XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. nmap in XG Firewall

    Install nmap in XG devices would be very useful as it is in SG devices. Is that possible to do it in next releases?

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. import specific config

    when importing configuration from another device, it would be nice to have an ability to import specific configurations only like IPsec, SSL, etc instead of importing the whole configuration

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. User must change the password feature for Captive Portal when user logged in using LDAP

    When User login into the Captive Portal using his/her LDAP Credentials, he should be prompted to change his password on very first login or should be having an option to change his own password.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. happy eyeballs for Web protection

    As of right now, the Sophos XGs web Protection feature does not implement happy eyeballs which renders it unusable for IPv6 Endpoints - the only way to "fix" this is to simply force all http(s) traffic to use ipv4 instead.

    It would be nice to see real dual stack support by implementing Happy Eyeballs.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. configure password of day to be sent out at a certain minute

    It would be nice to be able to configure passowrd of day (for hotspot) to be sent out a certain minute.
    At the moment, it can only be configure on a interval of hour, not convenient.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. ssl vpn

    Would like to see an option to create additional SSL VPN profiles based on AD Group membership. Having a single DHCP scope for all SSL VPN significantly hinders the potential of this feature. Being able to place different users into different subnets would allow administrators to tailor firewall rules for each group that better fit a given groups role within the organization. The current system requires I either grant excessive network permissions to standard end users, or otherwise make the SSL VPN completely useless for administrators attempting to address emergency issues remotely.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. executable files

    we need Sophos to add more executable files extensions MIME headers in the predefined file type that comes with Sophos.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. GUEST Users details export

    After having created GUEST USERs (especially if they are many users), should be nice to be able to export the guest users details (Username, password -not encrypted-, duration, etc) in order to be used for other purposes, like to print some customized tickets (tickets with Company logo and other information).
    The "exported" list should be created in a plain (not encrypted) format (like text) or in a standard format to be used with Excel, or Word mailmerge function and so on.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Monitor firewall rule realtime bandwidth monitoring

    HI,
    It would be great if we can have live bandwidth monitoring for firewall rules for troubleshooting and performance.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  10. Stop auto loading the Live Graph

    When navigating to Diagnostics --> System Graphs the page automatically renders all the graphs for the last 2 hours. This forces you to wait to change the time period. Please stop the auto rendering, and allow the admin to select the time period and click the update button.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add Duo MFA integration to Sophos XG

    Apparently the older Sophos UTM has Duo MFA integration. Please build this into Sophos XG firewalls. Duo is extremely powerful, flexible, usable for individuals, companies or full-blown MSPs unlike most of the other MFA solutions available.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Want to add option for Two WAN link for L2TP VPN

    Please add a option to select one more Local WAN port in Local Network details, in L2TP remote access VPN tab. As of now its only for one WAN port.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  13. 4G/5G USB Dongle Support

    I think it is high time Sophos updated the USB Dongle HCL to include modern technologies such as 4G/5G. With 3G ending for a lot of people soon many of the devices on the current list are about to become obsolete.

    https://docs.sophos.com/nsg/sophos-firewall/v17.0.9/Help/en-us/webhelp/onlinehelp/index.html#page/onlinehelp%2FAppendixD.html%23

    https://community.sophos.com/kb/en-us/123939

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. DHCP flease for more than 30 days

    DHCP lease for more than 30 days, 30 days are not enough in some cases!!!

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Editar a mensagem de senha do dia dos Sophos APs

    Deixar editar a mensagem de senha do dia, para identificar de qual equipamento é a senha enviada para os administradores que recebam

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. SSL VPN ACCOUNT LOCKOUT

    Similar to the admin lockout screen - it would be useful to block users logging into ssl vpn after x amount of incorrect attempts - either lockout for a predetermined amount of time or what would be awesome would be to lock and allow an admin to unlock.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  17. [SFOS IVIEW ] Reduce the file size of the XLS file which downloading from Archives.

    [SFOS IVIEW ] Reduce the file size of the XLS file which downloading from Archives.

    When we download the CSV file from IVIEW the file size is considered small and when downloaded using Excel format the file size is much greater due to additional data not required.

    When we copy the contents form XLS file to normal CSV file the data captured is less than half of the original file size.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  18. IPSec Remote Access mode should hand out IP's to Android clients

    We should be able to hand out virtual IP for users on a plain IPSec (not Sophos Connect) by config or by user static remote access IP defined.
    Sophos XG's IPSec configuration does not have the ability to configure "rightsourceip" when setting up Remote Access IPSec connection. With this ability we could use the built-in android IPSec XAuth VPN client and not rely on third party apps.

    [IKE] <AndroidIPSec-1|28> peer requested virtual IP %any
    [APP] <AndroidIPSec-1|28> [IPPOOL] (acquire_address) acquire_address...
    [APP] <AndroidIPSec-1|28> [IPPOOL] (acquire_address) Access Server not provided IP for user: ********
    [IKE] <AndroidIPSec-1|28> no virtual IP found for %any requested…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  19. garner

    garner service sometimes stop to work and no events are logged since it happens up to the time when garner is restarted
    time when you recognize that you have no data about history is the time when you need this data ...
    developer would add feature checking whether garner is able to fill data in logs and make alert or automatically restart garner service and send alert

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add more note fields

    On the SG devices there are several fields for notes and comments which really help us in our job. The XG is only a few of them and in most cases there is no chance to add any comment to it.
    Please add at least the note fields from the SG devices.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID Test Azure
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.