XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. XG firewall HTTP/HTTPS health checks for server load balancing rules

    If you have multiple IIS servers behind an XG firewall and you want to load balance them and each IIS server has multiple web sites configured(each with specific IP bindings) then the XG firewall with the TCP check on port 80 or 443 cannot tell that a site is down if the web site is stopped or its associated app pool is stopped to be able to remove that site from the load balancing pool.
    This is because IIS still responds to requests (with a 400/404 when the site is stopped or with a 503 when an app pool is…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. XG Firewall should allow option to keep domain name while changing or renewing certificate

    We have an issue with XG Firewall as it not allow to renew certificate while it is in use and if we create new certificate it removed all custom domain name from Domain field and there is no option to keep these domain names. We can't copy paste or import these domain names and if we add domain name one by one which require lot of time and effort. Please provide an option to us so we can keep existing domain name while changing certificate.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. The SSLVPN connection using Sophos SSLVPN Client with ARM based Windows PC

    To whom it may concern,

    Regarding the SSLVPN connection using Sophos SSLVPN Client,
    we would like to request that you let it work with ARM based Windows PC like Surface.
    If Sophos SSLVPN Client comes to be compatible with TLS1.3,
    will the Sophos SSLVPN Client work with ARM based Windows PC?

    Sincerely,
    Takashi

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  4. Filter out search query results containing specific keywords in the Youtube app

    I would like to be able to filter out any results from appearing in the Youtube app which contain specific keywords, so videos and their metadata (description, etc.) which contain these keywords are not shown. The keywords may appear in the video name, channel name, video description, etc. basically in all the content youtube shows as part of the video.

    A user may search for a filtered out keyword, and this search is not blocked, but in the result set videos and their metadata which contain the keyword are filtered out. For the user the result set looks empty.

    See…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Block all Youtube videos belonging to a specific channel

    I would like to block all the videos belonging to a specific channel, including videos which are included in the youtube home page, explore section, subscriptions section, library, playlists, history, youtube search results, etc. This needs to apply both when using the youtube app and the web site.

    As a result of the blocking the videos, descriptions, etc. (metadata) belonging to the channel will not be shown in the youtube home page, playlist, search result, history, etc. while other videos not belonging to the channel are shown.

    This also needs to apply as new videos are added to the channel,…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. user with more than one email account quarantine

    We have users with more than one e-mail account. But with login based on AD, we can only associate one account at time.

    Make possible to associate more than one e-mail accont per user, at least on Quarantine .

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. syslog

    Please enable sending of VPN logs (charon.log and strongswan.log) files to syslog server. This is needed to analyse these logs offline.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  8. Make the web interface faster

    The administration of the XG UTM is so slow. We have tried several models but the loading of the pages is always slow.

    13 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. ssl vpn remote accsess user Used time (in minutes) report download to PDF,CSV,HTML

    ssl vpn remote accsess user Used time (in minutes) report download to PDF,CSV,HTML

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  10. SSH CLI Aditional Users

    Hello everyone
    We need that sophos implement an option to configure or allow user accounts with administrator role to access by SSH. This would facilitate the tracking of changes that firewall administrators can make.

    Currently the only "admin" account can access to SSH but we need an option to provide SSH access for another account with the administrator role.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add Actual OWASP / ModSecurity Rule_ID to WAF Logs

    Coming from UTM used to at least include the rule id in ModSecurity that caused the block. Under XG There is no ID so it is currently impossible to identify the rule that needs to be white listed.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. SSLVPN Report

    Hello Team,

    We are looking for a reporting feature or logs data to identify SSLVPN users data, on which WAN link they are connected. This will help us to identify users data & bandwidth usage details and we can plan to segregate users as per need and depending upon primary and secondary/backup WAN link speed.

    Thanks!!!

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  13. Historical Logs Stored in local Disk

    Historic Logs stored on the local disk in the antique format that Sophos UTM has in the directory /var/log. like fwlog00-00-0000 where the first is the day, next month and year. stored by day and the capacity to export those logs to an external disk.

    The actual format of the XG is not confortable because all the logs is purged by day.

    This feature is important to store all historic conntrack information and the others module logs, like IPS, WAF, EMAIL, WIRELESS, etc.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Radius Server supply UserGroup from AD

    Let the Radius Server supply a Groupname for different Firewall Rules

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  15. report

    in the graph of the use of the wan it would be nice that clicking on any bandwidth would report ip that created that event

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  16. Expand DNS on XG to allow ISP load balancing with authortiative DNS

    To provide a full ISP inbound load balancing experience, it would be helpful if the XG supported the whole range of DNS host entries and allowed you to specify what they are. This would allow the XG to be an authoritative DNS server for a domain a company owned.

    The list of DNS entries that aren't supported now that would need to be added are: NS, MX, CNAME, TXT, SRV, SPF, DNAME, CAA

    The benefit of this would be that an institution could have a single XG firewall set up as an ISP load balancer, but instead of using an…

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Discover dropped files from Intrusion Attacks

    In MONITOR & ANALYZE | Reports | Network & Treats, we'd like to have ability to see the name of the file that is attacking the network internally.

    i.e. The Intrusion Attack is: 'FILE-PDF Adobe Acrobat ImageConversion PCX Parsing Out-of-Bounds Write'. File name of source attack: 'malware.pdf'.

    We can use that info to search out the attacking file and delete it if not picked up by AV.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow 3rd party access to create backups

    Allow systems such as Auvik access to create backups

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Consolidated report for SSL VPN Last login

    Dear Team,

    We are looking for the consolidated report for SSL VPN last login from Sophos XG firewall which is currently not there in the firewall. This report will help the administrator to alter the user list which are inactive since long time. Hence kindly get this implemented in the firewall.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  20. Clear/Sort Messages in Control Center

    The messages on the Control Center page have become completely useless after firewalls have been in operation for some time. The messages are not sorted according to any logic I can ascertain, and I'm unable to clear messages that have been there since literally the day the device was installed.

    15 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.