XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Superadmin role

    Currently there can only be one "super admin" on the SCFM. It would be nice to have this be a group or set of permissions that can be assigned to more than one user. This would allow multiple administrators to have control over the central management portal without the need of having the one person grant access on a per firewall basis.

    An example of this would be creating a new SCFM user and granting them the 'Administrator' privilege. This will allow them to manage all settings in SCFM, but it will not allow them to view all devices synced…

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add Reports for Intrusion Attack Detected and Blocked

    Customer requesting to show reports as well for Intrusion Attack Detected and Blocked or Drop

    15 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add "Create new" option to Hostname field in email encryption

    Please add the function "Create new" to the Hostname field in E-Mail -> Encryption

    1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. "rewrite html"

    As suggested by the support I add the suggestion associated with ticket #7420116 here as well.

    Please consider supplementing manuals for your products that include HTTP/Web proxies. The "Rewrite HTML" option causes not only HTML rewriting but also HTTP headers rewriting based on the head section <meta/> tags with the http-equiv attribute. The headers rewriting functionality seems to be undocumented.

    Please note that such an unconditional rewriting causes problems for web pages that have a construct like the following:

    &lt;head&gt;&lt;noscript&gt;&lt;meta http-equiv=&quot;refresh&quot;…&gt;&lt;/noscript&gt;&lt;/head&gt;
    

    Adding a HTTP header based on such a construct causes a site to malfunction because it redirects the client…

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Logs show NATed IP instead of private IP when the rule is set to drop the traffic.

    When the rule is set to drop the traffic, we are getting NATed IP on Syslog server's logs. All dropped traffic is showing public IP instead of private so we can't differentiate between logs based on private IP. We were informed that the Cyberoam firewall has such architecture. And if we want the private IP we need to set the action and allow and drop the traffic using utm features.

    This should not happen.

    4 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  6. DMvpn

    Dynamic Multi-point VPN (DMVPN) is required for dynamic routing in VPN for redundant route identification (LIKE ospf,eigrp,).

    12 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. Email Protection: exceptions for virus,- spam and content checks

    Please make it possible to make specific exceptions for virus,- spam and content checks like it is possible in the UTM. Now you can only make general "Spam Check Exceptions" for "Domain Name"??? Which actually only creates an exception for the IP blacklisting check.

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. WAF Load Balancing - Add additional features

    On HTTP/S NLB I would like to have more features, such as:

    Weighted roud-robin
    
    Weighted least connection
    Hash based on Source/Destination IP
    Hash based on Cookies
    Hash based on Header/URL

    Thanks

    50 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Better configuration for many to many masquerading NAT

    XG allows to masquerade an internal network with an IP range. To works fine it need a valid Alias address configured on the out interface (valid ip = ip in the masquearding range). So if we create a range of 200 IP we MUST define all 200 ip on the out interface. This is a feature needed in different scenarios such as a primary gateway with authentication or a network overlap ...

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  10. Load Balancing Ratio - Usage of % instead of numbers

    Gateway Load Balancing accepts number and if you have more than 2 gateways, finding the ratio number can be challenging. Using percentage is less confusing and more simple to use.
    Thanks

    47 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  11. Yubikey 2FA

    Be able to login with a Yubikey token or Yubikey U2F (touch to login) without having to use a timebased OTP.

    42 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. IPv6 IPoE Support(Japan NTT Flets network)

    Support ipv6 internet Connect only.
    (licence update & firemware update & other file update all ipv6 support)

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Source Address option in Ping Diagnostics screen

    Under the Diagnostics screen, under the PING section, allow the ability to put in a Source Address to ping from. This would help with troubleshooting routing and VPN issues immensely.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. HA Peer Administration Port is VLAN

    Right now, when configuring the Peer Administration Port, we can only select a Physical port, but not a VLAN. This means that for an HA we need two dedicated ports and not 1. Typically, a deployment would have the various VLANs (including management VLAN) in a trunk between the switch and the FW.
    Would it be possible to enable the Peer Administration to be set on a VLAN?

    Steven.

    15 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  15. DNS over VPN

    Sophos must support Domain Name (DNS) over VPN Tunnel

    26 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  16. RED traffic in system graphs

    We can see RED traffic in report,
    but we can't see the traffic in system graphs.

    Please add the RED interface in system graphs.
    Thanks~

    28 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  17. Syslog down or not reachable - XG does not log anything

    If the Syslog is not reachable or down, XG does not log anything. From XG we need details on Syslog connection. For example last contact time, a log when the syslog is not reachable and other useful logs to help Admins during Maintenance and Administration.
    Thanks

    17 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Custom Name on SSLVPN Profile

    On the XG Firewall is not possible to change the Profilename for the Remote SSL-VPN. Profilename is always "usernamesslvpnconfig". Please add the possibility to change that like on the UTM with override hostname.
    I think, a field to customize the String "
    sslvpnconfig" would be better.

    7 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Report on User Bandwidth for Both Download and Upload

    Can we get XG on box reporting for user bandwidth usage for both download and upload. This will allow us to report on both how much a user has downloaded and uploaded. The uploaded data is important to see if users are uploading large amounts of data for dropbox or google drive.

    23 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  20. User Threat Quotient for safeguarding vulnerable users

    The User Threat Quotient (UTQ) is an excellent tool for identifying high risk users, based on security risks. I think this could be improved further to include categories such as Extremism/Radicalisation, and Self Harm/Pro Suicide. This will be of great use for education customers to help instantly identify high risk/vulnerable users in relation to the Prevent duty and Safeguarding guidelines.

    22 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.