XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Implementation for mac host groups .

    Missing feature since long time Implementation for mac host groups .

    Now It's possible to create group for ip, fqdn but not for mac-hosts.
    For example: the authorization for the connection to wifi using mac filtering with whitelist or blacklist ..the mac host cant be picked from the existent list...and inserting the mac address only miss the possibility to tag and associate the mac to user or pc

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Update SSL Certificate on WAF rules removes listed domains / add possibility to add wildcards

    When updating a wildcard certificate under Firewall - Business Rule - WAF, an error pops up stating that *.domain is invalid and removed. Next, all domains currently listed are also removed. To add again (and again) all domains used with a wildcard certificate is time consuming and faults are easily made.

    Stop removing all domains, or make an export/import possibility. Better yet, accept wildcards just like the UTM did, and let the webserver handle the URL's.

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Adding new Swiss DDNS

    In Switzerland we have a free DDNS Provider DynDNS24, which keeps a entry alive over a longer period as long as the update doesn't stop over a longer period. You don't have to logon and to accept the next 3 months. It is for many Swiss customer important to stay in Switzerland.
    Here i have a link https://www.dns24.ch/home/welcome

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Dynamic DNS Providers  ·  Flag idea as inappropriate…  ·  Admin →
  4. 1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  5. 0 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  6. Sophos SSL VPN Client

    Hello Sir,

    my problem with Sophos is the SSL-VPN client that doesn't support a certificate based authentication. I don't want to store my credentials on each PCs where I use SSL-VPN client neither want to enter every time the credentials. It would be nice to have a certificate based authentication with SSL-VPN client.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. Enable Quarantaine Digest for Public Folders

    At the moment there is no easy way to enable Quarantaine Digest for Public Folders as it was at the UTM 9
    Please sync public folders with the Exchange server

    3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. captcha optionable

    Can you please make captcha an option to be enabled or disabled, not to be forced?
    We have Local ACL rules on each firewall so it can only be access from our office, we remotely take control of different firewalls about 10 times a day...

    35 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. make captcha optionable

    Can you please make captcha an option to be enabled or disabled, not to be forced?
    We have Local ACL rules on each firewall so it can only be access from our office, we remotely take control of different firewalls about 10 times a day...

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. make captcha optionable

    Can you please make captcha an option to be enabled or disabled, not to be forced?
    We have Local ACL rules on each firewall so it can only be access from our office, we remotely take control of different firewalls about 10 times a day...

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Customizable Quarantine Email

    How do you change the default content within the Quarantine Digest.

    We want to add a company logo and change the default text within this email to something more user friendly.

    We also want to add instructions to this email for our users.

    How can this be completed.

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  12. filter on local vs synced accounts in XG user interface

    please provide a way to filter on local vs non local accounts in the XG interface. Sure you can open each account to see if it is local or not but that isnt scalable when you have over 20 accounts. in light of the recent security incident it would be great if the interface had a way to just show any locally created account so we can a. change the password or b remove them all together. Support and consultants have been known to create accounts without full disclosure on what the account name is and it isnt feasible for…

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Sophos Connect TAP Adapter - register at dns server

    Set the option "register at dns server" on Sophos IPSec Connect Client at Windows TAP Adapter via parameter at installation of msi or in config file. If not active, the clientname (DNS) will not be reachable from LAN to VPN cause DNS didnt know about the VPN-Client IP. Usage of windows registrie or powehsell script on each client like these are very frustrating:

    Get-NetIPConfiguration | where {$_.InterfaceDescription -eq 'Sophos TAP Adapter'} | Set-DnsClient -RegisterThisConnectionsAddress:$True

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  14. vpn policy restrication

    any option for vpn access to checking mac address or antivirus policy ,,ok i want to restrict particular user laptop not connect our network through any vpn user.. i want to add this type of policy or future in xg 106 firewall....block laptop connection via mac address

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  15. Bounced Email Logs (Log Viewer Tab)

    Hello Support,

    I have raised a case 9862438 for a query related to bounced email logs shown in log viewer tab as well as to send those logs via syslog to any syslog server. But unfortunately the Support person said that this option is not available right now in XG Firewall. Please add this feature in upcoming firmware(s) so that we can get all the necessary logs and also able to forward those logs to syslog server to set an alert.

    Regards,
    Mansoor Ahmed

    2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  16. SSL vpn report

    I need to take ssl vn report usage time from xg frewall.
    the existing option shows only no of connections and bytes download
    I mean usage report

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  17. Required WAN interface utilization in report format (graphical or Excel or PDF) on report section.

    As of now we are not getting reports of WAN utilization on Current activities > Report section , We required the same in the graphical format so to download easily and monitor ISP wise reporting

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  18. IPsec Notifications

    We use the IPsec email alert to monitor our site to site connections.

    I notice that you migrated the option to the notification list in V18, however each time that the connection gets disconnected we received about a dozen emails at the same time, one for the parent connection and one for each client connected. This is followed by the same quantity of emails for reconnecting, os in total we are receiving up to 20+ emails each time an IPsec connection drops and reconnects.

    Now think on our Escenary having more than 20 Sophos devices sending these alerts to the…

    0 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  19. Synchronized Security Heartbeat from WAN as source

    Synchronized Security is great to ensure healthy endpoints are allowed to communicate with network resources but we need this to be available on WAN - LAN rules as well. With the movement around the globe to more companies becoming remote and hosting their services at a central point behind a Firewall we need to ensure the same set of rules or security features apply to known users that are apart of the same Sophos Central instance. Services protected by the XG Firewall need to be able to be restricted to inbound WAN users with an unhealthy endpoint status or no…

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. encrypted backup

    A way to test the encryption of the backup files, just to make sure that we have the correct encryption password in our documentation. Ideally just documentation on what programs can decrypt the backup (ie what format they are in).

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.