XG Firewall
Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.
-
Power supply failure logging and notifications
For XG / XGs with dual power supplies, a single PSU failure is indicated via audible alarm and blinky light.It would be great to have this condition logged, and to have a new notification category (e-Mail). This way customers could parse logs/messages/traps and catch failure conditions quickly vice relying on audio/visual cues.
2 votes -
RED - Changing/Adding Red Configurations/Prevent other REDs device disconnections
When dealing with multiple REDs devices, it would be important not to drop the connection of existing REDs devices when changing/adding a RED configuration. Currently, if you change/add a red configuration, as soon as you save, all RED connections drops for a few seconds and affects all remote offices for connection-sensitive applications/processes (like Remote Desktop).
1 vote -
Sophos XG, RED Monitoring
Hello,
We have Sophos XG 135 and 4 RED Devices. I built a crash scenarios when Internet connection of RED Devices is unsuccessful by adding 4G router before the RED.
1. Sophos XG 135 sends email notifications but this is not enough for me as it sends them only to one email address. In Administration => Notification settings => Email settings.
a. Proposal 1: Sending an email to more than one specific recipient. For example: Administrator who is responsible for the internet connection should receive notifications only for the internet connection. Variables that can be corrected should be added to…2 votes -
Add timing/schedule feature for SD-WAN policy routing.
Please add timing/schedule feature for SD-WAN policy routing configurations. Because there are several cases of traffic being passed on a certain line at a certain time.
3 votes -
Add time interval select feature when searching logs on XG Firewall interface.
This is most basic feature when internet provider or law enforcement institution request to block or identify user that was making illegal network activity during specified time. There is option to filter by source port, but no way to jump to a specific time frame directly, making search very complicated and time wasteful.
2 votes -
Sort feature for wireless access point page
In Wireless > Access Points, in the access point list you should be able to sort by any of the columns. Currently you cannot sort AT ALL. This is just absolutely crucial for us and I am sure many other Sophos wireless customers. The most important would be the "Label, Status, Group, IP, and Type". Please implement this feature ASAP.
2 votes -
sec_request_body_no_files_limit in GUI
Allow setting secrequestbodynofiles_limit via the GUI for Web Protection policy.
Having to set via CLI tblwafsecurityprofile settings every time a WAF setting changes is very bothersome and leads to more downtime for customers.
https://community.sophos.com/sophos-xg-firewall/f/discussions/114221/413-request-entity-too-large
2 votes -
expand custom hostname Hotspots length limit
currently the custom hostname Hotspots length is limited up to 30 characters. If Sophos expand the database-field to more than 30 characters this would be great
2 votes -
expand custom hostname Hotspots length limit to more than 30 characters
currently the custom hostname Hotspots length is limited up to 30 characters. If Sophos expand the database-field to more than 30 characters this would be great
0 votes -
port monitoring
I know there was another idea post for Decryption port monitoring but I'd like to have full blown Port Monitoring as found on all managed or semi managed switches as well as most Ent grade Firewall apps from other developers so this would be a powerful addition for diagnostics / hunting over XG's own reporting functionality which Ive found isn't sufficient, Packet Capture is limited to 2MB at a time and their config and filtering doesn't have custom option facility.
Hope this idea gets votes and would love to see it added to XG sometime in the future.
1 vote -
port monitoring
I know there was another idea post for Decryption port monitoring but I'd like to have full blown Port Monitoring as found on all managed or semi managed switches as well as most Ent grade Firewall apps from other developers so this would be a powerful addition for diagnostics / hunting over XG's own reporting functionality which Ive found isn't sufficient, Packet Capture is limited to 2MB at a time and their config and filtering doesn't have custom option facility.
0 votes -
usable VPN App for Android
We need a VPN app for Android that can be distributed and configured via Sophos Central and can connect to an XG. This must be able to handle "VPN on demand" (Android Enterprise).
Central can already distribute certificates via SCEP, but neither the XG nor Central can create a useful, secure, easy-to-use VPN configuration for Android.
This is ridiculous3 votes -
HTTP/S bookmarks feature retirement in sfos v18
Our Customer need this feature....
See link -->https://support.sophos.com/support/s/article/KB-000038761?language=en_US1 vote -
mac vendor identifying
It would be great if the DHCP table would check the MAC Vendor and Display it.
This would make identifying certain devices in a Network so much easier.
Small solutions like a WLAN Router or bigger solutions like certain Firewalls have this feature but Sophos XG is lacking it.
Thank you beforehand.
6 votes -
Plz Allow PPPOE Client For Isp Provider
Plz Allow Xg Firewall On pppoe Username And Password For Client Side Prove then We Can Provide PPOE account For Client Side Isp
1 vote -
Log archiving in external server
As per my company policy we have to retain 3 years log, is there any way in Sophos xg where we can archive daily log reports to external servers automatically without using GUI.
1 vote -
Plz Allow Set Data Quata On Ip Rule
Plz Allow Set Data Quata On Ip Rule
1 vote -
DNS host entry - NXDOMAIN for IPv4 OR IPv6 instead of resolving it externally
For setting up a complex network scenario with split DNS it would be good if you could set also an NXDOMAIN entry/checkbox for IPv4 or IPv6.
Example:
Internally I want to have clients only connect to a specific service via IPv4, not via IPv6. Then I put in the DNS host entry for IPv4 and for IPv6 I set NXDOMAIN. Because if there is an external IPv6 entry the XG will deliver this one back as it can't resolve it internally.
Also this is a big problem if the external DNS host entry is a CNAME because it resolves the…
1 vote -
Multiple nat on single ipsec tunnel
Sophos XG210 failure to do Multiple NAT rules on IPsec Site-to-site VPN
Description:
We want to configure multiple NAT rules on IPsec site-to-site VPNs and the firewall only supports one NAT rule on each VPN. Please can we have advice on how to resolve this.
Please refer to case:ref:00D301GN6a.5003Z1DegHy:ref where support mentioned is not supported at this stage.
Also look at a previous request on this:
https://community.sophos.com/sophos-xg-firewall/f/discussions/84062/multiple-nat-on-single-ipsec-tunnel2 votes -
Remove Erroneous Blocked Websites
Please update the web protection categories to NOT block several legitimate websites. Several major software vendors are currently erroneously listed in the block list. This software is widely used and NOT a risk. Some example sites blocked are
Google Chrome Enterprise browser, Intuit Quickbooks, Adobe Acrobat, Adobe *
I could understand blocking these things if they were a risk but they are not. This is software that literally 100% of organizations use in one way, shape or form.
Please update these web filtering lists to allow updated on these critical apps. We shouldn't have to create dozens of exceptions to…
3 votes
- Don't see your idea?
