XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Application-Traffic Shaping based on percentage of WAN bandwidth available

    Allowing to set application bandwidth based on the percentage of the WAN bandwidth available will make enable copying configs from firewalls with different total WAN bandwidth. Moreover will make it a less hassle to upgrade or downgrade WAN bandwidth in the future. This feature would greatly enhance the settings for MSPs or vendors who send out pre-configured firewalls.

    32 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Application Control  ·  Flag idea as inappropriate…  ·  Admin →
  2. Match DHCP leases with RADIUS accounting messages

    For Sophos XG:
    Routers like OpenWRT do not know the IP address when a client connects and can only report the MAC to the firewall. If this firewall is also serving as a DHCP, it can match the MACs ( from accounting message and IP lease) and thus, the Framed-IP-Address attribute is not required any more.

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. Hotspot voucher creation with starting validity

    It would be useful to be able to create hotspot vouchers with starting and ending validity , and also to schedule the creation of them

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Non-Sophos WNIC Support

    Some core functionality for other wireless chipsets should be provided, even if it isn't "guaranteed perfect".

    For example, ath9k (Atheros) drivers ship with XG, but cannot be loaded because of a version conflict with a dependency. Atheros chipsets are the most compatible with other linux, and considered to be "100%". The code is all there, and being used in production by other manufacturers.

    Sophos XG Home isn't usable in my circumstance because it doesn't support common wireless chipsets, which is needed in my home. Purchasing a Sophos wireless appliance is possible for my company, but not for me at home!

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Guest access registration option on captive portal

    Please add guest access menu on captive portal like UTM 9

    5 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. Captive Portal Session Timeout

    Bring back the captive portal session timeout like UTM 9, in XG if closing the window after login is the same as logout.

    15 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  7. Outlook add-in for Email Protection

    Please can we have an Outlook add-in which will allow users to blacklist with a single click.

    I love the daily digest which allows users to release false positives but there seems to be no function for undetected spam which makes it through.

    Thanks

    57 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. Use Office365 MFA for VPN user authentication

    It would be great to have integration of Office 365 multifactor authentication process (ability to use it to protect vpn connections for instance)

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Report on bandwidth consumption over time per WAN connection

    Appreciate if you could provide solution the each Interface Internet Service Provider bandwidth Utilization Report. I need to pull the report of Utilization of bandwidth for every month (Example: WAN Utilization of each Service Provider, how much upload and download utilization).

    34 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  10. Google authenticator OTP support for XG remote access

    Google Authenticator is not working on the XG firewall but is on the UTM 9 devices. I believe it is a programming issue on the OTP Key length that the Sophos supplies. The key has "=" signs in the code which Google Authenticator does work with.

    40 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Azure Native Backup for recovery

    Ability to use Azure Recovery Services to run backups of the appliance so that recovery time can be reduced.

    8 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Pharming protection - Exception possibility

    it's not possible to create an exception on Pharming protection (Web --> Protection --> Advanced Settings).
    The default enabled function let you "Protect users against pharming and other domain name poisoning attacks by repeating DNS lookups before connecting."

    We were unable to get a vpn tool called "SSL network extender" working (to support a customer). The solution was to disable the Pharming protection completely.

    58 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Device inventory

    I suggest a view of devices on the network, divided by operating system and bringing the essential information such as host name, IP and MAC address, and which interface are connected.

    39 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. SSL VPN - Disconnect User

    Actually, if I click the button to disconnect a Live SSL VPN User (from XG Admin Panel) the firewall sends Connection Soft Reset to the VPN Client, but after a few seconds the client re-connects.

    It would be nice to disconnect the user (at least until it does another login with VPN Client) maybe also sending him a popup message.

    14 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow selection of CA Certificate to enroll SSL VPN User's certificate

    It would be great to allow selection of CA Intermediate certificate used to enroll SSL PVN Users Certificates (like already done for Web Scanning)

    9 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. OTP: SMS

    Please allow a SMS provider & custom SMS url to provide as a way to retrieve the OTP code for users.

    17 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. 4096 bits SSL VPN Encryption

    4096 bits SSL VPN Encryption is currently very common on many appliances but not on Sophos XG. Could you please add this level of encryption to the XG?

    33 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  18. Change "From" name and add subject prefix for notifications

    Right now email alerts can be set with a from email address but says "Sophos" as the from name. Would be nice to change this to another name like the device hostname instead.

    Also, would be nice to add a subject prefix like [Sophos] or [Hostname] to add some detail.

    We have over 10 units and we have no way of knowing which device is affected until we open the email.

    10 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. System: Disable unused services

    Please allow for an option to disable certain services the XG offers such as;
    - Disable HA when (if not configured)
    - Disable Wireless Protection
    - etc.

    Would be neat if these options wouldnt show in the GUI anymore & do not count toward health status.

    39 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow RIP to be disabled

    Please allow for an option to disable RIP.

    6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.