XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Log rejecting of an oversized email

    When XG rejects an email bigger than maximum allowed size, show this event in the GUI logs.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Notification for failed HA synchronization

    Email notification for any failed HA synchronization

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  3. Web Policy Test for end users

    I work at a school and it would be very helpful if teachers were able to test URLs using a student account to see whether sites are blocked or not.
    We often get requests to unblock sites in the middle of a class as a teacher has tested the site using their credentials but not student credentials.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Clone NAT Rules

    Add the ability to clone NAT rules

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. SNMP: View interface description, name or branch name

    When the XG is reporting to SNMP, view in the SNMP the interface name, desciption or branche name. Ej.
    SDRED, interface reds1, branch name: Detroit Officces.
    View in SNMP Detroit Offices no the interface name (reds1)

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. import emails

    Importing a list of known good email addresses would help our business. We have a list of legitimate customers, and their emails. We could format it in a CSV or just simply copy and paste, but there are over 2000 emails in this list and I cannot do them one at a time in the exceptions page.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. SSL VPN Port 8443

    I created a port forwarding rule from external port 8443 to internal 443, without thinking that SSL VPN is using 8443 already. XG is not complaining about this and creates the rule. So VPN is not working any more. It could be helpful if XG firewall would show a warning or an error before saving this to running config.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  8. Domain Name by SSL Policy

    It would be great to have the possibility to add différents Domain Name by VPN policy, for case of Firewall mutualisation for various customer with multiple AD

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  9. VPN TO WAN - IPSEC & SSL

    This is regarding your service request number #03923876

    We have configured 2 types of VPN in XG-210 i.e. SSL & IPSEC. For SSL we assigning the subnet 10.81.234.0/24 and for IPSEC we assigned subnet 10.87.143.0/24.

    Now we are having the requirement to route the VPN USERS WAN IP traffic through XG UTM through particular ILL.

    For Example
    10.81.234.0/24 subnet traffic route through WAN 1 for end users.

    10.87.143.0/24 subnet traffic route through WAN 2 for end users.

    If you have any solution please suggest

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  10. Hide network attack count for added exceptions

    It appears that the Sophos dashboard displays network attacks even for vulnerabilites that have been given an exception.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Remove unnecessary contents published by Apache on User Portal

    The web path /error/README is accessible from the User Portal URL and it displays the multi language custom error documents information. Pages like this are irrelevant and is not required for the User Portal to function correctly. Though unlikely that this will result in a successful attack, it still provides information to potential attackers about the system.

    Removal of pages like this is appreciated.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow in SSL VPN to be able to put the fixed ip to a client.

    Allow in SSL VPN to be able to put the fixed ip to a client.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  13. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. virustotal scanning option on reports or logs

    I use VirusTotal often either manually or via 3rd party apps or even via the API, so it would be ideal if we could use VirusTotal within Sophos XG v18 Web UI somewhere for diagnostics or threat hunting as an option on live logs or reports.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. XG Firewall Web Portal Pages and Config loading too slow

    The Sophos XG Firewall routers need the web interface config pages speeded up - all units are much slower than the Cyberoam UTM pages load at and adding and changing a config can take from 5 to 15 seconds to load. Makes configuring a sophos from scratch a slow and tedious process.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Separate VPN alerts from system events

    Currently, all VPN established and terminated events are reported to Sophos Central as system events. This means that the normal behaviour of users logging in and out of a dial-up VPN is given the same alert treatment as a critical CPU, memory or disk event.

    Please provide additional granularity under System Services - Log Settings and under System Services - Notification list so that VPN established and terminated events can be treated separately from other events and, in particular, that dial-in VPN events can be treated differently from fixed link VPNs. (We would want to raise an incident if a…

    9 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  17. IGMP version

    Possibility to change the highest supported version of IGMP. Prohibition of use of IGMPv3 version.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Recognize GeForce Now

    Please add GeForce NOW game streaming service to applications recognized by Sophos XG.

    Main website: play.geforcenow.com

    Hostnames under *.cloudmatchbeta.nvidiagrid.net
    us-central
    us-east-2
    us-midwest
    us-northeast
    us-northwest
    us-south
    us-south-2
    us-southwest
    us-west-2
    eu-central-2
    eu-central-3
    eu-central-4
    eu-northwest
    eu-southeast
    eu-west

    Ports:
    Game streaming: UDP (1:65535) / (49003:49006), TCP (1:65535) / (49006)
    Testing: UDP (1:65535) / (5001:5002)

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Detection Requests  ·  Flag idea as inappropriate…  ·  Admin →
  19. Power supply failure logging and notifications

    For XG / XGs with dual power supplies, a single PSU failure is indicated via audible alarm and blinky light.It would be great to have this condition logged, and to have a new notification category (e-Mail). This way customers could parse logs/messages/traps and catch failure conditions quickly vice relying on audio/visual cues.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Hardware  ·  Flag idea as inappropriate…  ·  Admin →
  20. RED - Changing/Adding Red Configurations/Prevent other REDs device disconnections

    When dealing with multiple REDs devices, it would be important not to drop the connection of existing REDs devices when changing/adding a RED configuration. Currently, if you change/add a red configuration, as soon as you save, all RED connections drops for a few seconds and affects all remote offices for connection-sensitive applications/processes (like Remote Desktop).

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.