XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Static Routing IP List improvment


    1. Request to add "Description (Optional)" box when adding static routing, Useful for remember when check later or other working person can understand without asking again.


    2. Request ability to temporary disable some static routing IP instead of remove them and add it again.


    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. reports

    Good day, Would you please create a feature that would give options on which detailed report you want, Customize> Web report> Summary or detailed > date range> Generate.

    Customize> Application report> Summary or detailed > date range> Generate.

    If you do not go to the Customize tab you won't be able to get a detailed report it only gives a summarized report.

    The current report on the Sophos XG Firewall 17.5 includes all the web requests which makes the report difficult to read especially for someone who doesn't know anything about our side of work.

    Should we give someone a…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow more than 60 HTTP-based/WAF policies

    I've hit a limit of 60 HTTP-based/WAF policies, and I need more. I was told this is hard coded to limit it to 60. I'd like to get this increased.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Enable Release Link in Quarantine digest email

    Enable Release Link in Quarantine digest email for XG 18, like UTM, instead to message: "You can release quarantined emails only from user portal. To release them, sign in to user portal."
    Or remove the link.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. remove releaselink in Quarantine Digest

    please remove releaselink in Quarantine Digest.
    The standard user is not able to distinguish between harmless SPAM mails and dangerous SPAM mails.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. wccp

    Like one the previous products (Sophos Web Appliance) that had been replaced, having WCCP support on the XG appliance would allow it to be dropped in directly. Thank you.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Static Routes Should Be Top Precedence By Default

    Static route should always be the top precedence by default. I have several tunnels that have stopped working after updating to v18 and having newly migrated policy routes take precedence.

    Additionally, it would be nice to have a GUI-based option to change the precedence order, rather than needing to go and and make a CLI change for each device we upgrade.

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. force uninstall of antivirus on machine from central management

    the ability to force an uninstall on a machine from the central management console...
    Right now I can force a scan a reinstall or delete it from the management console but I can't force a delete..
    One of my clients recently let a manager go but his personal laptop has the company's Intercept-x installed.. there is no way we can get this machine to uninstall the product...
    the only suggestion was to create a "block all" group and disable tamper protection so the user will not be able to go anywhere on the net and will be forced to uninstall…

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  9. Broadcast Routing on Bridged Inteface

    I would like to configure the multicast forwardin on a Bridge interface.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  10. Send additional Quarantine Report

    In UTM it is possible to send a second quarantine report on a different date.

    When the Quarantine Setting is on daily there should be an option to enable a second time.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. DHCP Server Increase Subnet Size

    In Current version 18.0 Sophos XG doesn't allow to create DHCP server with more than /24 subnet size. it should be there otherwise there is no point of having DHCP server feature in bigger firewalls.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Request to change NIC order for XG on KVM

    Hello Team,

    We have customer here requesting to have option to change NIC order for XG on KVM.
    Customer advise that in the hosting environment, it is not possible to attach a network
    to a specific interface, he can only add networks, then it is completely up to the virtual machine to set the order.

    During the configuration, customer can define that KVM has 2 interfaces, but not the order.
    As a result, it is completely random if the cards are in the correct or the reverse order.

    In the UTM, he can do this by editing the udev/70-.rules file…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow IP/FQDN exceptions on proxy settings

    We intended to host our website on our LAN. A public IP(a.b.c.d) was NAT to local server and it was accessible from open internet but the same public IP(a.b.c.d) was inaccessible from inside the LAN.

    On testing further, it was figured that when this public IP(a.b.c.d) is added to exception list (in advanced settings of proxy in Windows OS) as a.b.c.d or a.b.c.* etc, it worked fine.

    Sophos needs to have settings in proxy configuration where exceptions can be added, so that we don't have to make changes on >1000 computers.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. ip sla for high latency failover

    we need ip sla feature for high latency fail over while we using two links if one link goes to high latency we need to switch over to secondary link automatically.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  15. Full tunnel VPN exceptions e.g. for Office 365 traffic

    Allow for exceptions to be created that will allow the traffic to go direct to the internet bypassing VPN configured as full tunnel for both SSL and IPsec VPN. This is recommended by Microsoft for Office 365 traffic.

    https://techcommunity.microsoft.com/t5/office-365-blog/how-to-quickly-optimize-office-365-traffic-for-remote-staff-amp/ba-p/1214571

    Alternatively it would be even better if Sophos can build in this functionality within the OS making it an option that can be enabled/disabled.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  16. SSL VPN with BSNL Link

    SSL VPN tunnel should be established with SUB Interface IP of BSNL which is public-facing and the main Interface IP is Connected to BSNL as L2 LAN.
    We can establish connectivity using Sub IP to IPSEC Tunnel and to Serve Internet to users but can not able to connect using SSL VPN as the Main interface IP is L2 LAN and Sub IP is public-facing.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  17. Support MLPPP

    Please allow XG Firewall to support MLPPP (Multi-LInk PPPoe) so we can bond two DSL connections together! I see Sophos UTM already supports this.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. full text search

    Possibility of full text search in firewall rules

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Notification Settings

    Functionality that allows you to tailor notifications.
    For example, a fault discovered and has maintained a fault for 15 minutes then sends out the notification instead of constant up/down notifications.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  20. Prioritize the primary or seconday public gateway option on sophos XG 230

    Dear Support,

    We need the following option on sophos XG Firewall.

    Suggetion: while connecting to sophos remote ssl VPN, we need the option of prioritizing the primary or secondary ISP on Firewall.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.