XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Client certificate based authentication for SSL VPN remote access

    Clients should be authenticated based on the client certificate instead of username/password for SSL VPN remote access. The Sophos XG should validate the certificate via a CRL or via OCSP.
    This functionality is supported by most other vendors and solutions (e.g. Cisco Anyconnect or OpenVPN).

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  2. subodha@idawngroup.com

    Hi Team,

    On now Sophos can add bandwidth limitation to user wise/ Application wise and Rule wise.
    But if bandwidth limitation had on network adapter wise and VLAN wise, It will be very helpful to all of them. So I'm requesting to add that feature ASAP.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. please provide filter option under intrusion prevention under Spoof Protection Trusted MAC it is very difficult to change the mac or ip

    please provide filter option for mac with ip
    under intrusion prevention
    under Spoof Protection Trusted MAC
    it is very difficult to change the mac or ip numbers . In our organization 250 Hosts are bind with mac for security purpose. There are 40 pages across we have to search it is very difficult. Thee is no option for export also. This feature is available in cyberoam 100ing firewall. but in sophos XG210 its a major pain to always scroll all the pages to find a single entry.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. GUI Control for 'NATting' system initiated traffic

    currently there is no easy way to control NATting of System initiated traffic, this would be incredibly useful when using a 4G SIMs

    Which uses a Private IP address range not a public. there are also ISPs which use Private IP addresses and route Public IPs to the private IP.
    which means you cannot register or control using Central.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Central Management  ·  Flag idea as inappropriate…  ·  Admin →
  5. subodha@idawngroup.com

    Hello Team,

    Pls add bandwidth usage for user wise / group wise in to reporting.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  6. Schedule Reboot Sophos IView

    Hello Team,

    We have a request here from customer to have option for schedule reboot for Iview.
    For your assistance please. Thank You.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  7. WAN link report and SD-WAN routing policy report

    We should have the report for WAN like how many throughput per WAN link in the Report menu (Currently, We just have system graphs). Moreover, XG Firewall v18 have SD-WAN routing policy we should have the report for SD-WAN routing policy as well.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  8. Block Internet Explorer 10 & 11

    Currently Internet Explorer 6 – 9 are listed in the Applications list on our Sophos XG310s. We would like to be able to prevent our end-users from using Internet Explorer 10 and 11.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow blocking of website using regex to allow for more flexibility in blocking sites.

    At the moment we can only block sites with keywords or domains, but we can add exceptions to allow sites through with regex. It would be great to be able to use regex to handle blocking also.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Make DNS-Request Routes actually use the additional DNS-Servers specified

    When creating a DNS request route via Network -> DNS -> DNS request route, one may specify a list of hosts to be queried for this specific DNS-domain. According to the UI, the order of this list indicates priority of the servers.
    However, should the first server fail to reply (because it is down or unreachable), NO other DNS-server will be queried. According to Sophos Support, this is the intended behavior as the additional Servers are only queried if the first server replies with NXDOMAIN.

    This is obviously not usable as a failover scenario and is certainly not the behavior…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Not able to download wb surfing report for particular IP. It is showing IP address of wesites but not website names.searched

    Not able to download wb surfing report for particular IP. It is showing IP address of wesites but not website names.searched

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  12. Option to restart AP under XG Web Admin

    We have request here from customer, asking to have option to restart AP under XG Web Admin interface. For your assistance please. Thank You.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Include reserved ip addresses in backup

    Unless I'm mistaken, experience taught me that restoring from backup will not re-populate reserved IP addresses based on MAC.
    This, combined with the manual-only method of entering reserved IP's makes for a lot of work in situations where a long list of reserved IP's exist and need to be kept.
    Could this please be reviewed?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Turn on/turn off an IPv4 unicast route

    Hello all, could you add the option to turn on/turn off an IPv4 unicast route? UTM v9 has had this feature for years and I think for many reasons other administrators would welcome it too.

    Thank you in advance
    alda

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Sophos XG - Policy Tester - Exception

    Sophos XG should display the Name of Exception on results of Policy Tester.
    If You test a policy, the result show only which exceptions skips is applied.
    So, will be very nice if show the name of Exception to troubleshooting.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. v18 - firewall rules - nat rules - visibility of linked rules

    v18
    In firewall rules interface, you cannot see which NAT rule or MASQ is being applied to the firewall, you need to switch between two interfaces tabs, this is a nightmare for datacenters with BGP where a customer has a separate BGP ip... and troubleshooting. Ergh!

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Adding vlan on bulk

    Hello Team,

    We have customer here requesting to have option for XG to add VLAN in bulk as they have a requirement to add 100 VLAN's in a sequential fashion. For your assistance please. Thank You.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Hardware  ·  Flag idea as inappropriate…  ·  Admin →
  18. Linux Authentication Client on ARM Hardware

    Would it be possible to provide an authentication client form Linux running on ARM processors, so for example it would run on a Raspberry Pi. Only the CAA executable need to be cross-compiled within the current Linux client.

    Thank you!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  19. 2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  20. Sophos Connect client connect pre login Windows for domain connection

    Please make it possible to connect Sophos Connect client VPN befor a Windows user is logged in like NCP client Pre-Logon feature, to get all AD domain features like GPO and networkshares.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.