XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Remote reboot of a RED device

    Provide an option to reboot a RED device from the XG web GUI. Currently, the only way to reboot the device is to go to the site and power cycle the unit.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  2. Remote reboot of a RED device

    Provide an option to reboot a RED device from the XG web GUI. Currently, the only way to reboot the device is to go to the site and power cycle the unit.

    0 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  3. Network List

    Under IP Host, it would be great to have a Network List feature where we can add multiple networks, similar to IP List (which only allows for IP address' and not Networks).

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. SD-WAN Support Forward Error Correction (FEC)

    Forward Error Correction (FEC) is a mechanism to recover lost packets on a link by sending extra “parity” packets for every group (N) of packets.

    Forward Error Correction (FEC) is a technology that is well known for its ability to correct bit errors at the
    physical layer. However, this technology can also be adapted to operate on packets at the network layer to improve
    application performance across WANs that have high-loss characteristics. With packet-level FEC, network equipment
    can reconstitute lost packets at the far end of a WAN link, avoiding delays that come with multiple round-trips
    retransmissions. This enables WANs…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. MD5 checksum for SFOS  

    MD5 checksum is not listed on the download site in the Hardware Installers and Virtual Installers of Firewall OS for XG Series.

    MD5 should be written like SG from the viewpoint of security and installation failure.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow multiple DNS records per ip

    it would be great to be able to manage multiple host on the same IP while creating a DNS record on the Sophos XG.

    Right now we se the gateway as a DNS server and creating more than 100 records is no cool.

    Allowing the use of wildcard would be even better.
    *.domain.com A 192.168.0.1

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Option to load Balance with IPsec VPN

    Option require on load Balance with IPsec VPN

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  8. VPN icon is red even though 1 of 2 VPN connections to a site is up

    Since it's bad practice to use failover groups on both sites of a VPN tunnel, one side (without failover group) shows a red VPN icon in the dashboard. For example - one side can have 2 WAN connections and the other side has 1 WAN - so 2 tunnels are created for failover.

    It would be nice if we can still incorporate these multiple tunnels to the same site in a group, so that as long as 1 is online, the VPN icon doesn't turn red. Maybe if we can add both sides to a failover group, but toggle failover…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  9. Virtual domain

    Dears ,

    We need to have a Virtual domain in our XG firewall like in Fortigate & Palo alto . because sometime this feature kick us out from competition

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. EnterpriseGuard License

    Dears ,

    It will be awesome if you make a change in your subscriptions EnterpriseGuard by adding email protection to be anti-spam like in Fortigate in this way Sophos will be more flexible to meet customer requirements . When customer asking about subscription with anti-spam and not full email protection we can provide EnterpriseGuard by this way we will be more competitive . but if the customer look to full email and WAF then the FullGuard will be choise

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. XG hard drive

    Dears ,

    I'd like to suggest one thing regarding hard drive SSD . if it is become more flexible . i mean if we can change the SSD hard drive on the firewall according to the customer requirements

    Because sometimes the firewall throughput's being acceptable but the customer be restricted to specific size of SSD this caused lost a lot of projects against other competitors

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. WAN DHCP Option 60

    Most ISPs in Europe require you to use a DHCP Option on the WAN Interface in order to use your own Router or Firewall.

    If this can't be done on the Sophos XG it is useless to me and a lot of other people, which would be a shame.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Policy setting

    The very purpose of the Cyberoam firewall is defeated as the Cyberoam does not/cannot prevent users from setting a weak password. The Cyberoam should prevent users from setting weak password. Also, admin shoul be able to set complex password policy.

    Secondly, the user should be allowed to reset his password after the first logon. Why should the admin know the users password? The admin can assign the password initially. However, when the users logs in for the first time using that password the user should be able to change his password so that it is known only to him.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Cyberoam  ·  Flag idea as inappropriate…  ·  Admin →
  14. 802.1x

    XG already has 802.1x for AP authentications, but it can't be used as a client. Many ISP's (specifically AT&T) use 802.1x client on their supplied CPE with priority vlan 0 tagging to authenticate.
    UTM can replace the vendor-supplied CPE by adding a wpa_supplicant, but you don't have the kernel-level control on XG as you do on UTM. Sophos would have to add this feature to XG.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  15. Do not add "Cache-Control: no-cache" to header when publishing web through WAF with form autentication

    Do not add "Cache-Control: no-cache" to header when publishing web through WAF with form autentication. It was discussed in support ticket #9847958:
    "According to the development team, Header "Cache-Control: no-cache" is set by reverse proxy for pages protected by reverse form authentication. This is necessary because requesting protected pages must be checked against the origin server."

    When publishing web with no autentication or with basic authentication, it is OK and no caching is affected.
    All webs published with form auth are extremly slow because all requested items (jpg, css, script, ...) are transfered from XG every time user clicks or…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. SMTP Quarantine/Reject/Drop based on keyword/ip address

    Currently in MTA Mode you only have the ability to block inbound spam based on email address of FQDN. Having the ability to block by keyword and or ip address would be a significant gian. We curerntly get 20 od emails a day from "Famous Parts" all different email domains. If we could block "Famous Parts" or IP these would be siginificantly reduced.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. SNMPv3: Support SHA1

    You missed to implement sha1 in snmpv3 config. Many monitoring solutions only support md5 and sha1, but not sha256 and sha512, so we must use md5 for hash.

    Security cannot be an argument, since "DES" is still offered for the encryption.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Firewall Hostname in backend

    It would be nice when changing the hostname in the Sophos XG WebGUI it will be also changed in the OS-System. Actually only the application changes it for certificates, but the Operating System is still localhost. This looks confusing in the ESXi virtual machine overview

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Device/Employee Monitoring

    We need to now in central SOPHOS device wise or users wise what are the application is suing & which are websites are accessing date & duration if it captures it will be easy to monitor employee usability

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  20. Monitoring Application

    We need complete monitoring of applications if user opens any application it should capture the log based on usage we will block the same

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.