XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Request to have much more user friendly two factor authentication for Sophos Connect 2.0

    Hello Team,

    We have a customer here requesting to have much more user friendly two factor authentication for Sophos Connect 2.0. The current 2FA on XG like appending a 6-digit code to a password to gain access is not user friendly. Requesting if possible for sophos XG to support a third party 2FA that is much more easy to use and no need to enter the token or one time password.

    For your assistance please.

    Thank You

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  2. Require local user password criteria to be defined

    Administrators should be able to require users passwords to meet certain password criteria/complexity, Character length, Case, numeric, special characters.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  3. Password Age and Password History Feature Add to Password Complexity

    It will be a good value add for the purposes of PCI-DSS audits, that the firewall should have in its local authentication mechanism (if the customer opts to use this option as against offloading to a dedicated IAM) for administrators and end users, a password age, and Password History feature.

    Password Age will ensure that the administrator can set how old a user's password or admin password can stay in the system unchanged before it begins to remind the users and admin to change their password. It can be 30 days, 45 days, 60 days, or as flexible for the…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  4. Multi factor authentication to be integrated on active directory

    Hello Team,

    We have customer requesting here to implement Multi factor authentication to be integrated on active directory as they will be needing different level of security between their SSL VPN users. For your assistance please.

    Thank You

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  5. current Activities>Live Users

    Please Provide the MAC Address also in Current Activities>Live Users

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  6. Radius Server supply UserGroup from AD

    Let the Radius Server supply a Groupname for different Firewall Rules

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  7. 802.1x

    XG already has 802.1x for AP authentications, but it can't be used as a client. Many ISP's (specifically AT&T) use 802.1x client on their supplied CPE with priority vlan 0 tagging to authenticate.
    UTM can replace the vendor-supplied CPE by adding a wpa_supplicant, but you don't have the kernel-level control on XG as you do on UTM. Sophos would have to add this feature to XG.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  8. Google Admin Domain Added to Authentication Servers

    I have XG330 box, user accounts available in google admin mail domain, I want to use the gmail accounts for authentication purpose. How can I add the Server Authentication to google domain?

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  9. 1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  10. 0 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow setting custom client authentication precedent

    Ideally, this would allow the administrator of the XG to set the precedent for client authentication requests received.
    In our case we need to pass authentication details from our NPS server (RADIUS accounting) to the XG to authenticate a small subset of devices/users on the network (shared iPads) but want the computer login events (STAS) and user reported by agent to override this in an order that works for us.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  12. Windows Edge Chromium edition not supported on the XG FW

    As per Support case 9801435 I have been told that my customers issue with the HTTPS redirected authentication page not working in MS Edge Chromium is because its not supported. This browser has be released for a couple of weeks and should have been tested on the XG prior to this. I will have to tell my customer to use other browsers for the business until this is fixed which isn't ideal. Can a patch be rushed out to resolve this issue as I suspect more and more of your XG customers will be hitting this problem.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  13. Microsoft Internal CA for SSL VPN users authentication

    Currently we can configure SSL VPN users to login use AD authentication. It will be more convenient if can allow the user login support via Windows Internal CA. use the on-premise CA certificate for SSL VPN user authentication.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  14. Make SATC work in combination with SCE Web Protection

    The SATC solution doesn't work on RDS/Citrix server in combination with the Sophos Central Endpoint with the Web Protection feature enabled.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  15. OTP - make SHA algorithm changeable for hardware tokens

    Hardware OTP tokens are currently only supported with SHA1 algorithm on XG firewalls. An option like in SG to change the algorithm between SHA1/SHA256/SHA512 on a per-token base would be very useful.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  16. mithungupta@ncuindia.edu

    Currently the network traffic policy in the firewall is useless because firewall access server do periodic authorization for the users every 3 minutes. Due to this users are able to download more data they want. Time for periodic authorization for user should be decrease or the feature of increase or decrease should be in dashboard.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  17. office 365

    Integrate Microsoft AzureAD for user identification for user based XG firewall web policies and reporting. I saw the request for Azure Directory Services which is not free. AzureAD is free with every Office365 tenant. Sophos Central has AzureAD sync, expand this to XG Firewalls as another Server or Directory as a Service model. Seams like this bridge is already half built.

    22 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  18. Sophos XG Firewall: change simultaneous login ( captive portal / network client authenticator) option of group

    Pleas add an option in Sophos XG Firewall to change simultaneous login ( captive portal / network client authentication) of group, i.e. any number of simultaneous login could be assigned to all members of a particular group at one go.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  19. Unique (non-default) OTP Authenticator Account Name per XG instance

    We have two Sophos XG firewalls and are setting up OTP 2FA with Sophos Authenticator. After scanning the barcodes for both, the Sophos Authenticator displays both accounts with the same default non-unique account name "Sophos SFOS." This makes it difficult to differentiate as to which token goes with which firewall.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  20. Long Usernames with Active Directory

    When configuring Active Directory login on Sophos XG firewall you will have problems if the username is over 20 characters long. This is a limitation of the sAMAccountName field in AD. If you configure it as a LDAP authentication you can specify the userPrincipalName field for the username. This field doesn't have a character limitation. I would suggest an option when configuring Active Directory that we can choose to change the field used for login. This would work also in networks where there is more than one domain for authentication.

    Then users could just type their full email (ex. username@domain.com

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.