XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow ICMP request from WAN on Public Alias IP Address

    Hi,

    on WAN port we have multiple alias public IP Address. now i want to allow ping only particular alias IP Address from outside world to check the wether the Server is up or down purpose.

    so please include this feature XG Firewall.

    we have urgent requiremnt for this because we are in ISP businees so we want to allow ping request from any source.

    Regards,
    Kamal Patel

    24 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  2. Users to have ability to manage emails Whitelist and Blacklist via User Portal and quarantine report .

    Users to have ability to manage emails Whitelist and Blacklist via User Portal and quarantine report .

    285 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    36 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  3. Heartbeat: Drop to next rule on heartbeat failure

    I would like to suggest that with heartbeat enbaled that when someone is Red or no heartbeat that there is an option to either block internet access, or to drop next policy in the list

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Synchronized Security (Heartbeat)  ·  Flag idea as inappropriate…  ·  Admin →
  4. Email Protection: Implement SPF and Header functionality into Sophos XG

    Hi Sophos, for Security and anti Spam enhancement please include the spf check and header modification functionality in your xg firewall.

    186 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add packet tracer feature

    A feature like Cisco's ASA Packet Trace utility will be very nice. I like the XG firewalls but I really miss the Packet Tracer. Here's a little bit about it:

    https://supportforums.cisco.com/document/29601/troubleshooting-access-problems-using-packet-tracer

    I like it because you don't need to setup test hosts - the test packet virtually injected from the appliance itself.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  6. single sign on for Bookmark in Clientless Access VPN

    XG cannot forward the user identity from User Portal to Bookmark in clientless access VPN.
    At the moment, we have to configure a shared login credential (Automatic Login) for Bookmark.
    It would be better if XG retrieve user information from a User Portal session and forward it to a Bookmark.

    18 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. 'Blocked File Type' for POP3 / IMAP

    Like SMTP option, allow to remove MIME type (especially Office document containing macro .DOCM which is used by Locky)

    16 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  8. migration tool from UTM9 to XG on same model

    We need tool for migrate UTM9 to XG on same model

    17 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  9. Support for IPOE

    Support for IPOE, since it' s not only in use for consumer lines, but also for >100MB business lines, because lower overhead then pppoe.

    17 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. rule grouping / rule inheritance / rule subclassing / rule nesting

    In general i want to define a incomplete parent thing and create multiple childs base on it. To make it easy to understand, options defined in the parent should not be allowed to change in the child. And the display should reflect this relation.
    This could reduce unneeded options need to manage. For example, i didn't need to create two mostly idnetical rules if i want some of my users to access a application from more networks or times. Or create multiple mostly idnetical rules to apply different qos policys base on source zones

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. RED DHCP relay option

    Please add support for DHCP relay server on RED units.
    I need my clients to get IP adresses from internal DHCP server, NOT from RED unit, NOT from central XG boxes. Right now i solve this by making the RED tunnels using an intermediate ip adress and subnet, then going through a Layer3 switch at every location, to get this working.
    I would like to skip all the L3 stuff at the sub locations, and simply have a unified network through the REDs and the XG boxes - but i need my clients to receive, and register, to my internal…

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Configure delay to redirect to URL after Wireless login

    The time it takes after the user logs into the wireless hotspot to redirect them to a URL is too long. It would be great to have a option to enter in how many second before it should redirect to another URL. Editing the HTML to change the seconds before redirecting is very daunting and it should be just an option.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  13. Ending a wireless session

    There is currently no way to see a wireless session and disconnect that person or device from their wireless session. Good security feature for blocking a device or the devices MAC address of that device.

    17 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Wireless Protection  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add customizable log notifications so we can be emailed with an intrusion is detected

    Every other firewall i have used has had the ability to email alerts and log files based on customized thresholds. This feature is lacking from the XG. The only thing it allows you to do is setup notification settings for when IPSEC tunnel drops and comes up.

    29 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  15. Implement avahi to make life with Apple devices a lot easier

    When you have a network will apple products you will soon relise that unless they are on the same subnet they will refuse to see each other, this is because bonjour just refuses to work over subnets.

    avahi can solve this but don't really see the point in setting up a server running linux to do such a small task which should be added into Sophos itself.

    I saw a feature request just like this for UTM 9 and the was no response from an admin, seeing as XG is a new platform I am hoping this feature might actually…

    19 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  16. Firewall rule with content/application matching for custom QoS/Gateway configurations

    Allow firewall rules to "match" by application, and thus permit custom routing/qos. E.g (Streaming out lower cost WAN1, VoIP out faster/more expensive WAN2)

    This would be (layer7) application based (Not Subnet/Port based)

    12 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  17. Hostname displayed in Dashboard

    A partner asked if there is a faster way of identifying which Sophos XG Firewall he is looking at just by looking at the Dashboard. The only answer I could give was compare the serial numbers. I think it makes sense if the hostname of the XG can be displayed in the Dashboard so that Partners or even administrators who are managing several of them can quickly tell them apart.

    67 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. Management Interfaces with dedicated routing table

    It would be appreciated to have different routing table for the management interfaces and the firewall.
    Management interfaces on management vlans with different gateways and different routing priority.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  19. Rename RED devices on XG

    Why on earth am i not able to rename my RED units to something sensible? Instead all units is called reds1,reds2, reds3 etc, in the name they are added!
    This is hopeless - and it quickly becomes hard to identify the units/networks!

    33 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  20. Guest WiFi: Log by MAC address

    In France, we need to have 1 year of log on Guest Wifi.

    Actually, the logs are by IP address but we don't have logs which associate MAC address and IP address.

    Maybe you can add a new feature by the possibility to configure logs by MAC address and not by IP address.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID - Old - Do not use Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Reporting  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.