XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. pppoe light touch configuration

    Currently there is no option in the light touch configuration for an interface type of pppoe. As a result I cannot deploy XG firewalls remotely to locations with DSL connections. Please add this feature.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  2. Own CCL definition on Sophos XG

    Email protection and DLP on Sophos XG is possible use just with Data control list based on predefined dictionaries (CCL - content control list).

    Could you add support for definition of the own dictionary/CCL (based on keywords and regular expression)?

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Change request for SFOS 18: Diagnose, Tools, Ping through VTI tunnel

    I was wondering if in one of the next MRs in SFOS 18 it was possible to include one or both of the following changes:

    Including the VTI interfaces in the pull-down menu options for PING diagnose
    When pinging with an internal interface, letting the ping go through the routing tables including routing through VTI interfaces


    • In policy-based IPsec it is possible to configure system-traffic to go through the IPsec. When these settings are correct, then a ping from the LAN to an address configured in the system-traffic rules is routed through the IPsec.
      With VTI IPsec, this doesn't work.…
    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Improve sample submission page

    I have list of many suspicious URLs but our Sophos products XG, Endpoint & Central Email categorize/filter/handle them differently. If all these products use same URL categorization DB it will be helpful for all of us.

    In many cases Sophos Labs doesn't know URL belongs to which category and we have to keep submitting them constantly this is tedious process in which we are helping Sophos to becomes stronger and Sophos is making this process lengthy & difficult to submit. There should be an easy way so that we too can contribute faster.

    > Submit a FalsePositive mail should from…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Sophos XG does not send quarantine digest for outboung emails

    Sophos does not send a quarantine digest if an outbound email is quarantined by antispam. I checked antispam engine for outbound traffic by using the gtube string. My Outbound message has been quarantined as expected. I am not notified about that issue. So my users are not able to recognize that important Business email are not delivered.

    I opened support case 03082732 for that behaviour. They told me:

    “Regarding the quarantine summary digest for the outbound emails, right now this feature seems not be supported on the XG.”

    Please improve quarantine digest.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. VLAN bridge support in MESH network

    Currently in XG v18 VLAN bridge in MESH newtwork using APX appliances is not supported.
    This feature does exist in current Central Wireless.

    Please support it also in XG.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. RA VPN enhancements

    VPN agent must have functionality:
    > Scan/read OS patch status, version.
    > AV agent name, version.
    > Windows FW & Defender status.
    > Logon history tab, so that user will know who and when was previous logon done from their system, agent must also fetch from NGFW, is there any other user logged in from same account from a different machine. This also helps in identifying unauthorized logon attepts.
    > Diagnostic tab on VPN agent similar to XG for TShoot.
    > Dark Theme UI.
    > If multiple ADs are configured and those ADs have diferent domains then VPN agent must…

    18 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  8. MIME-Type recognition is sometimes wrong!

    I analysed MIME-Type recognition and found that MIME-Type recognition is not working proper. As example, DOCX-files are recognized as "application/msword". The right MIME-Type of DOCX-files is "application/vnd.openxmlformats-officedocument.wordprocessingml.document".

    I already opened a support case with request number 03058060 and got this answer:
    "Yes, the MIME recognization from XG for .docx is under applications/msword"

    So please change MIME-Type recognition, that it serves the MIME-Types, which are listed here:
    https://docs.microsoft.com/de-de/microsoft-365/compliance/supported-filetypes-datainvestigations?view=o365-worldwide

    or here:
    https://developer.mozilla.org/en-US/docs/Web/HTTP/BasicsofHTTP/MIMEtypes/Commontypes

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Utilize the weight value for WAN failover order of priority to become active

    Hello Team,

    We have customer here requesting to Utilize the weight value for WAN failover order of priority to become active. For your assistance please. Thank You

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Utilize  the weight value for WAN failover order of priority

    Hello Team,

    We have customer here requesting to Utilize  the weight value for WAN failover order of priority. For your assistance please. Thank You

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. change vlan base

    Please make it possible to move existing VLANs to another base interface without the need of deleting/reconfiguring. Almost every other manufacturer allows that and it really helps when we have to temporarily build a network on ports other than the ones that will be used in the end.

    20 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. Implement RADIUS failover support for APX Access Points

    It has come to my attention that while the XG firewall allows you to enter two RADIUS servers for wireless authentication failover. The APX series access points do not support the secondary server.

    This creates a high risk for wireless service disruption in the event the primary server goes offline. The lack of support for this functionality requires an engineer to manually promote the secondary server as the primary in the event of a failure.

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Web Policy Enhance Default Action

    XG Policies obliges to define a Default action to Block o Allow, which makes it less easy to define exceptions for certain users and web destinations or categories.
    For example, if a Defined a Base Policy for the whole enterprise, and I want a group of users to let visit a certain web category, I must edit the base policy and add a line for each user (groups doesn't work well with AD intergration and STAS) for the allowed category, or clone the policy and adjusting it accordingly.
    It would be so much easier to define a New Policy in…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. mimo

    enable mimo/mu-mimo feature on XG wifi similar to central managed

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Firewall rule locks

    Using Sophos XG 18.01 , had a recent issue where a LAN>>LAN rule was deleted automatically when a RED device interface was removed from the XG.

    It would be great, if "Tags" or "Locks" could be applied to Firewall rules, that either stops these rules from being deleted, or alternatively prompts for login credentials or a warning before the rule is deleted.

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Detailed List of IPS rules used in the XG Firewall

    I want to get an IPS rule file(.csv) in Sophos XG firewall. It does not allow to export to a file as a .csv. Would be used in the SIEM solution as a detection rule.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. current Activities>Live Users

    Please Provide the MAC Address also in Current Activities>Live Users

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  18. Need option to export the all DHCP Leased Ip's to a file

    In Network>DHCP. Is it possible to have entire leased Ip's list to download in excel file.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  19. IPSEC interface tunnel is hided on LAG port

    When I established IP Sec tunnel Interaface with LAG on WAN, they can't show Virtual Interface of IPSEC tunnel. Please update to show ít on LAG port.

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  20. IPSEC interface tunnel is hided on LAG port

    When I established IP Sec tunnel Interaface with LAG on WAN, they can't show Virtual Interface of IPSEC tunnel. Please update to show ít on LAG port.

    0 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.