XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Assigning static ip to SSL VPN users

    FIRST REQUESTED SIX YEARS AGO.

    SIX YEARS!!!!!!

    IT'S A 5 MINUTE CHANGE.

    PLEASE LISTEN TO YOUR PARTNERS!

    https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/10828488-assigning-static-ip-to-ssl-vpn-users

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add pages or jump to end under users

    I would like to request the addition of a jump to the end option under Authentication\Users on the Sophos XG firewall. Case in point, we have a client that has 62 pages of users and we have to click through each page to get to the end of the list for various users. Clicking the arrow, waiting for the page to load, scrolling down to the bottom and then clicking to the next page (60 times) surely adds up. Ideally it would have the ability to select a page but at least being able to jump to the first and…

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. Someone has scanned my network

    Many a times we use Nessus or NMap like port scanning tools for our network. Thought that there might be lots of users who would be playing around with such tools and would be scanning someone else network. It might happen that unfortunately he get information of opened ports and would successful in penetrating.

    To overcome such incidents I would request to implement feature which report admin about who, when and from where the UTM was scanned and did *********** happened etc...

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Rogue switch detection

    Instead of configuring a complex way of detecting rogue switch which till date it out of hope, I would request to implement feature through which we can scan our local network for rogue switches.

    This way we can protect our network and catch hold of rogue users who dare to bring such devices in organization

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Port Knocking

    I would request to implement Port Knocking feature where in even though the admin has kept HTTPS open on WAN or any other ports, with help Port Knocking it will be dynamically opened and closed on demand.

    By this there will be no need to configure HTTPS on any other unknown port or no worry of keeping open. Since as soon as admin knocks the port it will open and exits the port, it will get closed.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Out of Band Management

    I would request to add Out of Band Management feature in XG Firewall which other make and models have it. With help of this feature if accidently firewall gets shutdown or somehow cannot be accessed, one can remotely start or troubleshoot the issues.

    In times of COVID, if this feature would have been present it would have helped me a lot!

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  7. Autoupdate of official Sophos sites exceptions

    Dynamically update Sophos Services and Sophos Liveconnect site exceptions

    We stumbled upon a problem where Sophos Enpoint can't send heartbeat to Sophos Central. The results was that XG firewall locked down client with no hearbeat as set in firewall rule. Diggin and diggin more with support staff, we found that web exception list was not complete. So after adding all suggested sites as listed here https://docs.sophos.com/central/Customer/help/en-us/central/Customer/concepts/DomainsPorts.html everything works again.

    The basic idea is to automatically keep this list (official Sophos and partner site) updated as "pattern updates" or "firmware updates" already did.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. macOS 11.4

    Hi,

    Would be great when authentication client also works on macOS 11.4.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  9. Increase IPsec remote access VPN bandwidth

    We come across multiple end-customers complaining about the bandwidth they are stuck at with the connect client, based on IPsec for their reasons.
    It's between 5 and 7 MB/s.

    The only thing we could do is try to switch to SSL, which gives 2 times the speeds of IPsec, and create a feature request.

    Please work on this and increase the performance for IPsec VPN.

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  10. Populate admin user info from Central in XG logs

    In XG SFOS up to the current 18.0.5 only generic admincentralsa is logged as the username and 127.0.0.1 (localhost) as the ip in the XG Admin log for management authentication and actions performed by Central admins. Given that multiple Central admin users exist, logging the specific account username and/or the public ip of the client logged into Central would be an improvement rather than the generic placeholder that can't be directly traced back to a user.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  11. speedtest

    speedtest app in dashboard

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  12. Sophos Connect - Hide "Save User name and Password" from SSL VPN Connections

    We are able to hide the "Save user name and password" facility for IPSEC VPN connections, but not for SSL VPN connections.

    Please can we have a way to hide/disable the "Save user name and password" facility for SSL VPN connections in the Sophos Connect VPN client.
    Some of our customers want both IPSEC and SSL VPN connections available.
    In many cases allowing users save their credentials is a security risk.

    Sophos Support have advised this is currently not possible with SSL VPN connections in the Sophos Connect VPN Client.
    Sophos support ref - ref:00D301GN6a.5003Z1GgvFd:ref

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  13. smarthost

    When two or more WAN interfaces are configured enable smart host relay according to defined rules, i.e. smart host must be enabled only if one (or more) defined WAN connectivity is down.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. XG logviewer - add multiple IP's

    In the logviewer for XG appliances, being able to filter out multiple values for SRC or DST would be extremely useful!

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. sophos connect

    I just found an interesting "feature" in Sophos Connect.

    I have a connection added

    I rename it to OldIPsecVPN_remote

    Then I try to import a new set of settings for the same remote firewall

    Wrong!

    When I click ok to import the other settings it just overwrites my "OldIPsecVPN_remote" with the other set of settings and renames it...

    So what's the use of having a possibility to rename if you can only change the display name...

    Kind regards, Peter

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  16. Multiple public ip and proper way to DNAT/SNAT with XG high availability FW on azure

    Please provide a proper guide of how to DNAT or SNAT for your HA XG on Azure, also how to implement it with multiple public IP

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  17. Email Alerts for Web Hits

    The ability to receive an email alert when a device/user hits a certain blocked web category.

    Example: An email alert when a device is blocked from accessing a website categorized as Virus/Spyware.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. digest

    the Release link and My account on the Quarantined digest report use IP address and not the URL of the firewall. so the person gets a certicate error because it does not match the certcate we have install on the firewall.

    I been told by support its not possible in the auto generated mails to use a hostname
    we are running SFOS 18.0.4 MR-5

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. no option to add url in SSL VPN allowed network tab.

    HI team,

    I am not able to add url through ssl vpn group permitted network. please add this feature if possible

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  20. JUST STOP TELLING ME WHAT TO DO

    I am sick and tired of Sophos telling me what to do. My password is 16 characters and complex. There is no need to change it. Give me a dismiss permanently option instead of skip and remind me next time. Only solution is for me to change it and then change it back again. Anyone administering an enterprise firewall is not a baby that needs their hand held.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.