XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Ability to apply UTM filters on traffic from Discover Interface so to create a report for POC

    Discovered traffic from Discover interface could be made more meaningful by applying web and application filters so to get some meaningful UTM reports not just application visibility for the new customer who wants to check the UTM capability of device before buying OR before device goes to inline production environment.
    Fortigate has some nice way with one-arm sniffer interface and sniffer firewall policy.
    It would definitely help sophos gaining more customers while doing POC

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Importing groups: disable MAC binding option

    Get the option to disable MAC binding while importing groups from an authentication server (Example: Active Directory), this because it can be easily forgotten afterwords and this can break SSL VPN for users in the new groups because MAC binding is not supported on SSL VPN.

    8 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. Sophos SPX Outlook Add-in - improved user friendliness

    Sophos SPX Outlook Add-in - improved user friendliness

    Problem/issue:
    The Sophos SPX add-in for outlook enables a user to encrypt outgoing emails. This add-in works just fine from a technical point of view, but it is not as user-friendly as it could and should be. When a user clicks on the Encrypt-button and enables encryption, it turns grey to indicate that it is enabled. But this is not easy to see for the user. This is not a clear indication showing that encryption is enabled, and especially if a user has enabled the dark or grey themes in newer versions…

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Split OTP from password entry field

    When OTP is enabled, provide a separate text box for the OTP on the WebAdmin, Captive Portal and VPN credential screens.

    It is not explicit that users are required to enter the OTP at the moment as it is just appended to their password, which can cause issues for staff trying to connect or login to resources as this is fundamentally different to how they enter OTP's in other applications.

    In order to resolve this issue it should be made clear to users that they have to enter the OTP in the form of an additional text box that only…

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  5. let Web-mail category include all it's URL

    the problem started when I wanted to allow only webmail to a specific group of users

    most of webmail servers use generic URLs for their authentication.

    the problem is that those URLs are categorized as (search engine, dynamic DNS & ISP, etc...)

    it will be very helpful if you can add those specific URLs as part of the webmail category
    as you can't access the webmail without them.

    thanks in advance for your help and cooperation.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Rename the "Block QUIC" checkbox

    The "block google QUIC" checkbox does not actually block QUIC, as it says, but instead blocks all UDP on port 80 and 443. 443 UDP is not always QUIC! This is misleading, and should be renamed to "Block UDP 80 and 443 (like Google QUIC)".

    5 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Detection Requests  ·  Flag idea as inappropriate…  ·  Admin →
  7. 1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  8. Custom Admin User Profiles

    Would like to have the ability to create a user profile that is somewhere between full admin and general user something like a power user and be able to define what they can and cannot access when logged into the admin console.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. FIX SMTP Outgoing connection so it works with Office365

    Seems no matter how I configure the outgoing SMTP settings I cannot for the life of me get it to work with smtp.office365.com. I can get other devices to work just fine with that service, things like copiers and multi-function printers. A little embarrassing that the Sophos would have trouble especially since it touts itself as a e-mail protection device.

    4 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  10. Custom SAR Report

    The SAR report generated by the device when in TAP mode is nice but it would be great if we could add/remove items and/or change the wording of some of the report to fit our industry. The custom logo is a step in the right direction, now give us a little more control of the report's content.

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  11. Bookmarks should appear or disappear based on connectivity

    Would be great if you could make bookmarks aware of connectivity and appear only when that bookmark will actually do something. If the destination of the bookmark cannot be reached (tunnel down perhaps?) then the bookmark should either disappear or show up greyed out and not allow it to be selected.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  12. Better Handling of Cell Modems

    The Cellular Modem page under networks leaves a lot to be desired. There should be many more options to configure connections and a signal strength meter. Look to the Modem Manager application on Linux for inspiration, something like that in the XG would be fantastic. Also need more support for modern cell modems, the compatability list is starting to become quite dated. With 3G ending this year I think it is soon time to prune all 3G only devices and start supporting LTE/4G/5G models.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. On-demand RED Tunnels

    Would be nice if you could add an option to activate a RED tunnel only when traffic is destined for a network on the other side of the tunnel. In this way we could have RED devices behind cellular modems and not use massive amounts of data just to maintain a tunnel that isn't being used. The overhead to maintain a RED is about 2K/s which doesn't seem like much but over the course of 30 days will add up to over 500MB which is a lot on a limited cell plan.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  14. Zone Groups

    It would be good to be able to build zone groups in a similar fashion to IP host groups, FQDN groups, service groups, etc. This would allow rules to include multiple zone sets quickly.

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add protocoll of current Windows product to the business rules ... (Windows 2016 / 2019)

    You had support for Remote Desktop Gateway protocoll (Windows 2008 and 2008 R2) implenented. In the state of the art fw, the modern OS (Windows 2012, Windows 2012, Windows 2019) is not supported for some protocolls.

    3 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add TCP Dump to the Tools

    I think it would be nice if they would add TCP Dump to the tools page for XG, I would not think this would be difficult, just have some settings fields and click a button and have it open in a new windows using the settings. It would be even better if it could be saved to a text file as well, this way as admins when we are suspicious of a specific device we could setup a log on a singular IP and Port in a sense.

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add the Use of Network Groups (objects) to Routing and firewall rules

    The issue seems pretty simple. On the SG, I was able to define Network groups, e.g. MOE_Group, MPLS_Group. From that, I was able to define my sites and put them into those groups which would provide firewall rules and routing. We never made it to the rules but the routing is what is killing me. Again, in the SG, I am able to define Static Gateway Routes using my Network Groups:

    Route Type: Gateway route
    Network: MOE_Group
    Gateway: MOE Router ( a router on the trusted internal network )

    Route Type: Gateway route
    Network: MPLS_Group
    Gateway: MPLS Router ( a…

    1 vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. 5 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. reset firewall hit counter

    reset the firewall hit counter, not only after reboot

    3 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. IP Host List Can not be download in .CVS format

    IP Host List Can not be download in .CVS format. It is downloaded in html format.

    2 votes
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.