XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Dear Sophos Team, Please upgrade Sophos XG firewall with feature individual Userwise policy. Thanks

    Dear Sophos Team, Please upgrade Sophos XG firewall with feature individual Userwise policy. Thanks

    2 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • sso
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
    • Reporting issue in XG 750

      In XG750 at WAN Link Manager, Tabulated and graph report does not match.
      even both table and graph shows bandwidth related query but both are mismatched. Need to rectify.

      VINOD SHARMA

      1 vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • sso
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
      • log viewer rejected\dropped emails

        Prior to 17.5 upgrade, you could see details about an email that was rejected\dropped (senders IP address, among other details) that seems to have been removed in this latest firmware. Hovering over the email in the mail logs says why it was rejected, but the only way to get more detail now would be to open an console session. Please add functionality back in future releases (we are running in MTA mode)

        2 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • sso
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
        • Allow web filtering exceptions to use the referrer field as well as the URL field

          Found this idea suggestion in the UTM but this would be very useful in the XG as well.

          https://ideas.sophos.com/forums/17359-sg-utm/suggestions/18539521-allow-web-filtering-exceptions-to-use-the-referrer

          This would allow you to create an exception for lets say a page that is not working due to ads on the site but with the referrer it would allow the site to be used.

          1 vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • sso
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
          • Complete

            Create complete(!) backups. There are many things missing in the Backup i.e. SPX-Text Mail-Qarantine.

            There are also Bugs in Backup. When restoring a full backup some Groups and Hosts getting new Names (like old Name was: 'group' new name was 'group_123'

            2 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • sso
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
            • Change services attached to rule

              There should be no reason to not be able to change a service that's applied to a rule (like a port change within the service) while it's attached to a rule.

              1 vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • sso
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
              • host

                Ability to use IP Host name (Console --> System --> Hosts and services) when creating an IP List (Console --> System --> Hosts and services --> IP Host --> IP List) . I would like to define the name/IP once, and when I change the IP for that name, all instances in IP Hosts, Rules, Routes, etc... are changed.

                1 vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • sso
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                • route

                  Ability to use IP Host names (Console --> System --> Hosts and Services) in creating routes and gateways (Console --> Configure --> Routing).

                  1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • sso
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
                  • Apply multiple rule changes all at once

                    Allow for the ability to make multiple changes across the firewall and perform a one time commit of all the changes.
                    Benefits:
                    1) Ability to make linked changes ie make an interface change along with associated rules or service changes
                    2) Improved UI performance as you don't have to wait for each change to be applied before the next action can be performed
                    3) Allow for rule/changes reviews and correct errors before applying
                    4) Allow for a rollback timeout implementation eg make changes, commit and then confirm within xx minutes, if not rollback to previous config in case of getting…

                    3 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • sso
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                    • Please has all Public IP vs Internal IP NAT IP information in tabular format,

                      Hi Team- could you please has all Public IP vs Internal IP NAT IP information in tabular format,every time i would need to check every NAT/Business rule .

                      This is frustrating and time consuming process and has chances of wrong assessment.

                      1 vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • sso
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                      • add timestamps in hostapd.log

                        /log/hostapd.log should include date/timestamps for troubleshooting purposes.

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • sso
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                        • simplified wireless client list presentation

                          offer a streamlined wireless client list in the gui as a single matrix of rows & columns with all info rather than requiring clicking through the 'by ssid' & 'by ap' nested menus waiting for each one to load to get basic client info. cli implementation of the same concept would also be useful.

                          1 vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • sso
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
                          • Search firewall rule for an ip that never get connected to the firewall

                            As I asked here

                            https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/110382/search-firewall-rule-for-an-ip/395411#395411

                            i would like to have this feature .
                            i would like to be able to find which rule contain a specific IP .

                            let’s say I have 200 rules and I don’t remember which rule contain a specific IP and that IP never connect to the firewall , so I can’t use the log viewer and also i don’t want to use the policy test .

                            I would like to be able to search inside the rules for a specific IP using the GUI

                            5 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • sso
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                            • Server behind the firewall goes down you get a notification on mail or through SMS.

                              The server behind the firewall goes down you get a notification on mail or through SMS. This feature is not available in Sophos XG firewall.

                              Thanks

                              1 vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • sso
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                              • reason for wrong credentials should be logged in web console

                                reason for wrong credentials (OTP/access server, ...)
                                should be logged in web console as this is done in /log/access_server.log

                                Otherwise you never know what part of credentials are invalid.

                                3 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • sso
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                                • IPSEC Tunnel - IP Host Group for Remote Networks

                                  Ability to create IP Host Groups for Remote Networks within an ipsec tunnel

                                  1 vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • sso
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Info which blacklist triggered and why

                                    When a mail has been rejected I can see this in the log but I don't know which RBL has triggerd this and why.
                                    I wish more details in the email log.

                                    3 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • sso
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Info which blacklist triggered and why

                                      When a mail has been rejected I can see this in the log but I don't know which RBL has triggerd this and why.
                                      I wish more details in the email log.

                                      4 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • sso
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
                                      • SSA CA Certificate Recommendation

                                        Can you make SSA CA Certification Installation plugin based while user connect to cyberoam
                                        Just as When we open some camera dvr in internet explorer ..the plugin link available before login from where we can install first and then login.....

                                        1 vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • sso
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
                                        • klisiewicz.roman@gmail.com

                                          Can you please add ability to make a reservation for addresses that in the scope of DHCP server ?? or just from DHCP menu add an option "add to address host" or else.. so easy ! :)

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • sso
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Feedback and Knowledge Base

                                          icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.