XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Force delete object

    At the moment, if you try to remove a object used somewhere (Policy Rule for example) a message appears saying that "the object is already in use." So give us where the object is in use and allow Admins to delete it.
    You can add an extra column with number of times the object has been used and give LINK where the object is used so we can go directly to the place and check if can delete it or not.

    153 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    21 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow Configuration of DHCP Options

    UTM 9 had great DHCP options that you could assing globally or to an individual pool. For people with VoIP deployments this is Huge.

    360 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  3. WAF: more authentication type

    At the moment there are different type of authentication missing even on UTM9 against ISA server 2006, such as:


    1. Two-factor authentication using forms-based authentication and a client certificate.

    2. Delegation of credentials by using NTLM or Kerberos authentication.

    3. Kerberos constrained delegation.

    4. Secure Sockets Layer (SSL) client certificate constraints

    In this way, XG and UTM9 are the very alternative to ISA Server.

    136 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Webserver Protection  ·  Flag idea as inappropriate…  ·  Admin →
  4. Integrate Alarm output into RMM tools

    With the new XG firewall with the heartbeat function. Nearly all IT reseller/Partners use RMM tools, these alarms need to be integrated into these tools. (Connect wise, kasya, etc).

    Adding a connector into these tools will do the following:-

    Integrate automatic Ticket generation for alarms and alerts from the Sophos XG platform into the IT billing and Ticket system.
    
    Stop IT companies having to go and manage multiple web pages and different sites to generate Tickets of work.
    Be a powerful difference between Sophos and other Firewalls sold.
    This should not be very hard to integrate into the Partner Web
    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

  5. 428 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    63 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  6. Bring RED Tunnels to UTM's and also to Sophos XG

    I would love to be able to create RED tunnels to other Sophos Firewall XG devices aswell as Sophos UTM's.

    This was a big disappointment to myself who used RED tunnels between UTM's

    29 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  7. Improve Signature Policy GUI (IPS/AppCtrl)

    In the moment it is a mess to select IPS Signatures and Applications in the
    GUI, which additionally doesn't fit in the browser window very well.
    Did i mention the (small) scroll bar on the right?

    Please adjust the IPS and AppCtrl GUI according to best practices.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  8. Create and Manage Multiple ehlo

    As Enterprise product, XG should be able to manage multiple ehlo to protect multiple email domain behind it. On UTM9 we have profile mode but multiple ehlo was missing too. Add some sort of profile (including ehlo) for multiple domai for one/multiple public IP, such as WAF does with virtual domain.

    26 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Planned  ·  1 comment  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  9. Improve the WAN Gateway monitor

    Improve the WAN Gateway monitor. Add Latency thresholds, Packet Loss thresholds.
    This can help much to prevent false positive gateway status.
    The same feature could be added on VPN Failover system

    Best regards,

    Carlos Cesario

    196 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  10. Mail notification to multiple recipients

    Add support to notification component send email to multiple recipients.

    Currently it is supported only 1 recipient.

    Best regards,

    Carlos

    225 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    22 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add support SNMP Community answer to any (0.0.0.0) IP Address

    Currently it is needed create one Community to each specific IP address.
    It is impossible create two 'Public' communities by example to two different IP address or create a single Community String for any (0.0.0.0) Ip address.

    Best regards,

    Carlos

    31 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  12. Rename objects

    Add support to rename Policy rules name, IPSEC and SSL VPN tunnels name, Webfilter Policy and Category objects, Application Policy and Category objects, QOS rules and all other items.
    This will Improve the management, it must be default to all objects. Currently to fix a simple typo error, we must to create a new policy or category and populate all items again. A simple task can turn into a hard task.

    Best regards,

    Carlos

    283 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add option to change Appliance SSH port access

    Add support to change SSH port access.

    Best regards,

    Carlos

    140 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add support to choose multiple Hosted Address when create a Business Application Policy

    Add support to choose multiple Hosted Address when create a Business Application Policy.
    Imagine a customer with 3 WAN links and 50 Business Application Policies rules.It is needed create 150 Rules for this.

    This is a real case today.

    Best regards,

    Carlos

    38 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add support SNMP via VPN without add static

    Add support SNMP via VPN without add static routes. This could be as SSH via VPN, only choose a checkbox allowing or deny the service.
    Today it is needed add static route pointing to tunnel name.

    Best regards,

    Carlos

    11 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  VPN and RED  ·  Flag idea as inappropriate…  ·  Admin →
  16. 299 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    62 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  17. Enable/Disable Interface

    At the moment, there is no way to disable/enable an interface inside SFOS.
    Strange!Even using CLI menu.

    449 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  Base System + General UI  ·  Flag idea as inappropriate…  ·  Admin →
  18. POP3/IMAP-More action options when scanning

    At the moment, scanning POP3/IMAP traffic does only allow to change subject or accept. A really antispam engine will block spam email even on these protocols. Please add more action options.

    103 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    16 comments  ·  Email Protection  ·  Flag idea as inappropriate…  ·  Admin →
  19. Feature request - Custom security risks level

    I am using SFOS at home (at moment) and I have seen from reports that some custom ports (in my case TCP:49275) does not have a risk level. All other know application are already classified. My questions are:


    1. why do not add the chance for custom port to become an application?


    2. why do not add custom risk level to custom application?


    3. Why users cannot change the risk level on know application?


    I work with Health care industry and banks too and every customer has different needs so I am sure that for some Skype (for example) is extremely risky while…

    49 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  20. Sophos VPN app for mobile platforms

    Sophos should develop an own VPN app for mobile operating systems (iOS / Android / Windows Phone) which can connect via the UTM using the configuration pushed from the UTM to the SMC server.
    It should also support the Per-App-VPN feature which was introduced in iOS 7.

    305 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google Sophos ID New Sophos ID Test Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    18 comments  ·  Network Protection  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.