XG Firewall
Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.
-
OWA
The ability to download the Outlook Add-in XML file to add to the Encrypt & Report as Spam button to OWA (Outlook Web Access).
2 votes -
Ability to Traffic Shape & QoS Specific Interface
Hello!
It has become apparent for us to try and implement Traffic Shaping rules for specific interfaces - in our example, we have a site which has many RED Branch Offices. These branch offices appear to be causing high utilization on our available WAN usage.
Currently, to create a Traffic Shaper or QoS rule we'd need to define it within "System services > Traffic shaping" and then apply this to a firewall rule under "Rules and policies > Firewall rules > [[Edit Rule]] > Other security features > Shape traffic".
This works great for when you have a specific service…
7 votes -
SSL VPN logs
I want to suggest if we can have IPSec and SSL VPN logs to be visible from the GUI. Currently, we need to go to the advanced shell and it is very slow especially when you are accessing it through Sophos Central.
3 votes -
I would like you to be able to confirm whether the AirGAP license has been applied.
I went on a business trip to the site, operated it, and returned once without being able to confirm whether it was applied normally on the spot.
Check the log output after the next day, and if it doesn't work, go again and extract the log ...
I think that it is a product. It's too inconvenient to use.
Because it is an AirGAP function that is supposed to be used in a closed environment
Because you can't operate it unless you go to the site one by one, it seems that it is only a defect that you need…1 vote -
4G Data limits and reporting
Being able to monitor, report and alert on the data usage that the 4G modules are using would be good, being alerted that an SD-RED or XG is consuming excessive data or putting a data cap/throttle on the system to prevent excessive charges is needed
1 vote -
Authentication: UUID instead of MAC address for binding
Sophos XG supports MAC binding for user authentication.
This is a feature used e.g. SSL VPN connections to identify devices.
Mobile devices with Android or iOS as operating system do not support sending the MAC, but instead the UUID.
Therefore I request adding this feature so we can identify corporate devices by UUID.1 vote -
VPN detail report
We have Migrated our Firewall from 18.0.3 MR3 to 18.0.4 MR4 from then Detailed report of Date wise VPN Usage is not coming from Fireawall
We need date wise report with data like
- Who accessed VPN (User name)
- From Which Public IP and with VPN IP (Source)
- Which Server it accessed (Destination)
- Which Service Used (Protocol)
- If data transferred , how much data transferred (data size & File Transfer details)
- When Session Authenticated & when Started (Start time)
- When Session Terminated (End time)
- Success and failure incidents count its details (Audit Logs)
Please help as early as possible
4 votes -
User Portal MFA
If you try to log in to the user portal with MFA enabled, the login form needs to display either another text box to insert the MFA code or a message stating that a MFA code needs to be appended to the password.
The current login form causes a lot of helpdesk calls because they don't realize ( or keep forgetting) that their MFA code needs to be inserted after their password.
1 vote -
Make XG18 Web Filter User Notifications to Fully Customize HTML
Being able to fully customize the user notifications & logo (displayed to the user when browsing blocked or warned pages, for example (PROTECT --> Web --> User Notifications --> Block message )) is desirable, e.g for purposes of translating the pages, the possibility to use full HTML with variables & logo images maximum size 125x70 pixels; they are ridiculously small to display the customer's logo properly.
Additionally in the past we sold SonicWall and customers ask us for the same level of customization that they allow. (SonicWall even allows you to fully customize the UTM admin login interface)
Please keep…
1 vote -
Services need to be modify without removing from rule
In the current firmware , if want to modify a service means i have to remove from all rules which is related this service. So this should be update the upcoming firmware. Services need to be modify without removing from rule
3 votes -
SSL VPN MFA
With a SSL VPN client with MFA enabled, the login form needs to display either another text box to insert the MFA code or a message stating that a MFA code needs to be appended to the password.
The current login form is rather crude and causes a lot of helpdesk calls because they don't realize ( or keep forgetting) that their MFA code needs to be inserted after their password.
An upgraded form with logo that looks more professional would be my preference please.7 votes -
Synchronized Security Heartbeat Between 02 or more Sophos XG
As the Title, Clients with the gateway on CoreSW can not use Heartbeat to the Internal Firewall XG because the Heartbeat packet is route by the External Firewall XG.
1 vote -
Policy Test should display blocked for unauthenticated users
When the option "Use web authentication for unknown users" is selected in the Firewall Rules, the Policy Tester shows the result as "Allowed" even for unauthenticated users. I suggest it should display as Blocked for unauthenticated users.
2 votes -
Network Map
I suggest the implementation of network map visualization to watch os type, hostname, IP, open ports and manage their network access.
2 votes -
WAN Interface DNS
Any interface configured as WAN cannot have their's ISP's internal DNS server configured right on the interface, just have to use those 3 DNS servers on the DNS page. Adding this function will allow many ISP DNS Servers to respond faster for any resolution, increasing the response time for the request for that ISP that runs better than with public DNS Servers, and making the end-users more unsatisfied with the WAN performance.
Just adding the option to set DNS Servers on the interface configuration for each WAN will resolve this issue.
7 votes -
Apply QoS / routing rules to XG generated traffic
It would be really useful if you could apply QoS and routing policy to data generated by the XG, such as signature updates. So these updates do not impact the WAN bandwidth low speed links.
2 votes -
Select which pattern module updates are downloaded automatically
We have a number of XG firewalls connected to very low bandwidth / high latency WAN connections.
On the old Cyberoam OS it was possible to select which pattern modules are updated automatically. This saved unnecessary data being downloaded as we only need IPS and Application signatures to stay up to date.
3 votes -
Allow Link-Local IPs for Health check AWS uses them for interface IPs
Allow Link-local IP for Health check under gateways. AWS uses link-local IPs for interface IP so if you are using tunnel interface mode for ipsec and have both gateways setup for failover you are unable to use a health check currently because you do not allow link-local IP. You are able to ping it though device console so it would work if you would just allow Link local IPs
1 vote -
Easy Routing
please add an option for easy Routing information to choose between only ipv4 or ipv6 for networks which have both and uses DDNS
1 vote -
PPTP - Set timeout for users that are inactive
We have users who are connecting via PPTP to the VPN that are not terminating their PPTP VPN session on their PCs. They are using Windows Built-In VPN application to connect.
This results in a single user having several sessions taking up IP address from our set VPN IP range.
Unless I'm not seeing it, can the option to terminate PPTP VPN sessions based on activity be added?
We're using SG330 (SFOS 18.0.4 MR-4)
2 votes
- Don't see your idea?