XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Reverse Route Injection

    Please Add a feature Reverse Route Injection as what Cisco ASA has for I can advertise on our SOPHOS XG 310 the networks known via IPSEC to OSPF dynamic routing protocol.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  2. Guest Users

    1. Guest Users are currently created with validity with days only, we should also get the option for hours.
    2. Guest user reports to be auto sent in an email as a guest user report on a daily basis.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  3. Multiple IP Range Add in IP Host Service

    Multiple IP Range Add in IP Host Service

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  4. search engine

    In cyberoam there is feature / report that track popular search engine's keyword searched by user. from this you can track down what's going on user's mind.
    this feature / report missing in sophos. it is great if you introduce the same

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  5. The sophos connect client cannot select a bridge or no IP interface as the service interface

    When I was using SOPHOS Connect Client of XG firewall, I entered the configuration content and clicked application
    My firewall is bridged behind the gateway and switch (port1 area wan; port2 area LAN; IP address is given to the bridge port after wan bridging)
    However, I noticed that in the sophos Connect setting, only port2 port (area wan) can be selected as the VPN interface and bridge port cannot be selected, while port2 port has no IP state and shows NA. I suspect there is something wrong with this place
    Therefore, I tried to do the experiment, and configured a…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  6. need whitelist for application filter

    At the moment, application filter works on blacklist, and we cannot create whitelist application filter to allow a specific application, and block all other applicaitons including unknown/unclassified applications.

    Other vendors can achive it, Palo Alto Application Whitelist Example: https://docs.paloaltonetworks.com/best-practices/8-1/internet-gateway-best-practices/best-practice-internet-gateway-security-policy/identify-whitelist-applications/application-whitelist-example#

    There are a number of compliance criteria (CIS for one) that require whitelisting of network applications, as per https://www.cisecurity.org/blog/understanding-cis-control-2/

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  7. SSL VPN Insecure

    I have Installed SSL-VPN to users and provided userid and password to users.With this Userid and password users can install in their Personal laptops aswell.This is a top notch security Sophos has not clarrified or checked.As we are using DHCP even with IP we cant able to create a firewall rule,My suggestion that there need to be a specific configuration to add Device MAC id to configure VPN.Please getback on this

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  8. captive portal

    Currently Captive Portal do not get open if we need to allow certain website for all the users in the network and block access to other website.
    Captive Portal should be available to all the users by default if he is part of the network .
    If a Rule 9 is allowed rule access to website for all users and in Rule 10 is to show users the Captive Portal then user gets the page of website blocked.
    Show captive portal to unknown users should available to all users if is not a part of any Allowed Group in the…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Enlarge maximum number of zones to greater than 100

    Currently the maximum number of zones is set to 100. Can this be enlarged to, f.i., 200.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. MTA SMTP policy filter mails by headers from, to, etc..

    223/5000
    In the legacy mode of the e-mail protection module there are filter options of the e-mail headers, in the MTA mode there are no such options, as well as those of probable SPAM, probable virus, etc.

    It would be very interesting to have these options.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Offboarded Users are not able to remove from XG firewall from authentication. It should be remove dynamically

    Off boarded users are not able to remove from XG firewall from authentication. It should be remove dynamically. Becasue how we use STAS for authentication the same way STAS should tell firewall to remove disabled users.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. stas change Learning State time of 1 hour

    We running into an issue where Stas learning state 1 hour timeout creating an issue for us... we need to have ability to change timeout as needed.
    sophos case# 88882736 for reference.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add support to ciper suit in Cyberoam OS

    Add a support to ciper suit TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 -

    {0xC0,0x2F} in Cyberoam OS

    87 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    23 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Sophos for non-IT users

    There is a desperate need in the world for sole proprietors and small business owners to get and use these great products. Non of the documentation is at the level where a massage therapist, lawyer, etc. can make any sense of it.
    These people may be small now but if you can grow with them you have an untapped market.
    I've been doing cyber compliance and have written info sec policies and done training for decades. I'm familiar with the nomenclature and basic concepts but even I can't seem to get this firewall installed. I can help with this with…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Diameter authentication on Sophos XG

    Most companies are now switching from radius to diameter authentication.

    When is Sophos going to add diameter authentication to their authentication method. Thanks

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Issue with Encrypted Backup File in XG Firewall

    Hi Sophos,
    I feel encrypted backup file feature on XG firewall which is inconvenience. Can you let this feature be optional on new firmware update?

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. MAC address binding with SSL_VPN users machine

    Hi,
    We have configured SSL_VPN clients. I require settings like user can allow to login or install agent in specific given laptop only. Users should not allow to login SSL_VPN in any other machine.
    Can you please help me to do settings like this

    Thanks

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  18. custom image upload option in captive portal

    Team,

    Looking for a new feature of adding custom image in captive portal, so that we can choose our own image instead of sophos..

    Regards,
    Srikanth
    College of Defense Management- Hyderabad

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. high contrastdisplay scheme

    The color combinations on the XG website as well as the Sophos cloud site are week and promote eye-strain. My technicians now must turn on windows high-contrast to work on the the interfaces for any length of time. The colors are washed out and weak to say the least. A security company should denote strength rather than weak and washed out. What ever happened to any contrast ration with black easy to read fonts on a white or light crey background?

    Also we attempt to hire veterans and have some vision impaired veterans that cannot provide support for Sophos because…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Can we have an option to disable inactivity time out on sophos XG firewall web admin console.

    Customer wants to be able to view sophos XG dashboard on their SOC and the web GUI keeps timing out. can be have option to disable inactivity time out or to extend it to infinity.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos Features & Ideas Laboratory
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.