XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Use IP range or network object for allowable Radius accounting requests

    customer got a Meraki Wireless network and basically each WAP processes the request and then would need to forward the accounting request to the Sophos firewall. So without using IP range or cidr they need to enter 150 ips individually.

    If ip range or cidr option is available then It will let then to do radius accounting on wireless network without
    having to put in 150+ radius clients.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Hardware health: Thermal sensors and fan speed reporting

    Hi

    Some sort of hardware status feedback would be very nice. Most importatn would be CPU and mainboard temperature, however fan speed would also be nice.

    128 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. Compare / Diff Policies

    It would be handy to be able to compare / diff policies. You can currently do this manually by opening two pages side-by-side, but that is cumbersome and error prone.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  4. Decryption Port Mirroring

    The Decryption Port mirror feature provides the capability to create a copy of decrypted traffic from a firewall and send it to a traffic collection tool that is capable of receiving raw packet captures–such as NetWitness or Solera–for archiving and analysis. This feature is necessary for organizations that require comprehensive datacapture for forensic and historical purposes or data leak prevention (DLP) functionality.

    30 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Routing Table - Show

    Available in the GUI or CLI able to visualize the active routing table.

    This feature exists in other manufacturers, such as Fortinet for example

    43 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. SSH Access - User can access the SSH with its own credential

    Currently it is possible to access the SSH only with the ADMIN user.

    For companies that need to be compliance with the PCI this is not acceptable.

    It is very important each User can access the SSH with its own credential for audit purposes

    103 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow changing threshold for the Performance system monitor on the XG homepage.

    Allow changing threshold for the Performance system monitor on the XG homepage.

    My system always sits in Orange even when network use is really low.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. GUI Search

    I often find myself hunting around the interface for various settings. It would be quite handy to have a search box where I can search for a particular setting, select it from a dropdown of results, and then be taken directly to the page.

    101 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Create a Migration Assistant (web)application for the Firewall-OS

    Cyberoam has a Migration Assistant which converts for example a SonicWALL UTM configuration to a configuration for the Cyberoam UTM appliances.

    The Sophos Firewall-OS already supports an API which uses, just like the IMPORT/EXPORT feature, an XML structure for setting configuration. Now I have to if possible create a script to find configuration components and convert the structure to match the XML structure for the Sophos Firewall-OS. Other vendors support configuration exports in XML format or other kind of readable format.

    Such a tool would make it easier to migrate a customer to the Sophos Firewall-OS, making the choice for…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Edit/Delete default IPS rules

    XG comes with IPS built-in rules and cannot be customized or deleted. At least allow us to customize them in order to add/remove Signature.
    I always like to keep the Appliance as clean and light possible and I would like to delete default IPS rules too.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow IP List to be added to IP Host Group

    You can add an IP range or IP subnet to an IP host group but not an IP list.

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. UI should show pop-up info for network object everywhere

    Please correct the UI so that the Port designations include the subnet or IP address associated with them EVERYWHERE. Right now sometimes when you select a port from a list it will include that information and at other times it is missing. I have a hard time remembering which port number is which interface, it is reminiscent of the frustration of working with SonicWall devices and their annoying X0, X1,X2, etc. designations.

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add an UNDO Button

    Would be helpful if you could reverse changes to say a firewall rule or security policy just by clicking on an Undo button.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add Visualization of Networks and VPN Connections

    Would be awesome if you could look at a chart of how your network is configured from within the XG. Might make diagnosing issues easier if you could see precisely where things are breaking with this kind of visual feedback.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. Scheduled Installation of the AV Updates and Firmware Installation.

    Scheduled Installation of the AV Updates and Firmware Installation is required. The firmware updates and AV Updates should get automatically downloaded over the WAN interfaces, however installation of this updates should be done only when the Date and time is scheduled by the Network Administrator.

    In addition to the available scheduling options, the custom category should be added, where in the administrators can select a custom date and custom time, after selecting the custom date and custom time the system should prompt if these settings are just to be executed once, daily, weekly, every 15 days or monthly.

    697 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    86 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add Windows XP as a High Risk Application

    Can you add the ability to detect what operating system a computer is running (based on HTML headers perhaps) and warn if certain operating systems such as XP are seen?

    6 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Detection Requests  ·  Flag idea as inappropriate…  ·  Admin →
  17. "One-Click" Compliance button for easy PCI compliance

    Would be great if you could add the ability to configure the UTM for PCI compliance with a simple check box or wizard. As it is now it becomes a real chore to comply with PCI DSS on both the XG and UTM 9. Adding this would be a first in the industry most likely.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Support Multiple Forest not Trusted

    STAS rocks! Anyway if you have to manage multiple Forests (not trusted) the XG cannot accomplish the task. Other vendors support this feature. This feature gives to XG a step further for use it in big environment.
    When you will implement this feature, you should allow the Admins to decide if split the XG in multiple firewall (virtual firewall feature http://feature.astaro.com/forums/330219-sophos-xg-firewall/suggestions/11262702-virtual-firewall) or not.

    Thanks.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Authentication clients  ·  Flag idea as inappropriate…  ·  Admin →
  19. Availability Groups

    In the UTM I had a "Public DNS Servers" availability group, which was listed in "DNS Forwarders". I found this to be the best way to maintain reliable DNS forwarders in the UTM. Currently there is no way to create availability groups in the XG, let alone use them for DNS forwarders. I miss this feature.

    56 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add navigation to first and last page for multipage displays

    In log files and in other areas of the UI where there are multiple pages presented, you can only go right or left one page at a time. A multipage selector with first and last controls would be ideal. But at a minimum be able to go to first page/last page directly. When paging through a log, it takes a long time to get back to the first page.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.