XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add local service ACL exception rule

    Add local service ACL exception rule to allow for a custom service to be added and selected. i.e.: Ubiquiti discovery service UDP 10001 ACL exception for device access.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. IPv6 support in "Policy Tester"

    Currently one can only use the Policy Tester for IPv4 addresses. Please add the ability to also test IPv6 addresses.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Unrecognized SSL Protocol Exception

    Allow exceptions for the Unrecognized SSL Protocol blocking. Currently, a single IOT device in an isolated subnet requires this feature to be disabled across the board.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. DHCP enhancements: Convert dynamic to static mapping and sticky DHCP

    Working with the XG DHCP-Services is quit exhausting. It could be much easier if there were a possibility at the IPv4- and IPv6-Lease-List to change an existing dynamic Lease to a static IP/MAC-Mapping.
    Additionally a kind of "sticky" DHCP Mapping - were devices get always the same IP-address as long as the range is not exhausted - would make troubleshooting much easier!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Sophos XG Firewall: change simultaneous login ( captive portal / network client authenticator) option of group

    Pleas add an option in Sophos XG Firewall to change simultaneous login ( captive portal / network client authentication) of group, i.e. any number of simultaneous login could be assigned to all members of a particular group at one go.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  6. ECC certificates SSL VPN

    Allow the use of ECC certificates in place of the RSA certificates for SSL VPN. I realize ECC support was added in 17.5 but it was only partially implemented. The current (version 18 as of this writing) version of your firmware uses OpenVPN version 2.3.6. which does not support ECC. OpenVPN 2.4.0+ is required to support ECC. I had opened a support ticket, they confirmed the limitation and indicated there is no current upgrade timeline.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. rchive and download logs

    Archive and download logs in tgz format like in iview. As you know that iview doesn't work, if this feature will be available we can download the logs from Sophos and save for future use. In case box fail we will not have the reports and we will not able to share the reports to Cybercrime team. I would request you to enable this features on urgent basis and I don’t want to go Jail.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  8. WhatsApp Control

    need control on whats App Contents where need user can't view and download videos and audios files

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  9. Unique (non-default) OTP Authenticator Account Name per XG instance

    We have two Sophos XG firewalls and are setting up OTP 2FA with Sophos Authenticator. After scanning the barcodes for both, the Sophos Authenticator displays both accounts with the same default non-unique account name "Sophos SFOS." This makes it difficult to differentiate as to which token goes with which firewall.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  10. Rolling firmware updates for WAPs

    Would be extremely beneficial to be able to roll out firmware updates for wireless APs in a staged manner - i.e. update one at a time instead of all together, so that there's no (or minimal) interruption to service.

    At the moment, I can't update access points during the day, because it will disconnect WiFi for all users. If we could do them one at a time, it would become possible.

    UniFi has this feature (they call it a "rolling update") and it's really nice. Updates each AP in turn, and doesn't start the next one until the last is…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Long Usernames with Active Directory

    When configuring Active Directory login on Sophos XG firewall you will have problems if the username is over 20 characters long. This is a limitation of the sAMAccountName field in AD. If you configure it as a LDAP authentication you can specify the userPrincipalName field for the username. This field doesn't have a character limitation. I would suggest an option when configuring Active Directory that we can choose to change the field used for login. This would work also in networks where there is more than one domain for authentication.

    Then users could just type their full email (ex. username@domain.com

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  12. firewall name

    When you are configuring something using the web interface you can't see the firewall name unless you are in the dashboard. It would be nice to have the firewall name at the top of the web page.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Improved AP management

    I'd like to see a few improvements to management and monitoring of APs being controlled by an XG appliance:


    • Display other competing networks and channels strength for channel selection

    • Show access point utilization and establish thresholds for utilization trends

    • Integrate floor plans to position APs visually.

    • Couple the former with perhaps a mobile app to identify potential deadzones/heat mapping

    Use case currently is that I've been getting reports from one of my sites that wifi has been having intermittent issues, and the data needed to remedy it effectively is much more difficult to obtain than it needs to be

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add testbutton for SMTP notifications

    Please add a 'test' button on the Adminstration > Notification settings page. Also show a decent error when the test e-mail could not be sent.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  15. Network Interface Status

    Can you show Network Interface up/down status at Main/First Screen
    (Control Center --> Interface)

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Sophos XG v18 Rule & Policies display size

    Can we please increase the size of the box used to show the Firewall rules to something larger that 5 rules?

    Making it expandable either manually or automatically as you expand or collapse rules..

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. karthik@zog.live

    Please add the modification for hotspot voucher templets and captive portal registration page

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Let's Encrypt integration like the SG already has.

    Please integrate Let's Encrypt. I remember an anouncement at one of the first XG Roadshows that new features will be provided for xg and later maybe for sg. But SG gets Let's Encrypt first and un XG we waiting for it since years....

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. scan ftp for malware on encrypted FTP

    requesting for scanning of encrypted FTP

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. VPN - Inform the user via Email that he has been connected or failed

    This would increase the security that not somebody else is trying to steal his identity. It would be also great that the admins are informed with too many failed logins.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.