XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Windows Edge Chromium edition not supported on the XG FW

    As per Support case 9801435 I have been told that my customers issue with the HTTPS redirected authentication page not working in MS Edge Chromium is because its not supported. This browser has be released for a couple of weeks and should have been tested on the XG prior to this. I will have to tell my customer to use other browsers for the business until this is fixed which isn't ideal. Can a patch be rushed out to resolve this issue as I suspect more and more of your XG customers will be hitting this problem.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  2. Microsoft Internal CA for SSL VPN users authentication

    Currently we can configure SSL VPN users to login use AD authentication. It will be more convenient if can allow the user login support via Windows Internal CA. use the on-premise CA certificate for SSL VPN user authentication.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  3. Make SATC work in combination with SCE Web Protection

    The SATC solution doesn't work on RDS/Citrix server in combination with the Sophos Central Endpoint with the Web Protection feature enabled.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  4. OTP - make SHA algorithm changeable for hardware tokens

    Hardware OTP tokens are currently only supported with SHA1 algorithm on XG firewalls. An option like in SG to change the algorithm between SHA1/SHA256/SHA512 on a per-token base would be very useful.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  5. mithungupta@ncuindia.edu

    Currently the network traffic policy in the firewall is useless because firewall access server do periodic authorization for the users every 3 minutes. Due to this users are able to download more data they want. Time for periodic authorization for user should be decrease or the feature of increase or decrease should be in dashboard.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  6. office 365

    Integrate Microsoft AzureAD for user identification for user based XG firewall web policies and reporting. I saw the request for Azure Directory Services which is not free. AzureAD is free with every Office365 tenant. Sophos Central has AzureAD sync, expand this to XG Firewalls as another Server or Directory as a Service model. Seams like this bridge is already half built.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  7. Sophos XG Firewall: change simultaneous login ( captive portal / network client authenticator) option of group

    Pleas add an option in Sophos XG Firewall to change simultaneous login ( captive portal / network client authentication) of group, i.e. any number of simultaneous login could be assigned to all members of a particular group at one go.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  8. Unique (non-default) OTP Authenticator Account Name per XG instance

    We have two Sophos XG firewalls and are setting up OTP 2FA with Sophos Authenticator. After scanning the barcodes for both, the Sophos Authenticator displays both accounts with the same default non-unique account name "Sophos SFOS." This makes it difficult to differentiate as to which token goes with which firewall.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  9. Long Usernames with Active Directory

    When configuring Active Directory login on Sophos XG firewall you will have problems if the username is over 20 characters long. This is a limitation of the sAMAccountName field in AD. If you configure it as a LDAP authentication you can specify the userPrincipalName field for the username. This field doesn't have a character limitation. I would suggest an option when configuring Active Directory that we can choose to change the field used for login. This would work also in networks where there is more than one domain for authentication.

    Then users could just type their full email (ex. username@domain.com

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  10. Linux Authentication Client on ARM Hardware

    Would it be possible to provide an authentication client form Linux running on ARM processors, so for example it would run on a Raspberry Pi. Only the CAA executable need to be cross-compiled within the current Linux client.

    Thank you!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  11. Highly Important Clients Authentication

    Earlier when we were using Cyberoam :
    Whenever a user connects his/her system to our SSID, that system would get an IP as per our assigned policy. And at that same time in that system automatically the default browser page opens where user needs to enter Cyberoam Login Credentials.

    Now when we started using Sophos :
    Whenever a user connects his/her system to our SSID, that system would get an IP as per our assigned policy. But the user doesn’t get the browser page opened automatically where they can enter Cyberoam Login credentials.

    Here they need to manually type the…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  12. Need MS_CHAPv2 Across user clients and portal

    Trying to bring a client up to NIST standards. While MS_CHAPv2 is provided with a Radius Authentication server, and a command is available to set allowed authentication methods for VPN clients. The same cannot be said about authenticating the user portal/ firewall and admin access. XG firewall defaults to PAP with no command or capability to set allowed authentication methods. So we've just lost a nice XG feature set because of this issue. :-(

    There are various requests to get MS_CHAPv2 working with AD authentication servers. Just bumping that feature request with this one as well.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  13. Delete live users in STAS in one click

    I have a client that would like to have a feature where in he can delete live users in STAS in one click

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  14. Expire local accounts?

    Need ability to expire user accounts that exist solely on the XG appliance (vendor access to specific resources internally through SSL VPN)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  15. My Sophos model -XG125 (SFOS 17.5.9 MR-9)

    we are creating free wifi zone at our Mall. In that regards we have used your device and we would like to suggest that currently your Login page is coming first and later on the registration page. Our suggestion is that the Registration page should come first so that user registers first and then the login poge should appear where they can login and use the service.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  16. CAA option to run without requiring admin install privileges

    This Related to CAA,
    for install of CAA required user's installation right,
    but corporate office domain installation right not give to user.
    because after install with administration, CAA is install but after report it is not shown in taskbar, also software not working,
    every user not have installation right

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  17. Offboarded Users are not able to remove from XG firewall from authentication. It should be remove dynamically

    Off boarded users are not able to remove from XG firewall from authentication. It should be remove dynamically. Becasue how we use STAS for authentication the same way STAS should tell firewall to remove disabled users.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  18. stas change Learning State time of 1 hour

    We running into an issue where Stas learning state 1 hour timeout creating an issue for us... we need to have ability to change timeout as needed.
    sophos case# 88882736 for reference.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  19. CAA User inactivity

    We would like to have the option to set the user inactivity per login method. We are trying to create a Zone that can only be accessed when the user authenticates with the Sophos Client Authentication Agent. We don't use STAS because we don't want the user to be logged in continiously. It it possible to set the Inactivity time for NTLM logins. Please enable the feature to also specifiy this time for users that are authenticated trough CAA.

    When setting the General Maximum session timeout, all users are being disconnected an the duration can not be any longer than…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  20. Disconnect users STAS with CLI

    Hi, I need to disconnect users with STAS thought CLI, to create a schedule in the SERVER where installed the service STAS.
    because when you have more than 1000 users listed, it is difficult to search.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.