XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Filtro

    XG Firewall Sophos, debería permitir el filtrado de contenido por dominio completo, por ejemplo: .io , .com , .co

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. SSL VPN report

    I would like to have a report for the use of ssl vpn with duration and time.

    14 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  3. Change warning in messages if firewall no longer registered with OR managed from Sophos Central

    The warning message that's shown if the XG is registered with but not managed from Sophos is unnecessary and cannot be cleared. Very few of our customers have allowed firewall management from Central as its generally a different team or personnel who manage the XG and Central and there isn't sufficient granularity in user / admin roles for management to be allowed. The warning in messages only needs to be shown if the XG WERE previously managed and are no longer being managed. This warning could then be acknowledged and cleared if necessary.

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  4. FTP server Anti-Virus scanning like WAF

    DNAT/NAT/Load balancing rule or WAF should have FTP server option. So that any files uploaded or downloaded from FTP server in any secured ZONE like LAN or DMZ should be protected. Cyberoam has such facility but it is lacking on SOPHOS. If FTP client upload ransomware or virus than it will blow up the secure network. it is security loop hole.

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. VPN access to Guest users

    Hi,

    I would like to request you to that enable VPN policy for Guest users. We had successfully given vpn policy to guest users but in sophos XG. We need to give vpn to guest for clients or candidates for screentesting so please look into this.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  6. Al

    Suggestion with regards to how XG Firewall handles backups. I would love to have the option to auto backup when the config changes. Weekly or daily often leaves me with either to many backups or the possibility of having a backup with missed changes

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Export Log File to FTP server

    Possibility to export Log file to an FTP server every days

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  8. Updated API documentation for Country Host Groups

    The API documentation on your site is either outdated or just wrong in regards to Country Host Groups. The actual parameter is <CountryGroup>, but isn't listed anywhere in the documentation. The sub-parameter to pass it is <CountryList>, not <CountryHost>, which in turn needs to be passed a series of sub-parameters of type <Country>. There is also no example listed.

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Require firewall rule details under Intrusion Attacks report

    Information about the firewall rule should be displayed under Intrusion Attacks report.

    It will help to filter out allowed attacks in case if the IPS logs are not available.

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. ModSecurity version 2.X.X to version 3.X.X

    The latest version sof ModSecurity WAF rules are in version 3.X.X. Is there a plan to get these added to webserver protection, since they produce less false positives and perform better than the 2.x.x rules.

    3 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow upload of certificates with special characters in passphrase

    Currently I can upload certificates with keys including special characters to the "Certificates" tab under "Certificates". Unfortunately, uploading the same certificate under the "Certificate authorities" tab results in the following error:

    Special characters |, `, ', ", <, >, (, ) and \ are not allowed in the passphrase

    I don't see why special characters can be used in the passphrase for "Certificates" but not "Certificate authorities". Please allow special characters to be used in passphrases under "Certificate authorities".

    4 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add DynDns to support "dyndns.org". Currently it only support "dyndns.com" for XG.

    current XG only support dyndns.com but not dyndns.org

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. speedtest

    Other manufacturers like meraki offer a speed test on the WAN bandwidth and available throughput.

    10 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. alert bandwidth

    Alert or notification should be sent to administrator when bandwidth usage reaches 80 %

    12 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Synchronized Security (Heartbeat)  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow port forward of TCP and UDP in same rule

    So there's a limitation currently where if you're making a DNAT rule, and you want to change the destination port number, you can't forward ports from both TCP and UDP to the same server using the same rule.

    For example, I have an environment where RDP traffic from specific external public IP addresses is forwarded from one of my public IPs to an internal server (via DNAT). RDP uses both TCP 3389 and UDP 3389, but my users connect on a different port number (52389), which I need to forward an internal server on 3389.

    I can create services to…

    7 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. When downloading Custom reports we need a "Download All Pages" options

    I have a customer requesting web activity from a specific computer for a whole month. I can generate the report using Custom Web Report, Detail, IP address. When the report generates there are over 400 pages of records when viewing 200 records per page. I have to click on every page and select CSV for each page to get the whole month's report, this is extremely time consuming. Why isn't there a "Download All" option to generate 1 report for the whole month?

    4 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  17. Sophos Connect - Integrate Sophos Admin into XG

    It would be ideal to expand Sophos Connect to have the firewall push the policies dynamically as users login or allow for profiles (like SSL-VPN).

    This will allow for an always updated policy rather than futzing with .scx files and trying to get changes imported onto road warriors.

    3 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  18. Integrate NTOPNG or similar funtionality into SFOS

    There is a Linux utility called ntopng https://www.ntop.org which is very good at identifying and classifying network traffic at high speed. If you could integrate this into SFOS it would be a very powerful tool.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Clientless VPN Bookmarks need more settings and ones that are there need to work.

    Please fix the HTTPS and RDP clientless VPN options, as they are now they seem either broken of half-heartedly implemented (I was being kind when I meant to say half something else). Also, it would be nice if you could add some more options, especially to the VNC/RDP module, things like color depth, resolution, encoding, etc. would be greatly appreciated.

    4 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  20. WAN Failover Options and Ranges

    WAN Failover needs at least to have ranges
    Example: Ping between 0 and 100 consider WAN up

    Packet Loss would even be better
    Example: Packet loss higher than 10% consider WAN down

    The other vendors have these options, WAN Failover is pretty useless when a line can have a 2000 ping and 75% packet loss and still be considered up... These are the most common problems with the biggest carriers in the US such as comcast...

    14 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.