XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Match Rules Lookup / Search Option

    I would suggest that there is a Match Rules Option like Fortigate's Policy Lookup.

    If say the XG have 1000 firewall rules, it is hard to match which rules will a particular packet will use to pass through. From this, it will help in troubleshooting and also help to check unused or misconfigured firewall rules.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  2. backup

    Previous firewall that was synchronized to the central admin (RMA'ed unit's backup from the sophos central) shouldn't be deleted once the new device will be overwritten. There should be a way to download it all and be imported to the newly synchronized unit.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  3. SFM Change Firmware update "Apply" button to "Schedule"

    In Sophos Firewall Manager, when updating the Firmware of an XG Firewall, there is an "Apply" button, which brings up a scheduler when clicked.

    This is confusing, as it seems like this button will apply the firmware immediately without warning. Please change the name of this button to "Schedule" instead of "Apply" so that it's more obvious that the firmware will be scheduled for install and not apply immediately.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow monitor-only connection to Central Firewall Manager

    At the moment when when registering an XG firewall to Sophos central the only option is to enable central management or not.

    If central management is not enabled then we get a limited selection of alerts in central for the firewall, i.e. lost comms between XG and central.

    Typically in our deployments we do not want the firewall to be manageable via cloud service through central, particularly in higher security networks we permit local management only over our internal WAN or VPN links.

    Some level of granularity in between nothing or everything would be fantastic.

    For example a completely read-only…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. Specify amount of back up per XG on Sophos Firewall Manager

    Hello Team,

    We have customer here requesting feature to have specify amount of back up per XG on Sophos Firewall Manager. For your assistance please. Thank You.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  6. SFM: Add CCL Notifications

    In SFM, a notification for when a CCL entry is created would be ideal for Change Management. Upon receiving this notification from SFM, other administrators can look back over the CCL entry and bring up potential problems for reversion as necessary when they get an alert from SFM that a firewall's configuration was changed.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  7. Reorder rules in SCFM Template

    In a template in Sophos Central Firewall Manager, it's currently impossible to reorder rules (neither create a new rule between two existing rules).
    It's supposed that this is a basic functionality of a firewall managing system.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  8. SFM - Overwrite whole configuration with template

    I'd like to have the possibility to overwrite the whole configuration of a firewall with the content of an SFM template. Currently when applying a template from SFM the firewall rules merge with the ones configured locally.
    I´d like to have the possibility of replacing, instead of merging and have full control of the firewall from SFM, like others vendors have from their management server.
    This is to avoid human errors by a local administrators. For example someone can log locally on the firewall and configure an any any permit, then you apply your template and that any any remains.…

    19 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  9. FTP file path should be included in the FW Manager Maintenance Config Backup

    In the Firewall Manager (17.x.x) there is no file path option in the FTP configuration download when backing up the Firewall Manager configurations. This option is however present for the Firewall Config backups. It should be available for both.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. Manage XG firewall under Central Enterprise Dashboard

    Currently, Firewall management is not supported when central account belongs to enterprise dashboard admin due to different domain state. Looking forward to this feature will be supported at road map.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  11. Local Admin UI shows different config than Sophos Central

    When the XG is configured via Sophos Central the local admin UI:

    1) No longer shows the actual configuration of the unit - only the old config from the time administration was switched to SC.

    2) The local admin UI still allows configuration changes to be made. However, these changes are not applied to the unit. There is no warning about this either.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  12. Device Groups in SFM -> Firmware Update

    I'd like to create custom groups and add / remove firewalls by myself. This is already possible. But why am I NOT allowed to use this group in the "Firmware Update" section?

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  13. Scheduled Reboot via SFM

    Like in ACC/SUM it should be possible to have a scheduled reboot of an XG - vis SFM/CFM and the normal admin gui.
    That could prevent additional work for admins.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow SFM or CFM to have a central repository of Applications for synchronized application control

    Synchronized application control is an amazing feature; needing to manually categorize applications separately on every firewall isn't. Being able to have a central location for all of them would be great, as you'd be able to have your known bad/good applications available right out of the gate.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  15. HTTPS exception in Central Management, and enabled by default

    If HTTPS is disabled for WAN then Central Management fails to communicate. This is expected, and you can add an ACL Exception manually, but it would be good to have a setting under Central Management that allows you to switch on/off incoming central management control (defaulted to ON) and the device handles this automatically

    The problem with adding a manual ACL exception for 52.0.39.131 is that if Sophos changes it's IP address, all communication immediately breaks. This is presumably the reason that Sophos initially introduced a pre-configured CFM connection under Central Management which was a good change, but IMO they…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  16. SFM HA status

    The SFM device monitor should show the status of the HA.
    Also in the device information is nothing to see about the HA.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add SSH Keys to CFM / SFM template

    We would like the ability to configured an RSA key on a CFM template.
    Very feasible for MSP's that want CLI access to all XGs they manage.

    Doesn't seem hard to add...

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  18. Sophos Firewall Manager - Template Pushing

    When pushing a template, all types of configuration should not already be selected - you should have to select which items you want to push, rather than deselect those you do not want to push.
    Having all items pre-selected is more likely to cause issues from human error, overwriting config with portions of templates you don't wish to utilize/push to a device.
    It's a minor change that could make a big difference for our customers.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  19. Configuration of Routing from Sophos Central Firewall Manager

    Please add functionality to the Sophos Central Firewall Manager to configure the following Dynamic Routing protocols:
    - BGP
    - OSPF
    - RIP

    If the concern is that routing changes pushed from the SCFM may lead to network outages, then add additional warnings on configuration of dynamic routing from SCFM.

    Networking professionals should be smart enough to know that routing changes can impact their connectivity and plan accordingly. Sophos should not baby us and disallow crucial features such as this.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  20. Firmware Updates in CFM

    There is an option in Central Firewall Managed to check for and, presumably, install firmware updates. However, I have yet to see any available updates show in CFM. Instead I have to log into each device to check for and install updates. This is unacceptable for MSPs.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.