FIRST REQUESTED SIX YEARS AGO.

SIX YEARS!!!!!!

IT'S A 5 MINUTE CHANGE.

PLEASE LISTEN TO YOUR PARTNERS!

https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/10828488-assigning-static-ip-to-ssl-vpn-users

Many a times we use Nessus or NMap like port scanning tools for our network. Thought that there might be lots of users who would be playing around with such tools and would be scanning someone else network. It might happen that unfortunately he get information of opened ports and would successful in penetrating.

To overcome such incidents I would request to implement feature which report admin about who, when and from where the UTM was scanned and did *********** happened etc...

Instead of configuring a complex way of detecting rogue switch which till date it out of hope, I would request to implement feature through which we can scan our local network for rogue switches.

This way we can protect our network and catch hold of rogue users who dare to bring such devices in organization

I would request to implement Port Knocking feature where in even though the admin has kept HTTPS open on WAN or any other ports, with help Port Knocking it will be dynamically opened and closed on demand.

By this there will be no need to configure HTTPS on any other unknown port or no worry of keeping open. Since as soon as admin knocks the port it will open and exits the port, it will get closed.

I would request to add Out of Band Management feature in XG Firewall which other make and models have it. With help of this feature if accidently firewall gets shutdown or somehow cannot be accessed, one can remotely start or troubleshoot the issues.

In times of COVID, if this feature would have been present it would have helped me a lot!

Dynamically update Sophos Services and Sophos Liveconnect site exceptions

We stumbled upon a problem where Sophos Enpoint can't send heartbeat to Sophos Central. The results was that XG firewall locked down client with no hearbeat as set in firewall rule. Diggin and diggin more with support staff, we found that web exception list was not complete. So after adding all suggested sites as listed here https://docs.sophos.com/central/Customer/help/en-us/central/Customer/concepts/DomainsPorts.html everything works again.

The basic idea is to automatically keep this list (official Sophos and partner site) updated as "pattern updates" or "firmware updates" already did.

Hi,

Would be great when authentication client also works on macOS 11.4.

We come across multiple end-customers complaining about the bandwidth they are stuck at with the connect client, based on IPsec for their reasons.
It's between 5 and 7 MB/s.

The only thing we could do is try to switch to SSL, which gives 2 times the speeds of IPsec, and create a feature request.

Please work on this and increase the performance for IPsec VPN.

In XG SFOS up to the current 18.0.5 only generic admincentralsa is logged as the username and 127.0.0.1 (localhost) as the ip in the XG Admin log for management authentication and actions performed by Central admins. Given that multiple Central admin users exist, logging the specific account username and/or the public ip of the client logged into Central would be an improvement rather than the generic placeholder that can't be directly traced back to a user.

speedtest app in dashboard

We are able to hide the "Save user name and password" facility for IPSEC VPN connections, but not for SSL VPN connections.

Please can we have a way to hide/disable the "Save user name and password" facility for SSL VPN connections in the Sophos Connect VPN client.
Some of our customers want both IPSEC and SSL VPN connections available.
In many cases allowing users save their credentials is a security risk.

Sophos Support have advised this is currently not possible with SSL VPN connections in the Sophos Connect VPN Client.
Sophos support ref - ref:00D301GN6a.5003Z1GgvFd:ref

When two or more WAN interfaces are configured enable smart host relay according to defined rules, i.e. smart host must be enabled only if one (or more) defined WAN connectivity is down.

In the logviewer for XG appliances, being able to filter out multiple values for SRC or DST would be extremely useful!

I just found an interesting "feature" in Sophos Connect.

I have a connection added

I rename it to OldIPsecVPN_remote

Then I try to import a new set of settings for the same remote firewall

Wrong!

When I click ok to import the other settings it just overwrites my "OldIPsecVPN_remote" with the other set of settings and renames it...

So what's the use of having a possibility to rename if you can only change the display name...

Kind regards, Peter

Please provide a proper guide of how to DNAT or SNAT for your HA XG on Azure, also how to implement it with multiple public IP

The ability to receive an email alert when a device/user hits a certain blocked web category.

Example: An email alert when a device is blocked from accessing a website categorized as Virus/Spyware.

the Release link and My account on the Quarantined digest report use IP address and not the URL of the firewall. so the person gets a certicate error because it does not match the certcate we have install on the firewall.

I been told by support its not possible in the auto generated mails to use a hostname
we are running SFOS 18.0.4 MR-5

HI team,

I am not able to add url through ssl vpn group permitted network. please add this feature if possible

I am sick and tired of Sophos telling me what to do. My password is 16 characters and complex. There is no need to change it. Give me a dismiss permanently option instead of skip and remind me next time. Only solution is for me to change it and then change it back again. Anyone administering an enterprise firewall is not a baby that needs their hand held.