XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Sophos XG, RED Monitoring

    Hello,

    We have Sophos XG 135 and 4 RED Devices. I built a crash scenarios when Internet connection of RED Devices is unsuccessful by adding 4G router before the RED.
    1. Sophos XG 135 sends email notifications but this is not enough for me as it sends them only to one email address. In Administration => Notification settings => Email settings.
    a. Proposal 1: Sending an email to more than one specific recipient. For example: Administrator who is responsible for the internet connection should receive notifications only for the internet connection. Variables that can be corrected should be added to…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add timing/schedule feature for SD-WAN policy routing.

    Please add timing/schedule feature for SD-WAN policy routing configurations. Because there are several cases of traffic being passed on a certain line at a certain time.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add time interval select feature when searching logs on XG Firewall interface.

    This is most basic feature when internet provider or law enforcement institution request to block or identify user that was making illegal network activity during specified time. There is option to filter by source port, but no way to jump to a specific time frame directly, making search very complicated and time wasteful.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Sort feature for wireless access point page

    In Wireless > Access Points, in the access point list you should be able to sort by any of the columns. Currently you cannot sort AT ALL. This is just absolutely crucial for us and I am sure many other Sophos wireless customers. The most important would be the "Label, Status, Group, IP, and Type". Please implement this feature ASAP.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. sec_request_body_no_files_limit in GUI

    Allow setting secrequestbodynofiles_limit via the GUI for Web Protection policy.

    Having to set via CLI tblwafsecurityprofile settings every time a WAF setting changes is very bothersome and leads to more downtime for customers.

    https://community.sophos.com/sophos-xg-firewall/f/discussions/114221/413-request-entity-too-large

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. expand custom hostname Hotspots length limit

    currently the custom hostname Hotspots length is limited up to 30 characters. If Sophos expand the database-field to more than 30 characters this would be great

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. expand custom hostname Hotspots length limit to more than 30 characters

    currently the custom hostname Hotspots length is limited up to 30 characters. If Sophos expand the database-field to more than 30 characters this would be great

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. port monitoring

    I know there was another idea post for Decryption port monitoring but I'd like to have full blown Port Monitoring as found on all managed or semi managed switches as well as most Ent grade Firewall apps from other developers so this would be a powerful addition for diagnostics / hunting over XG's own reporting functionality which Ive found isn't sufficient, Packet Capture is limited to 2MB at a time and their config and filtering doesn't have custom option facility.

    Hope this idea gets votes and would love to see it added to XG sometime in the future.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  9. port monitoring

    I know there was another idea post for Decryption port monitoring but I'd like to have full blown Port Monitoring as found on all managed or semi managed switches as well as most Ent grade Firewall apps from other developers so this would be a powerful addition for diagnostics / hunting over XG's own reporting functionality which Ive found isn't sufficient, Packet Capture is limited to 2MB at a time and their config and filtering doesn't have custom option facility.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  10. usable VPN App for Android

    We need a VPN app for Android that can be distributed and configured via Sophos Central and can connect to an XG. This must be able to handle "VPN on demand" (Android Enterprise).
    Central can already distribute certificates via SCEP, but neither the XG nor Central can create a useful, secure, easy-to-use VPN configuration for Android.
    This is ridiculous

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  11. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  12. mac vendor identifying

    It would be great if the DHCP table would check the MAC Vendor and Display it.

    This would make identifying certain devices in a Network so much easier.

    Small solutions like a WLAN Router or bigger solutions like certain Firewalls have this feature but Sophos XG is lacking it.

    Thank you beforehand.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Plz Allow PPPOE Client For Isp Provider

    Plz Allow Xg Firewall On pppoe Username And Password For Client Side Prove then We Can Provide PPOE account For Client Side Isp

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Hardware  ·  Flag idea as inappropriate…  ·  Admin →
  14. Log archiving in external server

    As per my company policy we have to retain 3 years log, is there any way in Sophos xg where we can archive daily log reports to external servers automatically without using GUI.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  15. Plz Allow Set Data Quata On Ip Rule

    Plz Allow Set Data Quata On Ip Rule

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  16. DNS host entry - NXDOMAIN for IPv4 OR IPv6 instead of resolving it externally

    For setting up a complex network scenario with split DNS it would be good if you could set also an NXDOMAIN entry/checkbox for IPv4 or IPv6.

    Example:

    Internally I want to have clients only connect to a specific service via IPv4, not via IPv6. Then I put in the DNS host entry for IPv4 and for IPv6 I set NXDOMAIN. Because if there is an external IPv6 entry the XG will deliver this one back as it can't resolve it internally.

    Also this is a big problem if the external DNS host entry is a CNAME because it resolves the…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Multiple nat on single ipsec tunnel

    Sophos XG210 failure to do Multiple NAT rules on IPsec Site-to-site VPN

    Description:

    We want to configure multiple NAT rules on IPsec site-to-site VPNs and the firewall only supports one NAT rule on each VPN. Please can we have advice on how to resolve this.

    Please refer to case:ref:00D301GN6a.5003Z1DegHy:ref where support mentioned is not supported at this stage.

    Also look at a previous request on this:
    https://community.sophos.com/sophos-xg-firewall/f/discussions/84062/multiple-nat-on-single-ipsec-tunnel

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Remove Erroneous Blocked Websites

    Please update the web protection categories to NOT block several legitimate websites. Several major software vendors are currently erroneously listed in the block list. This software is widely used and NOT a risk. Some example sites blocked are

    Google Chrome Enterprise browser, Intuit Quickbooks, Adobe Acrobat, Adobe *

    I could understand blocking these things if they were a risk but they are not. This is software that literally 100% of organizations use in one way, shape or form.

    Please update these web filtering lists to allow updated on these critical apps. We shouldn't have to create dozens of exceptions to…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Wireless PSK Max/Min Lenght

    The WPA2 field doesn't warn users if they input a value that is longer that what is allowed. Instead it saves the configuration and puts the wireless network in open mode without any security. All password fields within the XG should notify the user of the input restraints they have. They should notify a user of the min-max length. Complexity meter would also be helpful to improve users password choices.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Password Field

    All password fields within the XG should notify the user of the input restraints they have. They should notify a user of the min-max length.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.