XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow domain wildcards for enforced TLS

    Allow wildcard domains for enforced TLS when sending email. e.g. Force TLS to all *.gov.uk domains.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Sophos Connect Client - Implement Policies like UTM

    UTM had the option to create multiple Sophos Connect policies for managing configuration files from the GUI. Each policy could have customised settings relevant to that connection.

    Now you're required to download the Connect Admin tool to configure basic things like 'Allowed Local Network(s)', Client DNS Suffix, Auto-Connect Tunnel etc. etc.

    This should be added to the WebAdmin GUI like it was in UTM.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow custom OpenVPN parameters in SSLVPN configuration

    Being that the SSLVPN is based on OpenVPN could you please add a freeform text field to the SSLVPN page under Advanced that would allow us to enter custom server configuration parameters? Better still would be the ability to view and edit the entire config file itself but that may be asking a bit much.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  4. Feature Request - Add Alternate Shell option to RDP Bookmarks

    It would be really awesome if you could add the Alternate Shell parameter to the RDP Bookmark setup so we can have an RDP bookmark that launches a shared application on a server. Since you took away our HTTPS bookmarks this is our only real alternative, to share a browser application via RDP that points to the website we wish to publish a bookmark to.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  5. Include SSLVPN Site-to-Site in Admin Device Access Profile

    When you create a profile to allow an Admin User to connect VPN tunnels that does not apply to the SSLVPN tunnels, only IPSec. Either create a separate SSLVPN category or add a line for it, or simply include it in the generic "Connect tunnel" right.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  6. One Click Download from SMB/FTP/SFTP Bookmarks

    Would be awesome if we could specify a file as the initial directory so a bookmark could be used to download a single file such as a Mac VPN client directly from a share or FTP folder.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Configure Discover (TAP) Ports from UI

    Please add the ability to configure/deconfigure ports as Discover/TAP ports from the UI.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Mac-Bind user webusage report

    couldn't been able to fetch report of mac-bind users, as we are using windows dhcp, so if you can allow web usage report of mac-bind devices,

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  9. Control Center - VPN Status

    Hi,

    In the Control Center the VPN status is displayed as "down" even if the VPN is part of a failover group.

    I believe a vpn should only have its status changed to down if it is a vpn active by the administrator and not part of a failover group.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  10. Offer ruggedized industrial hardware models

    Offer hardware appliances rated for industrial environments like your competition does.

    https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiGateRuggedSeries.pdf

    https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiSwitchRugged.pdf

    Maybe Team up with a company like Welotec and use something like their Arrakis platform. Or take it a step further and make your own. A ruggedized RED would be the only device of its kind in the industry and ensure sales of rugged XG devices.

    Don’t let market share slip away on this HUGE opportunity, critical infrastructure is in dire need of the type of devices you are so good at producing. Once the industry starts standardizing on a particular product they tend to…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Hardware  ·  Flag idea as inappropriate…  ·  Admin →
  11. Customise WebServer Protection Block Page Messages

    Currently, the ability to customise the Webserver Protection block page messages is not present.

    When the WAF (Web application Firewall) blocks a page, it returns 'page cannot be display'. This should be customisable.

    The AntiVirus engine on the WAF should also be customisable on the block page returned.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. To generate VPN Logs based on Source IP with Time Stamp

    Need Report to Get Details about which VPN User Logged in With TimeStamp, Source IP Address, and Resources accessed during the remote Session.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add custom DDNS provider option

    Please provide an option where everyone can add their own favourite DDNS provider. Just a provider field and query url text box as input would do. This works fine for Synology DSM.

    Query URL Variables:
    HOSTNAME: Hostname
    MYIP: IPv4 address
    USERNAME: Username/Email
    PASSWORD: Password/Key

    Example:
    Service provider: provider_XYZ
    Query URL:
    https://ddns.provider.org/update?hostname=HOSTNAME&myip=MYIP

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Dynamic DNS Providers  ·  Flag idea as inappropriate…  ·  Admin →
  14. reports for WAN usage filtered for monthly is difficult to understand as the scaling is large Due to which you are not able to read the repo

    This is regarding your service request number 9358300.

    Just to reiterate, we have taken the following steps to resolve the issue:


    1. You reported the reports for WAN usage filtered for monthly is difficult to understand as the scaling is large Due to which you are not able to read the reports


    2. Guided you that the feature you are requesting is handled by development team and to place a feature request at ideas.sophos.com


    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  15. 'Change system language' is dangerous and should be harder to select by accident

    Im Punkt Sicherung & Firmware unter dem Tab Firmware gibt es die Möglichkeit die Sophos XG zurückzusetzen, ich halte es gefährlich das man hier die Sprache auswählen darf, denn es kann im "Eifer des Gefechts" passieren, das man denkt das man hier die Systemsprache der Sophos XG ändern kann, dabei setzt man das ganze Gerät zurück, vielleicht sollte man, wenn überhaupt die Sprache nach dem Drücken auf Übernehmen setzen lassen.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. DHCP: Allow static lease of addresses within the dynamic pool

    Currently it is not possible in the Sophos XG to store static DHCP leases in the internal DHCP server where the IP addresses are located within the configured DHCP pool. This is with other manufacturers such. B. AVM (Fritz! Box) without problems possible. Thus here is the DHCP for large customers currently partly to use. When will this be a solution.

    Aktuell ist es in der Sophos XG nicht möglich Statische DHCP Leases im internen DHCP Server zu hinterlegen, bei denen die IP Adressen sich innerhalb des konfigurierten DHCP Pool befinden. Dies ist bei anderen Herstellern wie z. B. AVM…

    87 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Web Server Protection should support multiple group membership

    Recently we have create a new ticket with Sophos support (#9307623) and they confirm that 'at a time a user would be part of one group'. It leads us to the hard way when having 2 websites which are needed to be authenticated with 2 domain groups, and from them, we have multipla users who are belonged to these 2 groups as well. Therefore, we can not separate to authencate these ones properly.

    I suggest Sophos should improve this feature to make customers easy to configure many authenticated websites appropriately.

    Thanks.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Hot spot

    Hot Spot to be able to Authenticate from Routed IP subnet. Subnet that differs from hostspot interface IP Subnet.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. System Traffic via Upstream Proxy

    we need the feauture that we can tunnel the System-traffic like Pattern Updates , U2Date etc. through the upstream proxy.

    Unfortunately, this is currently not possible

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. User permissions distinguishing between ADDING and REMOVING an entry to web- /content filter

    A more granular permission setting than read-only and read/write in web- and content filtering would be great: distinguishing between ADDING a new category, activity or URL to a web policy or REMOVING an already existing one is often needed by clients.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.