XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Cisco Anyconnect VPN Client

    Would like Cisco Anyconnect VPN client added to the applications list so that Traffic shaping policies can be added to it.

    Thanks!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Detection Requests  ·  Flag idea as inappropriate…  ·  Admin →
  2. Change/Override URL category for website

    I need to recategorize a site, similar used in Sophos UTM. Today I can only create a whitelist.
    Is there any possibility of doing this in the XG Firewall?

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add Fortnite to Application Control

    Can you add Fortnite to Application Control (for school, office, ...)

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Detection Requests  ·  Flag idea as inappropriate…  ·  Admin →
  4. Expose mail queue information via SNMP

    We'd love to monitor the SMTP queue via SNMP. We have an issue earlier in the week (#9330679) where we ended not receiving external emails for several hours because the XG 230 was having problems delivering email to our internal exchange servers, resulting in 750+ emails being queued.

    Would have been great to have been alerted via our existing monitoring solution that we had a queue building up.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. Match IPS Signatures between all appliances

    Sophos XG IPS signatures differ between 1U and 2U appliances. As of today, 1U and virtual appliances scan for 7,000 signatures; however, 2U appliances scan for over 22,000. We have been told this is by design given the lower compute on 1U/Virtual appliances. This means that customers with a 2U appliance are better protected than those with 1U. We would like signatures to match between all appliances and have an option to trim up signatures, if needed.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Unable to download system events reports in pdf format including all pages

    Unable to download system events reports in one pdf format including all pages please resolve

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  7. Blocking of file transfer in Skype

    Blocking of file transfer in Skype

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  8. IPSEC failover vpn condition - Add an option to ping a local device on remote site

    It would be very handy if there can be an option to ping a remote device via local ip address. as some time vpn failover doesn't work as it can still ping the external ip address even if for some reason tunnel goes down.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  9. Azure Accelerated Networking

    It would be great if you could update the XG Firewall for Azure to be able to support Accelerated Networking. See the URL below. It seems this would be a nice selling point.

    https://docs.microsoft.com/en-us/azure/virtual-network/create-vm-accelerated-networking-cli

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Retrieve device information via API

    Note: There is no category "API"...

    Add functionality to retrieve model number, serial number, cpu types, cores and ram via API. We use the API to create automated documentation for our infrastructure...

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Central Registration - improvement

    currently a partner is unable to register the XG under the tenant within the partner portal, this must be completed by the tenant, would it not be prudent for the Partner to be able to register it within the tenant?

    Usually there is no one who is trained for this administration procedure outside of the partner itself.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Send User Accounting Information using RADIUS attributes

    XG firewall only sends Start and Stop of user activity to RADIUS server.
    It's needed to send more accounting information like used traffic volume, bandwidth usage, etc. via RADIUS attributes to radius server.
    Many other firewall brands do have this feature.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  13. Bittorrent

    My feedback is as follows;
    Every time we raise an issue ticket with any Sophos Support, They try to analyse, and finally, I prooved today How the user can by-pass your Firewall Rules and Policy.after you gone through which application of Bittrorrent has allowed by Firewall Policy, you created a new test Firewall rule/policy. & applied on my Desktop system IP & Mobile IP for testing. once you are successful on reported website URL or application, I tried with the following website which also allowed access and signature are not available in your algorithm
    https://extratorrent.si
    https://torrentz2eu.in/
    https://extratorrent.cm/
    https://deluge-torrent.org/

    http://www.publicdomaintorrents.info/

    https://bitlove.org/directory

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  14. Use Firewall name in from address when mailing reports

    Update the email information on reporting to pull the Firewall name. For example, I have four locations with XG firewalls, however, when each firewall emails me reports they all come in as Sophos regardless of the email address attached to that firewall. If the firewall name is XYZ-SophosXG-2 then use that for the from name when sending email.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  15. Configure time allowed after Web policy warn

    I would like to be able to define the amount of time the device is given after proceeding through a web policy warn page. The hard coded value is 30 minutes but that is not long enough for some tasks.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. control ICMP handling like in UTM

    Ther is no possibility to disallow ICMP packages to the gateway adresses from the used adapters

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. VPN Logs from Log Viewer and Not CLI Only

    We should be able to get this right in the log viewer and not have to go through this. The UTM had this and we need to get the feature parity up to speed. This seems so basic to me. See below for Sophos instruction to pull logs via CLI, this isn't cool.

    https://community.sophos.com/kb/en-us/123310

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. SSLVPN authentication by RADIUS Authentication via Active Directory

    Implementation of SSL VPN users on Sophos using RADIUS authentication. The RADIUS server to use the Active Directory to authenticate the SSL VPN request.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  19. Implement real custom report / Connection Overview possibility

    In the moment there is no way to generate a connection overview report from out of an XG. For example the custom reports section could be extended. These tables should be available:

    Source-IP, Source-Port, Destination-IP, Destination-Port

    Optional Fields:

    Time, Application, Packet-Count, Byte-Count

    The Query should be able to provide distinct results, especially when adding the packet-count field. To create a connection overview is a quite common task and is pretty easy in different deployments like inline deployment or even just as a Tap Device.

    If the XG could simply generate a report, it would be a great function for any…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow PPPoE without username and password (IPoE, NBN)

    Many NBN providers in AU do not require a username and password for NBN FTTN. Instead, they use IPoE.

    Please fix the fact you cannot save the PPPoE settings without entering a username and password. Either that, or allow you to enable DSL with connection type DHCP or static selected

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.