The ability to download the Outlook Add-in XML file to add to the Encrypt & Report as Spam button to OWA (Outlook Web Access).

I want to suggest if we can have IPSec and SSL VPN logs to be visible from the GUI. Currently, we need to go to the advanced shell and it is very slow especially when you are accessing it through Sophos Central.

Being able to monitor, report and alert on the data usage that the 4G modules are using would be good, being alerted that an SD-RED or XG is consuming excessive data or putting a data cap/throttle on the system to prevent excessive charges is needed

Sophos XG supports MAC binding for user authentication.
This is a feature used e.g. SSL VPN connections to identify devices.
Mobile devices with Android or iOS as operating system do not support sending the MAC, but instead the UUID.
Therefore I request adding this feature so we can identify corporate devices by UUID.

We have Migrated our Firewall from 18.0.3 MR3 to 18.0.4 MR4 from then Detailed report of Date wise VPN Usage is not coming from Fireawall

We need date wise report with data like

• Who accessed VPN (User name)


• From Which Public IP and with VPN IP (Source)


• Which Server it accessed (Destination)


• Which Service Used (Protocol)


• If data transferred , how much data transferred (data size & File Transfer details)


• When Session Authenticated & when Started (Start time)


• When Session Terminated (End time)


• Success and failure incidents count its details (Audit Logs)

Please help as early as possible

If you try to log in to the user portal with MFA enabled, the login form needs to display either another text box to insert the MFA code or a message stating that a MFA code needs to be appended to the password.

The current login form causes a lot of helpdesk calls because they don't realize ( or keep forgetting) that their MFA code needs to be inserted after their password.

In the current firmware , if want to modify a service means i have to remove from all rules which is related this service. So this should be update the upcoming firmware. Services need to be modify without removing from rule

With a SSL VPN client with MFA enabled, the login form needs to display either another text box to insert the MFA code or a message stating that a MFA code needs to be appended to the password.
The current login form is rather crude and causes a lot of helpdesk calls because they don't realize ( or keep forgetting) that their MFA code needs to be inserted after their password.
An upgraded form with logo that looks more professional would be my preference please.

As the Title, Clients with the gateway on CoreSW can not use Heartbeat to the Internal Firewall XG because the Heartbeat packet is route by the External Firewall XG.

When the option "Use web authentication for unknown users" is selected in the Firewall Rules, the Policy Tester shows the result as "Allowed" even for unauthenticated users. I suggest it should display as Blocked for unauthenticated users.

I suggest the implementation of network map visualization to watch os type, hostname, IP, open ports and manage their network access.

Any interface configured as WAN cannot have their's ISP's internal DNS server configured right on the interface, just have to use those 3 DNS servers on the DNS page. Adding this function will allow many ISP DNS Servers to respond faster for any resolution, increasing the response time for the request for that ISP that runs better than with public DNS Servers, and making the end-users more unsatisfied with the WAN performance.

Just adding the option to set DNS Servers on the interface configuration for each WAN will resolve this issue.

It would be really useful if you could apply QoS and routing policy to data generated by the XG, such as signature updates. So these updates do not impact the WAN bandwidth low speed links.

We have a number of XG firewalls connected to very low bandwidth / high latency WAN connections.

On the old Cyberoam OS it was possible to select which pattern modules are updated automatically. This saved unnecessary data being downloaded as we only need IPS and Application signatures to stay up to date.

Allow Link-local IP for Health check under gateways. AWS uses link-local IPs for interface IP so if you are using tunnel interface mode for ipsec and have both gateways setup for failover you are unable to use a health check currently because you do not allow link-local IP. You are able to ping it though device console so it would work if you would just allow Link local IPs

please add an option for easy Routing information to choose between only ipv4 or ipv6 for networks which have both and uses DDNS

We have users who are connecting via PPTP to the VPN that are not terminating their PPTP VPN session on their PCs. They are using Windows Built-In VPN application to connect.

This results in a single user having several sessions taking up IP address from our set VPN IP range.

Unless I'm not seeing it, can the option to terminate PPTP VPN sessions based on activity be added?

We're using SG330 (SFOS 18.0.4 MR-4)