does not currently support the DHCP relay option/feature. Now that most of the population is working from home these days, it is essential that DNS name resolution work seamlessly with DHCP. Right now, when a remote user initiates a Sophos Connect VPN session, the XG firewall manages the DHCP IP lease to the client. This is problematic because after the IP lease is created, it does not update the DNS records running on the internal Microsoft DNS server to reflect the new IP address given to the client. We really need the option to relay…

    5 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  12. Sophos Connect with OTP – eliminate 4 hours reauthentication

    Today when using Sophos Connect with OTP, the firewall asks for a new OTP token every 4 hours. According Sophos support, this value is hardcoded. If employees working the whole day remotely, an interruption very 4 hours is a pain.
    Please make these 4 hours configurable. Or at least extend it to 10 hours, so a full working day can be achieved without any interruption.

    39 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  13. SSL VPN Password reset portal.

    AD Users which has a 90 days password policy expiration. Causes a problem with the SSL VPN credentials.

    There should be a feature to reset the password and connect to the SSL VPN.

    Sort of a dial up password reset after 90 days for the SSL VPN users sync from the AD.

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  14. SSL VPN Password reset portal.

    AD Users which has a 90 days password policy expiration. Causes a problem with the SSL VPN credentials.

    There should be a feature to reset the password and connect to the SSL VPN.

    Sort of a dial up password reset after 90 days for the SSL VPN users sync from the AD.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  15. Virtual VPN Interfaces

    I suggest that adding a Site-2-Site VPN is assignable to a virtual interface (i.e. tunnel0) that is can be assigned to a zone.
    This would make multiple VPNs much more manageable (especially if you cannot control the other end of the tunnel).
    To make it even better, the tunnel endpoint could be assigned to a physical bridge or VLAN interface.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  16. Login disclaimer for VPN client access

    Please provide the way to add a login disclaimer for user access via SSL VPN and Sophos Connect.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  17. Want to block files & folders through SSL VPN

    Dear Team,
    Need to disable the file and folder security reason block to ssl vpn user currently ssl vpn user are allow to copy and past option available. This is risk to the business User easily sum important data copy and share the competitors.
    so please Disable this option ASAP.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  18. IPsec Tunnel PSK asks for PSK everytime I save on XG135 (SFOS 17.5.10 MR-10)

    Previous versions would retain the PSK between updates to an IPsec VPN. It gets tedious when troubleshooting to have to find and enter this over and over.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add GCM Ciphers

    Add AES128GCM and other GCM ciphers to the IPSec and SSL VPN options. They perform much better. At the moment only CBC ciphers seem to be used.

    16 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  20. IPSEC tunnel configuration should alert when Remote Gateway (ANY) are the same

    Okay ran into an issue where we added 4 IPSEC tunnels and did not realize that you needed to have the same Preshared Key. As I get every tunnel up and operational it was changing the key tied to the Remote Gateway of (ANY).... So thinking the Firewall was buggy I would have to go into the tunnel that accidentally went down and set the key to that users config, not knowing I was resetting the key for all of the tunnels related to that key. I finally called support and it took the tech 5 minutes to figure out…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.