XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. OWA

    The ability to download the Outlook Add-in XML file to add to the Encrypt & Report as Spam button to OWA (Outlook Web Access).

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Ability to Traffic Shape & QoS Specific Interface

    Hello!

    It has become apparent for us to try and implement Traffic Shaping rules for specific interfaces - in our example, we have a site which has many RED Branch Offices. These branch offices appear to be causing high utilization on our available WAN usage.

    Currently, to create a Traffic Shaper or QoS rule we'd need to define it within "System services > Traffic shaping" and then apply this to a firewall rule under "Rules and policies > Firewall rules > [[Edit Rule]] > Other security features > Shape traffic".

    This works great for when you have a specific service…

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. SSL VPN logs

    I want to suggest if we can have IPSec and SSL VPN logs to be visible from the GUI. Currently, we need to go to the advanced shell and it is very slow especially when you are accessing it through Sophos Central.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. I would like you to be able to confirm whether the AirGAP license has been applied.

    I went on a business trip to the site, operated it, and returned once without being able to confirm whether it was applied normally on the spot.
    Check the log output after the next day, and if it doesn't work, go again and extract the log ...
    I think that it is a product. It's too inconvenient to use.
    Because it is an AirGAP function that is supposed to be used in a closed environment
    Because you can't operate it unless you go to the site one by one, it seems that it is only a defect that you need…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. 4G Data limits and reporting

    Being able to monitor, report and alert on the data usage that the 4G modules are using would be good, being alerted that an SD-RED or XG is consuming excessive data or putting a data cap/throttle on the system to prevent excessive charges is needed

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Hardware  ·  Flag idea as inappropriate…  ·  Admin →
  6. Authentication: UUID instead of MAC address for binding

    Sophos XG supports MAC binding for user authentication.
    This is a feature used e.g. SSL VPN connections to identify devices.
    Mobile devices with Android or iOS as operating system do not support sending the MAC, but instead the UUID.
    Therefore I request adding this feature so we can identify corporate devices by UUID.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  7. VPN detail report

    We have Migrated our Firewall from 18.0.3 MR3 to 18.0.4 MR4 from then Detailed report of Date wise VPN Usage is not coming from Fireawall

    We need date wise report with data like


    • Who accessed VPN (User name)

    • From Which Public IP and with VPN IP (Source)

    • Which Server it accessed (Destination)

    • Which Service Used (Protocol)

    • If data transferred , how much data transferred (data size & File Transfer details)

    • When Session Authenticated & when Started (Start time)

    • When Session Terminated (End time)

    • Success and failure incidents count its details (Audit Logs)

    Please help as early as possible

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  8. User Portal MFA

    If you try to log in to the user portal with MFA enabled, the login form needs to display either another text box to insert the MFA code or a message stating that a MFA code needs to be appended to the password.

    The current login form causes a lot of helpdesk calls because they don't realize ( or keep forgetting) that their MFA code needs to be inserted after their password.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  9. Make XG18 Web Filter User Notifications to Fully Customize HTML

    Being able to fully customize the user notifications & logo (displayed to the user when browsing blocked or warned pages, for example (PROTECT --> Web --> User Notifications --> Block message )) is desirable, e.g for purposes of translating the pages, the possibility to use full HTML with variables & logo images maximum size 125x70 pixels; they are ridiculously small to display the customer's logo properly.

    Additionally in the past we sold SonicWall and customers ask us for the same level of customization that they allow. (SonicWall even allows you to fully customize the UTM admin login interface)

    Please keep…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Services need to be modify without removing from rule

    In the current firmware , if want to modify a service means i have to remove from all rules which is related this service. So this should be update the upcoming firmware. Services need to be modify without removing from rule

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. SSL VPN MFA

    With a SSL VPN client with MFA enabled, the login form needs to display either another text box to insert the MFA code or a message stating that a MFA code needs to be appended to the password.
    The current login form is rather crude and causes a lot of helpdesk calls because they don't realize ( or keep forgetting) that their MFA code needs to be inserted after their password.
    An upgraded form with logo that looks more professional would be my preference please.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  12. Synchronized Security Heartbeat Between 02 or more Sophos XG

    As the Title, Clients with the gateway on CoreSW can not use Heartbeat to the Internal Firewall XG because the Heartbeat packet is route by the External Firewall XG.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Synchronized Security (Heartbeat)  ·  Flag idea as inappropriate…  ·  Admin →
  13. Policy Test should display blocked for unauthenticated users

    When the option "Use web authentication for unknown users" is selected in the Firewall Rules, the Policy Tester shows the result as "Allowed" even for unauthenticated users. I suggest it should display as Blocked for unauthenticated users.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  14. Network Map

    I suggest the implementation of network map visualization to watch os type, hostname, IP, open ports and manage their network access.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. WAN Interface DNS

    Any interface configured as WAN cannot have their's ISP's internal DNS server configured right on the interface, just have to use those 3 DNS servers on the DNS page. Adding this function will allow many ISP DNS Servers to respond faster for any resolution, increasing the response time for the request for that ISP that runs better than with public DNS Servers, and making the end-users more unsatisfied with the WAN performance.

    Just adding the option to set DNS Servers on the interface configuration for each WAN will resolve this issue.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Apply QoS / routing rules to XG generated traffic

    It would be really useful if you could apply QoS and routing policy to data generated by the XG, such as signature updates. So these updates do not impact the WAN bandwidth low speed links.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Select which pattern module updates are downloaded automatically

    We have a number of XG firewalls connected to very low bandwidth / high latency WAN connections.

    On the old Cyberoam OS it was possible to select which pattern modules are updated automatically. This saved unnecessary data being downloaded as we only need IPS and Application signatures to stay up to date.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow Link-Local IPs for Health check AWS uses them for interface IPs

    Allow Link-local IP for Health check under gateways. AWS uses link-local IPs for interface IP so if you are using tunnel interface mode for ipsec and have both gateways setup for failover you are unable to use a health check currently because you do not allow link-local IP. You are able to ping it though device console so it would work if you would just allow Link local IPs

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  19. Easy Routing

    please add an option for easy Routing information to choose between only ipv4 or ipv6 for networks which have both and uses DDNS

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  20. PPTP - Set timeout for users that are inactive

    We have users who are connecting via PPTP to the VPN that are not terminating their PPTP VPN session on their PCs. They are using Windows Built-In VPN application to connect.

    This results in a single user having several sessions taking up IP address from our set VPN IP range.

    Unless I'm not seeing it, can the option to terminate PPTP VPN sessions based on activity be added?

    We're using SG330 (SFOS 18.0.4 MR-4)

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.