XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. SNMP v3 version in XG105 firewall is not available

    SNMP v3 version in XG105 firewall is not available, please check possibility to add it in the new firmware version ASAP. Because without SNMP v3 i dont like to call it as firewall itself.

    3 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  2. A way to check the real time bandwidth usage for Live Users

    Hi, when we trying to check which user consumes more live bandwidth, we can't see the user who consumes the most bandwidth.

    So here is my request :-

    Please add a new tab in Live users filed to check who consumes the most bandwidth.

    5 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  3. 1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Disconnect users STAS with CLI

    Hi, I need to disconnect users with STAS thought CLI, to create a schedule in the SERVER where installed the service STAS.
    because when you have more than 1000 users listed, it is difficult to search.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  5. Scheduled web usage by bytes

    Setting to choose whether the scheduled reports will be categorized by hits or bytes. Currently scheduled reports are sent only by hits but on the XG you can sort by bytes/hits. We would prefer bytes since this would show the most download usage on a site.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  6. Radius SSO support in wireless enterprise authentication - forward accounting request to RADIUS Server

    Radius SSO via wireless enterprise authentication does not currently show the authenticated user in the live activities on the XG interface since Accounting requests are not forwarded from the Sophos Access Points. Can an update provide this functionality so users who connect via RADIUS authentication can be authenticated to the XG and therefore have web policies applied to their accounts.

    4 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. IP Host Limit Control Under Admin

    There is an option to increase IP addresses by admin to Limit of 1000 IP

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  8. : www.cert-in.org.in. The alerts on latest malware are published under VIRUS ALERTS section.

    JCry ransomware is designed to encrypt data and append filenames with a ".jcry" extension. Once data is encrypted, JCry opens a pop-up window and generates the HTML file, "JCRY_Note.html", then drops a copy in every existing folder. The HTML file delivers a message informing victims about the encryption and ransom demand. This activity was observed in the Information Technology Sector.

    *******************************IOC*****************************
    Analysis:

    Host
    IPv4: 172.81.182[.]63
    Sighted: 2019-03-08 [only single sightings used]
    Kill chain Phase: Command and Control
    Characterization: IP Watchlist

    Host
    URL: http://185.163.47[.]134/flashplayer_install.exe
    Sighted: 2019-03-08 [only single sightings used]
    Kill chain Phase: Delivery
    Characterization: URL Watchlist
    [MD5:C86C75804435EFC380D7FC436E344898].

    Host
    URL: http://76.74.177[.]236/flashplayer_install.exe

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Local ACL exceptions rule ID

    The traffic matching local ACL exception is showned in the logs as going through the last firewall rule. So it means when verifying the logs, you have extra entries in this rule logs which are totally not related to it.

    Would it be possible to display this traffic another way in the logs that is not linked with the last firewall rule? Because it's not related to it.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. voucher

    It would be useful to allow the admin user to place a comment/description against each individual voucher for audit purposes.

    On the UTM after vouchers were generated the admin user was able to edit the Comment/Description field. They use this to record the user that receives the voucher.

    Currently on the XG, this field is not editable after the vouchers are generated.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. SFM - Overwrite whole configuration with template

    I'd like to have the possibility to overwrite the whole configuration of a firewall with the content of an SFM template. Currently when applying a template from SFM the firewall rules merge with the ones configured locally.
    I´d like to have the possibility of replacing, instead of merging and have full control of the firewall from SFM, like others vendors have from their management server.
    This is to avoid human errors by a local administrators. For example someone can log locally on the firewall and configure an any any permit, then you apply your template and that any any remains. …

    18 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. SNMPwalk should get back interface details and routes

    So that documentation software automatically can map complete Networks, it would be desirable if details about interfaces and routes were returned during a snmpwalk.

    5 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. missing DigiCert root in Certificate Authorities

    Missing DigiCert root in Certificate Authorities
    Uploaded PFX certificates from DigiCert are signed with red cross because root certificate "C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA " is missing in Certificate Authorities.
    So this certificate cannot be added as appliance cert.
    Please add it.

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Block Notification Page Should Be Secure

    When a user should be seeing the block notification when they hit a web protection rule, instead they get a security warning from the browser. According to support "As XG is only rewriting the content of the webpage on the blocking and not rewriting the URL itself that is why you are seeing certificate error on the block page." This happens even though we have a valid public certificate set up on the XG.

    So if a user is trained correctly, they will not bypass the security warning and will never see the descriptive block notification. This should be corrected.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. backup to central

    With the integration started with Sophos Central, it would be great if the last x number backups could be pushing into Sophos Central. This would provide a few capabilities. One - It could be backed centrally up without the required MR4 password affix to it, so no prior knowledge would be required to restore that backup if hardware failed. Two, it would create snapshots of the configs in time for audit / discover purposes, hopefully eventually leading into a change log of all UTM config changes. Three, in DR scenarios it exists outside of all company systems and people, so…

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Integrate a Yara Engine rules on IPS

    Integrate a Yara Engine rules on IPS

    3 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. how view user group based reports

    How to view user group based reports
    Like total data used by the user groups
    Category/Applications details accessed by the user groups
    Bandwidth used by the groups

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  18. Create and maintain a host group for all O365 services this can be updated with firmware updates?

    Create and maintain a host group for all O365 service IP's this can be updated with firmware updates?

    4 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Block/allow YouTube categories

    YouTube uses categories for the videos and it would be quite valuable to block/allow based on those.

    Sample categories for the US:

    1 - Film & Animation
    2 - Autos & Vehicles
    10 - Music
    15 - Pets & Animals
    17 - Sports
    19 - Travel & Events
    20 - Gaming
    21 - Videoblogging
    22 - People & Blogs
    25 - News & Politics
    26 - Howto & Style
    27 - Education
    28 - Science & Technology
    29 - Nonprofits & Activism
    30 - Movies
    33 - Classics
    34 - Comedy
    35 - Documentary
    36 - Drama
    39 - Horror …

    6 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Filtro

    XG Firewall Sophos, debería permitir el filtrado de contenido por dominio completo, por ejemplo: .io , .com , .co

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.